Smart Grid Cyber Security Summit Revere
•
3 likes•1,435 views
This document discusses securing the smart grid, particularly at the edge where many small and resource-constrained devices are located. It notes that hackers have previously infiltrated nuclear power plant systems through external networks. While more complex smart devices have sufficient processing power and encryption for security, simple devices require solutions that use little code space and power. The document proposes a solution using a lightweight cipher and authentication protocol to securely transmit smart meter data along the power supply network. Key challenges in implementing security include managing a large number of keys and providing privacy and authentication without excessive processing demands. Event management and responding to situations in real time is also an issue requiring mature infrastructure.
Report
Share
Smart Grid Cyber Security Summit Revere
- 1. Securing the Smart Grid at the Edge Hanns-Christian L. Hanebeck August 10, 2010 © 2009-2010 Revere Security. All rights reserved. www.reveresecurity.com 1
- 2. The Robespierre Leadership Model “I must see which way the crowd is headed ... for I am their leader!" © 2009-2010 Revere Security. All rights reserved. 2
- 3. Do We Need to Secure the Edge? On January 25, 2003 hackers infected the Davis- Besse nuclear power plant in Ohio with a worm. The virus entered through a “secure” T1 line for an external consulting firm. While the infection did not harm the plant, which had been off-line during the worm attack, it caused the Safety Parameter Display System to be down for five hours and the plant process computer for six. Four years later, IBM researcher Scott Lunsford hacked into a nuclear power plant and claimed that entering through the SCADA network “… turned out to be one of the easiest penetration tests I'd ever done …” Source: Forbes, America’s Hackable Backbone, Oct. 2007 © 2009-2010 Revere Security. All rights reserved. Image Sources: nbc.com and smartgridsecurity.blogspot.com 3
- 4. Is Technology Available to Secure the Edge? Complex Smart Devices • 32-bit or higher microprocessor • AES /ECC Encryption very well suited • Revere Hummingbird very well suited today Simple Smart Devices • 16-bit or lower microprocessor • AES /ECC Encryption too large, too expensive • Revere Hummingbird perfectly suited © 2009-2010 Revere Security. All rights reserved. 4
- 5. Old Security Doesn’t Always Solve NEW Problems Phones Traditional Security Framework ? Physical Infrastructure Mobile Devices ? Networks and Servers Very few Sensors ? experts worldwide & SCADA Very long Endpoints: Laptops, PCs time to market Processes and Applications Little customer & ? ? consumer People and Identities pull RFID Tags Smart Meters Data, Information, Knowledge © 2009-2010 Revere Security. All rights reserved. 5
- 6. Requirements for Security at the Edge Little Code Space Required – Fits on a 16-bit Chip Short Messages e.g. 16-bit Cipher Built-in MAC Easy to Integrate Anonymous Communications Lower Power Requirement Mutual Authentication Protocol Simple, Scalable Key Management System © 2009-2010 Revere Security. All rights reserved. 6
- 7. Security Along the Power Supply Security at the EDGE of the Smart Grid necessitates handling of many small, resource constrained devices Utility SCADA Smart Meter Consumption Generation Storage Substation © 2009-2010 Revere Security. All rights reserved. 7
- 8. Security for Smart Metering Protecting Smart 5 Meters will require industrial- 6 strength security 3 on a very small footprint. 3 4 1 Consumer uses energy 2 1 2 Smart Meter records and transmits consumption data 3 Wireless networks (Wi-Max, cell, BPL, etc.) transmit information to the utility 4 Utility aggregates usage data, prepares pricing and makes information available to the consumer 5 Consumer accesses the information online 6 Consumer makes choices that will affect energy consumption © 2009-2010 Revere Security. All rights reserved. 8
- 9. Smart Meter Security Example Sensus iCon Smart Meter TI MSP430 Hummingbird is up to 416% faster and consumes 76% less power than AES (EAX’). © 2009-2010 Revere Security. All rights reserved. Image Sources: ukfrrnell.com and joysco.com 9
- 10. Implementing Security - Key Management • Highly complex Key • Need to manage keys on the smart meter (HAN) Management • Requires very high level of systemic security Challenges • Keys might need to be assigned on a temporary basis • Handhelds and laptops for key commissioning may be lost Solution • Distributed hierarchical system architecture • Scalable to well more than 100 million keys • Authentication of field devices by installed smart meters • Anonymous identification and key management to protect privacy • Secure assignment of temporary session keys © 2009-2010 Revere Security. All rights reserved. 10
- 11. Implementing Security – Other Challenges • Authentication is vital to prevent unwanted access Built-in • It ensures that commands and data are authorized Authentication • In cases where encryption and authentication are required, a one-pass approach is superior • Consumers will likely want ownership of and control Consumer over their own consumption data Privacy • The integration of multiple devices into one standards- based home area network will be difficult at best • Consumers will likely use third-party devices to control their energy consumption and data • Smart Grid security necessitates the ability to react to Event events in near real-time Management • This requires a highly mature event management infrastructure (bus) and a lot of knowledge about business rules • It is unclear who owns and manages these systems © 2009-2010 Revere Security. All rights reserved. 11
- 12. Implementing Security – Other Challenges “The key to winning is getting to where the puck is going to be next.” “The Great One” © 2009-2010 Revere Security. All rights reserved. 12
- 14. Securing the Smart Grid at the Edge Hanns-Christian L. Hanebeck August 10, 2010 © 2009-2010 Revere Security. All rights reserved. www.reveresecurity.com 14