cyber security for a reliable smart grid - homepage | esi …€¦ · · 2018-02-27cyber security...
TRANSCRIPT
Italy powers 30 million meters
United States 630K meters
Sweden 600K meters
Finland 670K meters
Netherlands 65K meters
Denmark 390K meters
Sweden 400K meters
Sweden 38K meters
Austria 175K meters
Denmark 170K meters
Poland 330K meters
Russia 410K meters
Denmark 200K meters
South Africa 35K meters
Actual projects running for years, with industry-leading reliability and performance
Field Proven Reliability Customer Reliability Load Profile Data Readings # of Meters
99.7%+ Yes Daily readings Daily values
600,000
99.7 – 100%
Yes
Daily readings Hourly values
390,000
99.7 – 100%
Yes
Daily readings 15 minutes
values 200,000
99.7 – 100%
Yes
Daily readings 15 minutes
values 170,000
OSGP-RC4-PSK
Key length 96 bits
Encryption algorithm
RC4
Authentication OMA-Digest
Authenticated encryption
OMA-Digest-then-RC4
Key derivation OMA-Digest-based
OSGP-AES-128-PSK
128 bits > 2030 per NIST
AES-128 FIPS PUB 197
AES-128-CMAC NIST SP800-38B
AES-128-CCM NIST SP800-38C
AES-128-CMAC-KDF in Counter Mode
NIST SP800-108 Similar to AES-128-CCMP (WPA2, IEEE 802.11)
BCK(128 bits)
Broadcast Protection
Short-term, domain-unique
DMK(128 bits)
LTK(96 bits)
LonTalk Authentication
MCK(128 bits)
MMK(128 bits)
HSK(128 bits)
CommissionAuthentication
HandshakeAuthentication
Short-term, meter-unique
UCK(128 bits)
Unicast Protection
MFWK(128 bits)
Firmware Update
Protection
Improves intrusion detection, prevention, and incident response
Requires no change in current grid infrastructure
Based on NIST-recommended mechanisms and practices
Improves and automates PLC key management
Same performance after security update
Reduces risk of attacks spreading from meter to meter
Is professionally peer-reviewed by security experts
Is remotely upgradable in the field on all meter generations
Has no insecure parameter variations, profiles, or the like
Enables additional intrusion detection capabilities
Is designed for unreliable, narrow-band networks
Is paving the way for future security updates (OSGP-PKI)
Enhances the security of firmware updates
Uses secure and proven cryptographic primitives
{}
Is designed and written to be easy to implement securely
Platform Leveraging the Latest in Embedded Technologies
NES Software
Utility Data Center
NES Control
Node Layer
Any TCP/IP
Network Any TCP/IP
Network
Tier 1 - Data Center Software
Analytics coordinating across all levels of architecture
New Grid Apps with modern customizable UIs
Provide access to new NES features more quickly to partners and customers
Expanded integration and device communications ability
Enable both apps and monitoring/grid health dashboard
State of the art User Interface
Supports integration with enterprise applications
Tier 3 - Grid Sensors / Smart Meters New communication media underneath OSGP
GPRS/UMTS point-to-point, Wireless Meshing
Security enhancement (AES encryption, key management services)
Headroom for new firmware enhancements and new features, expand networking expansion
Tier 2 - Distributed Control Nodes
Linux-based
Correlation of data from devices
USB connectivity to other devices & networks
LV Grid Mapping
Apps for local data processing and delegated control from head-end
More grid health and power quality measurements than any other residential meter to grid optimization applications Active energy, summation: forward, reverse, forward
+ reverse, forward –reverse. Reactive energy: import, export, per quadrant Active power, total and per-phase: forward, reverse. Average power, total and per-phase: forward, reverse. Maximum active power over interval, summation and
per-phase: forward, reverse. Reactive power: import, export, per quadrant Apparent power (kVA) RMS voltage/continuous/average, per phase Min and Max voltage over interval, per phase. RMS current, per phase. Power factor, per phase Frequency Demand measurements. Signal strength across the power line for low voltage
mapping
Outage reporting Voltage Sag/Swell alarms Phase loss and phase
rotation Total harmonic distortion Zero voltage detection Medium voltage broken Over Current alarm
4 load profiles Dedicated Billing profile Power quality log Two Event logs
Prepayment/postpayment Load control Load management Multi Tariff Integration was water/gas Tamper detection
Platform Features for Advanced Smart Metering
NES platform focuses on security as one of most important and critical aspects for Lagos in their selection criteria to address all the national security concerns.
Utilizes only open, recommended, state-of-the-art standards for security
Based on the USA National Institute of Standards and Technology (NIST) Suite B cybersecurity suite › Military-grade security building blocks
› Also compliant with the EU Commission’s Data Protection Impact Assessment (DPIA) and the EU Network and Information Security Assessment (ENISA) guidelines.
› Future-proof—modular and security-upgradable in-place › Assumes additional security challenges will emerge during system lifetime
› Hardware-based support for Advanced Encryption System (AES) 128 (current) and AES 256 (future) without changing the hardware platform
› Current Platform supports PKI roadmap implementation. › Security-Enhanced Firmware Update Procedure. › Automated key renewal management. NO master keys or back doors. › Automated Network Attack Mitigation. › Improved Intrusion Detection Capabilities.
Platform based on open, published standards at every level (Internet, ANSI, IEC, ETSI)—not proprietary, closed ones.
Why Open Smart Grid Protocol (OSGP) for PLC? ◦ A modern, more efficient, network-centric, smart grid application layer protocol
◦ Utilizes the world’s best performing PLC which provides the best system performance globally—all systems operate >99% daily communication reliability
◦ Most proven protocol and technology stack by many utilities in various countries
◦ Based on ANSI C12 utility tables, model that is used in 90% of smart meters in US and Europe
◦ Highest industry security standards
◦ Specification published by ETSI, conformance testing managed by DNV GL (KEMA)
◦ Managed by the OSGP Alliance, global, open, non-profit industry trade association
Utilities (Vattenfall, E.ON, Duke Energy, NRGi, SEAS-NVE, Tauron, Linz, etc.)
Vendors (Mitsubishi Electric, Apator, NES, Viko, GlobalTronics, EMG, etc.)
◦ Accepted by the European Commission as Stakeholder in SGCG/M490
◦ Millions of interoperable devices are up and running reliably for years
Brings high-performance and reliability TODAY ◦ Best-in-class CENELEC A-band power line performance
◦ Highly efficient and scalable communications and control protocol
◦ Adaptive and directed meshing
Provides headroom to grow and support future applications. Millions of devices…. LV Transformer centric… decentralized management
Built-in, mandatory security and privacy for every data exchange. AES 128… AES 256…
Interoperability with other standards ◦ Architecture enables technology evolution while preserving past
investments. Webservices CIM
Produces globally-applicable standards for
Information and Communications Technologies
(ICT)
EU-recognized standards organization along with
CEN and CENELEC
History of technical excellence, quality and
openness
Specifications available on the web, free of charge
Layered OSI protocol stack
ETSI GS OSG 001 ◦ Application layer protocol
◦ Media independent
ISO/IEC 14908 part 1 Control
Networking
ETSI TS 103 908 ◦ High performance power line
communication media
◦ Supports many smart grid device types
Designed for additional media
Supported and maintained by the
OSGP Alliance
ETSI TS 103 908
Future
ETSI GS OSG 001
ISO/IEC 14908.1
Field Proven Reliability
Customer Reliability Load Profile Data
Readings # of Meters
99 –100% Extended PQ Daily/Hourly 600,000
99.7 – 100%
Extended PQ Daily/Hourly 400,000
99.94– 100%
Extended PQ Daily/15 min 200,000
99.7 – 100%
Extended Daily/Hourly 170,000
INSITUTE OF ENERGY – SMART GRID CEE EXPERTISE LAB TESTS
Energy Consumption OSGP: 2.3W/meter PRIME/OFDM: 8 - 10W/meter Difference: 4W – 8W/meter * 5M meters -> 30 – 40MW
Protocol efficiency and performance
Japan; meter manufacturer/integrator
Poland; meter manufacturer
UAS South Africa
(Osaki), Singapore; meter manufacturer
Eurometer, Poland meter manufacturer
ETM Sweden
(Panasonic), Turkey; meter manufacturer
Turkey, System Integrator
South Africa, System Integrator
Egypt, System Integrator
Meter manufacturer
Open standard for smart meters and other grid
devices
Globally accepted: Europe, Middle East,
America, Asia
>4M OSGP devices deployed so far
Efficient, reliable, scalable, extensible, secure,
available, open