Smart Grids:

Demand Response
and Security
Binoy B Nair
 What is smart grid?
Announced in US by President Barack Obama on 8th January, 2009

Smarter
❑ Generation
❑ Transmission
❑ Distribution
❑ Customer
participation
❑ Operations
❑ Markets
❑ Service Providers
Overall objective:

Smart/best/optimal utilization of all the available

resources.
 What is smart grid?...contd.

Definition by NIST- USA:

A modernized grid that enables bidirectional flows of energy
and uses two-way communication and control capabilities that
will lead to an array of new functionalities and applications.

IEEE:
❑ Smart grid is a large ‘System of Systems’, where each
functional domain consists of three layers: (i) the power
and energy layer, (ii) the communication layer, and (iii) the
IT/computer layer.

❑ Layers (ii) and (iii) above are the enabling infrastructures

that makes the existing power and energy infrastructure
‘smarter’.
Domain of Smart Grid spans over Generation, Transmission,
Distribution till Customer Devices
 Conventional Grid Vs. Smart Grid
Characteristics
Architecture Consumer Generation Power New Asset Self
Participation and Storage Quality Product optimization Healing
Options and
Services

Conventional Power Grid

Hierarchical and Non- Central Poor Limited, Poor, little No Self
Vertical Structure participative Generator quality, poor data Healing
And dominance, focus on customer integration
uninformed no Storage
outage focus
framework

Smart Grid
Unbundled and Informed and DERs with Power Better Data driven, Self
Distributed participative plug and play Quality is a market predictive Healing,
Structure customers features priority and asset automatic &
services management predictive
for fault
customers address 5
Conventional Grid Vs. Smart Grid ..Contd
Characteristics
Cyber Attack Disaster Event Communi - Predictive Intelligence Efficiency
Management Analysis cation

Conventional Power Grid

Vulnerable Slow and Slow and Mostly one Non- Limited Poor
to cyber attack reactive tedious way predictive intelligence efficiency
response to event communi- processes
natural disaster analysis cation and apps
process

Smart Grid
Resilient to Quick and Smart Integrated Predictive Intelligent to Efficiency
cyber attacks proactive analytics two way processes integrate and focus
response with communi- & apps. process
to disasters forecast cation critical info.

6
 Smart Grid Network
Transformed Power System Network - Utilities are poised to move from the
traditional power system to a highly flexible, secured and green power system
by using integrated two way communications and advanced control
technology. Wind Farm Industry
Energy Storage Commercial
EV

Generatio Residential
n
Distribution
Network

Roof Top
Solar

Microgrid
Wind
Solar Farm Farm

Power Flow in Smart Grid

Intelligent ICT Network
Power Flow in conventional Power
System (Fig. Source: Internet)
 Smart Grid CPS Layers

Cyber –
commu
nication
s layer

Convent
ional
grid
layer

Source: IEEE Standard 2030-2011: IEEE Guide for Smart Grid Interoperability of Energy Technology and
Information Technology Operation with the Electric Power System (EPS), End-Use Applications, and Loads
Smart Grid CPS Layers

• Smart grid can be visualized as having two separate layers which make up
a complex cyber-physical system:
1. Power grid layer which is composed of generation, transmission, and
distribution
2. Cybercommunication layer for each of the power grid’s domains
which will then be connected and integrated with measures for
useful interoperability.

• Each of these domains must have physical and cyber interfaces to allow
for proper communication between devices connected to the grid which
depend on mass aggregation of customer and equipment operational
data.
 Simple AMI
Communication
Architecture *

* Khurana H.; et aI., "Smart-Grid Security

Issues," Security & Privacy, IEEE, vol. 8, pp.
81-85,2010.

Simple Smart Grid

Communication
Architecture
AMI System
Demand Response in smart grids
What is Supply-side response?

Since large scale energy storage is not yet a reality, the total amount of
electricity generated needs to always be equal total amount of electricity
consumed.

In case this condition is violated, say, during peak summer when demand >
supply, the excess demand is removed from the grid through power-cuts.

In the opposite case when the power generated is > demand, some of the
power stations are usually shut down till the demand increases.

This is supply-side response.

Why is supply-side response problematic?

There are limits to what can be

achieved on the supply side.
• Some generating units can take a long time to
come up to full power
• Some units may be very expensive to operate
• Demand can at times be greater than the
capacity of all the available power plants put
together.
What is demand response?

Demand response: Changing in the power

consumption of an electric utility customer to
better match the demand for power with the
supply.

In other words, demand response seeks to adjust

the demand for power instead of adjusting the
supply.
 Formally, DR refers to:
“changes in electric usage by
end-use customers from their
normal consumption patterns
in response to changes in the
Formal price of electricity over time,
or to incentive payments
Definition designed to induce lower
electricity use at times of high
wholesale market prices or
when system reliability is
jeopardized”*.

*DOE Report. Benefits of demand response in electricity markets and recommendations for achieving them; 2006.
〈http://westvirginia.sierraclub.org/〉.
 Price options

Types of
Incentive- or
demand event-based options
response

Demand reduction
bids
Types of demand response: Price options

TOU (time of use rates): rates with fixed price blocks

that differ by time of day

CPP (critical peak pricing): rates that include a

prespecified, extra-high rate that is triggered by the
utility and is in effect for a limited number of hours
RTP (real-time pricing): rates that vary continually
(typically hourly) in response to wholesale market
prices
Types of demand response: Incentive-
or event-based options

• Direct load control: customers receive incentive payments for allowing

the utility a degree of control over certain equipment.
• Emergency DR programs: customers receive incentive payments for load
reductions when needed to ensure reliability.
• Capacity market programs: customers receive incentive payments for
providing load reductions as substitutes for system capacity.
• Interruptible/curtailable: customers receive a discounted rate for
agreeing to reduce load on request.
• Ancillary services market programs: customers receive payments from a
grid operator for committing to curtail load when needed to support
operation of the electric grid (i.e., ancillary services)
Types of demand response: Demand
reduction bids

• Demand bidding/buyback programs: Customers offer bids to curtail load

when wholesale market prices are high
 Potential benefits of demand response
Operation
Relieve congestion manage contingencies,
Transmissio avoiding outages
n and
distribution Reduce overall losses, Facilitate technical
operation
Reduce energy generation in peak times: reduce
cost of energy and possibly emissions
Facilitate balance of supply and demand
Generation (especially important with intermittent
generation)
Reduce operating reserves requirements or
increase short-term reliability of supply
Consumers more aware of cost and
consumption, and even environmental impacts
Demand Give consumers options to maximize their
utility: opportunity to reduce electricity bills or
receive payments
Infrastructure Expansion
Defer investment in network
reinforcement or increase
long-term network reliability
Avoid investment in peaking units
Reduce capacity reserves
requirements or increase
long-term reliability of supply
Allow more penetration of
intermittent renewable sources
Take investment decisions with
greater awareness of consumption
and cost
 Implementing DR

DRP: DR Programme
Security in
Smart Grid
Why attack a smart grid?
Smart grids are the intersection of intelligence, energy, politics and social
concerns and this explains the variety of attackers and their intentions.

Industrial
Cyber warfare Terrorism
espionage

Economic Disgruntled
Activism
reasons employees

Practical jokes
taken too far
Who attacks a smart grid?

Amateur attackers

Professional attackers/ Terrorists

Employees

Competitors

Customers
What is the aim of attack?

Manipulation Sabotage Espionage

 Availability

Main Security
Objectives in Integrity
Smart Grids

Confidentiality
Security Objective: 1. Availability
• Availability means:
• Ensuring authorized parties can access to the information when needed.
• Guaranteeing that unauthorized persons or devices can not access the
system.

• In Smart Grids, availability relates to all cyber systems such as SCADA,

distributed control centers, and distribution management systems (DMS), as
well as communication networks between these systems and external
networks.
Security Objective: 1. Availability

• Denial of service (DoS) and distributed DoS (DDoS) attacks target

availability of the system.
• They aim to disrupt the data transfer and can delay, prevent, or
disrupt the transmission of data in smart grids.
• This, causes blackouts, brownout or denial of data exchange.
• Loss of control messages or accessibility of the data stream can
cause disruption of the power generation/distribution.
• Thus, availability is generally considered to be the most
important cyber-security necessity in Smart Grids.
Security Objective: 2.Integrity

• Integrity involves preventing tampering of critical data in sensors,

control commands, software and electronic devices to disrupt data
exchange and decision making.
• Non-repudiation and authenticity are important components of
data integrity.
Security Objective: 2.Integrity
The goal of integrity attacks are to modify customer information such as customer
account data, billing data or network operation data like operating status of the
devices, voltage readings.
In other words, such attacks attempt to deliberately alter the original data in the
smart grid communication system to disrupt critical data exchange in the smart
grid.
Malicious alteration or repetition of data flow, control messages and sensor values
indicate that the system is being attacked.

This is called loss of integrity.

This may cause the system involved in power management to make incorrect
decisions.
Security Objective: 3.Confidentiality
• Confidentiality requires that:
• The stored and transmitted data can only be accessed by the relevant
receivers.
• Unauthorized users are prevented from accessing data to protect
personal privacy and security.

• From a smart grid perspective, this refers to privacy of customer data,

electric market data, and critical enterprise data.
• Violation of confidentiality results from the disclosure of private data.
• With the increasing accessibility of customer data on the Internet,
confidentiality is becoming more and more significant.
 • There are also some other security
requirements that must be with
Security availability, integrity and confidentiality
which is the basic security components
Requirements in smart grids.
in Smart Grids
 • Prominent requirements are as follows:
1. Privacy
2. Authorization
Security 3. Non-Repudiation
4. Identification
Requirements 5. Authentication
in Smart Grids 6. Access Control
7. Auditing
8. Reliability/Consistency
9. Accountability
Security Req. in Smart Grids: 1. Privacy

Privacy requires that user data can not be used for different
purposes without user’s approval, can not be obtained by
different people, and can only be used for specified purposes.

For example, energy consumption data used for billing

purposes can not be used for other purposes.
Security Req. in Smart Grids: 2. Authorization

Authorization ensures that an authenticated object or

person has predetermined rights to perform certain
operations on certain resources.

For example, an officer who must manually configure

on a smart meter must have predetermined authority
and access control rights.
Security Req. in Smart Grids: 3. Non-Repudiation

Non-Repudiation is the verification that a particular

action performed by a system or user can not be
denied later.

The goal of the non-repudiation is to be able to prove

that a particular message is associated with a
particular individual.
Security Req. in Smart Grids: 4. Identification

• It is the ability to identify uniquely a user of a system or an

application that is running in the system.
Security Req. in Smart Grids: 5. Authentication

It is the process of verifying the identify of a user.

Authentication is the ability to prove that a user or

application is genuinely who that person or what
that application claims to be.
It proves the identity of the user or client machine
attempting to log in.
Security Req. in Smart Grids: 6. Access Control

It refers to the management of admission to

system and network resources.

So, only authenticated users can access to

specific resources based on company policies.
Security Req. in Smart Grids: 7. Auditing

It means a systematic evaluation of the security of an information

system by measuring how well it fits to a set of established criteria.

A whole audit typically assesses the security of the system’s physical

configuration environment, processes, user practices, information
handling, and software.
Auditing ensures that both users and administrators are in compliance
with security policies.

Auditing is an effective method for ensuring accountability.

Security Req. in Smart It refers to the
trustworthiness to do what
Grids: 8. the system is expected or
Reliability/Consistency designed to do.
 It means that every user’s traceability of actions
performed on a system must be provided.
Security Req. in
Smart Grids: 9.

The use of user identification and authentication

Accountability
supports accountability.

Sharing user passwords with third parties

destroys the accountability.

Every user in the system should have specific

responsibilities for information security and they
must explain all of their actions about
cyber-security.
 Vulnerable Grid Entities
Operational
Systems IT Systems Comm. Protocols Endpoints Human Factors

Generators PCs Wifi (IP) Electric Vehicles Human Training

Social
Transformers Servers Zigbee Smart Meters Engineering

SCADA Apps 4G Mobile Devices Phishing

PMU DBs DNP3 IEDs Data Transfer

PLC Web Services IEC 60870

Smart Meters IEC 61850
DNP3 is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as
electric and water companies.
IEC 60870 standards define systems used for SCADA especially for those used in power grid type applications.
IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations.
Types of Attack
Physical Attacks

Cyber Attacks

1. Attacks on Access Control

2. Attacks on Cryptography
3. Attacks on Firmware/Software Policy
4. Attacks on Network Design
5. Software Input Validation
6. Other Attacks
Physical Attacks

• Destroy the physical infrastructure: cut the electric lines, damage the
transformers, etc.
• We can consider this as a type of denial-of-service attack (DoS), and
multiple such DoS attacks create a distributed DoS (DDoS) attack.
• Based on the scale of attack, may be very effective since replacing
equipment takes a lot of time and effort.

https://www.wearethemighty.com/mighty-history/legendary-dam-busters-crippled-germany/
Cyber Attacks: Attacks on Access Control

In the smart grid setting, there are several types of users

which require access to data involved with the grid.

These roles include operators, engineers, technicians,

and managers.

The policy implemented in the systems must manage

multiple domain and network architectures.

The interconnection of domains and grids presents

difficulties in current access control policies.
Cyber Attacks: Attacks on Access Control

Some of the mainstream methods used to protect this information

fall under the category of attribute-based encryption (ABE) or
role-based access control (RBAC).

These schemes can have their user revocation abilities bypassed if

one gains the ability to masquerade or tamper with a legitimate
user’s attributes or communication stream.

These basic schemes have been found insufficient as they cannot

satisfy the requirements of secure authentication across multiple
domains and the real-time necessity for communication in the grid.
Cyber Attacks: Attacks on Access Control

Several vulnerabilities have been found implemented in IT networks that

allow for exploiting access control in some capacity, including broken
authentication, broken access controls, and information leakage.

These types of lapses are normally errors in policy implemented in a

network.

These schemes normally implement key distribution centers (KDC) in their

architectures.

In the instance that the scheme utilizes a single KDC, this also presents a
single point of failure.
 Cyber Attacks: Attacks on Access Control

• An attacker has the opportunity to carry out a DoS attack and stop legitimate
users from accessing important data stored and accessed on the grid.
• An information and credential stealing session can provide a hacker with the
data to masquerade and gain access to secret of sensitive data.
• In many instances, proper encryption is not in place in networks vulnerable
to man-in-the-middle attacks.
• Several vulnerabilities have been discovered in equipment from specific
vendors which allow for access to backdoors in SCADA systems.
• These backdoors have included valid credentials being hardcoded into an
operational system’s software which allows for trivial means of access by a
hacker.
Cyber Attacks: Attacks on Cryptography

• The cryptography flavor of choice for the smart grid is that of a public key
infrastructure (PKI).
• This means that each of these networks have wellknown vulnerabilities.
• This method creates a vulnerability in which a single point of failure exists
between a key distribution agent or certificate authority (CA) when utilizing a
certificate-based system.
• A successful DoS attack would render all or most encrypted communication
invalid or foreign as the receiver does not have the ability to verify the sender’s
identity.
• In addition to a single point of failure, vulnerability exists in a hacker’s ability to
acquire the root key in a PKI which would allow for unfettered malicious
communication as modern masquerading techniques are advanced and
sufficient.
 Cyber Attacks: Attacks on Cryptography

• Legacy equipment’s lack of compatibility with newer standards is also an

issue.
• Smart grid networks such as SCADA networks must interface with many
devices new and old.
• When an un-hardened legacy device is reachable via outside network, it
presents liability not only to itself, but to the entire network behind it.
• In a smart grid system, where the real time nature is critical, all traffic with
sensitive data should be encrypted.
• Even though this is so, traffic can still be analyzed in order to infer specific
attributes of the systems.
 Cyber Attacks: Attacks on Cryptography

• With the use of any high level encryption techniques, it becomes

infeasible to retrieve the actual sensitive data from the raw data
packets, but it is possible to intercept timing and frequency
information of the messages in order to deduce information from the
network which the malicious individual would like to attack.
• Then the analyzed metadata contained in the message information
belonging to the sender can be used to exploit specific inferred
vulnerabilities.
Cyber Attacks: Attacks on Firmware/Software
Policy

A method used with many devices hosting modern software is automatic online
updating.

This process is normally utilized to upgrade a device’s firmware or version of

software to the latest version.

While this functionality is crucial in AMI and in devices in other sub-networks, its
implementation may ultimately be the source of malicious acts.

Some devices in the smart grid may have a prescheduled “window” of

opportunity for upgrade which the device is hard-coded to adhere to.

This can allow a hacker the opportunity to load a malicious version of firmware or
software onto the devices and allow for more devious acts from the inside.
Cyber Attacks: Attacks on Firmware/Software Policy

Field devices with remote firmware/software capabilities

may also allow for unrestricted operations during
update.

In the instance of insufficient authentication measures

implemented in the update process, an attacker
uploading malicious software to a device may be able to
modify functionality of the device or create methods to
upload other malicious software at a later date.
Cyber Attacks: Attacks on
Firmware/Software Policy

• In addition to malicious software/firmware uploading, meter cloning and

meter migration are also threats.
• Meter software can be stolen and uploaded into other hardware which
would replace an actual meter and be manipulated however the hacker
pleases.
• Malicious data or processes may also be injected into the software before it
is installed on the meters in the manufacturing phase.
• Also, meters may be swapped with neighboring units which previously have
recorded lower energy usage than the meter designated for the property
designated to use the meter being replaced.
• This will cause an incorrect reading and pass this false data to other smart
grid mechanisms.
Attacks on Network Design

• Network architectures that future systems will be modeled after will most
likely resemble a mesh-like topology.
• This type of system will of course be placed on top of the existing power grid
infrastructure.
• DoS attacks are of great concern here.
• In the case of natural disaster or malicious physical attack in area which
there is lacking redundancy and fault detection.
• These DoS attacks can be of a distributed nature in which Internet Protocol
(IP) addresses are spoofed, flood the victim network, or be a single attacker
that attacks a specific service or grid component.
• This may result in blackouts or rolling brownouts and network overloads
Cyber Attacks: Software Input Validation

• In a smart grid system, as in any system, input will request processing from
various sources constantly.
• This input must be handled properly to avoid catastrophic consequences.
• Invalid operations or arbitrary execution of malicious code can be
devastating, even improper handling of valid and safe input or code can
cause unexpected results.
 Cyber Attacks: Software Input Validation

• The objective of most of these attacks is to create malformed or specially crafted

messages to a specific node or server which contains the targeted vulnerability.
• From this point, the attacker can make use of a buffer overflow or an
unprotected operation which can help them in escalating privileges of their own
malicious process.
• The failure in this situation would be assuming that the data received will be of
the expected message format, while instead, once the malformed messages are
parsed, exceptions may be caused including arbitrary code execution.
• Many of these vulnerabilities including most Structured Query Language (SQL)
injection and a significant number of cross-site scripting vulnerabilities can be
prevented with sufficient input validation.
 Cyber Attacks: Other Attacks
One such attack which exploits availability is network
barge-in.

This type of threat can be executed by masquerading

or piggybacking open connections such as Wi-Fi in
these networks.
In the Home Area Network (HAN) or Neighborhood
Area Network (NAN), specific devices communicate
with each other to relay energy usage information.
 Cyber Attacks: Other Attacks
A malicious attacker can gain access to the network and piggyback on the
connection which is established between a smart appliance and a smart meter
or aggregation point.

With input of malicious or misleading data, the smart appliance may falsify
data or be taken over completely, not only risking secure authentication data
of the user, but giving the attacker a valid entry point into the grid networks.

A man-in-the-middle attack is also an option for an attacker in this

environment.

With access to a HAN or NAN in the smart grid, the attacker can intercept
communications and relay with or without modifying its contents.
Common methods
to exploit software
vulnerability
 Methods to exploit software vulnerability
Attack Type Description Devices Affected Defense
Buffer Overflow An operation which writes data and Devices employing software Bound checking, safe coding
overwrites adjacent memory. vulnerable to write procedures, ASLR
exploitation (Networked
Devices)*
Race Cond Programming flaw in which the result Devices employing software Increase integrity checks,
of the output is dependent on with improper input strategic checkpoints
sequence of events. validation and Quality of
Service (QoS)*
SQL Injection Submitting malicious SQL statements Databases Query sanitization (based
in a web form to a SQL database. on DB)

Cross-site Injection of client-side script into web Servers using scripting Disallowing untrusted data
Scripting pages exploiting web browsers or web languages in HTML pages, Sanitization,
applications.
Cross-site Request A session hijacking technique in which Servers using scripting Cookie Security,
Forgery a hacker masquerades as a trusted languages Authenticate per request,
user. “NoScript” declaration
 Methods to exploit software vulnerability
Attack Type Description Devices Affected Defense

OS Injection Executing commands via a web Devices employing software Proper coding practices
interface on a remote server. vulnerable to injection

DoS Utilizing machine resources or making Devices Providing resources: QoS, Distributed Servers,
resources unavailable for other users SCADA, EMS, AMI, PLC ACLs

Phishing Using methods to masquerade as a Devices operated by users Web Browser Extensions,
trusted party to gain information from Training Programs
a user.
Malicious Rem Devices containing malicious software Devices operated by users Employee Training Programs
Media
Backdoor Admin Unauthorized user using admin Mainly SCADA Vendor selection, Access
Cred credentials to gain access to controls
hardware.
Fuzzing Inputting data to a remote networked Networked devices serving Address Randomization,
entity which is monitored for as servers: HMI Stack protection, buffer
undefined results. length checking
 Methods to exploit software vulnerability
Attack Type Description Devices Defense
Affected
Crypto Key Flash Accessing device hardware directly with specific AMI Physical Protection, Data
Extraction tools to extract data Encryption
Flash Image Manipulation Modifying software images before installment AMI Physical Protection, Data
Encryption
Meter Bypass Masquerading or hijacking a communication AMI Physical Protection, Data
session stream Encryption, Authentication
Meter Measurement Modifying AMI to report incorrect measurements AMI Physical Protection
Modification
Extract RAM Accessing the device hardware directly with AMI Physical Protection, Data
specific tools to extract RAM. Encryption
Extract Firmware Accessing the device hardware directly with AMI Physical Protection, Data
specific tools to extract firmware in memory. Encryption, Update Signing
 Methods to exploit software vulnerability

Attack Type Description Devices Affected Defense

Watering Hole Injecting malicious code into a web Devices operated Web Browser
page which a target victim is likely by users Extensions, Training
to visit Programs
False Data Manipulating power systems states SCADA, PMU, Temporal/Spatial-based
Injection or readings by injecting false load Transformers, AMI, anomaly detection,
data via AMI/sensors EMS Sensor Protection

Spoofing Adding an end system to the grid AMI Integrity Checking,

network and falsely using a Physical deterrent,
legitimate identity
Worms/Malware Executing malicious or Potentially all IDS, IPS, AV
self-propagating software on the devices*
grid network
Countermeasures

• If the 9 security requirements listed in previous slides are taken care of , the risk of such
attacks can be minimized
References

1. DOE document at http://www.oe.energy.gov/smartgrid

2. EPRI document at http://intelligrid.epri.com
3. http://smartgrid.ieee.org
4. E. McCary and Y. Xiao, Smart Grid Attacks and
Countermeasures, EAI Endorsed Transactions on
Industrial Networks and Intelligent Systems, Vol.2 , No. 2,
pp. 1-18, 2015
5. Danda B. Rawat and Kayhan Zrar Ghafoor (Eds.), Smart
Cities Cybersecurity and Privacy, Elsevier, 2018