Smart Grid Cyber Security
The smart grid is a digital infrastructure that sits on top of the already existing electrical grid. This serves to monitor grid conditions, energy consumption and generation as well as automate many of its operations. Overlaying a data network isn't just a minor upgrade to the electrical grid but will be a revolution in the ways that utilities generate and distribute energy, and consumers consume electricity. The aims and goals of the smart grid are but not limited to:
Figure 1: Data and electricity flow across a secure smart grid domain (NISTIR 7628 Guidelines)
- Improve the reliability of the electrical grid
- Improve its overall efficiency
- Lower costs of distribution and generation
- Allow for real time monitoring of the electrical grid
To accomplish these goals and tasks, the smart grid will employ smart devices and instruments on both the customer and utility side. Some of these technologies include the use of smart meters; microprocessor enabled electric meters to communicate to utilities and customers on energy being used, grid conditions and electricity prices in real time to the consumer
Smart Grid Cyber-Threat
With the advent of cyber-crime there is also a concern for security especially where communication is concerned. Though cyber-threat is associated with all aspect of smart grid domains including smart grid devices, the chief concern is along the communication technologies that are the heart of the smart grid. Designed for real-time contact, each of thesesmart devices will offer a new vector of attack that could be exploited if not handled cautiously.
The NISTIR 7628 report has identified a few examples of potential risks associated with the Smart Grid, which are: "
- Greater complexity increases exposure to potential attackers and unintentional errors;
- Networks that link more frequently to other networks introduce common vulnerabilities that may now span multiple Smart Grid domains (see Figure) and increase the potential for cascading failures;
- More interconnections present increased opportunities for "denial of service" attacks, introduction of malicious code (in software/firmware) or compromised hardware, and related types of attacks and intrusions;
- As the number of network nodes increases, the number of entry points and paths that potential adversaries might exploit also increases;
- Extensive data gathering and two-way information flows may broaden the potential for compromises of data confidentiality and breaches of customer privacy, and compromises of personal data and intrusions of customer privacy."
Furthermore the report states that "Risk is the potential of unwanted outcome resulting from internal or external factors, as determined from the likelihood of occurrences and the associated consequences."
Figure2: Generic Model of Risk (source: http://www.nist.gov)
Based on the existing risk assessment methodology, smart grid risk assessment approaches should be derived that identifies threat, asset, and vulnerabilities and the potential impact that may cause to the smart grid infrastructure. Smart Grid being the vital national infrastructure, smart grid cyber security should not only address potential threats from disgruntled employees, terrorists, and espionage operations but also should take care of vulnerabilities arising from user errors, equipment failures, and natural disasters.
Smart Grid Cyber Strategy
Smart grid is a complex ecosystem that is not only amalgamation of various systems, networks, and processes but also convergence of various technologies like IT and communication with electrical grid. For such a complex techno-system, the country should consult all its stakeholders to develop a comprehensive cyber security framework that is all encompassing, interoperable, and robust in nature. Furthermore, cyber security should not be thought as retrofit, but should be part of the smart grid development itself. Organization such as The National Institute of Standards and Technology (NIST), European Network and Information Security Agency(ENISA) have developed guidelines for smart grid cyber security, which should be taken into consideration while developing a cohesive cyber strategy. According to the NISTIR 7628 report, the smart grid cyber strategy should be designed such a way that it addresses prevention, detection, response, and recovery processes to counter any existing and potential threats. Few of the key guidelines are outlined hereunder.
- The competent bodies should develop policy and regulatory framework that provides supporting environment for cyber-security objectives
- Develop risk assessment methodologies that assesses threats, vulnerabilities, and impact
- Privacy is of paramount importance and measures should be taken to protect four key aspect of the user privacy; 1) personal information, 2) personal privacy 3) behavioral privacy, and 4) personal communication privacy.
- Develop security architecture that is linked on smart grid conceptual reference model
- Develop certification schemes for smart grid devices, networks, systems, and processes and/or create a security governance mechanism that enables the stakeholders to benchmark their infrastructures.
- Foster research program for smart grid cyber security by leveraging the existing research program. NIST has identified four key cyber security R&D challenges; 1) Device level security, 2) Cryptographic and key management, 3) Networking issues related security and 4) System level security
- Design security awareness and training programs that complies with the organization's, local, state, and national policy and regulatory framework that supports the overall smart grid security