Documente Academic
Documente Profesional
Documente Cultură
6 Transmission The carriers of bulk electricity over long distances. May also store and
generate electricity.
7 Distribution The distributors of electricity to and from customers. May also store
and generate electricity.
7
Smart Grid Networks for Information Exchange
8
Key components of Smart Grid
AMI (Advanced Metering Infrastructure): Major
applications include smart meters, HAN, meter data
management systems (MDMS), and operational
gateways (as shown in Fig. 2).
SCADA (Supervisory Control and Data Acquisition):
It consist of four parts (as shown in Fig. 3)
Field data interface devices such as RTUs and PLCs
Communication system (e.g., telephone, radio, cable,
satellite, etc.)
Central master terminal unit (MTU)
HMI software or systems.
Key components of Smart Grid Contd.
IEC 61968 CIM Application to application interactions primarily within utility operation
centres for distribution functions
IEC 60870-6 Used primarily for communications between control centres and also for
TASE.2 (ICCP) communication between SCADA systems and other engineering systems
within the control centres
IEC 62351 Specifies security constraints and concerns of the above communication
protocols and standards
IEC 62351
IEC 62351 Summary
15
Cyber Security Threats
Generation System / Transmission System
Numerical relays adopt Ethernet based IEC61850 for
information exchange. Prone to DOS attack.
Various Local control Loops including that of speed
control, valve control and AVR are linked with plant
control centre through Ethernet. Possibility to find
security holes to gain access inside the LAN and plant a
Trojan or get a backdoor entry .
16
Cyber Security Threats contd
Distribution System
Meter tampering
Reversing counter/manipulation of calculation.
Remotely tampering with data sent to the system operator or sneak into
confidential data of the consumers. For eg false data packets can be
send to inject negative pricing in the system resulting in power
shortages at the targeted area causing loss of revenue to the utility
company.
There are millions of conventional/smart meters connected to the
system and since it is difficult to secure every node, thus increasing the
vulnerabilities of the system .
Switch-off millions of smart meters simultaneously through a remote
location.
Smart meters also fail to comply to the Open Web Application
Security Project (OWASP) standards such as injection,
authentication, cross site scripting (XSS), access control, security
misconfiguration and sensitive data exposure.
18
Cyber Security Threats contd
Distribution System
Networking and communication within the AMI infrastructure
will rely on technologies like WLAN, ZigBee, RF mesh, WiMax,
WiFi and PLC.
Wireless Local Area Networks (WLANs) follow IEEE 802.11
standards which by default do not provide authorization
mechanisms and is also vulnerable to DOS attack,
eavesdropping and session hijacking attacks.
ZigBee is based on IEEE 802.15.4 standards which are vulnerable
to jamming attacks. Bennet and Wicker [13] have argued that the
conventional ZigBee would suffer from delays due to multi-tier
feature of the cluster-tree based routing strategy.
Power Line Communication (PLC) can be susceptible to threats
by hostile users on the network using access control to misguide
services.
Ethernet Passive Optical Networks (EPON) used for electric
power system distribution automation systems in smart grid is
also vulnerable to attacks such as DoS, eavesdropping and
spoofing.
19
Cyber Security Issues in Smart Grid Contd
Computational Constraints
Channel Bandwidth
Entropy
Back
21
Channel Bandwidth
Smart grid involves communication over a variety of
communication channels with varying bandwidths.
Encryption alone does not generally impact channel
bandwidth. However, encryption negatively influences
lower layer compression algorithms, since encrypted
data is uniformly random and therefore not
compressible.
Integrity protection as provided by an efficient Cipher-
Based Message Authentication Code (CMAC) adds a
fixed overhead to every message, typically 64 or 96
bits. On slow channels that communicate primarily
short messages, this overhead can be significant.
Back
22
Connectivity
Standard Public Key Infrastructure (PKI) systems
based on a peer-to-peer key establishment model
where any peer may need to communicate with any
other may not be necessary or desirable from a security
standpoint for components in the smart grid.
Many devices may not have connectivity to key servers,
certificate authorities, Online Certificate Status
Protocol (OCSP) servers, etc. Many connections
between smart grid devices will have much longer
durations (often permanent) than typical connections
on the Internet.
Back
23
Entropy
Many devices do not have access to sufficient sources
of entropy to serve as good sources of randomness for
cryptographic key generation and other cryptographic
operations.
This is a fundamental issue and has impacts on the key
management and provisioning system that must be
designed and operated in this case.
Back
24
Key Management Issues
All security protocols rely on the existence of a security
association (SA).
The provisioning of secret keys (i.e., symmetric keys) can be a
very expensive process, with security vulnerabilities not present
when using digital certificates. The main reason for this is that
with symmetric keys, the keys need to be transported from the
device where they were generated and then inserted into at least
one other device; typically, a different key is required for each
pair of communicating devices. Key provisioning should be
coordinated so that each device receives the appropriate keys—a
process that is prone to human error and subject to insider
attacks.
There are hardware solutions for secure key transport and
loading, but these can require a great deal of operational
overhead and are typically cost-prohibitive for all but the
smallest systems. All of this overhead and risk can be multiplied
several times if each device is to have several independent
security associations, each requiring a different key.
Back
25
Conclusion
Cyber security in smart grid is still under critical stage of
development.
Cyber security gets even more challenging when the scale
and complexity of the smart grid increases.
The contemporary IT security techniques such as virtual
private networks (VPNs), public key infrastructure
(PKIs), intrusion detection systems (IDSs), firewall, anti-
virus, etc. may be transplanted into the smart grid, but
due to their inherent differences they still cannot be
made effective without any enhancements.
26
References
Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. “Cyber Security and
Privacy Issues in Smart Grids,” IEEE Communications Surveys & Tutorials, 2012.
U.S. NIST, “Guidelines for smart grid cyber security (Vol. 1 to 3),” NIST IR-7628,
Aug. 2010,
U.S. NIST, “NIST framework and roadmap for smart grid interoperability
standards, release 1.0,” NIST Special Publication 1108, Jan. 2010.
Electric Power Research Institute, “Report to NIST on smart grid
interoperability standards roadmap,” 2009.
Open Web Application Security Project, “Top 10 OWASP, 2017,”
R. E. Mackiewicz, "Overview of IEC 61850 and Benefits," in Proc. IEEE PSCE,
Oct./Nov. 2006, pp. 623-630.
IEC 60870-5- Telecontrol Equipments and Systems- Part 5: Transmission
Protocols, IEC Std. 2002
IEC 60870-6- Telecontrol Equipments and Systems- Part 6: Telecontrol
Protocols Compatible with ISO Standards and ITU-T Recommendations, IEC
Std. 2004.
W. Wang, Z. Lu, "Cyber security in the smart grid: Survey and challenges",
Computer Networks, vol. 57, no. 5, pp. 1344-1371, Apr. 2013.
IEC TC57 Dashboard: http://www.iec.ch/tc57
Thank you
Cyber Security Objectives and requirements
Organisations involved: EPRI, NIST, SGiP , IEEE
As per NIST
Objectives Requirements
Confidentiality Identification
Authentication
Integrity
Authorization
Availability
Trust
Access Control
Privacy
29
30
IEC 62351
IEC 62351 Summary
Part 1 & 2 Present an introduction to its background and a glossary of
terms
Part-3 Specifies the security requirements for TCP/IP
profiles in IEC 60870 and IEC 61850
Part-4 Addresses MMS (Manufacturing Message Specification, ISO
9506) protocol security in the IEC 61850 standard.
Part-5 Focuses on the security of serial communication
in IEC 60870 and DNP3.
Part-6 Provides security for non-routable peer-to-peer
communications
Part-7 & Part-8 are still at draft specification
Part- 7 : secure the network and system management (NSM)
of the information infrastructure.
Part-8 : designed to address authorization
problems in control centers. 31
Cyber Security Issues in Smart Grid
The cyber security of the power industry covers all IT
and communications issues that affect the operation of
power delivery systems and the management of the
utilities.
Securing the power grid prevents, prepares for,
protects against, mitigates, responds to, and recovers
from unexpected cyber events or natural disasters
Challenges in the development of a secure smart grid
New communication requirements and obsolescence
issue .
Legacy devices
Heterogeneous technologies and protocols
Proprietary systems
Challenges
New communication requirements and Avoiding early
obsolescence .
Legacy devices
Use of heterogeneous technologies and protocols
proprietary systems
Cyber Security Issues in Smart Grid Contd
Device Issues
Networking Issues
Other Issues
34