On Wednesday 14th May, 2014 members of the SPARKS consortium took part in a panel session at IEEE Energycon 2014, which was jointly organised with the EU-funded SEGRID project. The topic of the panel related to smart grid security, and in particular, how should the community move forward to ensure a secure smart grid in the future. The four panellists, who were introduced by the panel chair, Dr Paul Smith form AIT Austrian Institute of Technology, gave short presentations on their position on the panel topic.
Dr Robert W Griffin from RSA (an EMC company) presented their research in the SPARKS project on the use of security analytics for ensuring the security of smart grids – Dr Griffin outlined the motivation for the use of security analytics, which draws on security and operational data, to address attacks in three primary ways: via capturing attacks, in an way that is analogous to tripwires; using analytics approaches in a streaming-based manner that draws on multiple big data sources to identify complex multi-stage threats; and finally determining longitudinal trends using historical data.
Following on from this presentation, Dr Frank Fransen fromTNO gave an introduction to the research that will be carried out in the SEGRID project. His talk outlined the research targets of SEGRID, which include enhancing risk assessment processes for the smart grid. The project will be driven by increasingly sophisticated smart grid use cases, starting from smart metering through to automatic reconfiguration of the grid. The outcomes of the project will be evaluated using a realistic test environment.
Mr Gavin McWilliams from Queen’s University Belfast (CSIT) talked about their ongoing work on Physical Unclonable Functions (PUFs), and the application of PUFs to authentication in electric vehicle charging infrastructures. A PUF can be used to uniquely identify hardware (such as an electronic vehicle) by using discrepancies in the microchip manufacturing process. Leveraging these discrepancies a function can be created that, when presented with a particular challenge, produces the same random result, which cannot be mathematically predetermined and cloned. In the context of the SPARKS project, PUFs will be used to support authentication of smart meters, and smart metering gateways, and will form an important part of securing this key part of the infrastructure.
Finally, Dr Klaus Kursawe from ENCS, who will participate in the SEGRID project, discussed how cybersecurity for smart grids is a significant problem, citing some previous incidents, and highlighting that many of the approaches to securing the smart grid that we are developing are not readily applicable. For example, they do not take into account the fact the smart grid is a complex mix of legacy systems and new ICT infrastructure, and often do not reflect the concerns of organisations. He suggested that the smart grid community could learn a lot from the aerospace industry, wherein novel functionality, i.e., airplanes, are introduced incrementally to the market, undergoing fault diagnosis and fixing as they appear in larger numbers – the parallel in the smart grid being gradual introduction of new functions, as is outlined in the SEGRID project. Furthermore, he discussed how a Protect-Detect-React-Update process should be applied to securing the smart grid.
An open discussion session followed, which covered a number of topics. For example, an audience member highlighted issues related to the cost of introducing security to the smart grid, and asked the panel to comment on how this could addressed from an enterprise perspective. The response from the panel largely centred on articulating security as being part of an enterprises’ core business, not an orthogonal cost burden, and should be presented as a business opportunity. It was highlighted that suitable investment in security at the time of deployment could lead to significant cost savings in the future, for example, with respect to smart metering rollouts. An important factor in this regard is to determine the cybersecurity (and business) risks, such that suitable investment decisions can be made; a topic that is addressed by the SPARKS and SEGRID projects. Other questions related to the multidisciplinary nature of the smart grid, which was in evidence at the Energycon conference, and the challenges of bridging the gaps between the different communities, in order to ensure a secure smart grid. It was suggested that dialogue that focuses on managing outages and incidents was a good way to engage with the energy sector, drawing on language and techniques from the safety domain. Furthermore, it was suggested a syllabus for educating (under-)graduates would be useful, which promotes and educates engineers with the appropriate multidisciplinary knowledge to address the cybersecurity issues in this complex infrastructure.
The presentations given by the panellists are available on request. If you have any questions about the SPARKS or SEGRID projects, then please do get in touch.