security and risk management for smart grids dr. lucie langer safety & security department ait...
TRANSCRIPT
Security and Risk Managementfor Smart Grids
Dr. Lucie LangerSafety & Security Department
AIT Austrian Institute of Technology
December 7, 2012
Athens, Greece
2nd ISACA Athens Chapter Conference
Talk Outline
Background and motivation Motivation for smart grids Smart grid security concerns
State of the art NISTIR 7628 Guidelines for Smart Grid Cyber Security German BSI Smart Metering Gateway Protection Profile ENISA Smart Grid Security Recommendations
AIT research Systematic threat analysis for smart grids Decision theory support for risk analysis Architectures for network resilience
Key projects The PRECYSE Project The (SG)2 Project Upcoming project proposals
2
Motivation for Smart Grids
3
Diminishing fossil fuelsand environmental concerns
Higher availability of practical electric cars
Lack of resilience ofcurrent power grids leading to blackouts
Increased availability ofrenewable power technology
Smart Grids: The Vision“An electricity network that integrates the behavior and actions of all users connected to it - generators, consumers, or both – to ensure an economically efficient, sustainable power system with low losses and high levels of quality and security of supply and safety."
4
Smart Grid Security Concerns
5
Privacy concernsemerging fromsmart meters & increased risks associated with tampering
Greater use ofCOTS systems toimplement parts of a more open grid
A greater degree of monitoring and automatic control at electricity network edge
Increased use of ICT systems, e.g., to support prosumer communities and advanced energy services
NISTIR 7628: Guidelines for Smart Grid Cyber Security
Three volume report on securing smart grids produced by the Cyber Security Working Group (CSWG) and the Smart Grid Interoperability Panel (SGIP) in the USA
Final version published in September 2010
Vol. 1: High-level smart grid architecture Logical reference model that spans smart grid domains A set of high-level security requirements
Vol. 2: Focuses on privacy issues within homes
Vol. 3: Supporting material, including research
and development themes
7
NISTIR Guidelines for Smart Grid Cyber Security
88
Smart Grid Logical Reference ModelTechnical High-level SecurityRequirements
Governance, risk and compliance
requirements
Common technical security
requirements
Unique technical security
requirements
CIA Requirements(Low, Medium, High)
Use cases
180 requirements
exist in 19 families, e.g.,
access control, Smart Grid Domains
7 Smart Grid Domains
Actors(Systems)
Interfaces
130 interfaces between actors,
organized into 22 categories with
shared or similar security
characteristics
InterfaceCategories
apply to allcategories
apply to a subsetof categories
influence
apply to all(with tailoring)
Select use cases
Risk assessment
Set boundaries (define initial architecture)
Define high-level security
requirements
Smart Grid conformance testing
& certification
1 2 3 4 5
Top down
Bottom up
Process
Guidelines
BSI Protection Profile for the Gateway of a Smart Metering System Security requirements for the gateway in a smart metering system, which
includes: assets, threats and assumptions, a set of security objectives, a set of security requirements, …
9
Smart Metering Gateway
LocalMetrological
Network
Wide AreaNetwork
HomeArea
Network
BillingCompanies
GridOperators
Initially driven by electricity network operators
Initially driven by electricity network operators
Protection Profile for the Gateway of a Smart Metering System Overview of the attacks considered:
gaining access to metering data, attackers intercept data during transmission, acquire control of the gateway, meters, controllable local systems, an attacker obtains more detail than they should.
Selected security objectives: encrypted and authenticated communication
between all parties, pseudonymisation of transmissions, if applicable, detect physical tampering, no accessible services on the gateway.
Current status: final version that should be supported by gateways in Germany
10
A strong emphasis onprivacy issues
A strong emphasis onprivacy issues
ENISA Smart Grid Security Recommendations
A set of security recommendations based on a survey of 50 stakeholders and extensive background material study
Recommendations from the report include:
…develop a minimum set of security measures
based on existing standards and guidelines
…foster the creation of test beds and
security assessments
…foster research in smart grid cyber security
11
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security-recommendations
ENISA Smart Grid Security Recommendations
Selected research areas recommended by the report include:
Robust, secure and resilient architectures: self-healing and graceful degradation; generation, distribution and storage of cryptographic material
Trust and assurance and end-to-end security: dependencies and threat analysis and use-case modelling; active monitoring for incident detection; security metrics; security mechanisms against DoS attacks
Privacy and security by design: common procedures and interfaces, protection against zero-day vulnerabilities, optimization of cryptographic protocols
Legal and economic aspects of cyber security in the smart grid
12
Smart Grid Security Threat Analysis
Availability of the power grid Legitimate power consumption and
delivery Privacy of consumers
Smart Grid Security Threat Analysis & Recommendations
15
Authorization of users and devices to grant them least privileges to access resources and services
Integrity and plausibility checks of data, such as meter readings, grid status messages, and network traffic
Training of technicians and service staff to prevent social engineering
Security Risk Analysis based on Decision Theory
16
Communication Infrastructure Model
Topological Vulnerability Analysis
Usage Strategy Identification
Game-Theoretic ModelApplication-Oriented
Taxonomy
Rules for optimal System usage
Components of Maximal Vulnerability
System Risk Measure
System engineer
Decision MakerSystem
User
Decision Maker
System engineer
A challenge for cyber-security risk analysis for smart grids and critical infrastructures is identifying the likelihood of an attack occurring and being successful…
Architectures for Network Resilience
17
“Resilience is the ability of the network to provideand maintain an acceptable level of service in the face of various faults and challenges to normal operation.”
The PRECYSE Project Demonstrators
20
Traffic control centre in the city of Valencia (Spain)
1.5 million inhabitants, 500 000 vehicles
Energy demonstrator in the city of Linz (Austria)
Power supply and related services for 400 000
inhabitants
Smart Grid Security Guidance (SG)² Project
Nationally-funded research project
Project Duration: 2 years, 11/2012 – 10/2014
Aim to produce practical guidelines for Smart Grid security for Austria
Partners from research, industry and government: AIT Austrian Institute of Technology Technische Universität Wien SECConsult Unternehmensberatung GmbH Siemens AG, Corporate Technology Österreich LINZ STROM GmbH Energie AG Oberösterreich Data GmbH Innsbrucker Kommunalbetriebe AG Energieinstitut an der JKU Linz GmbH Bundesministerium für Inneres Bundesministerium für Landesverteidigung und Sport
21
Safety and Security Department
Energy Department
Foresight & Policy Development Department
Safety and Security Department
Energy Department
Foresight & Policy Development Department
The European SPARKS Project Proposal
23
Partners
Conclusion and Open Issues
Smart grids represent a significant evolution of electricity networks: an increased use of ICT to support advanced open services automatic monitoring and control deeper in the network to facilitate the
use of decentralised power sources
Security and privacy concerns abound: privacy issues related to smart metering risks to availability caused by cyber attacks
A number of best practices and standards have emerged, but practical application is lacking
AIT is researching novel threat and risk analysis approaches, and architectures for ensuring the resilience of smart grids to attacks (amongst other things…)
24
AIT Austrian Institute of Technologyyour ingenious partner
Dr. Lucie Langer
Project Manager ICT Security
Safety & Security Department
[email protected] | +43 664 8251 438 | www.ait.ac.at/it-security