Secure Machine to Machine Communication on the example of Smart Grids

Similar documents
Smart Grid Information Security

The Value of Security Protocols on the Example of Smart Grid

Consulting International

DIN/DKE Roadmap GERMAN

How To Protect Your Network From Attack

IEEE Standards Activities in the Smart Grid Space (ICT Focus)

MACHINE TO MACHINE COMMUNICATIONS. ETSI TC M2M Overview June 2011

How can the Future Internet enable Smart Energy?

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

ZigBee IP Stack Overview Don Sturek Pacific Gas and Electric (PG&E) 2009 ZigBee Alliance. All rights reserved. 1

Securing Distribution Automation

Concept for a cryptographic infrastructure for measurement components in smart grids

IEEE-Northwest Energy Systems Symposium (NWESS)

Panel Session: Lessons Learned in Smart Grid Cybersecurity

ISACA rudens konference

SMART ENERGY SMART GRID. More than 140 Utilities companies worldwide make use of Indra Solutions. indracompany.com

System stability through cloud-enabled energy automation An essential building block for the digitalization of distribution networks

Document ID. Cyber security for substation automation products and systems

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Security Issues for the Power Automation Industry in Central/South America. Juan Esteban Hoyos Pareja Timothy X. Brown Mark Dehus

Smart Grid: Concepts and Deployment

Preparing for Distributed Energy Resources

THE FUTURE OF SMART GRID COMMUNICATIONS

Next Generation Grid Data Architecture & Analytics Required for the Future Grid

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

Symphony Plus Cyber security for the power and water industries

Facilitated Self-Evaluation v1.0

Demand Response Management System Smart systems for Consumer engagement By Vikram Gandotra Siemens Smart Grid

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

System Stability through technology

The Future of Grid Control: Smart Grid and Beyond John D. McDonald, P.E. Director Technical Strategy & Policy Development

Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA. April 2015

standardization, system design and testing

Normen & Standards Industrie 4.0 IEEE Standards

Cyber Security Practical considerations for implementing IEC 62351

Implementing the Smart Grid: Enterprise Information Integration

LTE Solution and Requirements for Smart Grids

ABB North America. Substation Automation Systems Innovative solutions for reliable and optimized power delivery

Synchronized real time data: a new foundation for the Electric Power Grid.

Smart Grid Reference Architecture

future data and infrastructure

Enabling the SmartGrid through Cloud Computing

IEC 61850: Communication Networks and Systems in Substations

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Cyber Security for Substation Automation, Protection and Control Systems

Content. Research highlights and demonstrations

Smart Grid Standardization

Development of a Conceptual Reference Model for Micro Energy Grid

Testing Intelligent Device Communications in a Distributed System

Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions

Standards for smart grids with emphasis on their realization in remote and rural areas

William Hery Research Professor, Computer Science and Engineering NYU-Poly

White Paper. Convergence of Information and Operation Technologies (IT & OT) to Build a Successful Smart Grid

Smart buildings in smart grids KNX City. Rafael Marculescu May 2013

SCADA Systems Automate Electrical Distribution

Key Management Interoperability Protocol (KMIP)

Journal Paper. Convergence of Smart Grid ICT architectures for the last mile. Michele Albano Luis Lino Ferreira Luis Miguel Pinho CISTER-TR

ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards

End Point Devices to be Deployed for Each. AC Independence

Substation Automation Systems. We are exceptional grid stability PSGuard Wide Area Monitoring System

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

Securing Smart Grid Implementation: Case study using IBM WebSphere DataPower Appliance

Digital Metering: a key enabling factor to foster RES development

Web of Systems for a digital world

Haihua LI

GEMALTO M2M KEY TECHNOLOGY TRENDS OF M2M

Secure SCADA Network Technology and Methods

Strategic Microgrid Development for Maximum Value. Allen Freifeld SVP, Law & Public Policy Viridity Energy

Cyber Security and Privacy - Program 183

Siemens 2020 Our strategy and innovation focus Lecture at Koç University Unrestricted Siemens AG All rights reserved.

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

SmartGrids SRA Summary of Priorities for SmartGrids Research Topics

Transforming industries: energy and utilities. How the Internet of Things will transform the utilities industry

RuggedCom Solutions for

Georgia Tech ARPA-E: Energy Internet

Overview of broadband powerline communications

Information Security Standards in Critical Infrastructure Protection

Integrating the customer experience through unifying software - The Microsoft Vision

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

Allen Goldstein NIST Synchrometrology Lab Gaithersburg, MD

TUM & Siemens Corporate Technology. The "Internet of Things" for industrial applications

Toward standards for dynamics in future electric energy systems The basis for plug and play industry paradigm

Strategic Analysis of the Global Automotive Market for IT Mobility Platforms

Eco Bairros demonstration project:

Help for the Developers of Control System Cyber Security Standards

Medium voltage products. Technical guide Smart grids

Il Progetto INTEGRIS. Risultati e nuove prospettive per lo sviluppo delle Smart Grid October 2nd 2013 Brescia

Hybrid Simulation von Kommunikationsnetzen für das Smart Grid

Investor day. November 17, Energy business Michel Crochon Executive Vice President

Transcription:

Corporate Technology Secure Machine to Machine Communication on the example of Smart Grids 10.ITG Fachtagung Zukunft der Netze 2011, Steffen Fries Siemens AG, CT T, GTF IT Security : +49 89 636 53403 : steffen.fries@siemens.com Hamburg, 30.11.2011, September 2011

Outline M2M Communication Trends from automation industry The need for Security Secure M2M Communication in Smart Grids Security Credential Lifecycle and required Management Summary & Challenges page 2 September 2011 Zukunft der Netze 2011

Observed Trend Increasing Intelligence and Open Communication Intelligent device potential 2012* * Source: Harbor Research "Pervasive Internet/M2M 2009" Mobile info Static info Mobile devices # of devices 4 1 5 0"5 Static devices 0"4 Controllers & sensors 1"8 Microcontrollers & microprocessors 50" Building Automation Process Automation Factory Automation Energy Automation page 3 September 2011 Zukunft der Netze 2011

Conversion of the Conventional Grid to a Smart Grid today tomorrow power information page 4 September 2011 Zukunft der Netze 2011

Smart Grid Scenarios Incorporation of Decentralized Energy Resources and Flexible Loads requires Security Automated billing Innovative pricing Market place interaction Market Fully integrated energy sources including renewables, biomass, etc. Load balancing Integration of DER Electro Mobility Demand response management Microgrids Commercial Industrial Generation Transmission Distribution Residential Fossil Power Generation Wind Power Solar Power Fixed or wireless PMU Fixed or wireless Quality Sensors Smart Meters Electric Vehicle DER Energy Storage Services Operations Remote energy management and control Load Monitoring and Balancing Real-time outage notification Power Quality Monitoring (e.g., through application of PMUs) Smart metering Smart appliances page 5 September 2011 Zukunft der Netze 2011

Smart Grid Typical Components Smart Energy Distribution Control Center Protection and control of the energy facilities Substation Controller Concentration of information for upper layers, protocol conversion Protection Field Device Protection of the energy facilities (e.g., switching of circuit-breaker) Measurement Field Device e.g., Phasor Measurement Providing information about power quality (measurement of phase difference by which the voltage leads or lags the current in an AC circuit) Smart Home Vehicle abstraction and connection point Home energy abstraction layer Smart Meter (Vehicle/Spot) Smart Meter Consumption / Storage Consumption/generation Value Added Services Smart Home Equipment e.g., SW/FW update Intelligent control of energy consumption page 6 September 2011 Billing Infrastructure Clearinghouse Zukunft der Netze 2011 Charging Infrastructure Charging Spot Home Energy Gateway

IT-Security Becomes a Pre-requisite for Future Control Systems Driven by Convergence of Safety & Security Current Situation Predominantly isolated communication networks Often proprietary networks and applications (Limited) Physically secured access to networks and devices Long lifetime of control equipment Systems are mainly designed for performance, reliability and safety, not security Often availability is the most important security objective Business Support & Operation Control Field Device Trends Increasing usage of standard OSs and applications Widespread usage of Ethernet and TCP/IP (including Internet) Increasing usage of wireless networks Interconnection of formerly isolated networks Increasing intelligence in peripheral components (e.g. Intelligent Access Devices) IT-security becomes a pre-requisite for safety applications page 7 September 2011 Zukunft der Netze 2011

Security Requirements for Smart Grid Applications stem from a Variety of Potential Attacks (examples) Generation / DER Misuse of local administrative rights Distribution and Transmission Falsified status information from synchrophasors (PMUs) in widely dispersed locations can limit the power flow. Customer Prosumer behavior tracking, e.g., through smart meters Market Fraud based on falsified offers and contracts (Customer, Utilities, DNOs, ) Operation Misuse of remote service access page 8 September 2011 Zukunft der Netze 2011

Smart Grid (Some) Security Objectives Generic objectives Availability and reliability of energy provisioning Limitation of attack effects (geographical and functional) Correct billing of energy transactions between involved Transmission Distribution peers (prosumer, operator, market, energy provider) Customer Additional scenario specific objectives Operations System Operation Critical Business Critical Corporate Public Smart Grid/Smart Home Interactions: Privacy of metering information (Smart Metering) Generation Market Services Smart Grid internal: Access to communicated and stored data only for authorized personnel ( Keep outsiders out ) Smart Grid cross domain: Clearing of energy and payment transactions between energy providers, DNOs, microgrids with different level of trustworthiness Information Exchange Logical Power System Domains Logical Security Domains page 10 September 2011 Zukunft der Netze 2011

Security Regulation/Guidelines/Standards ensure Reliable Operation of the Smart Grid (examples) NERC CIP DoE ES-ISAC AGA 12 INL EU SGCG BSI BP NIST SGIP CIGRE D2/B3 BDEW WP VDEW VDI/VDE 2182 WIB NIST SP 800 CERT DHS DKE ANSI IETF FIPS 140 DNP3 W3C OASIS ISO ETSI IEEE IEC CEN CENELEC ZigBee SEP ISA page 12 September 2011 Zukunft der Netze 2011

Core Standards for Smart Grids IEC TC57 Reference Architecture Common Information Model IEC 61970 / 61968 Market Communication IEC 62325 IEC Roadmap Substation Automation Distribution Automation DER Automation IEC 61850 Tele-control Protocols IEC 60870 DKE Roadmap Smart Metering IEC 61334 DLMS, IEC 62056 COSEM Cyber Security IEC 62351 NIST Interop Report page 13 September 2011 Zukunft der Netze 2011

Example: IEC 62351 produced by IEC TC57 WG15 Enables secure modern Energy Control Networks Integrity protection and encryption of control data Control Center IEC 61850 IEC 60870-5-101 IEC 60870-5-104 DNP3 MMS Heavily uses asymmetric crypto for authentication and authorization Part 1: Introduction Part 2: Glossary Substation Controller Station Bus Part 3: Profiles including TCP/IP (cover those profiles used by ICCP, IEC 60870-5 Part 104, DNP 3 over TCP/IP, and IEC 61850 over TCP/IP) Part 4: Profiles including MMS (cover those profiles used by ICCP and IEC 61850) Part 5: Security for IEC 60870-5 and derivatives (covers both serial and networked profiles) Process Bus Merging Unit Field Devices CBC Circuit Breaker Controller GOOSE SMV Part 6: Security for IEC 61850 Peer-to-Peer Profiles (profiles that are not based on TCP/IP) Part 7: Network and System Management Part 8: Role Based Access Control Part 9: Credential Management (Draft) Part 10: Technical Report regarding Security Architecture Guidelines for TC 57 Systems (Draft) page 15 September 2011 Zukunft der Netze 2011

Further Example: IEC 15118 Securely Connecting the Vehicle to the Smart Grid Joint ISO/IEC activity targeting a standard for the interface between vehicle and charging station supporting Connection of vehicles to the power grid Billing of consumed energy (charging) Roaming of electric vehicles between different charging spot Value added services (e.g., software updates) Trust Relations To backend (Energy Provider) for signed meter readings and encrypted information (e.g. tariff) To charging spot as terminating transport peer Electric Vehicle Charging Spot Energy Provider with Control and Billing Functionality, Clearinghouse, Charge Spot Provider Application e.g., contract related data, meter reading, tariffs, etc. contract authentication XML Security Trapo authentication, transport protection TLS Security page 16 September 2011 Zukunft der Netze 2011

Security Credential Management Spans the complete Product Lifecycle Generation Entity internal or external generation (Distinction: long term keys, session keys) Certification Distribution Storage Update Archiving Typically done for architecture asymmetric keys through a certificate authority (CA) Imprinting offline (on storage media) / online (inband or out of band) Obfuscated in firmware, Deployment stored in customer in secured infrastructure memory comprises (e.g., flash) or HSM (e.g., TPM) Secure Plug & Work Product Design Manufacturing Engineering Installation Deployment Credentials have dedicated Security parameter lifetime, maintenance: update key based update, on a given security policy Operation Decommis- Typically sioning done for long term keys Definition of necessary security features in base Generation of manufacturer specific security parameter supporting the product individualization. Engineering of use case and/or customer specific security parameter key generation, certification, distribution and storage. Base can be the vendor specific credentials. revocation and/or key archival Secure deletion of security parameter: comprises key archiving, key destruction Development and Manufacturing of Products, Security Service Definition Development and Deployment of Security Services Destruction Session keys after session ending, Long term keys after key renewal page 17 September 2011 Zukunft der Netze 2011

Summary and Challenges Summary Machine-2-Machine connectivity down to field devices is a major driver for the Smart Grid Security has been acknowledged as one of the important corner stones within a Smart Grid Technical security solutions for dedicated parts of the smart grid are provided through standards Regulation and guideline documents are available and are being further evolved Research is addressing smart grid security in several funded projects (e.g., FINSENY FP7) Challenges Coordination and alignment of requirements from plurality of stakeholders (IT, Energy, Consumer, etc.) Coping with differences in innovation speed, e.g., Metering: Metrological data vs. Energy Management Political influence Regulated markets; Mandates in Europe Device-oriented security and identity infrastructure (processes, scalability, limits of authority, ) supporting efficient creation, distribution and handling of cryptographic credentials Device security platform modules and their integration into products & production Security has to cope with domain specific characteristics (device capabilities, multicast, ) Migration from existing environment to an environment featuring appropriate IT security page 19 September 2011 Zukunft der Netze 2011

Thank you for the attention! Questions? page 20 September 2011 Zukunft der Netze 2011

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information