Ray Bell, Grid Net
In the last 12 months, much progress has been made with smart grid security. This past January, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) issued an updated list of standards, a preliminary cyber security strategy and other elements of a framework to support transforming the nation’s aging electric power system into an interoperable smart grid.
This is welcome news; without the NIST standards, strategy and framework effort it would be nearly impossible for utilities to demand (and receive) accountability from vendors of smart grid technologies. Yet, apart from enthusiastic (yet vague) statements of support, most of the vendor community has remained surprisingly shy on details about how the NIST standards and framework will be architected into their actual products.
Security and Shortcomings
Smart grid security shortcomings are nothing new. At the 2009 Black Hat security conference in July, the security consultancy IOActive reported that it was able to simulate a smart meter worm that infected about 15,000 home meters (out of 22,000 homes) and subjected the devices to the control of the worm’s designers. IOActive’s Mike Davis told The Register that “the “Ëœvast majority’ of smart meter systems use no encryption or authentication processes to prevent someone from uploading malicious software or turning meters on and off en masse.” Exacerbating the viral growth was the unregulated peer-to-peer content forwarding (similar to BitTorrent) used by the compromised mesh systems to distribute firmware, which provided an easy and massive distribution mechanism for the attacker’s malware.
Davis was spot-on in highlighting perhaps one of the most vulnerable aspects of the smart grid devices—the customer’s revenue meter, with an integrated disconnect/reconnect switch. As unprotected assets on customers’ premises, these devices are the first line of penetration for hackers and virus-spreaders.
In addition to most smart meters’ security vulnerabilities, most smart grid radio frequency (RF) mesh networks present critical vulnerabilities in performance, management and especially network- and device-level security. Because most RF mesh networks rely on ad-hoc, unauthenticated, peer-to-peer communication for network connectivity, the threat of spreading worms and viruses becomes even more real; this type of network architecture is prone to “Ëœman-in-the-middle’ and impersonation attacks. While open standards for RF mesh networks are beginning to emerge at the physical and media access control layers, the networking specifications still lack definition as to how they will implement the robust, proven security methods and technologies described in the NIST specifications. Lacking open standards and the pervasive, granular implementation of proven, broadly-adopted, leading security methods and technologies, RF mesh networks remain virtually defenseless for smart grid use.
It’s time to challenge smart grid solution providers to demonstrate how and where they are implementing open-standards based, robust, proven, scalable and extensible security identity, encryption algorithms, security protocols and crypto key management systems. This is not a simple task, because securing the smart grid requires designing standards-based security into every aspect of the smart grid, while supporting governmental and regulatory cyber security principles of confidentiality, integrity, availability, identification, authentication, non-repudiation, access controls, accounting and auditing. To adequately do this, utilities and the vendors that support them must take a multi-faceted approach in designing the smart grid.
1. Remember that security starts at the edge device. While smart meter hacks are inevitable, utilities can protect their smart grid from a massive network virus or worm by implementing granular security architectures. They should therefore embed unique, standards-based hardware and software security into every network node and device, which will help prevent device penetration attacks (in the form of worms or viruses) from spreading throughout the network. Granular, device-level security ensures that a hacked or compromised device can be quickly identified and isolated before spreading or causing greater damage. A useful analogy exists with ATM networks: ATM machines are everywhere and are often the target of malicious hackers. Yet, ATM networks remain well-protected because the standards-based, device-level security that resides in each ATM machine is highly sophisticated and is designed to render the machine inoperable before it connects to the ATM network. This prevents virus or worm proliferation.
2. Use only standards-based security, and use it everywhere. By incorporating security standards throughout the smart grid, utilities can leverage the collective best efforts of tens of thousands of engineers, universities, government agencies and white-hat hackers, as well as hundreds of millions of dollars of investments in the latest security technologies. Moreover, standards-based security ensures faster upgrades and “future-proofing,” an idea essential for utilities to stay ahead in the never-ending “hack-patch” cycle of cyber security as the security open standards communities’ advanced research and development activities are active and vigilant in exposing security vulnerabilities in leading standards. While the NIST initiatives would seem to underscore this point, it’s surprising how many vendors may delay security implementations and resort to interim short cuts or one-off, proprietary methods because of time-to-market and cost concerns. This occurs because architecting standards-based security into devices, networks, software and systems takes time and effort. Product cycles in the utility industry are long, and it may take vendors some time to respond with adequate protections built into their solutions, if they have the internal expertise to do so. But the longer a vendor waits to implement standards-based security, the more susceptible are its products to clear, present (and mounting) threats. As a form of protection, utilities must demand evidence of standards-based security in vendor offerings, or they will put their smart grid implementations at high risk, not to mention immediate obsolescence from the moment of smart meter installation. This goes beyond vendor lip-service to the latest encryption algorithm that requires fewer computing resources. Instead, standards-based security requires an end-to-end security architecture comprised of systems, algorithms and networking protocols that provide embedded device identity management, mutual peer-to-peer authentication, policy-driven access authorizations (both network- and application-level), dynamic and ephemeral crypto key generation and management, secure channel encryption (both transport and data payload), accounting and auditing functions.
3. Make security pervasive and granular. Many vendors are quick to mention data encryption and IP security schemes, which are necessary but, by themselves, are nowhere near sufficient. Instead, utilities must require that vendors deliver pervasive, granular security architecture in their solution offerings by incorporating government-grade security into smart meters and other distribution network edge devices into their embedded applications, into the smart grid communications network infrastructure, into smart grid network operating systems, into the data being stored and transmitted, and into utility enterprise systems. By doing so, the utility is afforded multiple safeguards against security threats (security experts usually characterize this multi-level/multi-layer approach as defense-in-depth, analogous to peeling the layers of an onion). Such multi-layer, multi-level security architecture is the best way to provide adequate safeguards in the smart grid, and utilities should expect no less from their vendors.
4. Remember that security is a marathon, not a 500-yard dash. Maintaining a safe, secure smart grid requires continuous vigilance and the stamina to sustain ongoing investments in security oversight, critical software patches, software upgrades and process improvements. That’s because security threats are never-ending: Hackers enjoy a challenge, and they intend to keep at it. Once again, standards-based security is the best defense. Just as your personal computer receives automatic security updates from Symantec, so should your smart grid receive automatic security updates and improvements, too. When standards-based security is deployed throughout a smart grid network (especially if it’s deployed via a modular system architecture), then device identity management, remote firmware upgrades and system level improvements become a smart grid routine rather than an exception.
It’s time for utilities and their vendors to stop talking about security and start building it into the smart grid. With clear directives from NIST and other governmental and regulatory agencies, this task is more straightforward than ever before. And, there is more good news: Some vendors adopted this pervasive, open standards-based approach several years ago in anticipation of the smart grid’s evolution; these vendors now have truly secure smart grid solutions available on the market today. With comprehensive, open standards-based security architected throughout the smart grid, utilities will be able to realize its powerful benefits without imperiling their or their customers’ precious assets and national security.
Ray Bell is CEO of Grid Net. Grid Net has incorporated similar security devices from point No. 1 under “The Approach” into the embedded device communications reference designs that Grid Net has licensed to GE as part of GE’s 4G Smart Meter product family.