Back in March, I wrote about the impending Smart Grid security crisis by comparing it to our experience with online banking. "The true danger is not that hackers might siphon from bank accounts; it's the potential systematic destruction of the entire process by which we account for wealth."

It is not that one or a couple of people might get robbed. Yes, that would be awful, but the true danger is a lack of confidence in our banking system, leading to negative behaviors.

The same can be said about our electric system. What if one hacker remotely tampered with one meter? That's bad. But what if that one hacker propagated a worm throughout the system leading to cascading failures? That's even worse. And what if that hacker was really a foreign agent planning more wide-scale malicious activity? What if that one incident decreased consumer confidence in smart meter implementations, prevented adoption, or encouraged vocal opposition?

The Security Discussion Continues to Intensify

Since March, the global Smart Grid security discussion has intensified as several reports call out potential cyber threats to power grids.

In August, the Wall Street Journal article reported: "Computer networks controlling the electric grid are plagued with security holes that could allow intruders to redirect power delivery and steal data." Additionally, the National Institute of Standards and Technology (NIST) released its highly anticipated report NISTIR 7628: Guidelines for Smart Grid Cyber Security, which put forth the conclusion that "approaches to secure [smart grid] technologies and to protect privacy must be designed and implemented early in the transition to the Smart Grid."

Since July, the Stuxnet malware, a worm that spies on and reprograms critical industrial infrastructure, has been widely publicized. The malware uses the Windows operating system to spread to Siemens SCADA systems and programmable logic controllers. The European Union's cybersecurity agency claims Stuxnet represents a "paradigm shift" in critical infrastructure threats and that current defense philosophies need to be reconsidered. Additional coverage can be found on the security concerns surrounding the Stuxnet malware.

Many of the reports discuss high-level concerns and solutions, like "security frameworks" or "security architectures" and advocate for an evaluation of security process, people and technology. These sources discuss the opportunity that the smart grid provides to introduce a new way of thinking and to overhaul the entire system. A comprehensive security architecture IS necessary and new operational paradigms are critical. But you have to start somewhere.

To address the need for built-in security controls, consider the online banking comparison again. Consumers expect Secure Socket Layer (SSL), site keys, multiple passwords and pins as a part of their daily lives - preferring a slight inconvenience for their overall security and the protection of their personal information. Securing consumer's electricity usage can reach the same levels as the banking industry but as in banking, the transition to securing consumer's usage in electricity will not happen overnight.

Where should you start?

Start with the Information.

The Smart Grid, in many cases, begins with smart metering. The concern centers on the massive deployment of millions of new meters that will transmit data at more frequent intervals over a network, whether it is RF Mesh, WiMAX, or PLC, etc. Historically, utility companies sent a truck to manually read electromechanical meters approximately once a month which does not yield much data. However, with smart metering, at 15-minute intervals approximately 35,000 reads per customer per year will be made, which is a volume of data that has real value, to utilities and those intending harm.

What is the best way to protect that metering data? By protecting it at the source with built-in security. According to Forrester Research, "Security is only possible if it's built in...the most important aspect of making security built-in is to embed it into each system."

Encryption and Enterprise Key Management

To protect the information itself, utilities must begin by securing the data at the point of capture and physically embed cryptographic functionality within the meter. Next, they must secure the communications between the various components of the Advanced Metering Infrastructure (AMI) system.

Use of technologies like public key infrastructure (PKI), a proven backbone to securing the Internet, can protect system components by enabling encryption and digitally signing content. PKI also offers authentication, integrity and limited non-repudiation as information travels from the meter to the utility. When applied to AMI, PKI functionality within the head-end system and meters, for a secure exchange of information between them, keeps the information private to prevent fraud and misuse.

To utilize encryption on a wide scale, utilities need to be able to efficiently support millions of endpoint keys and cryptographic functions at scale.

A metaphor for a key management solution is an apartment building landlord's key locker. Let's say the building has 20 apartments, each with one key to its front door. And let's say the landlord changes the locks (and keys) every time a new tenant moves in, every time a tenant requests a change, and every time there's a break-in. For 20 apartments, that could be manageable. But what if there were 100 apartments, or 1,000, or in the metaphorical case of smart metering, 1,000,000? If the landlord misplaces one key, how will he find it when all keys look and feel exactly the same? Sure, the belongings within the apartment will not be at risk, but what value do those contents have if the landlord or tenant can't access them? The same applies with cryptographic keys. You need a solution that can automatically manage the lifecycle of those keys at mass scale.

Questions to ask your AMI vendor:

  • What embedded security features do you offer?
  • What cryptographic protocols do you leverage?
  • What is your overall cryptographic architecture, including encryption, decryption, digital signatures and key management?
  • Does your key management solution scale?

Functional Requirements for AMI Vendors to Consider:

  • Secure messages to and from various AMI endpoint components such as meters, radio devices and boards, collectors, routers, and network nodes via cryptography
  • Sign downstream messages and upstream acknowledgments
  • Sign firmware and utility public keys
  • Generate and manage full lifecycle of keys
  • Provide a secure, centralized, FIPS-validated key management platform
  • Provide a secure auditing trail throughout the key management lifecycle

Jesse Berst, founder of Smart Grid News, said he didn't see any reason why the energy industry wouldn't be able to secure the infrastructure as it modernizes: "we've solved the cyber (security issues) for other big consequential infrastructures (like financial and Internet) and I think we can solve it to that same degree of safety for this one." The utility industry should learn from others, rather than replicating the mistakes that others before us have made.

Manufacturing, oil & gas, banking, and telecommunications all have experienced bumps along the road. Let's leverage those lessons, and try not to boil the ocean. We need a high-level strategy and something to work towards to make the smart grid a reality. That strategy should include people, process and technology. And most mindfully, we should start by securing not just the perimeter around the information, but the information itself.