By Shawn Lafferty and Tauseef Ghazi, KPMG LLP
A smart grid can help utilities conserve energy, reduce costs, increase reliability and transparency, and make processes more efficient. The increasing use of IT-based electric power systems, however, increases cyber security vulnerabilities, which increases cyber security’s importance. Utilities must consider smart grid security, including vulnerable areas, strategic issues, the layered security approach, data management and privacy concerns, and scenario planning and threat profiling.
Smart Grid Technology & Vulnerabilities
Advanced metering infrastructure (AMI) and a meter data management system (MDMS) are basic smart grid components. AMI collects and transmits smart meter data between devices and MDMS facilitates data collection, storage and management. The smart grid system applies AMI sensing, measurement and control devices with two-way communications to the power grid’s production, transmission, distribution and consumption segments to enable real-time pricing, monitoring and conservation. These technologies communicate information about grid conditions to system users, operators and automated devices, making it possible to respond dynamically to grid condition changes (see Figure 1).
With MDMS technology’s evolution, MDMS data is being used for newer applications, including customer applications, Web portals, internal Web portals, reporting functions, independent system operators and suppliers. These features create a grid that is more efficient, uses better failsafe controls, provides consumers with better energy usage information, and provides utilities with efficient operational processes.
Change management processes should be developed to allow both proper testing of changes and rapid response to new risks. As utilities engineer new ways to add technology and intelligence to the electric grid, this technology’s proliferation can bring cyber security vulnerabilities to smart grid architecture, AMI and MDMS technology, communication protocols, home area networks, customer portals and hardware. Companies should consider the technical vulnerabilities associated with these technologies.
- Architecture: A typical AMI’s metering network is connected to the core MDMS network. An attacker might be able to exploit weaknesses in this infrastructure and gain access to the MDMS as well as to the corporate network itself. Organizations should design systems to protect against widespread attacks, such as denial-of-service attacks. Local systems should be capable of autonomous operation in the case of a communication failure. Systems should also establish varied trust levels in devices based on device classification.
- Interoperability: AMI technology creates interoperability and security risks around components and functions, including application interface risks, single point of failure for production environment risks and fraud risks. A MDMS receives vast amounts of data from the AMI. This data must be actively managed to gain available operational advantages and to protect customer-specific data.
- Communication protocols: Communication between AMI devices and the MDMS could be compromised if the communication is not encrypted end-to-end. Authentication and authorization between devices should be encrypted to protect against rogue or tampered devices.
- Interfaces: Smart grid interfaces, such as Web-based applications, are subject to the typical vulnerabilities associated with the system’s protocols and applications.
- Home area networks (HANs): Smart appliances within HANs also can be vulnerable. Wireless communications between smart appliances and central systems should be secured to protect against interception or manipulation.
- Customer portals: Attackers can use social engineering techniques to access customer accounts and change customer settings. This can affect the utility’s network and customer demand.
- Hardware: Hardware also can expose the network to new vulnerabilities. The smart meter is connected to the wireless AMI network, which introduces risks to the meter similar to the risks from a wireless HAN. An unauthorized party might be able to control a meter (turn on and off or modify settings), which can have a direct impact on the consumer’s usage and the power producer’s revenue.
Strategic Security Considerations
Many organizations apply security strategies that are similar to their existing security models. Some utility security models include segmented and proprietary systems, such as supervisory control and data acquisition (SCADA), newer “open network” systems and interoperability concepts, legacy systems integration, field devices authentication and publicly reviewed standards use.
- SCADA: Many technologies involved in SCADA are proprietary and were designed and built over many years. SCADA platforms and security systems have been largely segmented into private networks and often organizations have security strategies that limit access to trusted sources only.
- Open network systems: A smart grid system is an open network with an infrastructure that must interoperate with different types of devices, data collection points and network protocols. For example, organizations may want to expand the network to include end-user or customer devices to allow customers to be more proactive in monitoring their appliance or energy use. Also, given that smart grid technology is primarily first generation technology, rapid changes and technological evolutions are expected, therefore quick adaptation to new security approaches and technologies will be necessary.
- Integration of legacy systems: Some principles and lessons learned in IT security can be applied to the smart grid system. The smart grid system, however, has more devices and more diverse devices than a typical IT network. Many legacy devices on these networks have much longer service lives than those of typical IT technologies. A smart grid security design should enable legacy system integration, many of which have only basic communications and security capabilities.
- Field device authentication: The power grid has millions of field devices that are potentially accessible to unauthorized and perhaps ill-intentioned people. The security design should treat them as a threat until they are authenticated through the network.
- Publicly reviewed standards: Grid security often assumes that a vulnerability point will be exploited only if its location or access method is widely known. It also often assumes that proprietary non-routable protocols make the grid secure. The opposite is often true. Security methods based on publicly reviewed standards often result in flaws being discovered and resolved more quickly than in proprietary systems.
The Layered Approach to Security
The implementation of smart grid technology impacts most parts of an organization and every part of its technology infrastructure. Many organizations have a tendency to start their security strategy at the business’ tactical end point, the meter itself. The smart meter, however, is not the only risk point. Organizations need a framework that considers different risk types. They should start at the top by assessing how security is involved with their organization’s strategy and direction.
Strategic direction and technical execution guide the layered approach to smart grid security. Strategic direction includes the requirements and drivers for the business process. Technical execution includes application security, data privacy, data integrity, physical security, network security, meter security, encryption and the supporting operational processes. In this approach, each layer impacts the data’s use and security requirements based on its level of accountability and responsibility within the organization (see Figure 2).
The technologies’ implementation can change various business processes and result in security concerns throughout the organization. Understanding these changes and concerns can help implementation teams make the right security decisions. If the business process is not involved early, the organization might make decisions regarding longer-term technology that is more costly to reengineer later. It is usually less expensive and more effective to consider such things early in the process.
Increased data volume from the smart grid system introduces data management and privacy considerations related to data collection, collation with private information, incident and breach management planning, and private and personal data leakage.
Personally identifiable information (PII) can be traced back to an individual consumer. Organizations should assess how they collect and manage this information–as well as privacy considerations–before making the data available to additional parties or organizations in the smart grid system. This assessment should cosider the organization’s incident and breach management responsibilities in the event that private information is lost. Organizations also should assess how they can leverage existing security and internal audit functions internally. A legal consultation about privacy concerns is prudent.
Organizations should plan for different security scenarios by performing vulnerability assessments and threat profiling and by developing security management plans. Risk assessment and effective security risk mitigation should be completed at an AMI program’s beginning. This is particularly important during vendor or equipment selection.
- Vulnerability assessments: Companies should identify and assess vulnerabilities for each smart grid infrastructure component. This process should provide gap analysis, detailed risk assessment, observations and recommendations to mitigate current risks and improve the infrastructure’s security posture.
- Threat profiling: Organizations should use scenario planning and testing exercises to address different threat profiles. Threat profiles include curious and casual eavesdroppers, unethical customers, intrusive “authorized” third parties and active attackers.
- Security management plans: Developing security management plans includes the use of automated vulnerability scanning, manual vulnerability testing and technical configuration assessment services.
Smart grid technology use has increased security concerns. Organizations should consider the increased security risks and develop a smart grid security strategy. A layered approach to security is recommended because smart grid technology deployment impacts most parts of a utility’s technology infrastructure.
Shawn Lafferty is a principal in KPMG’s IT advisory practice; Tauseef Ghazi is a manager in KPMG’s information protection advisory practice. Both are based in Houston, serving clients in the power and utilities sector. They can be reached at email@example.com and firstname.lastname@example.org, respectively. This article represents the authors’ views and not necessarily the views or professional advice of KPMG LLP.
PowerGrid International Articles Archives
View Power Generation Articles on PennEnergy.com