Publication


IT Security architecture approaches for Smart Metering and Smart Grid

NESSoS / EIT ICT Labs Workshop SmartGridSec12


Author(s): David von Oheimb
Year: 2013
Publisher: Springer
Editors: Jorge Cuéllar
Keywords:Smart Metering, Smart Grid, security, architecture, requirements, certification
Abstract: The power grid is currently undergoing changes towards highly volatile and localized energy production and storage, supported by IT and communication components. Smart Metering is going to provide fine-grained measurement and automatic remote reading of consumption and production amounts. It enables flexible tariffing and dynamic load optimization, ultimately aiming at cost and consumption reduction. The related security requirements are mainly authenticity, integrity, and privacy of metering data. Even more challenging is grid automation, which is critical for the safety and availability of the grid. The overall situation calls for an integrated security architecture that not only addresses all relevant security threats but also satisfies functional, safety, performance, process integration, and economic side conditions.
In this article, we summarize and evaluate the IT security architecture and security requirements prescribed by the German BSI in their Smart Meter Gateway Protection Profile and related documents. For instance, there are problems regarding the integration of the required security module and multicast communication. We contrast their requirements with alternatives offering better protection against sophisticated local attacks and with a much simpler approach to communication security, which focuses on the core security needs of smart metering and is suitable for grid automation in distribution networks as well. We provide a formal model and analysis of the latter solution w.r.t. communication security.


Copyright © 2013 Siemens AG and Springer-Verlag
Preprint
Slides

BibTeX entry:

@inproceedings{DvO-SmartGridSec12, title={{IT Security architecture approaches for Smart Metering and Smart Grid}}, author={von Oheimb, David}, institution = {{Siemens AG, Corporate Technology, Munich}}, booktitle = {Proceedings of SmartGridSec12}, publisher = {Springer}, series = {LNCS}, volume = {7823}, editor = {Jorge Cu\'ellar}, address = {Berlin, Germany}, note = {\url{http://ddvo.net/papers/SmartGridSec12.html}}, year = 2013, abstract = { The power grid is currently undergoing changes towards highly volatile and localized energy production and storage, supported by IT and communication components. Smart Metering is going to provide fine-grained measurement and automatic remote reading of consumption and production amounts. It enables flexible tariffing and dynamic load optimization, ultimately aiming at cost and consumption reduction. The related security requirements are mainly authenticity, integrity, and privacy of metering data. Even more challenging is grid automation, which is critical for the safety and availability of the grid. The overall situation calls for an integrated security architecture that not only addresses all relevant security threats but also satisfies functional, safety, performance, process integration, and economic side conditions. In this article, we summarize and evaluate the IT security architecture and security requirements prescribed by the German BSI in their Smart Meter Gateway Protection Profile and related documents. For instance, there are problems regarding the integration of the required security module and multicast communication. We contrast their requirements with alternatives offering better protection against sophisticated local attacks and with a much simpler approach to communication security, which focuses on the core security needs of smart metering and is suitable for grid automation in distribution networks as well. We provide a formal model and analysis of the latter solution w.r.t. communication security. } }