The SPARKS project is undertaking a number of activities that relate to the security and resilience of the smart grid. There are many aspects of the smart grid, e.g., in terms of systems and use cases — the CEN-CELEC-ETSI Smart Grid Coordination Group have captured this in the SGAM framework. A project such as SPARKS requires a focus.
The aspects of the smart grid that we focus on are centered on the project’s demonstrator sites — consequently, we have a strong focus on securing emerging medium-to-low voltage energy distribution networks that include remotely controllable power equipment, Distributed Energy Resources (DERs) and flexible loads. Furthermore, we focus on microgrids, which in the future could be federated to provide a decentralized resilient power grid, that can function in a grid-disconnected fashion, as exemplified by the Nimbus microgrid.
A core component of these forms of smart grid is the smart meter; a device that we pay particular attention to in our activities that relate to hardware-based authentication mechanisms. Whilst these are the aspects that we primarily focus on in the project, we propose that many of our results will be applicable to other aspects of the smart grid — as our research progresses we will seek to identify where such generalizations can be found.
In more detail, the objectives of the SPARKS project are to make contributions in a number of critical areas that relate to the security and resilience of the smart grid:
Smart Grid Security Analysis
To deploy suitable security and resilience solutions for smart grid it is important to analyse the cybersecurity risks. To this end, the project is identifying the specific challenges associated with risk assessment for smart grid, which includes understanding cyber-physical risks and the interplay between legacy systems and novel smart grid systems, for example.
With a general understanding of these challenges, the project is focusing on evaluating the suitability of a widely-advocated risk assessment method for smart grid, namely the SGIS Toolbox, which was proposed by the SGIS working group as part of CEN-CENELEC-ETSI’s response to the EU Mandate 490.
In addition to these activities – taking a longer-term view on the project’s ambitions – partners are developing modelling approaches that can be used to assess the vulnerability of new control loops that will be required, for example, for Volt-VAR management in medium and low voltage smart distribution networks. A specific challenge for smart grid risk assessment is understanding the physical risk associated with a cyber-attack. To be able to shed light on this challenge, the project is developing a co-simulation environment that couples a network simulator (OMNeT++) with a power grid simulator (GridLAB-D).
Finally, models are being developed that can be used to determine the impact of a cyber-attack to a microgrid. This includes models of both the ICT and power infrastructure, along with detailed stochastic models of the behaviour of specific energy system components, such as a battery storage system. The aim is to understand the longitudinal impact of a cyber-attack, such as an APT, on a microgrid such as Nimbus.
Smart Grid Security Standards
A number of standards and best practice guidelines for smart grid security and resilience already exist. We understand that organisations turn to these contributions for a number of reasons, including 1) to adopt an effective methodology for establishing an effective and durable long-term approach to securing their smart grid environment, 2) to define the durable architecture (including technology, process and people) that will secure that smart grid environment over the long-term, 3) to develop a particular design based on that architecture, and 4) to create and use mathematical and algorithmic models and simulations of that design to evaluate its performance, predict failures and so on.
Based on this understanding, the project is analysing existing security reference architectures and guidelines that have been proposed by standards bodies, such as the IEC and NIST, and commercial offerings from organisations, such as Cisco and Sandia Labs. Our intentions are primarily twofold: to summarise and rationalise such offerings so the community can determine their value when using them for the outlined purposes, and to identify shortcomings that can be taken forward as recommendations for further work.
Resilient Smart Grid
The project is investigating a number of key technologies that focus on being able to detect and analyse cyber-attacks (and other challenges, such as mis-configurations) to a smart grid and, if necessary, adapt control strategies in order to ensure the resilience of the grid. More specifically, we are developing solutions in the following areas:
> Intrusion Detection Systems for SCADA Systems
The smart grid is supported by SCADA systems and protocols that support, for example, telemonitoring and control functions. Intrusion detection systems that are used to detect attacks to enterprise networks, such as Snort, are ill-suited for detecting malicious behaviour that is carried out via these systems. Consequently, we will develop an intrusion detection system for SCADA systems that can identify permitted and non-permitted devices, connections, and protocols using enhanced payload inspection functionality. Based on a state of the art review we have identified gaps in intrusion detection provision for the IEC 61850 protocol, which will be addressed in SPARKS.
> Security Information Analytics
Our aim here is to provide agile analytics capabilities through tools that make detailed information available to investigators, for purposes of both incident detection and incident forensics, in the quickest, simplest way possible. This will include a platform for performing rapid investigations using intuitive tools with detailed drill down capabilities, and the incorporation of business context to better inform the decision making process. Furthermore, the tool will provide mechanisms to detect and investigate the most serious issues for the smart grid infrastructure, including malicious attacks, inadvertent human error and infrastructure problems.
> Cyber-attack Resilient Control Systems
Our aim is to design distributed fault monitoring and attack detectors based on dynamical models of microgrid operations. This involves identifying key control loops that are especially sensitive to cyber-attacks, and then analysing the relationships between control loops in order to design hierarchies and meshes of overlapping control domains that can operate semi-autonomously and maintain stability (albeit at reduced system performance) in the face of attack or disruption.
Smart Meter Authentication and Key Management using Hardware PUFs
The aim of this activity is to investigate the use of low-cost, hardware implementations of Physical Unclonable Functions (PUFs) on smart meters and gateways as a highly secure and cost effective way to assert identity and generate cryptographic keys. We will propose lightweight authentication protocols with privacy preserving features, and a key generation function sufficient for preserving the confidentiality of metering data passed to an Advanced Metering Infrastructure (AMI). Before PUF technology can be widely used in smart meters, there is a need for research on PUF protection against side channel attacks – an aspect we will focus on in the project. We will establish a large-scale laboratory testbed which will be used to carry out our evaluation activities on appropriate PUF designs. The testbed will extend to 300 evaluation boards and will provide clear statistical evidence of PUF performance.
Analysing Financial, Legal and Social Aspects
For the aforementioned technologies, the project will develop business cases that will be set against the financial impact of a cyber-attack. Furthermore, we will analyse the EU directives that are relevant to the project’s activities and investigate the social acceptability of the project’s outcomes. Consequently, we will draft legal recommendations that can be used by national and EU policy makers in order to maintain the cybersecurity of smart grids. The juridical team will analyse the proposed measures regarding their capability under currently legislation – data protection issues, interference with privacy, data sovereignty, and so on.
The project will use multiple comprehensive smart grid testbed capabilities to evaluate and demonstrate its scientific and technology outcomes: the world-class facilities at the AIT SmartEST Lab, the NIMBUS microgrid, and the real-life and large-scale facilities provided by the Distribution System Operator (DSO) partner SWW Wunsiedel. These are available for development, testing and demonstration of the measures, technologies and scenarios that are pivotal in the SPARKS project.