Panel: Securing the Future Smart Grid: Where Do We Go Next?

Moderator: Dr. Paul Smith, Austrian Institute of Technology

Panelists:

• Dr. Stephen McLaughlin, Pennsylvania State University

• Dr. Robert W Griffin, Chief Security Architect, RSA, the Security Division of EMC

• Dr Klaus Kursawe, Director Research and Development, ENCS

Abstract:

The smart grid represents a revolutionary change in the way power grids will operate in the future, including a much larger use of ICT technologies and a greater degree of openness, both in terms of connectivity and the number of interfaces the grid has to third-parties, including end customers. The motivation for smart grids are manifold, including an increased resilience of the power grid, the ability to include a greater number of renewable energy sources, and support for advanced services, such as power management approaches that respond to demand-side requests. Naturally, this additional complexity, openness and use of ICT technology make the power grid susceptible to new cyber-security threats.

Standards bodies and the like have produced volumes about how to secure smart grids – the canonical examples being the NISTIR 7628 guidelines or the recent ENISA document on ‘Appropriate security measures for smart grid’. Whilst representing important work, these recommendations are not the complete picture and important pieces are still missing. For instance, current recommendations largely take an architectural view on the problem, and omit guidance on operational aspects of securing smart grids. Little attention is given to the technologies and processes that are needed to maintain situational awareness for these potentially complex cyber-physical systems. Also, recommendations largely focus on ‘classical’ security measures, but do not consider the cases in which they fail, and how to ensure continued operation of the grid; pointing to the need for safety and security co-design, and measures for intrusion tolerance.

This panel brings together academic, applied research and industry experts with different viewpoints on the area of securing future smart grids, including those with deep knowledge of cyber-security, resilience and future energy systems. They will reflect on existing efforts to secure smart grids and argue the case for areas where they see future research and standardisation is of paramount importance. Additionally, the panellists will be asked to comment on a number of open contentious issues, including: who amongst the many smart grid stakeholders should pick-up the bill for security – governments, equipment vendors, grid operators, or end customers; building on the existing effort on smart grid security, what is the next highest priority that should be addressed and why; and whether, despite the efforts of the community, the full realisation of a smart grid, with advanced energy services, is realisable in a privacy-preserving, secure and, most importantly, safe manner?

Position Statements:

Paul Smith. Much of the attention from standards bodies has focused on preventative security measures for the smart grid, e.g., via architectural analysis of a smart grid and understanding the security requirements associated with interactions between its components. Arguably, to-date, there has been little attention paid to how a smart grid should remain secure and operational if these measures fail (which will inevitable be the case!). I will highlight the need for detecting when such failures occur, and propose that a key design goal (and an area for further work) is approaches to ensuring the resilience of smart grids, such that it can continue to operate, with some acceptable level of service, when a smart grid has been attacked and security measures have failed.

Rajit Gadh. The smart grid of the future will involve layered cyber and physical infrastructures, and not just the physical infrastructures. Security considerations as researched in the I.T. world will play a key role in the cyber infrastructure layers. Physical infrastructure security, something that has been studied and practiced in the electrical power industry, would be relevant to the physical infrastructure layer. However, when the two come together, secure transactions in one layer may affect control variables in the other layer, making the entire system potentially unstable and maybe even insecure. Cybersecurity of the power grid needs to be investigated as an integrated cyber-physical infrastructure system, whereby even small perturbations in one layer may cause instability to the other layer. Modeling of the layers, their coupling and their integrated functionalities will become important variables for securing the smart grid as we increasingly couple these two layers even more tightly in the future.

Robert W. Griffin. Big data security analytics and shared cyber intelligence have become essential tools to combat cyber-attacks, such as advanced persistent threats. How can these tools be applied most effectively in securing the smart grid? How do they fit into the larger strategy for securing critical infrastructure at the national and international levels? What existing and emerging standards are relevant to these tools and what new standards are needed to realize their full value? I'll discuss these questions in detail, providing real-world examples of the threats that need to be considered in securing the smart grid and the essential role that security analytics and shared cyber intelligence have to play in addressing these threats.

Klaus Kursawe. In protecting a critical infrastructure such as the smart grid, many principles security professionals are used to are not directly applicable – most of our technologies are designed to protect data, while in the smart grid setting the most crucial protection goal is to protect the process. Furthermore, the system parameters and requirements are quite different from a normal IT system. As a consequence, security mechanisms and standards need to be evolved in ways we – as the security community – presently do not understand very well, and there is a danger that our familiar tools do more harm than good if applied in a straightforward way. Given the timelines for smart grid deployment, the amount of work needed to design a secure system and the current security maturity level of the smart grid, what is needed is a long term roadmap that offers sufficient security now, and can evolve with increasing deployment of the smart grid and better understanding of smart grid usecases and threats.