Professional Documents
Culture Documents
Cyber Security For Smart Grid Systems: Status, Challenges and Perspectives
Cyber Security For Smart Grid Systems: Status, Challenges and Perspectives
AbstractThe transformation of traditional energy networks and power management whereas the last four deal with power
to smart grids revolutionizes the energy industry in terms of and information flows in the smart grid. These domains are
reliability, performance, and manageability by providing bi- connected with each other through secure communication links
directional communications to operate, monitor, and control
power flow and measurements. However, communication net- as shown in Fig. 1.
works in smart grid bring increased connectivity with increased
severe security vulnerabilities and challenges. Smart grid can be
target for cyber terrorism because of its critical nature.
a prime
As a result, smart grid security is already getting a lot of attention
from governments, energy industries, and consumers. There have
been several research efforts for securing smart grid systems in
academia, government and industries. This article provides a
comprehensive study of challenges in smart grid security, which
we concentrate on the problems and proposed solutions. Then, we
outline current state of the research and future perspectives. With
this article, readers can have a more thorough understanding of
smart grid security and the research trends in this topic.
Index
TermsCyber security, Smart Grid, Network Security
in Power Grid, Smart Grid Security.
I. I NTRODUCTION
The integration of electrical distribution system with com-
munication networks forms smart grid where power and
information flow is expected to be bi-directional [1], [2]. Fig. 1. The NIST conceptual model for smart grid [1].
This transformation of traditional energy networks to smart
grids revolutionizes the energy industry in terms of reliability, Smart grid has different components and assets such as
performance, and manageability by providing bi-directional power generations, distributions, consumers, regional control
communications to operate, monitor, and control power flow centers, substations, field devices, communication and net-
and measurements. Furthermore, smart grid is expected to working devices, phase measuring units, protecting relays,
automate the systems with the help of advanced communica- intelligent electronic devices, remote terminal units, human
tion systems.
Along with several benefits the communication machine interfaces, home appliances, circuit breakers, log
networks offers in smart grid, they bring the private power servers, data concentrators, protocol gateway, tap changers,
control
systems to the public communication networks and smart meters, etc. All of these components are connected in
associated security vulnerabilities [1][6]. Smart grid can be a smart grid to operate, monitor, and control power flow and
prime target for cyber terrorism because of its critical nature. measurements. Thus, the legacy cyber-security techniques are
As a result, cyber security for smart grid is getting a lot of not sufficient to meet the cyber security requirement of the
attention from governments, energy industries, and consumers. smart grid and its assets. For instance, consumers are con-
There have been several research efforts for securing smart cerned about their privacy as their lifestyle could be exposed
grid systems in academia, government and industries [6][8]. to malicious users because of compromised data communi-
According to National Institute of Standards and Technol- cation networks. Similarly, Advanced Metering Infrastructure
ogy (NIST) conceptual model for smart grid, communication (AMI), commonly known as the smart meter, could be easily
networks connect power system components as shown in compromised however once they are compromised, it is almost
Fig. 1. There are seven logical domains: Markets, Service impossible to change their passwords (PINs) as these devices
Operations, Bulk Generation, Transmission, Distri-
Provider, do not have their own keyboards to change passwords/PINs.
bution and Customer. The first three deal with data collection Thus, a controller may be needed to deploy new passwords
Generation, operation
and control Sub-station and
Transmission
automatically once it is compromised. Thus, the smart grid Distribution Consumers
7300-5/15/$31.00978-1-4673-7300-5/15/$31.00
2015 IEEE 2015 IEEE
Proceedings of the IEEE SoutheastCon 2015, April 9 - 12, 2015 - Fort Lauderdale, Florida
NAN and NAN works like a node for WAN through Smart grid Threats
their respective gateways. Furthermore, for reliability, Assets
B. Power
Systems Communication Network Protocols
There are various proprietary protocols and few open stan- Fig. 3. Evaluating the risks in smart grid systems.
dard protocols [12]. Two widely-used communications proto-
where Assets are the smart grid devices (such as smart meters,
cols in power systems are
substations, data, network devices, etc.), vulnerabilities allow
1) Distributed Networking Protocol 3.0 (DNP3): DNP3
an attacker to reduce a systems information assurance, and
was originally developed by General Electric Inc. that was
T hreats are the attacks coming from outside or inside of the
made public in 1993. The DNP3 is the predominant standard
smart grid systems.
used in North American power systems [12], [13]. Physical
In (1), the Risk can be minimized or made zero if one
layer of the its initial version was based on serial com-
the quantity on the right side is minimized or made zero.
munication protocols (such as RS-232, RS-422, or RS-485).
Note that in smart grid systems, Assets cannot be zero in the
However, its current version is based on TCP/IP model which
smart grid. T hreats cannot be made zero as they are coming
supports recent communication technologies with end-to-end
from unknown places or attackers. Thus, the main goal is to
communications.
minimize the V ulnerabilities in the smart grid to minimize
2) International Electrotechnical Commission (IEC) 61850:
the overall Risk in (1).
IEC 61850 protocol is recently standardized with Ethernet-
based communications for modern power substation automa- A. Security Objectives in the Smart Grid Systems
tion by the International Electrotechnical Commission [14]. Objectives of smart grid security is to comply with policies
IEC 61850 was designed to replace DNP3 in smart grid while securing information using Confidentiality, Integrity and
communications, however, current IEC 61850 is only limited Availability, also known as the CIA triad. The CIA triad [15]
within a power substation communications. Unlike DNP3, is a model designed to guide policies for information security
IEC 61850 built with a series of protocol stacks to support in smart grid systems which is shown in Fig. 4.
of services which are time-critical and monitoring.
a variety
Power substation communication deals with a number of time-
critical messages with end-to-end delay of 3 milliseconds to
y
In t
ali t
500 milliseconds.
e
gr i
nti
ty
de
There
are different types of messages with different require-
nfi
Co
7300-5/15/$31.00978-1-4673-7300-5/15/$31.00
2015 IEEE 2015 IEEE
Proceedings of the IEEE SoutheastCon 2015, April 9 - 12, 2015 - Fort Lauderdale, Florida
also involves preventing denial-of-service attacks leading to outermost layer. Note that cyber attacks could be at any layers
blackouts. to vandalize the entire smart grid.
Furthermore, Authenticity is also important in smart grid
as it is important to validate that both parties involved
systems
are who they claim to be. Authenticity of the information can Data security
be verified by using some features such as digital signatures
to give evidence that the message data is genuine. Application Security
B. Smart Grid Security Requirements HAN level security
and provide
robust power supply. In addition to CIA triad, the WAN level security
NIST report [1], [15], [16] recommends other specific security
requirements for the smart grid including physical security of
Fig. 5. Smart grid security using multiple levels of protection against attacks.
grid assets.
1) Self-healing and Resilience Operations in the Smart In the following sections, we present classification of attacks
Grid: In smart grid systems, communication network is open in the smart grid systems.
as smart grid assets are distributed over large geographical
area. Thus it is challenging to ensure the security in every A. Attack Classifications based on Networks
single node in the smart grid to be invulnerable to cyber at- 1) Home Area Networks (HAN) Attacks: Typical HAN
tacks.Thus the smart grid network must have some self-healing attacks target the home appliances and smart meters. HANs
capability against cyber attacks. Network must consistently use wired or wireless connections to provide interface to
perform profiling and estimating to monitor the data flow and smart grid to support consumer awareness of energy consump-
power flow status to detect any abnormal incidents due to tion and to support demand response functionality in real-
cyber attacks. To make data communication network available time. However, HAN is vulnerable to security attacks and
for power system operations, resilience data communication is the malicious users could use sophisticated attacks through
essential.
easily accessible devices such as the smart meters and the
2) Authentication and Access Control: There are millions associated communications hardware to interrupt the smart
of electronics
devices deployed throughout the power systems grid systems. Attackers could easily exploit the vulnerabilities
and millions of home appliances are connected to smart available within the firmware of HAN devices and use reverse
meters, authentication is the key process of verifying the engineering of devices to attack the grid. Thus all of the known
identity of a device or user to protect smart grid systems from threats to such a network must be identified and addressed to
unauthorized access. Furthermore, access control is used in avoid any damages caused by cyber vandalism to smart grid
smart grid to ensure that resources are accessed only by the initiated at HAN level. Several approaches have been proposed
appropriate parties that are correctly identified. in the literature to provide secure and reliable communications
3) Communication Efficiency and Security: The smart grid between the smart meter and consumer equipment in HAN
communication needs to be efficient to support real-time mon- to avoid security attacks. A security framework has been
itoring and secure with self healing cyber defense solutions proposed in [17] which integrates HAN device registration
to protect from any security attacks. As these features are and enrollment processes into a single network access au-
contradicting, trade-off between these parameters should be thentication procedure. This scheme prevents unauthorized
considered in smart grids. access to HAN by malicious users. A freshness counter based
session key exchange scheme has been proposed in [18] to
C. Automated Policy/Password Update Process ensure defense against replay attacks (also known as playback
Most
of the nodes (e.g., smart meters) in the smart grid attack) between the smart devices inside a house and the
do not have keyboards which makes the process of changing smart meter. This scheme helps prevent smart grid from valid
password/PIN
more difficult. Furthermore, manually changing data being delayed or transmitted repeatedly by malicious
passwords in such million devices is not feasible, thus the or fraudulent users. A scheme is proposed in [19] where
smart grid needs an automated process to deploy the policies security labels are used for data packets and enforce the
and/or passwords in real-time to prevent any attacks. information flow policy to avoid attacks in the grid through
HAN. Other security mechanisms includes frequency hopping
IV. C YBER ATTACKS AND D EFENSE S OLUTIONS FOR in wireless, dynamic security key management, advanced
S MART G RID S YSTEMS encryption schemes, intrusion prevention systems, intrusion
In order to secure the sensitive data and smart grid, the detection systems, authentication and authorization.
Fig. 5 shows five important layers that should be considered 2) Neighborhood Area Network (NAN) Attacks: Typical
when defining cyber security schemes for the smart grid. Data NAN attacks target the power sub-station and distribution cen-
security is in innermost layer and the WAN security is in the ters. The NAN interfaces HAN with WAN in smart grid and
7300-5/15/$31.00978-1-4673-7300-5/15/$31.00
2015 IEEE 2015 IEEE
Proceedings of the IEEE SoutheastCon 2015, April 9 - 12, 2015 - Fort Lauderdale, Florida
attacks could be coming directly through power substations or C. Cyber Defense Solutions for Smart Grid Systems
through HAN gateways. Thus protecting NAN is important to
To provide defense to cyber attacks targeting confidentiality
protect the entire smart grid. A intrusion detection framework
proposed in [20] where cyber attacks are detected at in the power grid, network coding has been presented to main-
has been
tain data privacy in the grid where all aspects of privacy such
NAN level with the help of NAN intrusion detection system
as anonymity, unlinkability, unobservablity, and undetectablity
(IDS) using support vector machine (SVM) and artificial
have been achieved [23], [24].
intelligent schemes. A 4-way handshaking mechanism has
Defense against cyber attacks targeting integrity, several
been proposed in [21] to establish secure links before smart
grid assets start their communications. Note that HAN devices approaches have been proposed [25][28]. To prevent integrity
should be limited to communicating only with a HAN manager attacks, a power fingerprinting technique has been proposed
application within the meter to minimize cyber attacks. in [25], a volt-var control (VVC) based scheme has been
proposed in [27], and a Trusted Network Connect (TNC) base
3) Wide Area Network (WAN) Attacks: WAN attacks are
approach had been studied in [28].
targeted to power generation and control devices. Note that
WAN infrastructures may be utility owned or public access There are several cyber defense solutions against attacks
targeting availability (e.g. [29][38]). Solutions to channel
depending on the business model of utility offices. There are
different WAN standards including ANSI C12.21 and ANSI jamming attacks include frequency hopping based on pre-
C12.22. In ANSI C12.21 based WAN access protocol uses shared sequence or uncoordinated rendezvous methods [37],
two-way authentication using DES encryption of a randomly [38] where transmitter and receiver meet to a common channel
generated token [22]. The ANSI C12.21 protocol is session- for communication while avoiding the jammer.
based thus a timeout can be implemented to release the In man-in-the-middle attacks, the cyber security solutions
session which reduces chances of cyber attacks based on the include use of in-depth packet analysis (e.g., IDS) since
permanent key. ANSI C12.22 adds another layer of security packets sniffed by the attacker have unmatched MAC and IP
by having data encryption using AES-128 bit on top of WAN address pairs [35], [36].
authentication. In ANSI C12.22 standard each communication To deal with buffer-overflow attacks in the smart grid, a
must be authenticated before any other operations. Note that flocking-based models of power system operation for the grid
the security schemes used in smart grid should provide highest has been proposed in [33] and a Discrete-Time Markov Chain
level of
security with minimal system and device performance (DTMC) model has been studied in [34].
impacts related to encryption, decryption, re-keying functions, A top-down analysis has been performed to prevent data
intrusion flooding attacks including other attacks in [31]. A defense
detection, intrusion prevention, etc.
solution to puppet attack that results in denial-of-services in
B. Attack Classifications based on Network Layers AMI network has been studied in [32].
Typical cyber attacks in the smart gird based on CIA Triad In order to overwhelm networking devices which have lim-
can be classified as below: ited computing resources, attackers can flood computationally
intensive requests using application layer attacks [29], [30].
1) Cyber Attacks Targeting Confidentiality These at-
A DDoS Shield based suspicion assignment mechanism and
tacks allow access to information to unauthorized users a DDoS-resilient scheduler have been proposed to prevent
in the smart grid [23], [24]. Malicious users misuse the
application layer attacks in [29].
information to harm others or take advantages from it.
2) Cyber Attacks Targeting Integrity Main motivation of
these types of attacks is to disrupt the data exchange in V. C HALLENGES AND F UTURE R ESEARCH D IRECTIONS
the smart grid by illegally modifying or inserting false
There are several challenges to secure smart grid systems
information [25][28].
from multitude of attacks and meet the security requirements
3) Cyber Attacks Targeting Availability Attackers main
and objectives of smart grid as smart grid assets are distributed
motivation is to block or delay the communication in
the smart grid so that the power delivery could be over large geographic areas. Because of the critical nature
of power systems and socioeconomic impact of blackouts,
interrupted. This type of attack is also known as denial-
of-service attack. A typical attacks are listed in Table I. smart grid can be a prime target for cyber terrorism. The
cyber defense solutions should protect all aspects of smart
grid systems. The defense solution integrate multiple de-
TABLE I
T YPICAL C YBER ATTACKS TARGETING AVAILABILITY IN P OWER G RIDS . fense techniques including proactive real-time intrusion pre-
vention/detection systems (IPS/IDS) using machine learning
Network Layer Attacks in Smart Grids and artificial intelligence, network segmentation, controlled
Application layer CPU exhausting [29], [30]
Network and Data flooding [31], [32] wireless propagation, authentication, authorization, certifica-
Transport layer Buffer overflow [33], [34] tion. The proposed solutions should comprise of scalable,
MAC layer Man-in-the-middle attacks [35], [36] resilient, and adaptive cyber security/defense techniques for
Physical layer Jamming channels [37], [38]
smart grid operation without affecting any legitimate smart
grid operations.
7300-5/15/$31.00978-1-4673-7300-5/15/$31.00
2015 IEEE 2015 IEEE
Proceedings of the IEEE SoutheastCon 2015, April 9 - 12, 2015 - Fort Lauderdale, Florida
VI. S UMMARY [17] Y. Tanaka, Y. Terashima, M. Kanda, and Y. Ohba, A security architec-
ture for communication between smart meters and han devices, in 2012
Communication networks in smart grid bring increased IEEE Third International Conference on Smart Grid Communications
connectivity to revolutionize the energy industry in terms of (SmartGridComm), 2012, pp. 460464.
[18] G. A. Tizazu, H. R. Hussen, and K.-H. Kim, Secure session key
reliability, performance, and manageability by providing bi-
exchange scheme for smart grid home area networks, in 2013 Interna-
directional communications to operate, monitor, and control tional Conference on ICT Convergence (ICTC), 2013, pp. 11161120.
power flow and measurements. However, communication net- [19] J. Tong, W. Sun, and L. Wang, An information flow security model
works bring severe security vulnerabilities with them. Further- for home area network of smart grid, in 2013 IEEE 3rd Annual
International Conference on Cyber Technology in Automation, Control
more, smart grids can be a prime target for cyber terrorism and Intelligent Systems (CYBER), 2013, pp. 456461.
because of their critical nature and socioeconomic impact of [20] Y. Zhang, L. Wang, W. Sun, R. C. Green, and M. Alam, Distributed
blackouts. In this paper, we have provided a compact survey intrusion detection system in a multi-layer network architecture of smart
grids, IEEE Trans. on Smart Grid, vol. 2, no. 4, pp. 796808, 2011.
of cyber security attacks and defense techniques in smart grid [21] H. Gharavi and B. Hu, 4-way handshaking protection for wireless mesh
that are targeted at different networks and protocol
systems network security in smart grid, in 2013 IEEE Global Communications
layers. With this article, readers can have a more thorough Conference (GLOBECOM), 2013, pp. 790795.
[22] A. Snyder and M. G. Stuber, The ansi c12 protocol suite-updated
understanding
of smart grid security, its requirements and and now with network capabilities, in Power Systems Conference: Ad-
objectives, and the future research directions in this topic. vanced Metering, Protection, Control, Communication, and Distributed
Resources, 2007, 2007, pp. 117122.
ACKNOWLEDGMENT [23] H. Nicanfar, P. TalebiFard, A. Alasaad, and V. Leung, Enhanced
This work is supported partly by the National Science network coding to maintain privacy in smart grid communication, 2013.
[24] A. Barenghi and G. Pelosi, Security and privacy in smart grid in-
Foundation (NSF) grant-CNS 1405670 and Georgia Southern frastructures, in 22nd International Workshop on Database and Expert
University. Any opinion, finding, and conclusions or recom- Systems Applications (DEXA), 2011, pp. 102108.
[25] J. Reed and C. Gonzalez, Enhancing smart grid cyber security using
mendations expressed in this material are those of the authors
power fingerprinting: Integrity assessment and intrusion detection, in
and do not necessarily reflect the views of NSF. Future of Instrumentation Intl Workshop (FIIW), 2012, 2012, pp. 13.
[26] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and
R EFERENCES K. Poolla, Smart grid data integrity attacks: characterizations and
[1] NIST Special Publication 1108, NIST Framework and Roadmap for countermeasures , in 2011 IEEE International Conference on Smart
Smart Grid Interoperability Standards, Release 1.0, January 2010. Grid Communications (SmartGridComm), 2011, pp. 232237.
[Online Accessed: December 30, 2014] http://tinyurl.com/a2m5kw2. [27] A. Teixeira, G. Dan, H. Sandberg, R. Berthier, R. B. Bobba, and
[2] Litos Strategic Communication, The Smart Grid: An Introduc- A. Valdes, Security of smart distribution grids: Data integrity attacks on
May 31, 2009. [Online Accessed: December 30, 2014]
tion, integrated volt/var control and countermeasures, in American Control
http://tinyurl.com/cp67y5o. Conference (ACC), 2014, 2014, pp. 43724378.
[3] D. B. Rawat, B. B. Bista, and G. Yan, Security, Privacy, Trust, and [28] K.-O. Detken, C.-H. Genzel, C. Rudolph, and M. Jahnke, Integrity
Resource Management in Mobile and Wireless Communications. In- protection in a smart grid environment for wireless access of smart
formation Science Reference, 2014. meters, in 2014 2nd International Symposium on Wireless Systems
[4] C. Kaufman, R. Perlman, and M. Speciner, Network security: private within the Conferences on Intelligent Data Acquisition and Advanced
communication in a public world. Prentice Hall Press, 2002. Computing Systems: Technology and Applications (IDAACS-SWS), 2014,
[5] D. B. Rawat, Computer and network security: An experimental ap- pp. 7986.
[29] S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly,
proach, 2013.
DDoS-shield: DDoS-resilient scheduling to counter application layer
[6] S. Clements and H. Kirkham, Cyber-security considerations for the
smart grid, in 2010 IEEE Power and Energy Society General Meeting, attacks, IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp.
pp. 15.
2010, 2639, 2009.
[7] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, A survey on cyber security [30] S. Sridhar, A. Hahn, and M. Govindarasu, Cyberphysical system
for smart grid communications, IEEE Communications Surveys & security for the electric power grid, Proceedings of the IEEE, vol. 100,
Tutorials, vol. 14, no. 4, pp. 9981010, 2012. no. 1, pp. 210224, 2012.
[8] M. HADLEY, N. Lu, and A. DEBORAH, Smart-grid Security Issues, [31] Z. Lu, X. Lu, W. Wang, and C. Wang, Review and evaluation of security
IEEE Security and Privacy, vol. 8, no. 1, pp. 8185, 2010. threats on the communication networks in the smart grid, in 2010 IEEE
[9] A. K. Aggarwal and P. S Verma, A proposed communications infras- MILCOM, 2010, pp. 18301835.
tructure for the smart grid, 2010. [32] P. Yi, T. Zhu, Q. Zhang, Y. Wu, and J. Li, A denial of service attack in
[10] M. E. Crovella and A. Bestavros, Self-similarity in world wide web advanced metering infrastructure network, in 2014 IEEE International
traffic: evidence and possible causes, IEEE/ACM Transactions on Conference on Communications (ICC), 2014, pp. 10291034.
Networking, vol. 5, no. 6, pp. 835846, 1997. [33] J. Wei and D. Kundur, A flocking-based model for dos-resilient commu-
[11] P. M. Kanabar, M. G. Kanabar, W. El-Khattam, T. S. Sidhu, and nication routing in smart grid, in 2012 IEEE Global Communications
A. Shami, Evaluation of communication technologies for iec 61850 Conference (GLOBECOM), 2012, pp. 35193524.
based distribution automation system with distributed energy resources, [34] D. Jin, D. M. Nicol, and G. Yan, An event buffer flooding attack
in Power & Energy Society General Meeting, 2009. PES09. IEEE, 2009, in DNP3 controlled SCADA systems, in Proceedings of the Winter
pp. 18. Simulation Conference, 2011, pp. 26192631.
[12] S. Mohagheghi, J. Stoupis, and Z. Wang, Communication protocols [35] Y. Yang, K. McLaughlin, T. Littler, S. Sezer, E. G. Im, Z. Yao, B. Prang-
networks for power systems-current status and future trends, in
and gono, and H. Wang, Man-in-the-middle attack test-bed investigating
IEEE/PES Power Systems Conference and Exposition, 2009, pp. 19. cyber-security vulnerabilities in smart grid SCADA systems, 2012.
[13] S. East, J. Butts, M. Papa, and S. Shenoi, A taxonomy of attacks on [36] U. K. Premaratne, J. Samarabandu, T. S. Sidhu, R. Beresh, and J.-C. Tan,
dnp3 protocol, in Critical Infrastructure Protection III. Springer,
the An intrusion detection system for IEC61850 automated substations,
2009, pp. 6781. IEEE Trans. on Power Delivery, vol. 25, no. 4, pp. 23762383, 2010.
[14] R. Mackiewicz, Overview of iec 61850 and benefits, in 2006 IEEE [37] Z. Lu, W. Wang, and C. Wang, From jammer to gambler: Modeling and
Power Systems Conference and Exposition, 2006, pp. 623630.
PES detection of jamming attacks against time-critical traffic, in INFOCOM,
[15] The Smart Grid Interoperability Panel Cyber Security Working Group, 2011 Proceedings IEEE, 2011, pp. 18711879.
Smart grid cyber security Guidelines, 2010, pp. 1597. [38] , Hiding traffic with camouflage: Minimizing message delay in
[16] W. Wang and Z. Lu, Cyber security in the smart grid: Survey and the smart grid under jamming, in INFOCOM, 2012 Proceedings IEEE,
challenges, Computer Networks, vol. 57, no. 5, pp. 13441371, 2013. 2012, pp. 30663070.
7300-5/15/$31.00978-1-4673-7300-5/15/$31.00
2015 IEEE 2015 IEEE