How secure are smart energy grids?

Fiber optic cables, fibre connection, telecomunications concept.

The improved efficiency of smart grids need to be weighed against the cost of security – presenting a unique opportunity for the tech sector and a new market for security companies.

As the UK’s energy infrastructure becomes more network-connected and smart meters are adopted in homes, smart gridsare becoming an increasingly viable form of energy infrastructure. Smart grids are energy supply networks that intelligently integrate the actions of all connected users to efficiently deliver sustainable electricity supplies.

Not only do smart grids improve efficiency for energy companies, but they also form part of the European Union’s energy strategy. The EU aims to replace at least 80% of electricity meters with smart meters by 2020, wherever it is cost-effective to do so.

But there remains distinct uncertainty over the security of smart grids and the potential damage that could be caused if they were disrupted. Potential threats against smart grids range from criminals being able to detect when no one is home, through to the possibility of terrorists or extortionists switching off the power.

There have been varied reports regarding the effectiveness of security for smart grids. For example, some experts claim smart grids are at risk of cyber attack, while the National Cyber Security Centre’s (NCSC) technical director Ian Levy says: “Components of the smart metering system all interact in planned ways in order to contribute to the overall security of the system.”

Rather than replacing the existing energy network, smart grids build on the existing power grid communication protocols – which already have a number of known vulnerabilities – as well as adding new communications networks to the transmission and distribution grid.

“Any additional communication with existing infrastructure offers more doors to attackers to hack into the power grid,” says Zoya Pourmirza, a postdoctoral research associate at Newcastle University.

There have been recent incidents where the power supply from a conventional power grid has been interrupted. One of the most recent was when multiple regional distribution power companies in Ukraine were hacked in December 2015, resulting in substations being switched off and tens of thousands of people left without electricity.

Compounding the incident, the attackers also targeted call centres through telephone distributed denial of service (DDoS) attacks. This meant that not only were customers without electricity, but they were also unable to report their loss of power or find out what was happening.

Smart grids are, by their very nature, designed to be flexible and able to adapt to any difficulties that may arise with power distribution. However, the more connections there are in a network, the greater the number of threat vectors that would need to be considered.

A spokesperson for the Department for Business, Energy and Industrial Strategy (BEIS) said: “We are working with the NCSC, as well as with industry partners, to ensure that all threats and risks to the energy sector are understood and mitigations are established. Plans are in place to ensure the appropriate resilience of power supply in the event of major disruption.”

Previously, energy networks did not have to focus on the potential damage that could be caused by hackers penetrating the energy grid, as much as they need to do today. As smart grids are built on the existing energy infrastructure, they inherit this focus.

“In normal IT systems, confidentiality had the highest priority, compared to data integrity and availability,” says Pourmirza. “In a smart grid system, it is data availability and integrity that has the highest priority.”

In any power grid, knowledge of power demand is important. This relates to data availability (ensuring the information is available in a timely manner) and data integrity (trusting the data is transmitted properly). However, when more information is transmitted through smart grids, data confidentiality must be considered, because this data contains sensitive information about businesses and people’s routines.

As the country’s energy infrastructure becomes digitally connected and carries more information, there is a chance that this information could be misused if it were to fall into the wrong hands. This increase in data, and the information that could be extrapolated from it, means energy suppliers now need to incorporate data confidentiality into their day-to-day operations.

Given a smart grid’s importance as the country’s energy infrastructure framework, it becomes a significant target. “There are a number of different attackers and they will have different incentives to hack into the system,” says Pourmirza.

Continue reading…