In this chapter, we will discuss security challenges in the smart grid communication infrastructure. The requirements for building a reliable smart grid communications network will be described, especially the requirements for the utility's private and public networks used in the smart grid.
The smart grid communication infrastructure is complex and evolving. Security challenges in the smart grid are continuously changing, depending on a particular system. In the transition from the traditional power grid to the smart grid, many legacy systems need to be protected before being upgraded. In the smart grid, there are a large number of end points in many geographic locations. In addition, most systems in the smart grid are always required to be online. Besides these technical challenges, other security challenges may come from the culture of security through obscurity and a lack of standards and regulations.
The smart grid communication infrastructure represents a technical challenge that is far beyond the simple addition of an information technology infrastructure on top of an electrical network. The number of widely distributed nodes that are tightly coupled and operating in the electrical network has grown over many years. It is very challenging to figure out where intelligence needs to be added. Another challenge comes from the continuous operation of the current power grid. The smart grid implementation will be a continuous evolution of successive projects over many years. Incorporating a huge number of legacy systems will pose a constant challenge to the evolution of the smart grid. Besides, different stakeholders are responsible for different parts of the system. Independently, each may make different choices about the evolution and use of the grid.
Table 10.1 Functional Requirements.
Application | Security | Bandwidth | Reliability | Latency | Back‐up Power |
AMI | High | 14–100 Kbps | 99.0–99.99% | 2000 ms | 0–4 hrs |
Meter Data | High | 56 Kbps | 99.00% | 2000 ms | 0 hr |
Management | |||||
DR | High | 56 kbps | 99.00% | 2000 ms | 0 hr |
DLC | High | 14–100 Kbps | 99.0–99.99% | 2000 ms | 0–4 hrs |
Distributed | High | 9.6–56 Kbps | 99.99% | 2000 ms | 0–1 hr |
Generation | |||||
Charging | Medium | 9.6–56 Kbps | 99.90% | 2000 ms–5 min | 0 hr |
PHEV | |||||
Emergency | Medium | 45–250 Kbps | 99.99% | 500 ms | 72 hrs |
Response | |||||
Outage | High | 56 Kbps | 99.00 % | 2000 ms | 0 hr |
Management | |||||
Transformer | Medium | 56 Kbps | 99.999% | 500–2000 ms | 0 hrs |
Monitoring | |||||
Voltage | Medium | 56–10 Kbps | 99.999% | 2000–5000 ms | 0 hrs |
Monitoring |
The functional requirements of major applications in the smart grid are listed in Table 10.1. It is clear that the requirements vary from one application to another. There is no single solution to all the challenges in smart grid applications. For example, the AMI and the monitoring infrastructure have completely different requirements, from security to backup power. The diversity of requirements further increases the complexity of the technical challenges in the smart grid.
Security in smart grid communications infrastructure can be divided into different information domains as follows.
Interdependencies among different information security domains present challenges when evaluating the impacts of a cybersecurity incident.
Utility providers are different even within the same country. The major challenge is to integrate interchangeable parts and technologies from a variety of providers worldwide. There is a need for interoperability standards to address this issue. Standards are also required to test the relatively new technologies that are applied to the smart grid communications infrastructure. One major challenge is the continuous operation of the power grid. The upgrading process to the smart grid will need to occur without interrupting critical grid operations.
In the guidelines for smart grid cybersecurity published by the National Institute of Standards and Technology (NIST) [172], a logical security architecture is proposed to describe where, at a high level, the smart grid needs to provide security.
The logical security architecture specifies the following key concepts and assumptions:
A logical security architecture needs to provide protection for data at all interfaces within and among all smart grid domains. The logical security architecture baseline assumptions are as follows:
A total of 22 logical interface categories are listed in the NIST guidelines for developing a cybersecurity strategy and implementing a risk assessment to select security requirements. This information may also be used by vendors and integrators as they design, develop, implement, and maintain security requirements. The logical interface categories are as follows:
Readers may refer to the NIST guideline for detailed requirements of each logical interface category. In this section, we categorize all interfaces into two classes: utility‐owned private networks and public networks in the smart grid. The security requirements are discussed based on the two classes.
Data in smart grid communications is generated by many different intelligent devices together with direct input from human administrators for different purposes. The data transmitted over private networks can be categorized into four types, namely, metering data, monitoring data, control messages, and pricing/tariff information. Strictly speaking, metering data is a kind of monitoring data, and pricing/tariff is part of control messages. However, metering data and pricing/tariff mostly contribute to demand response, while other monitoring data and control messages are mostly applied to other grid operations. The security requirements of those four types of data in private networks are summarized in Table 10.2.
Table 10.2 Security requirements for data transmitted over private networks.
Confidentiality | Integrity | Non‐repudiation | |
Metering data | |||
Pricing/tariff information | |||
Monitoring data | |||
Control message |
Metering data is gathered from customers, in particular the power consumption of each household. Metering data contains much private information. For example, from the pattern of energy consumption, it is possible to sketch the lifestyle of a customer. Therefore, it is vital to provide confidentiality to metering data. In addition, integrity is also important to metering data. Manipulation of energy consumption (e.g. energy theft) may cause loss to the service provider. More importantly, manipulation of energy consumption data may cause the service provider to deviate from optimal control of the power grid, which in turn will lead to unnecessary fuel waste and pollution. However, non‐repudiation may not be as critical as the other two security requirements for two reasons. 1) Providing non‐repudiation, which usually is achieved by digital signature, may compromise the identity of the customer and thus jeopardize privacy. 2) Data in the uplink is frequently transmitted by simple devices such as smart meters or DAPs. They have limited computational capability, so applying public key cryptography frequently is not practical.
Pricing/tariff information is generated and transmitted from the service provider to customers in several ways. The most efficient way is through the private networks in AMI so that smart meters can receive real‐time updates and adjust the power consumption of each smart appliance accordingly. For such transmissions, confidentiality can be dropped since pricing/tariff information is meant for all (or the majority) of the customers. Nonetheless, integrity and non‐repudiation are critical requirements. Pricing/tariff information must remain fresh and correct all the time so that demand response can be applied accordingly. Customers (i.e. smart meters in this case) must be able to verify the legitimate sender (i.e. the service provider) so that forgery of such information can be detected, reported, and discarded. Besides, the availability of metering data is important but not critical, since alternative means for retrieving metering data can still be used. The types of security that could be applied are limited to the computational capabilities of a smart meter. Moreover, key management of millions of meters will pose significant challenges. Standard development is required to test the capabilities of new technologies used with smart meters.
The monitoring data of power grid status is gathered by low‐profile sensors (e.g. PMUs). Obviously, data integrity needs to be provided so that the service provider can monitor the grid correctly. However, such sensors have limited computational power and power supplies. Moreover, monitoring data has strict latency requirements (e.g. about 10 ms for PMU data in WAMS). Therefore, it is not necessary to provide confidentiality and non‐repudiation to monitoring data. However, integrity of monitoring data must be guaranteed for precise grid monitoring and optimal grid operations. Certain control messages to intelligent components (e.g. in response to hazardous situations) also require integrity. Due to low latency and limited computational power at the receiver side, confidentiality and non‐repudiation may not be provided. Nonetheless, logs and files containing forensic evidence following events should probably remain confidential for both critical infrastructure and organizational reasons.
Different types of information are constantly transmitted over the public network in smart grid communications. General security requirements are listed in Table 10.3 for each type of information.
Table 10.3 Security requirements for data transmitted over the public networks.
Confidentiality | Data Integrity | Non‐repudiation | |
Pricing forecast | |||
Raw energy forecast | |||
Preprocessed data | |||
External information |
The security‐related issues for the interface between external systems and the customer site (for example, between a third party and the HAN gateway) include confidentiality and integrity. Not all security services are required for this interface. Obviously, the pricing forecast does not need to remain confidential; nonetheless its integrity and non‐repudiation must be guaranteed. Preprocessed data is transmitted from local control centers to the cloud computing service. Big data analytics can be applied to such data to extract energy forecasts, and thus it is not meant for the public. Therefore, confidentiality, integrity, and non‐repudiation are all required for preprocessed data. The raw energy forecast is made from big data analytics by the cloud computing service. Again, it is not meant for the public and thus confidentiality is required. Integrity and non‐repudiation are also important for the raw energy forecast. External information is usually open to the public, so confidentiality is not required. Neither is non‐repudiation, since the external sources may not even cooperate on this term. However, integrity should be provided. Availability and bandwidth are not generally critical between external parities and the customer site, since most interactions are not related to power system operations in real time.
In this section, we will discuss component‐based attacks and protocol‐based attacks in the smart grid communications infrastructure.
Stuxnet was specifically programmed to attack SCADA in 2010 [173]. This malicious computer worm could reprogram programmable logic controllers, which allow the automation of electromechanical processes such as those used to control process plants and nuclear plants. The design and architecture of Stuxnet are not domain specific, and it could be tailored to become a platform for attacking modern SCADA systems of the power grid.
The PMU could suffer from three types of attacks [174]. A reconnaissance attack is defined as an attack that reconnoiters and identifies the system before an attack by a cyber‐attacker. A packet injection attack is defined as sensor measurement injection and command injection. The third type of attack is denial of service. Since the PMU is required to have precise synchronization, another attack against the PMU is a time synchronization attack [175]. An example is the TSA‐GPS spoofing attack, which is achieved by inserting a delay on satellite signals and not modifying them in the encoding process. The goal is to maximize alternations among the receiver's clock offset with and without the attack. The main functions of the PMU affected by TSA are fault detection in the transmission line and inaccurate event location.
The SCADA may suffer from internal and external attacks. Internal attacks against the SCADA may be launched by employees or contractors who have access to the system. External attacks are nonspecific malware and hackers. For example, Stuxnet could be launched as either an internal or external attack. Attacks launched by a former insider may target special knowledge of the SCADA system. Attacks launched by external hackers or terrorists may not target special knowledge. Natural or even man‐made disasters should be considered attacks on the system.
Other cyberattacks can be launched against a specific component in the smart grid. For instance, regular cyberattacks against an SCADA system may include web server or SQL attacks, email attacks, zombie recruitment, DDoS attacks, etc. Some of the vulnerability points in the smart grid system could be unused telephone lines, use of removable media, infected Bluetooth‐enabled devices, Wi‐Fi‐enabled devices that have an Ethernet connection to a SCADA system, insufficiently secure Wi‐Fi, corporate web servers, email services, Internet gateways, etc.
All protocols run on top of the IP protocol, and the IP protocol has its own set of weakness. For example, DNP3 (distributed network protocol) implements TLS (transport layer security) and SSL (security sockets layer) encryption, which is weak. The protocol is vulnerable to out‐of‐order, unexpected, or incorrectly formatted packets. Besides the IP protocol, vulnerabilities may exist in smart grid relevant protocols. For example, a significant weakness for IEC 61850 (standard for design of substation automation) is that it maps to manufacturing message specification as the communications platform, which itself has a wide range of potential vulnerabilities. Protocol based attacks must be addressed according to a specific protocol. As mentioned earlier, standards and regulations are required to test any protocols that are proposed to secure smart grid communications infrastructure.
General solutions to cybersecurity can be applied to the secure smart grid communications infrastructure. Examples include security by obscurity, requiring a smart grid system to trust no one, applying a layered security framework, or deploy an efficient firewall, intrusion detection systems (IDS), and a self‐healing security systems.
The authors in [176] presented a layered specification‐based IDS to target ZigBee technology. The proposed design of the IDS is based on anomalous event detection. The work addressed some security issues in the physical and media access control layer. The normal behavior of the network is defined through selected specifications extracted from the IEEE 802.15.4 standard. Deviations from the defined normal behavior are viewed as a sign of malicious activities. The performance analysis demonstrated that the designed IDS provides a good detection capability against both known attacks and unknown attacks. The authors in [7] proposed to use message authentication code (MAC) to authenticate each message and prevent accidental and malicious data corruption en route. Aggregate MAC is often used, since the communication channel capacity is often small and the data size is short compared to the MAC code. However, the aggregate MAC is not resilient against DoS attacks. The authors in [177] applied two security protocols of WLAN (or Wi‐Fi) to a smart grid mesh network with a periodic key refreshment strategy. The proposed scheme can achieve simultaneous authentication of equals and efficient mesh security association. The security against DoS attack was improved in this key distribution solution.
Some security solutions are proposed specifically for smart grid communications network and components, especially in the area of private networks [10, 34, 171]. Much of the existing research is focused on AMI, since it is the core of DR in the smart grid. The authors in [178] proposed a privacy‐preserving metering system to preserve the privacy of consumers in the smart grid. In the proposed system, a user grants a service provider an access right to meter readings at a time granularity. Meter readings are securely stored in a semitrusted storage system. The authors in [179] proposed a privacy‐aware smart metering protocol: smart meter speed dating (SMSD). This protocol uses a peer‐to‐peer masking technique optimized for a small number of participating smart meters. The advantage of this protocol is its low demands on hardware and communication networks.
Metering data collected in the AMI is undoubtedly large in volume and refreshes frequently [34]. With more deployment of renewable energy sources, a large variety of data will also be introduced to the smart grid, such as ambient environmental status, storage unit status, and weather forecasts. Therefore, big data analytics is expected to become part of the smart grid [133, 180]. Cloud computing has been introduced to the smart grid so that big data analytics can take place [133, 181, 182]. Moreover, ID‐based cryptographic schemes have been widely studied [182–185]. Unlike well‐known symmetric cryptographic schemes (e.g. advanced encryption scheme), ID‐based cryptographic schemes need to be redesigned or modified for different applications in the proposed ICT framework due to various requirements. For instance, some data in our framework requires both confidentiality and non‐repudiation while the computation needs to be efficient; some data requires non‐repudiation only; the domain secrets need to be refreshed frequently, etc.
A more comprehensive information communications technology framework is required in the smart grid to better evaluate security in the communication infrastructure. For instance, a framework may include private networks set by a utility company, a hybrid cloud‐based control center with sensitive data collected and preprocessed at local control centers, and a more visionary idea of harvesting data from various public sources. With that, security can be designed and allowed to evolve as the smart grid evolves.
In the past years, many standards and regulations have been proposed for the smart grid communication infrastructure.
The Energy Independence and Security Act (EISA) of 2007 is a public law to move the United States toward greater energy independence and security; to increase the production of clean renewable fuels; to protect consumers; to increase the efficiency of products, buildings, and vehicles; to promote research on and deployment of greenhouse gas capture and storage options; and to improve the energy performance of the Federal Government, as well as other purposes.
In particular, EISA 2007 directs the NIST to coordinate the development of model standards for interoperability of smart grid devices and systems by 1) creating flexible, uniform, and technology neutral standards and 2) enabling traditional resources, distributed resources, renewables, storage, efficiency, and demand response to contribute to an efficient, reliable grid. Moreover, EISA 2007 directs the Federal Energy Regulatory Commission (FERC), when sufficient consensus exists, to adopt standards necessary to insure smart‐grid functionality and interoperability in the interstate transmission of electric power and regional and wholesale electricity markets. However, EISA 2007 did not expand the FERC's Federal Power Act authority to enforce standards.
Regulation may adopt standards separately or in parallel with FERC. State commission may also consider standards when approving utility investments. When adopting standards, regulators need to ensure interoperability and security, without impeding innovation. Regulators also need to consider that consistent action will influence the vendor community. Some vendors often will follow standards that are not legally mandated.
Table 10.4 lists a few selected standards proposed for the traditional power grid and the smart grid. IEEE Stardard P2030, “Guide for Smart Grid Interoperability of Energy Technology and Information Technology Operation with the Electric Power System (EPS), and End‐Use Applications and Loads” provides a knowledge base addressing terminology, characteristics, functional performance and evaluation criteria, and the application of engineering principles to smart grid interoperability of the electric power system with end‐use applications and loads [186].
Table 10.4 Selected standards for the Smart Grid.
Institute of Electrical and Electronics Engineers | |
Power Engineering Technology | |
IEEE Std 2030 | Information Technology |
Communications Technology | |
International Electrotechnical Commission | |
IEC 61968 | Distribution Management |
IEC 61970 | Common Information Model |
IEC 60870 | Intercontrol Center Communication Protocol |
IEC 62351 | Data and Communication Security |
IEC 62357 | Reference Architecture |
IEC 61850 | Standard for Design of Substation Automation |
IEC 61850‐7‐420 | Integration of Distributed Energy Resources |
IEC 61850‐7‐410 | Integration of Hydro Resources |
IEC 61400 | Integration of Wind Farms to Utility Communication Network |
IEC 62056 | Communication |
The International Electrotechnical Commission (IEC) has published over 100 standards that are relevant to the smart grid. In particular, IEC 62351, “Power systems management and associated information exchange—Data and communications security” is relevant to EMS, DMS, DA, SA, DER, AMI, DR, smart home, storage, and EVs in the smart grid. IEC 62351 has seven categories, where each one defines specifications for a certain area.
Other security standards and regulations have been developed for the current power grid and/or the smart grid communications infrastructure in the past. Some examples are:
Given the continuous evolution of the smart grid and the massive scale as well as complexity of the cyber‐physical system, even more standards and regulations are required by the smart grid communications infrastructure, especially for security.
In this chapter, we discussed security challenges and some solutions for the smart grid communications infrastructure. The challenges come from the technical requirements of various types of applications in the smart grid. They are also from the continuous operation and evolution of the smart grid. A logical security architecture published by the NIST can be used as a guideline for security planning. Security requirements in smart grid communications network shall be considered depending on applications using private or public network. In additon, although many standards and regulations have been proposed the smart grid, more are required to better guide efforts to secure the smart grid communications infrastructure.