RISE ICT Stories: Security solutions for smart grids
In recent years, there has been a dramatic rise in the number of smart solutions available for the control of power consumption, generation and distribution. At the same time, the threats against infrastructures critical to security are becoming more calculated and more frequent. RISE SICS is involved in a European project taking a holistic approach to secure smart electricity grids.
Smart grids help consumers to control their power consumption, and suppliers to supervise their generation and distribution functionality. However, smart grids are persistent targets of cyberattacks, which can knock out power supply functionalities, or take control of them. In order to preserve security, smart grid systems have to be updated and upgraded every time a new power meter is added to the system, a new functionality has been added, or a suspected security vulnerability has been found.
Rather than updating power meters separately, SICS’s solution broadcasts the new software to all the power meters in an area at the same time. In order to also secure the upgrade operation itself, the distributed software has to be encrypted by means of a cryptographic group key. To this end, SICS has developed an advanced key management procedure, which can be used in every context where critical information has to be delivered over broadcast/multicast communications.
All power meters in an area are connected to a concentrator, which collects the data from the meters and forwards it to the suppliers. The concentrator is built on a secure platform that isolates services from each other. This practice creates opportunities for third party suppliers, such as different home alarm services, that can be introduced into the system with no risk. Each service relies on its own separate channel, to ensure that the system cannot be compromised. The separation of channels is achieved by using a secure hypervisor, called HASPOC, developed by SICS.
This research project, called SEGRID, is a cooperation between Sweden, the Netherlands, Norway, Portugal, and Spain. SEGRID covers all the necessary aspects to create a truly viable solution: Use cases, risk analysis, privacy issues, tools to detect intrusions and vulnerabilities, resilient networks, a hypervisor and a group key management protocol developed by SICS, and finally a testbed to make sure that the new solutions work properly and effectively.
This story was published in our annual report 2015.