Servizio Comunitario di Informazione in materia di Ricerca e Sviluppo - CORDIS

Periodic Report Summary 1 - SPARKS (Smart Grid Protection Against Cyber Attacks)

Project Context and Objectives:
The future smart grid represents a significant evolution in the way electric grids function. At the core of this change is an increased use of ICT to implement enhanced monitoring and control in the distribution network at medium and low-voltage levels. Ensuring the cybersecurity and resilience of smart grids is of paramount importance. This is the target of the EU-funded SPARKS – Smart Grid Protection Against Cyber Attacks – project. The project is classed as a small-to-medium sized collaborative EU-funded research project in the 7th Framework Programme (FP7-SEC-2013-1, contract number 608224). The consortium, coordinated by the AIT Austrian Institute of Technology is comprised of the following organisations:
Austrian Institute of Technology (Austria)
Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. (Germany)
The Queen’s University of Belfast (Ireland)
Energieinstitut an der Johannes Kepler Universität Linz (Austria)
EMC Information Systems International Ltd. (Ireland)
Kungliga Tekniska Hoegskolan (Sweden)
Landis+Gyr AG (Switzerland)
United Technologies Research Centre Ireland, Limited (Ireland)
SWW Wunsiedel GmbH (Germany)
The project will provide innovative solutions in a number of ways, including:
1. A process for risk management that reflects the characteristics of smart grids. This process will make use of novel vulnerability and impact analysis methods that are developed in the project. Tools will be provided to support the realisation of these risk analysis methods.
2. To support smart grid stakeholders (e.g., solutions providers and Distribution System Operators) with decisions about the security and the resilience of their offerings, appropriate standards and reference architectures are required. The project will analyse existing work in this area and make recommendations regarding the future direction of these efforts.
3. A number of key smart grid technologies will be investigated, including the use of big data for security analytics in smart grid; novel hardware-supported approaches for smart meter (gateway) authentication; intrusion detection approaches for SCADA systems; and resilient control systems.
All of these contributions and technologies will be assessed from a societal and economic impact perspective, and evaluated in real-world demonstrators. To this end, the project will use multiple comprehensive smart grid testbed capabilities: the world-class facilities at the AIT SmartEST Lab, the NIMBUS microgrid, and the real-life facilities provided by the Distribution System Operator (DSO) partner SWW Wunsiedel. These are available for development, testing and demonstration of the measures, technologies and scenarios that are pivotal in the SPARKS project.
In addition, a core objective of SPARKS is to raise the awareness of stakeholders in the European and international smart grid community to cybersecurity concerns, and to support European industry in developing world-leading protective measures. To support this objective, the SPARKS stakeholder group has been created. Members of the stakeholder group will be invited to a series of workshops throughout the lifetime of the project to receive privileged access to the projects results, and provide requirements and feedback that will steer the project’s research activities. The first of these workshops was held in May 2014 in Graz, Austria and provided value input to the research activities of the project. The second workshop was held in March 2015 in Cork, Ireland and vividly demonstrated the cybersecurity threat to the smart grid with a multistage cyber-attack to a photovoltaic inverter.
Overall, SPARKS results will reduce the attack surface of smart grid systems, detect cyber-attacks in real-time, and improve the resilience of smart grid infrastructure during an attack. Furthermore, SPARKS will provide a deeper understanding of the threats, vulnerabilities and economic consequences of cyber-attacks on smart grid infrastructure, raise awareness amongst industry leaders, present convincing information to stakeholders, lead the debate and draw through action to improve the cyber readiness of European network operators.

Project Results:
The SPARKS project started in April, 2014. Since this date, the following major achievements have been made in the project’s work packages:

WP1 Stakeholder Engagement
The first significant stakeholder engagement activity was the 1st SPARKS stakeholder workshop, which took place at Smart Grids Week in Graz in May 2014. The consensus at the workshop was the activities that we planned to undertake in the project will have significant benefit to the community. More specifically, the need to consolidate existing smart grid standards was highlighted; along with targeted technical feedback on security analytics – the importance of privacy concerns was discussed – and the identification of important new control loops in the smart grid, for example. These findings and others were summarised and made available on the project’s website.
On Wednesday 25th March 2015, the SPARKS project held its 2nd Stakeholder Workshop at the EMC2 Centre of Excellence and Nimbus Microgrid in Cork, Ireland. Stakeholders from different smart grid sectors attended, including Distribution System Operators (DSOs), equipment and solutions providers, research institutions, and academia. The major goal of the workshop was to highlight to stakeholders the serious nature of the cybersecurity threat to smart grid. In addition, the consortium presented their response to this threat.
The SPARKS website went live in April 2014, and the first entries to the project’s blog appeared in May. A total of 16 blog entries have been posted to-date. In terms of scientific dissemination activities at international conferences and industry fora, nine peer-reviewed papers were published and 20 presentations given in the first 18 months of SPARKS. Furthermore, two panel discussions at IEEE conferences were held with SPARKS consortium members involved as moderators and/or panellists. Liaison activities with related projects (e.g., the EU-funded SEGRID project) were carried out as planned.

WP2 Smart Grid Security Analysis
After reviewing existing approaches to risk assessment for smart grid in all tasks in this work package, an initial risk assessment was conducted based on the SGIS Toolbox. The result of this preliminary analysis was given in D2.5, in which a use case involving voltage control and optimisation of power flows is described, and the results of performing an SGIS risk assessment on the use case are presented in detail. The lessons demonstrate the necessity of using support tools along with the SGIS Toolbox for risk assessment of smart grids. Based on this deliverable, the SPARKS risk management process was developed, which is reported in D2.2. The process uses the ISO/IEC 27005 information security risk management framework as a basis, and employs elements from the SGIS Toolbox, as well as SPARKS specific techniques for modelling, threat and likelihood analysis, impact analysis, and derivation of countermeasures. Our research work on tools for assessing the impact on a cyber-attack to photovoltaic (PV) systems was conducted during this period. In order to assess the impact of a cyber-attack, initial work on a simulation environment for energy-IT co-simulation was undertaken, including modelling the specifics of European energy networks, represented by the SPARKS demonstration sites.

WP3 Smart Grid Security Standards
The purpose of this work package is to make recommendations to smart grid stakeholders regarding security and resilience best practices and guidelines for smart grid. To date, we have been examining existing security reference architectures for smart grid with respect to their ability to address well-understood cybersecurity threats and have provided recommendations and guidance required for continued operation of a Smart Grid that is both resilient and intrusion tolerant.The results of these analyses have been made available in deliverables D31. and D3.2.These deliverables form the basis for the final task of the workpackage in which we will map our recommendations to standards activities and provide guidance and recommendations on gaps which require closing.

WP4 Smart Grid Security and Resilience Measures
This work package is made up of four “mini-projects,” each looking at a different aspect of smart grid security:
Multi-Attribute SCADA Intrusion Detection System
The aim of this mini-project is to develop an intrusion detection system (IDS) for SCADA systems to identify permitted and non-permitted devices, connections, and protocols using enhanced payload inspection functionality to detect permitted and non-permitted behaviours and operations. The IDS will deploy whitelist features and behavioural analysis based on operational features and SCADA protocols, e.g., DNP3, IEC 60870-5-104, and IEC 61850. In this period, a state of the art review was undertaken, which identified gaps in IEC 61850 intrusion detection provision that can be addressed in SPARKS. Furthermore, potential attack scenarios have been identified for PV inverter equipment managed via the IEC 61850 protocol. We will use the AIT SmartEST lab to support the development of the SCADA IDS. To this end, IEC 61850 traffic traces have been captured at the lab and shared with the CSIT team in Belfast. Subsequently, an analysis of the IEC 61850 protocol state machine and message structure was completed using a simulated environment in CSIT, together with the traffic traces supplied by AIT.
Smart Meter Authentication and Key Management using Hardware PUFs
The aim of this activity is to investigate the use of low-cost, hardware implementations of Physical Unclonable Functions (PUFs) on smart meters and gateways as a highly secure and cost effective way to assert identity and generate cryptographic keys. We will propose lightweight authentication protocols with privacy preserving features, and a key generation function sufficient for preserving the confidentiality of metering data passed to an Advanced Metering Infrastructure (AMI). During this period, a state of the art analysis identified the need for research on PUF protection against side channel attacks – an aspect we will focus on in the project. Furthermore, a draft document was created that identifies the candidate PUF designs for smart meters and the evaluation criteria used to assess the PUF designs. Additionally, the document establishes the architecture of a large-scale laboratory testbed which will be used to carry out our evaluation activities. Construction of this large-scale, laboratory testbed system is underway. The testbed will extend to 300 evaluation boards and will provide clear statistical evidence of PUF performance. Finally, PUF implementation work has commenced on the Artix-7 FPGA evaluation boards which will be used in the project.
Security Information Analytics
The aim of this mini-project is to provide agile analytics capabilities through tools that make detailed information available to investigators, for purposes of both incident detection and incident forensics, in the quickest, simplest way possible. This will include a platform for performing rapid investigations using intuitive tools with detailed drill down capabilities, and the incorporation of business context to better inform the decision making process. Furthermore, the tool will provide mechanisms to detect and investigate the most serious issues for the smart grid infrastructure, including malicious attacks, inadvertent human error and infrastructure problems. The primary means of evaluation of our security analytics activities will be the NIMBUS microgrid. Consequently, an enumeration of the data sources available in the NIMBUS microgrid has been completed. Over 3000 data variables have been identified for analysis. Additional telematics has been planned with the installation of additional smart meters in the microgrid (subject to approval from NIMBUS). Finally, attack scenarios have been identified that involve the manipulation of smart meters, and installation of malware in microgrid control servers. A virtualised environment has been architected to allow this scenario to be constructed without risk to the NIMBUS microgrid’s operational integrity.
Cyber Attack Resilient Control Systems
Our aim is to design distributed fault monitoring and attack detectors based on dynamical models of micro-grid operations. This involves identifying key control loops that are especially sensitive to cyber-attacks, and then analyse the relationships between control loops in order to design hierarchies and meshes of overlapping control domains that can operate semi-autonomously and maintain stability (albeit at reduced system performance) in the face of attack or disruption. This activity is not due to start till 2015. Nevertheless, KTH staff has visited the NIMBUS microgrid site in Cork and have identified a number of potential control loops that could be used in the project. Furthermore, the team have also engaged with others in the work package to explore the possibility of linkage between the mini-projects. That is, anomalies identified in SCADA traffic or via data analysis of microgrid information could be used to trigger resilience measures designed in this mini-project. The broader WP4 team are keen to show this level of integration across the mini-projects.

WP5 Financial, Legal and Social Capability
This aim of this work package is to develop business cases for the technologies that are developed in work package four – these should be set against the financial impact of a cyber-attack. Furthermore, the work package is analysing the EU directives that are relevant to the project’s activities and investigating the social acceptability of the project’s outcomes. Deliverable 5.3 was prepared aiming at a discussion of non-technical barriers to a comprehensive protection of smart grids, including a quick guide that allows smart grid operators to assess possible societal costs if security measures fail. In Task 5.1 a model will be created to analyse the cost and value of the SWW grid infrastructure as of today, the operational cost of the grid in process and the cost of re-establishing of an operable grid after a successful cyber-attack and break-down. In addition, the task analyses available standards for achieving different security levels for smart grids and the necessary costs. If no existing standard on security levels is suitable a new model to create and calculate certain levels of security must be developed. The survey on grid and security costs will be executed for SWW and two more energy supplying companies. A questionnaire to assess the economic and social characteristics of the testbed facilities based on the results of this meeting is already in progress. In legal terms, so far, an overview of relevant EU Directives has been dealing with the security against attacks of the entire electricity network and smart meters. Furthermore, WP5 has been organizing a Legal and Policy Makers Workshop in Brussels, which is scheduled to take place on 6th April, 2016.
WP6 Smart Grid Cyber Security Demonstration
The smart grid security and resilience technology solutions to be developed in SPARKS will be demonstrated on three world-class facilities: the AIT SmartEST lab, the NIMBUS microgrid and the infrastructure of SWW. In this period, the project has been exploring how these demonstration activities can be realised using these available infrastructures, including the definition of plausible threat scenarios. A basis for this investigation has been the NESCOR cybersecurity failure scenarios. On-going work involves the development of a so-called smart grid cyber-attack capability, which will demonstrated to members of the SPARKS stakeholder group to highlight the significance of the security challenge the community faces and the importance of the solutions that SPARKS will provide. First attack scenarios have been identified and some first experiments have been performed during this reporting period.

Potential Impact:
Overall, SPARKS results will reduce the attack surface of smart grid systems, detect cyber-attacks in real-time, and improve the resilience of smart grid infrastructure during an attack. Furthermore, SPARKS will provide a deeper understanding of the threats, vulnerabilities and economic consequences of cyber-attacks on smart grid infrastructure, raise awareness amongst industry leaders, present convincing information to stakeholders, lead the debate and draw through action to improve the cyber readiness of European network operators.

List of Websites:

Reported by

AIT Austrian Institute of Technology GmbH