Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Risk Management for Smart Grids Dr. Lucie Langer Safety & Security Department AIT Austrian Institute of Technology December 7, 2012 Athens,

Published byIrma Sullivan Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Risk Management for Smart Grids Dr. Lucie Langer Safety & Security Department AIT Austrian Institute of Technology December 7, 2012 Athens,"— Presentation transcript:

1 Security and Risk Management for Smart Grids Dr. Lucie Langer Safety & Security Department AIT Austrian Institute of Technology December 7, 2012 Athens, Greece 2nd ISACA Athens Chapter Conference

2 Talk Outline  Background and motivation  Motivation for smart grids  Smart grid security concerns  State of the art  NISTIR 7628 Guidelines for Smart Grid Cyber Security  German BSI Smart Metering Gateway Protection Profile  ENISA Smart Grid Security Recommendations  AIT research  Systematic threat analysis for smart grids  Decision theory support for risk analysis  Architectures for network resilience  Key projects  The PRECYSE Project  The (SG) 2 Project  Upcoming project proposals 2

3 Motivation for Smart Grids 3 Diminishing fossil fuels and environmental concerns Higher availability of practical electric cars Lack of resilience of current power grids leading to blackouts Increased availability of renewable power technology

4 Smart Grids: The Vision “An electricity network that integrates the behavior and actions of all users connected to it - generators, consumers, or both – to ensure an economically efficient, sustainable power system with low losses and high levels of quality and security of supply and safety." 4

5 Smart Grid Security Concerns 5 Privacy concerns emerging from smart meters & increased risks associated with tampering Greater use of COTS systems to implement parts of a more open grid A greater degree of monitoring and automatic control at electricity network edge Increased use of ICT systems, e.g., to support prosumer communities and advanced energy services

6 Smart Grid Security: State of the Art

7 NISTIR 7628: Guidelines for Smart Grid Cyber Security  Three volume report on securing smart grids produced by the Cyber Security Working Group (CSWG) and the Smart Grid Interoperability Panel (SGIP) in the USA  Final version published in September 2010  Vol. 1:  High-level smart grid architecture  Logical reference model that spans smart grid domains  A set of high-level security requirements  Vol. 2:  Focuses on privacy issues within homes  Vol. 3:  Supporting material, including research and development themes 7

8 NISTIR Guidelines for Smart Grid Cyber Security 88 Smart Grid Logical Reference Model Technical High-level Security Requirements Governance, risk and compliance requirements Common technical security requirements Unique technical security requirements CIA Requirements (Low, Medium, High) Use cases 180 requirements exist in 19 families, e.g., access control, Smart Grid Domains 7 Smart Grid Domains Actors (Systems) Interfaces 130 interfaces between actors, organized into 22 categories with shared or similar security characteristics Interface Categories apply to all categories apply to a subset of categories influence apply to all (with tailoring) Select use cases Risk assessment Set boundaries (define initial architecture) Define high-level security requirements Smart Grid conformance testing & certification 1 2 3 45 Top down Bottom up Process Guidelines

9 BSI Protection Profile for the Gateway of a Smart Metering System  Security requirements for the gateway in a smart metering system, which includes:  assets, threats and assumptions,  a set of security objectives,  a set of security requirements, … 9 Smart Metering Gateway Local Metrological Network Wide Area Network Home Area Network Billing Companies Grid Operators Initially driven by electricity network operators

10 Protection Profile for the Gateway of a Smart Metering System  Overview of the attacks considered:  gaining access to metering data,  attackers intercept data during transmission,  acquire control of the gateway, meters, controllable local systems,  an attacker obtains more detail than they should.  Selected security objectives:  encrypted and authenticated communication between all parties,  pseudonymisation of transmissions, if applicable,  detect physical tampering,  no accessible services on the gateway.  Current status: final version that should be supported by gateways in Germany 10 A strong emphasis on privacy issues A strong emphasis on privacy issues

11 ENISA Smart Grid Security Recommendations  A set of security recommendations based on a survey of 50 stakeholders and extensive background material study  Recommendations from the report include:  …develop a minimum set of security measures based on existing standards and guidelines  …foster the creation of test beds and security assessments  …foster research in smart grid cyber security 11 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart- metering/ENISA-smart-grid-security-recommendations

12 ENISA Smart Grid Security Recommendations  Selected research areas recommended by the report include:  Robust, secure and resilient architectures: self-healing and graceful degradation; generation, distribution and storage of cryptographic material  Trust and assurance and end-to-end security: dependencies and threat analysis and use-case modelling; active monitoring for incident detection; security metrics; security mechanisms against DoS attacks  Privacy and security by design: common procedures and interfaces, protection against zero-day vulnerabilities, optimization of cryptographic protocols  Legal and economic aspects of cyber security in the smart grid 12

13 Smart Grid Security: AIT Research and Innovation

14 Smart Grid Security Threat Analysis  Availability of the power grid  Legitimate power consumption and delivery  Privacy of consumers

15 Smart Grid Security Threat Analysis & Recommendations 15  Authorization of users and devices to grant them least privileges to access resources and services  Integrity and plausibility checks of data, such as meter readings, grid status messages, and network traffic  Training of technicians and service staff to prevent social engineering

16 Security Risk Analysis based on Decision Theory 16 A challenge for cyber-security risk analysis for smart grids and critical infrastructures is identifying the likelihood of an attack occurring and being successful…

17 Architectures for Network Resilience 17 “Resilience is the ability of the network to provide and maintain an acceptable level of service in the face of various faults and challenges to normal operation.”

18 Smart Grid Security: Key Projects

19 The PRECYSE Project 19

20 The PRECYSE Project Demonstrators 20 Traffic control centre in the city of Valencia (Spain) 1.5 million inhabitants, 500 000 vehicles Energy demonstrator in the city of Linz (Austria) Power supply and related services for 400 000 inhabitants

21 Smart Grid Security Guidance (SG)² Project  Nationally-funded research project  Project Duration: 2 years, 11/2012 – 10/2014  Aim to produce practical guidelines for Smart Grid security for Austria  Partners from research, industry and government:  AIT Austrian Institute of Technology  Technische Universität Wien  SECConsult Unternehmensberatung GmbH  Siemens AG, Corporate Technology Österreich  LINZ STROM GmbH  Energie AG Oberösterreich Data GmbH  Innsbrucker Kommunalbetriebe AG  Energieinstitut an der JKU Linz GmbH  Bundesministerium für Inneres  Bundesministerium für Landesverteidigung und Sport 21

22 The (SG) 2 Process Model 22

23 Safety and Security Department Energy Department Foresight & Policy Development Department Safety and Security Department Energy Department Foresight & Policy Development Department The European SPARKS Project Proposal 23 Partners

24 Conclusion and Open Issues  Smart grids represent a significant evolution of electricity networks:  an increased use of ICT to support advanced open services  automatic monitoring and control deeper in the network to facilitate the use of decentralised power sources  Security and privacy concerns abound:  privacy issues related to smart metering  risks to availability caused by cyber attacks  A number of best practices and standards have emerged, but practical application is lacking  AIT is researching novel threat and risk analysis approaches, and architectures for ensuring the resilience of smart grids to attacks (amongst other things…) 24

25 AIT Austrian Institute of Technology your ingenious partner Dr. Lucie Langer Project Manager ICT Security Safety & Security Department lucie.langer@ait.ac.atlucie.langer@ait.ac.at | +43 664 8251 438 | www.ait.ac.at/it-securitywww.ait.ac.at/it-security

26 26 European ABC solution with interfaces to existing security and infrastructure processes demonstrated at air-, land- and sea borders FastPass A harmonized, modular reference system for all European automatic border crossing points

Download ppt "Security and Risk Management for Smart Grids Dr. Lucie Langer Safety & Security Department AIT Austrian Institute of Technology December 7, 2012 Athens,"

Similar presentations

Lessons learned from FP7 proposals and projects SMI2G 2014 Andrea Nowak Deputy Head of Department Safety&Security AIT - Austrian Institute of Technology.

Lessons learned from FP7 proposals and projects SMI2G 2014 Andrea Nowak Deputy Head of Department Safety&Security AIT - Austrian Institute of Technology.
UCAIug HAN SRS v2.0 Summary August 12, 2010. 2 Scope of HAN SRS in the NIST conceptual model.

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
EBADGE EU wide inteligent balancing market Peter Nemček.

EBADGE EU wide inteligent balancing market Peter Nemček.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
By Lauren Felton. The electric grid delivers electricity from points of generation to consumers, and the electricity delivery network functions via two.

By Lauren Felton. The electric grid delivers electricity from points of generation to consumers, and the electricity delivery network functions via two.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Gale Lightfoot, Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS and the Smart Grid.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Gale Lightfoot, Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS and the Smart Grid.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Advanced Metering Infrastructure

Advanced Metering Infrastructure
SMART GRID: What is it? Opportunities, and Challenges

SMART GRID: What is it? Opportunities, and Challenges
ENERGY INDUSTRY FUNDAMENTALS: MODULE 4, UNIT B— Transmission, Governance, Stability & Emerging Technologies.

ENERGY INDUSTRY FUNDAMENTALS: MODULE 4, UNIT B— Transmission, Governance, Stability & Emerging Technologies.
EU Commission Task Force for Smart Grids Expert Group 3: Roles and Responsibilities of Actors involved in the Smart Grids Deployment Samia Benrachi-Maassam.

EU Commission Task Force for Smart Grids Expert Group 3: Roles and Responsibilities of Actors involved in the Smart Grids Deployment Samia Benrachi-Maassam.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.

GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.
Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) 2 nd REVIEW Brussels, 4-5 February 2014 FP7-ICT-2011.1.6-288021.

Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) 2 nd REVIEW Brussels, 4-5 February 2014 FP7-ICT

Similar presentations

Ads by Google