Professional Documents
Culture Documents
Lecture 15 - Smart Grids - Demand Response and Security
Lecture 15 - Smart Grids - Demand Response and Security
Lecture 15 - Smart Grids - Demand Response and Security
Demand Response
and Security
Binoy B Nair
What is smart grid?
Announced in US by President Barack Obama on 8th January, 2009
Smarter
❑ Generation
❑ Transmission
❑ Distribution
❑ Customer
participation
❑ Operations
❑ Markets
❑ Service Providers
Overall objective:
IEEE:
❑ Smart grid is a large ‘System of Systems’, where each
functional domain consists of three layers: (i) the power
and energy layer, (ii) the communication layer, and (iii) the
IT/computer layer.
Smart Grid
Unbundled and Informed and DERs with Power Better Data driven, Self
Distributed participative plug and play Quality is a market predictive Healing,
Structure customers features priority and asset automatic &
services management predictive
for fault
customers address 5
Conventional Grid Vs. Smart Grid ..Contd
Characteristics
Cyber Attack Disaster Event Communi - Predictive Intelligence Efficiency
Management Analysis cation
Smart Grid
Resilient to Quick and Smart Integrated Predictive Intelligent to Efficiency
cyber attacks proactive analytics two way processes integrate and focus
response with communi- & apps. process
to disasters forecast cation critical info.
6
Smart Grid Network
Transformed Power System Network - Utilities are poised to move from the
traditional power system to a highly flexible, secured and green power system
by using integrated two way communications and advanced control
technology. Wind Farm Industry
Energy Storage Commercial
EV
Generatio Residential
n
Distribution
Network
Roof Top
Solar
Microgrid
Wind
Solar Farm Farm
Cyber –
commu
nication
s layer
Convent
ional
grid
layer
Source: IEEE Standard 2030-2011: IEEE Guide for Smart Grid Interoperability of Energy Technology and
Information Technology Operation with the Electric Power System (EPS), End-Use Applications, and Loads
Smart Grid CPS Layers
• Smart grid can be visualized as having two separate layers which make up
a complex cyber-physical system:
1. Power grid layer which is composed of generation, transmission, and
distribution
2. Cybercommunication layer for each of the power grid’s domains
which will then be connected and integrated with measures for
useful interoperability.
• Each of these domains must have physical and cyber interfaces to allow
for proper communication between devices connected to the grid which
depend on mass aggregation of customer and equipment operational
data.
Simple AMI
Communication
Architecture *
Since large scale energy storage is not yet a reality, the total amount of
electricity generated needs to always be equal total amount of electricity
consumed.
In case this condition is violated, say, during peak summer when demand >
supply, the excess demand is removed from the grid through power-cuts.
In the opposite case when the power generated is > demand, some of the
power stations are usually shut down till the demand increases.
*DOE Report. Benefits of demand response in electricity markets and recommendations for achieving them; 2006.
〈http://westvirginia.sierraclub.org/〉.
Price options
Types of
Incentive- or
demand event-based options
response
Demand reduction
bids
Types of demand response: Price options
DRP: DR Programme
Security in
Smart Grid
Why attack a smart grid?
Smart grids are the intersection of intelligence, energy, politics and social
concerns and this explains the variety of attackers and their intentions.
Industrial
Cyber warfare Terrorism
espionage
Economic Disgruntled
Activism
reasons employees
Practical jokes
taken too far
Who attacks a smart grid?
Amateur attackers
Employees
Competitors
Customers
What is the aim of attack?
Main Security
Objectives in Integrity
Smart Grids
Confidentiality
Security Objective: 1. Availability
• Availability means:
• Ensuring authorized parties can access to the information when needed.
• Guaranteeing that unauthorized persons or devices can not access the
system.
This may cause the system involved in power management to make incorrect
decisions.
Security Objective: 3.Confidentiality
• Confidentiality requires that:
• The stored and transmitted data can only be accessed by the relevant
receivers.
• Unauthorized users are prevented from accessing data to protect
personal privacy and security.
Privacy requires that user data can not be used for different
purposes without user’s approval, can not be obtained by
different people, and can only be used for specified purposes.
Cyber Attacks
• Destroy the physical infrastructure: cut the electric lines, damage the
transformers, etc.
• We can consider this as a type of denial-of-service attack (DoS), and
multiple such DoS attacks create a distributed DoS (DDoS) attack.
• Based on the scale of attack, may be very effective since replacing
equipment takes a lot of time and effort.
https://www.wearethemighty.com/mighty-history/legendary-dam-busters-crippled-germany/
Cyber Attacks: Attacks on Access Control
In the instance that the scheme utilizes a single KDC, this also presents a
single point of failure.
Cyber Attacks: Attacks on Access Control
• An attacker has the opportunity to carry out a DoS attack and stop legitimate
users from accessing important data stored and accessed on the grid.
• An information and credential stealing session can provide a hacker with the
data to masquerade and gain access to secret of sensitive data.
• In many instances, proper encryption is not in place in networks vulnerable
to man-in-the-middle attacks.
• Several vulnerabilities have been discovered in equipment from specific
vendors which allow for access to backdoors in SCADA systems.
• These backdoors have included valid credentials being hardcoded into an
operational system’s software which allows for trivial means of access by a
hacker.
Cyber Attacks: Attacks on Cryptography
• The cryptography flavor of choice for the smart grid is that of a public key
infrastructure (PKI).
• This means that each of these networks have wellknown vulnerabilities.
• This method creates a vulnerability in which a single point of failure exists
between a key distribution agent or certificate authority (CA) when utilizing a
certificate-based system.
• A successful DoS attack would render all or most encrypted communication
invalid or foreign as the receiver does not have the ability to verify the sender’s
identity.
• In addition to a single point of failure, vulnerability exists in a hacker’s ability to
acquire the root key in a PKI which would allow for unfettered malicious
communication as modern masquerading techniques are advanced and
sufficient.
Cyber Attacks: Attacks on Cryptography
A method used with many devices hosting modern software is automatic online
updating.
While this functionality is crucial in AMI and in devices in other sub-networks, its
implementation may ultimately be the source of malicious acts.
This can allow a hacker the opportunity to load a malicious version of firmware or
software onto the devices and allow for more devious acts from the inside.
Cyber Attacks: Attacks on Firmware/Software Policy
• Network architectures that future systems will be modeled after will most
likely resemble a mesh-like topology.
• This type of system will of course be placed on top of the existing power grid
infrastructure.
• DoS attacks are of great concern here.
• In the case of natural disaster or malicious physical attack in area which
there is lacking redundancy and fault detection.
• These DoS attacks can be of a distributed nature in which Internet Protocol
(IP) addresses are spoofed, flood the victim network, or be a single attacker
that attacks a specific service or grid component.
• This may result in blackouts or rolling brownouts and network overloads
Cyber Attacks: Software Input Validation
• In a smart grid system, as in any system, input will request processing from
various sources constantly.
• This input must be handled properly to avoid catastrophic consequences.
• Invalid operations or arbitrary execution of malicious code can be
devastating, even improper handling of valid and safe input or code can
cause unexpected results.
Cyber Attacks: Software Input Validation
With input of malicious or misleading data, the smart appliance may falsify
data or be taken over completely, not only risking secure authentication data
of the user, but giving the attacker a valid entry point into the grid networks.
With access to a HAN or NAN in the smart grid, the attacker can intercept
communications and relay with or without modifying its contents.
Common methods
to exploit software
vulnerability
Methods to exploit software vulnerability
Attack Type Description Devices Affected Defense
Buffer Overflow An operation which writes data and Devices employing software Bound checking, safe coding
overwrites adjacent memory. vulnerable to write procedures, ASLR
exploitation (Networked
Devices)*
Race Cond Programming flaw in which the result Devices employing software Increase integrity checks,
of the output is dependent on with improper input strategic checkpoints
sequence of events. validation and Quality of
Service (QoS)*
SQL Injection Submitting malicious SQL statements Databases Query sanitization (based
in a web form to a SQL database. on DB)
Cross-site Injection of client-side script into web Servers using scripting Disallowing untrusted data
Scripting pages exploiting web browsers or web languages in HTML pages, Sanitization,
applications.
Cross-site Request A session hijacking technique in which Servers using scripting Cookie Security,
Forgery a hacker masquerades as a trusted languages Authenticate per request,
user. “NoScript” declaration
Methods to exploit software vulnerability
Attack Type Description Devices Affected Defense
OS Injection Executing commands via a web Devices employing software Proper coding practices
interface on a remote server. vulnerable to injection
DoS Utilizing machine resources or making Devices Providing resources: QoS, Distributed Servers,
resources unavailable for other users SCADA, EMS, AMI, PLC ACLs
Phishing Using methods to masquerade as a Devices operated by users Web Browser Extensions,
trusted party to gain information from Training Programs
a user.
Malicious Rem Devices containing malicious software Devices operated by users Employee Training Programs
Media
Backdoor Admin Unauthorized user using admin Mainly SCADA Vendor selection, Access
Cred credentials to gain access to controls
hardware.
Fuzzing Inputting data to a remote networked Networked devices serving Address Randomization,
entity which is monitored for as servers: HMI Stack protection, buffer
undefined results. length checking
Methods to exploit software vulnerability
Attack Type Description Devices Defense
Affected
Crypto Key Flash Accessing device hardware directly with specific AMI Physical Protection, Data
Extraction tools to extract data Encryption
Flash Image Manipulation Modifying software images before installment AMI Physical Protection, Data
Encryption
Meter Bypass Masquerading or hijacking a communication AMI Physical Protection, Data
session stream Encryption, Authentication
Meter Measurement Modifying AMI to report incorrect measurements AMI Physical Protection
Modification
Extract RAM Accessing the device hardware directly with AMI Physical Protection, Data
specific tools to extract RAM. Encryption
Extract Firmware Accessing the device hardware directly with AMI Physical Protection, Data
specific tools to extract firmware in memory. Encryption, Update Signing
Methods to exploit software vulnerability
• If the 9 security requirements listed in previous slides are taken care of , the risk of such
attacks can be minimized
References