Periodic Report Summary 2 - SEGRID (Security for smart Electricity GRIDs)
Project Context and Objectives:
In the coming years, the level of automation in electricity distribution grids will grow substan-tially. Smart meters will be deployed at home premises, and remote terminal units (RTUs) will be placed in distribution substations. The increased automation should provide a better view of how electricity flows to the medium and low voltage grids, and provide grid operators increased control to influence that flow. But the increased automation also has major conse-quences for the cyber security of the electricity grid. Not only does it add new routes through which cyber attackers can enter and attack the networks of grid operators, the automation also offers more possibilities to do damage to the electricity grid itself.
From a technical point of view, it is not sufficient to only consider all the different compo-nents in a smart grid separately; they will together form a truly integrated system-of-systems and the smart grid will neither be completely owned, nor completely controlled, by a single power system operator. There will be many smart grid services and components that are oper-ated by other organisations, such as public telecom networks and third party-delivered (out-sourced) application services. There will potentially be many new methods for connecting with various smart grid applications using a diverse set of communication channels, such as local connection interfaces, distributed web access, and smart apps on smart phones. A num-ber of new cyber security issues become critical in this context.
This new utility-wide system (-of-systems) will not come into existence overnight; the smart grid will be composed of a mix of old, even legacy, and new components. Therefore, we look upon the smart grid as a gradually evolving system in which new functionalities are added to accommodate new use cases with the challenge to maintain security, privacy and dependabil-ity of the smart grid as a whole. SEGRID has defined five use cases that clearly demonstrate this gradual evolving system concept. Moreover, these use cases have been selected to reflect important steps of the smart grid developments for the coming years, and theaddition of new functionality and components that inherently will introduce new vulnerabilities and widen cyber-attack surface.
The five SEGRID use cases are:
1. Smart meter used for on-line reading of consumption and technical data;
2. Load balancing renewable energy centrally;
3. Dynamic power management for smart homes, smart offices, and electric vehicles;
4. Load balancing renewable energy regionally (substation automation);
5. Automatic reconfiguration of the power grid.
Figure 1: SEGRID storyline
SEGRID’s main objective is to enhance the protection of smart grids against cyber-attacks. We are convinced that SEGRID will deliver a major contribution to the protection of future smart grids against cyber-attacks by:
• Identifying threats and potential future cyber-attack pathways, for the SEGRID use cases;
• Determining the gap between currently available security standards, methods and measures for smart grids in order to derive which additional security methods and measures are required for the SEGRID use cases;
• Developing the necessary new security methods and measures for privacy, communi-cation and system security in smart grids, to mitigate the threats found in the SEGRID use cases, evaluate and test them;
• Building up a realistic test environment (Security Integration Test Environment, SITE) to test and verify new security methods and measures;
• Evaluating and improving current risk management methodologies in order to make them optimally suited to identify and address the key risk factors of smart grids of 2020;
• Feeding the established results from the SEGRID project into European and global standardisation bodies, industry groups and smart grid suppliers and make sure that the project results fit the needs of those communities and raise awareness among stakeholders.
Project Results:
In chapter 2 of the periodic report, the main results per work package are described.
Potential Impact:
Expected final results
Based on the SEGRID use cases, threats and risks of cyber-attacks on Smart Grids have been identified, and gapshave been identified between available and needed security techniques for smart grids to mitigate the identified threats and risks. Tools to analyse threat, risks and vulnerabilities in Smart Grids have been developed and made available. New security solutions have been developed and tested that are specifically targeted at the future smart grid and to fill some of the identified gaps.SEGRID results havebeen disseminated to appropriate industrial partners, standardisation groups, governmental bodies, research community and regulators.
Potential impacts
The SEGRID methods, tools and solutions willsupport building a secure, privacy preserving and resilient smart grid, which can be trusted by all stakeholders and interested parties, and which can support new business models, economic growth, and introduction of more sustain-able and locally generated power.
SEGRID will have a focused dissemination effort to ensure that the results are fed to the ap-propriate industrial partners, standardisation groups, governmental bodies, research communi-ty and regulators.
List of Websites:
www.segrid.eu
In the coming years, the level of automation in electricity distribution grids will grow substan-tially. Smart meters will be deployed at home premises, and remote terminal units (RTUs) will be placed in distribution substations. The increased automation should provide a better view of how electricity flows to the medium and low voltage grids, and provide grid operators increased control to influence that flow. But the increased automation also has major conse-quences for the cyber security of the electricity grid. Not only does it add new routes through which cyber attackers can enter and attack the networks of grid operators, the automation also offers more possibilities to do damage to the electricity grid itself.
From a technical point of view, it is not sufficient to only consider all the different compo-nents in a smart grid separately; they will together form a truly integrated system-of-systems and the smart grid will neither be completely owned, nor completely controlled, by a single power system operator. There will be many smart grid services and components that are oper-ated by other organisations, such as public telecom networks and third party-delivered (out-sourced) application services. There will potentially be many new methods for connecting with various smart grid applications using a diverse set of communication channels, such as local connection interfaces, distributed web access, and smart apps on smart phones. A num-ber of new cyber security issues become critical in this context.
This new utility-wide system (-of-systems) will not come into existence overnight; the smart grid will be composed of a mix of old, even legacy, and new components. Therefore, we look upon the smart grid as a gradually evolving system in which new functionalities are added to accommodate new use cases with the challenge to maintain security, privacy and dependabil-ity of the smart grid as a whole. SEGRID has defined five use cases that clearly demonstrate this gradual evolving system concept. Moreover, these use cases have been selected to reflect important steps of the smart grid developments for the coming years, and theaddition of new functionality and components that inherently will introduce new vulnerabilities and widen cyber-attack surface.
The five SEGRID use cases are:
1. Smart meter used for on-line reading of consumption and technical data;
2. Load balancing renewable energy centrally;
3. Dynamic power management for smart homes, smart offices, and electric vehicles;
4. Load balancing renewable energy regionally (substation automation);
5. Automatic reconfiguration of the power grid.
Figure 1: SEGRID storyline
SEGRID’s main objective is to enhance the protection of smart grids against cyber-attacks. We are convinced that SEGRID will deliver a major contribution to the protection of future smart grids against cyber-attacks by:
• Identifying threats and potential future cyber-attack pathways, for the SEGRID use cases;
• Determining the gap between currently available security standards, methods and measures for smart grids in order to derive which additional security methods and measures are required for the SEGRID use cases;
• Developing the necessary new security methods and measures for privacy, communi-cation and system security in smart grids, to mitigate the threats found in the SEGRID use cases, evaluate and test them;
• Building up a realistic test environment (Security Integration Test Environment, SITE) to test and verify new security methods and measures;
• Evaluating and improving current risk management methodologies in order to make them optimally suited to identify and address the key risk factors of smart grids of 2020;
• Feeding the established results from the SEGRID project into European and global standardisation bodies, industry groups and smart grid suppliers and make sure that the project results fit the needs of those communities and raise awareness among stakeholders.
Project Results:
In chapter 2 of the periodic report, the main results per work package are described.
Potential Impact:
Expected final results
Based on the SEGRID use cases, threats and risks of cyber-attacks on Smart Grids have been identified, and gapshave been identified between available and needed security techniques for smart grids to mitigate the identified threats and risks. Tools to analyse threat, risks and vulnerabilities in Smart Grids have been developed and made available. New security solutions have been developed and tested that are specifically targeted at the future smart grid and to fill some of the identified gaps.SEGRID results havebeen disseminated to appropriate industrial partners, standardisation groups, governmental bodies, research community and regulators.
Potential impacts
The SEGRID methods, tools and solutions willsupport building a secure, privacy preserving and resilient smart grid, which can be trusted by all stakeholders and interested parties, and which can support new business models, economic growth, and introduction of more sustain-able and locally generated power.
SEGRID will have a focused dissemination effort to ensure that the results are fed to the ap-propriate industrial partners, standardisation groups, governmental bodies, research communi-ty and regulators.
List of Websites:
www.segrid.eu
