The smart grid with the many new devices across the network is greatly expanding the horizon for potential cyberattacks.
In order to protect against these, we need to have a good understanding of the risk profile of the various use cases, and once this is known the security requirements can be defined. Beyond that, any gaps in the security technologies also can be determined.
This was the goal of the SEGRID (Security for Smart Electricity Grids), which was supported by the European Union under the previous FP7 research funding programme and has recently made available its findings.
The 39-month project, which ran from October 2014, was coordinated by the Dutch research organisation TNO (Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek) and included Alliander and Energias de Portugal as the distribution system operator (DSO) partners. Other participants were the European Network for Cyber Security (ENCS), vendors ABB and ZIV and the other research bodies the Research Institute of Sweden, KTH Royal Institute of Technology also Sweden, Instituto Consultivo para el Desarrollo from Spain and Foundation of the Faculty of Sciences of Lisbon University.
Smart grid use cases
Five use cases were selected, representing increasing levels of smartness in the grid, i.e. automation, and evolving from the known threats of the current energy grid to the new threats of the smart grid.
These were: smart metering, load balancing centrally, dynamic power management, load balancing regionally and automatic reconfiguration (aka self-healing).
Key outcomes of the project have included a security and privacy architecture design, a vulnerability threat modelling tool, a risk assessment methodology, development of a resilient SCADA system, design of a resilient communication infrastructure and a proposed solution for improved resource management for the transport layer and datagram transport layer security (TLS, DLTS) protocols.
As a result of this work, ABB and TNO submitted a change request, which was accepted and has been incorporated, to the ETSI protocol Cyber TS 102 165 Part 1: ‘Method and proforma for Threat, Vulnerability, Risk Analysis (TVRA)’. In addition, the work on (D)TLS improvement led to a proposal by RISE SICS and ENCS to improve the (D)TLS IETF standard, which is currently underway.
Cyber risk management
As risk is such a key component of any cybersecurity strategy in terms of understanding the potential threats and vulnerabilities and taking the necessary measures to contain and mitigate the risks, it is worth taking a look at the SEGRID methodology. This is designed for application in the smart grid domain – but is clearly applicable more widely – and builds on the experiences of the project partners with risk assessment methodologies applied to the energy sector.
The methodology comprises seven steps, starting with establishment of the context and scope. Then impact and threat and vulnerability identification and assessments are recommended. The fourth step is risk estimation and prioritisation, followed by risk identification and treatment and risk acceptance.
Finally, the results need to be documented and communicated and then monitored and reviewed with possible reassessment when needed.
Cybersecurity is fast evolving with the attackers constantly trying to stay ahead of measures that are put in place. Indeed, the SEGRID document suggests that attackers that target smart grids are expected to have higher motivation and capabilities than the average attacker.
From SEGRID’s roadmap for future security developments, the project has noted two major trends.
One of these is the operational security organisation. Up to now much smart grid security work has focused on the design of new systems or re-design of existing ones. When the smart drid systems become operational, new vulnerabilities and incidents will pop up more and more frequently, which introduces the need for DSOs to closely monitor the infrastructure and ICT equipment with respect to security.
Intrusion detection systems are needed but also an operational team to manage the events and alerts that are generated by these systems. It can be expected that the role of these security operations centres will expand in the future to e.g. incident response, vulnerability scanning, forensics, managing firewalls, etc.
The second is that security is extending from the network to the endpoints. The security measures DSOs have taken in the past years were mostly implemented on network level, which was necessary due to the presence of many, highly vulnerable, legacy devices. Now that most DSOs have network level security measures in place, they are focusing more on defence-in-depth to make it harder for attackers to reach critical systems.
The logical next step would be to focus more on strong security on all the endpoints and draw defensive perimeters around each component. This model is expected to be increasingly used in the design of smart grids with the advantage that such a model reduces complexity, but it also requires new technical solutions and better security testing