Publication
IT Security architecture approaches for Smart Metering and Smart Grid
NESSoS / EIT ICT Labs Workshop SmartGridSec12
Author(s): David von Oheimb
Year: 2013
Publisher: Springer
Editors: Jorge Cuéllar
Keywords:Smart Metering, Smart Grid, security, architecture, requirements, certification
Abstract:
The power grid is currently undergoing changes towards highly volatile
and localized energy production and storage, supported by IT
and communication components. Smart Metering is going to provide
fine-grained measurement and automatic remote reading of consumption
and production amounts. It enables flexible tariffing and dynamic load
optimization, ultimately aiming at cost and consumption reduction.
The related security requirements are mainly authenticity, integrity, and
privacy of metering data. Even more challenging is grid automation, which
is critical for the safety and availability of the grid. The overall situation
calls for an integrated security architecture that not only addresses all
relevant security threats but also satisfies functional, safety, performance,
process integration, and economic side conditions.
In this article, we summarize and evaluate the IT security architecture
and security requirements prescribed by the German BSI in their Smart
Meter Gateway Protection Profile and related documents. For instance,
there are problems regarding the integration of the required security
module and multicast communication. We contrast their requirements
with alternatives offering better protection against sophisticated local
attacks and with a much simpler approach to communication security,
which focuses on the core security needs of smart metering and is suitable
for grid automation in distribution networks as well. We provide a formal
model and analysis of the latter solution w.r.t. communication security.
Copyright © 2013 Siemens AG and Springer-Verlag
Preprint
Slides
BibTeX entry:
@inproceedings{DvO-SmartGridSec12,
title={{IT Security architecture approaches for Smart Metering and Smart Grid}},
author={von Oheimb, David},
institution = {{Siemens AG, Corporate Technology, Munich}},
booktitle = {Proceedings of SmartGridSec12},
publisher = {Springer},
series = {LNCS},
volume = {7823},
editor = {Jorge Cu\'ellar},
address = {Berlin, Germany},
note = {\url{http://ddvo.net/papers/SmartGridSec12.html}},
year = 2013,
abstract = {
The power grid is currently undergoing changes towards highly volatile
and localized energy production and storage, supported by IT
and communication components. Smart Metering is going to provide
fine-grained measurement and automatic remote reading of consumption
and production amounts. It enables flexible tariffing and dynamic load
optimization, ultimately aiming at cost and consumption reduction.
The related security requirements are mainly authenticity, integrity, and
privacy of metering data. Even more challenging is grid automation, which
is critical for the safety and availability of the grid. The overall situation
calls for an integrated security architecture that not only addresses all
relevant security threats but also satisfies functional, safety, performance,
process integration, and economic side conditions.
In this article, we summarize and evaluate the IT security architecture
and security requirements prescribed by the German BSI in their Smart
Meter Gateway Protection Profile and related documents. For instance,
there are problems regarding the integration of the required security
module and multicast communication. We contrast their requirements
with alternatives offering better protection against sophisticated local
attacks and with a much simpler approach to communication security,
which focuses on the core security needs of smart metering and is suitable
for grid automation in distribution networks as well. We provide a formal
model and analysis of the latter solution w.r.t. communication security.
}
}