Cyber security for a

Reliable Smart Grid

Mark Ossel Board OSGP Alliance Vice President NES

Utility/Electricity ...40-50 year cycles..... Now start of the third one

Italy powers 30 million meters

United States 630K meters

Sweden 600K meters

Finland 670K meters

Netherlands 65K meters

Denmark 390K meters

Sweden 400K meters

Sweden 38K meters

Austria 175K meters

Denmark 170K meters

Poland 330K meters

Russia 410K meters

Denmark 200K meters

South Africa 35K meters

Actual projects running for years, with industry-leading reliability and performance

p

Exceeding the SLA!

Field Proven Reliability Customer Reliability Load Profile Data Readings # of Meters

99.7%+ Yes Daily readings Daily values

600,000

99.7 – 100%

Yes

Daily readings Hourly values

390,000

99.7 – 100%

Yes

Daily readings 15 minutes

values 200,000

99.7 – 100%

Yes

Daily readings 15 minutes

values 170,000

osgp

OSGP-RC4-PSK

Key length 96 bits

Encryption algorithm

RC4

Authentication OMA-Digest

Authenticated encryption

OMA-Digest-then-RC4

Key derivation OMA-Digest-based

OSGP-AES-128-PSK

128 bits > 2030 per NIST

AES-128 FIPS PUB 197

AES-128-CMAC NIST SP800-38B

AES-128-CCM NIST SP800-38C

AES-128-CMAC-KDF in Counter Mode

NIST SP800-108 Similar to AES-128-CCMP (WPA2, IEEE 802.11)

Protect Detect Respond

BCK(128 bits)

Broadcast Protection

Short-term, domain-unique

DMK(128 bits)

LTK(96 bits)

LonTalk Authentication

MCK(128 bits)

MMK(128 bits)

HSK(128 bits)

CommissionAuthentication

HandshakeAuthentication

Short-term, meter-unique

UCK(128 bits)

Unicast Protection

MFWK(128 bits)

Firmware Update

Protection

Head-End System

OSGP-AES-128-PSK

DC

NES Security V4

Improves intrusion detection, prevention, and incident response

Requires no change in current grid infrastructure

Based on NIST-recommended mechanisms and practices

Improves and automates PLC key management

Same performance after security update

Reduces risk of attacks spreading from meter to meter

Is professionally peer-reviewed by security experts

Is remotely upgradable in the field on all meter generations

Has no insecure parameter variations, profiles, or the like

Enables additional intrusion detection capabilities

Is designed for unreliable, narrow-band networks

Is paving the way for future security updates (OSGP-PKI)

Enhances the security of firmware updates

Uses secure and proven cryptographic primitives

{}

Is designed and written to be easy to implement securely

Mark Ossel

ossel@osgp.org

Platform Leveraging the Latest in Embedded Technologies

NES Software

Utility Data Center

NES Control

Node Layer

Any TCP/IP

Network Any TCP/IP

Network

Tier 1 - Data Center Software

Analytics coordinating across all levels of architecture

New Grid Apps with modern customizable UIs

Provide access to new NES features more quickly to partners and customers

Expanded integration and device communications ability

Enable both apps and monitoring/grid health dashboard

State of the art User Interface

Supports integration with enterprise applications

Tier 3 - Grid Sensors / Smart Meters New communication media underneath OSGP

GPRS/UMTS point-to-point, Wireless Meshing

Security enhancement (AES encryption, key management services)

Headroom for new firmware enhancements and new features, expand networking expansion

Tier 2 - Distributed Control Nodes

Linux-based

Correlation of data from devices

USB connectivity to other devices & networks

LV Grid Mapping

Apps for local data processing and delegated control from head-end

More grid health and power quality measurements than any other residential meter to grid optimization applications Active energy, summation: forward, reverse, forward

+ reverse, forward –reverse. Reactive energy: import, export, per quadrant Active power, total and per-phase: forward, reverse. Average power, total and per-phase: forward, reverse. Maximum active power over interval, summation and

per-phase: forward, reverse. Reactive power: import, export, per quadrant Apparent power (kVA) RMS voltage/continuous/average, per phase Min and Max voltage over interval, per phase. RMS current, per phase. Power factor, per phase Frequency Demand measurements. Signal strength across the power line for low voltage

mapping

Outage reporting Voltage Sag/Swell alarms Phase loss and phase

rotation Total harmonic distortion Zero voltage detection Medium voltage broken Over Current alarm

4 load profiles Dedicated Billing profile Power quality log Two Event logs

Prepayment/postpayment Load control Load management Multi Tariff Integration was water/gas Tamper detection

Platform Features for Advanced Smart Metering

NES platform focuses on security as one of most important and critical aspects for Lagos in their selection criteria to address all the national security concerns.

Utilizes only open, recommended, state-of-the-art standards for security

Based on the USA National Institute of Standards and Technology (NIST) Suite B cybersecurity suite › Military-grade security building blocks

› Also compliant with the EU Commission’s Data Protection Impact Assessment (DPIA) and the EU Network and Information Security Assessment (ENISA) guidelines.

› Future-proof—modular and security-upgradable in-place › Assumes additional security challenges will emerge during system lifetime

› Hardware-based support for Advanced Encryption System (AES) 128 (current) and AES 256 (future) without changing the hardware platform

› Current Platform supports PKI roadmap implementation. › Security-Enhanced Firmware Update Procedure. › Automated key renewal management. NO master keys or back doors. › Automated Network Attack Mitigation. › Improved Intrusion Detection Capabilities.

Platform based on open, published standards at every level (Internet, ANSI, IEC, ETSI)—not proprietary, closed ones.

Why Open Smart Grid Protocol (OSGP) for PLC? ◦ A modern, more efficient, network-centric, smart grid application layer protocol

◦ Utilizes the world’s best performing PLC which provides the best system performance globally—all systems operate >99% daily communication reliability

◦ Most proven protocol and technology stack by many utilities in various countries

◦ Based on ANSI C12 utility tables, model that is used in 90% of smart meters in US and Europe

◦ Highest industry security standards

◦ Specification published by ETSI, conformance testing managed by DNV GL (KEMA)

◦ Managed by the OSGP Alliance, global, open, non-profit industry trade association

Utilities (Vattenfall, E.ON, Duke Energy, NRGi, SEAS-NVE, Tauron, Linz, etc.)

Vendors (Mitsubishi Electric, Apator, NES, Viko, GlobalTronics, EMG, etc.)

◦ Accepted by the European Commission as Stakeholder in SGCG/M490

◦ Millions of interoperable devices are up and running reliably for years

Brings high-performance and reliability TODAY ◦ Best-in-class CENELEC A-band power line performance

◦ Highly efficient and scalable communications and control protocol

◦ Adaptive and directed meshing

Provides headroom to grow and support future applications. Millions of devices…. LV Transformer centric… decentralized management

Built-in, mandatory security and privacy for every data exchange. AES 128… AES 256…

Interoperability with other standards ◦ Architecture enables technology evolution while preserving past

investments. Webservices CIM

Produces globally-applicable standards for

Information and Communications Technologies

(ICT)

EU-recognized standards organization along with

CEN and CENELEC

History of technical excellence, quality and

openness

Specifications available on the web, free of charge

Layered OSI protocol stack

ETSI GS OSG 001 ◦ Application layer protocol

◦ Media independent

ISO/IEC 14908 part 1 Control

Networking

ETSI TS 103 908 ◦ High performance power line

communication media

◦ Supports many smart grid device types

Designed for additional media

Supported and maintained by the

OSGP Alliance

ETSI TS 103 908

Future

ETSI GS OSG 001

ISO/IEC 14908.1

Field Proven Reliability

Customer Reliability Load Profile Data

Readings # of Meters

99 –100% Extended PQ Daily/Hourly 600,000

99.7 – 100%

Extended PQ Daily/Hourly 400,000

99.94– 100%

Extended PQ Daily/15 min 200,000

99.7 – 100%

Extended Daily/Hourly 170,000

INSITUTE OF ENERGY – SMART GRID CEE EXPERTISE LAB TESTS

Energy Consumption OSGP: 2.3W/meter PRIME/OFDM: 8 - 10W/meter Difference: 4W – 8W/meter * 5M meters -> 30 – 40MW

Protocol efficiency and performance

Chairman Vice-Chairman Treasurer

Other Board Members

Japan; meter manufacturer/integrator

Poland; meter manufacturer

UAS South Africa

(Osaki), Singapore; meter manufacturer

Eurometer, Poland meter manufacturer

ETM Sweden

(Panasonic), Turkey; meter manufacturer

Turkey, System Integrator

South Africa, System Integrator

Egypt, System Integrator

Meter manufacturer

http://www.ferranti.be/

Open standard for smart meters and other grid

devices

Globally accepted: Europe, Middle East,

America, Asia

>4M OSGP devices deployed so far

Efficient, reliable, scalable, extensible, secure,

available, open

osgp.org

ossel@osgp.org

Corien den Ouden ◦ Secretary, OSGP Alliance

◦ Email: secr@osgp.org

standards@osgp.org