Page 39 - Cyber Warnings
P. 39
Who Unlocks the Smart Grid? Securing Connectivity with
Cryptographic Keys
Utilities are faced with the challenge to modernize their distribution systems to deliver ubiquitous
intelligence and control across multiple critical devices and software applications. Enabling the
smart grid requires an advanced IP-based network designed around the same communication
model as the Internet. Every energy meter, every communication node in the smart grid
distribution chain is equipped with an IP address to be able to not only receive commands, but
also to send responses to the system and other participants in the network.
But what happens when you introduce two-way communication and open up a smart grid to the
same attack surface as the Internet? Energy companies are faced with an imminent threat of
attack due to the high-value assets they hold, and the potential impact of a security breach on
critical physical infrastructure. Silver Spring Networks (SSN), a leading solutions provider for
smart energy networks, is pioneering a networking platform that provides secure
communications for the nearly 23 million smart devices in its networks. To protect those millions
of connected devices from attack, SSN turned to the power of hardware-based security.
The Attack Scenario: Mass-disconnecting Users
One example of a typical command and attack scenario in a smart grid environment is issuing a
remote disconnect of smart meters. With traditional one-way distribution networks, a disconnect
of an electric meter would always require a truck roll, meaning a utility truck would physically
drive to the meter and disconnect it from the power supply. A disconnect can happen for various
reasons, such as unpaid bills, moving to a different location or during maintenance. Modern,
intelligent distribution systems, however, enable smart meters to remotely disconnect, which
enables the utility to send a disconnect command to a specific smart meter for instantaneous
execution.
But what would happen if a third party hacked into the system, hijacked the communication and
repeated the same command (“disconnect from grid”) to 50,000 meters at the same time? The
answer is that the whole power grid would be out of sync, sub-stations would go offline,
potentially even causing a rolling black-out that could shut down an entire portion of the grid in a
city, state or in a worst case scenario, country.
The Solution? A Cryptographic Key That Can’t Be Duplicated
The solution to ensuring the authenticity of the connected device and its execution commands
starts by ensuring the integrity of the device. A hardware security module creates and secures
cryptographic keys, and manages them for strong authentication to prevent potential third-party
abuse. SSN turned to the Utimaco hardware security module, leveraging asymmetrical
cryptography in which a public encryption key held by every meter deciphers the command sent
by central authority. Only the central authority has the private key to encrypt the messages, and
only messages using the private key are recognized by the smart meters as genuine. This
39 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
