On October 14th SPARKS sponsored a panel presentation at the IEEE PES Innovative Smart Grid Technologies Conference in Istanbul. The panel was dedicated to smart grid cybersecurity, its challenges, and the next steps to be taken on the path to a reliable intelligent power grid. After the panel chair, Dr Lucie Langer from AIT Austrian Institute of Technology, had provided an introduction to the subject and outlined the key contributions of the SPARKS project in this regard, the four panellists gave short presentations on their position.
Dr Robert W Griffin from RSA, the security division of EMC, presented the benefits of big data analytics and shared cyber intelligence for smart grids and critical infrastructures. Intelligence-driven security can help to visualise incidents, to ensure prompt and adequate response, and to predict future behaviour, thus enhancing the resilience of the overall system. He pointed to the final report on Smart Grid to the US Department of Energy recently issued by IEEE PES, which stresses the need for a holistic, integrated approach to achieve optimal cost-effective solutions which help to establish an intelligent, self-healing grid.
Mr Ralph Eckmaier, an independent consultant, advisor and auditor for information security, subsequently spoke about the status-quo of smart grid security standardisation. He argued that most smart grid areas are already covered by existing (communication) standards, and pointed to the Smart Grids Standards Map developed by IEC, which can prove useful when trying to figure out the relationships between smart grid components and effective (security) standards. However, as standards provide recommendations only, appropriate baselines and minimum requirements must be defined and should be part of an according regulatory framework.
Next, Prof Dr Dominik Engel, Professor at Salzburg University of Applied Sciences and Director of the Josef Ressel Center for User-Centric Smart Grid Privacy, Security and Control, gave a presentation on privacy challenges in smart grids. He explained the ways in which high-frequency metering data can be used to draw conclusions on customer behaviour or lifestyle, and stressed that data resolution is crucial for the amount of information which can be extracted from given data. Privacy-enhancing technologies could solve the problem, but are not yet ready for real-world use due to computational complexity or economic feasibility, for example.
Finally, Mr Mehmet Tahir Sandikkaya, PhD student in Computer Engineering at Istanbul Technical University, gave a presentation on the limits of securing the smart grid. Measures to reduce the risk to smart grids may include, for example, preventing physical attacks by security the perimeter, countering cyber attacks by securing programmable devices, and preventing insider attacks by cross-checking every human action. However, these measures come at (potentially high) costs, and cannot guarantee perfect security (as no such thing exists). Therefore, the right balance between costs and benefits of securing the smart grid must be established.
The panellists’ introductory statements were followed by an open discussion involving the audience. Questions included, for example, the right level of transparency towards smart grid customers regarding usage of metering data, or the need for a legal and regulatory framework such as the Protection Profiles developed by the German Federal Office for Information Security. To conclude the panel session, the panel chair asked the panellists for the most important next steps to be taken to secure the smart grid, from their point of view. According to Tahir Sandikkaya , the focus of the measures taken should be on customer privacy, as a breach of customer data could have a permanent impact on customer trust and utilities’ reputation. Dominik Engel added that risk assessment is a key factor able to support stakeholders in identifying high-risk areas and making the right decisions on how to spend the limited resources, thus effectively securing our future power grid.
The presentations given by the panellists are available upon request.