Energy Security: Defending AMI Networks and the Smart Grid

The worldwide demand for energy has been growing at a rate of nearly 2 percent, led by industrialization in developing economies like China and India and sustained consumption in Europe and North America.

Th 300411

By Jim Alfred

Global Energy – Local Security

The worldwide demand for energy has been growing at a rate of nearly 2 percent, led by industrialization in developing economies like China and India and sustained consumption in Europe and North America. Driving consumption in China and India are a burgeoning middle class as well as the continued manufacture of finished goods for export. Energy demand in these regions is projected to grow at an average rate of 3.2 percent per year, more than doubling over the 2004 to 2030 period. In 2006, for instance, China added as much electricity generation capacity as France’s total supply.

Th 300411
Click here to enlarge image

More mature economies with lower population growth are projected to increase energy consumption at a much slower rate of 0.8 percent per year. But these economies have already developed a high dependency on energy and account for about half of the world’s energy consumption. North America, for example, continues to lead in both per capita and total energy consumption, as well as the availability of energy that is critical to maintaining a healthy economy and the lifestyles that we’re accustomed to–transportation, jobs, food and comfort. We need energy security.

Much of the world we’re accustomed to depends on relatively inexpensive energy. Unfortunately, oil recently rose to $130 per barrel, up nearly 80 percent from just a year ago. This sharp rise is giving consumers a taste of what the future might hold if we aren’t able to control our energy consumption.

Unlike gasoline prices, the structure of the electricity market keeps consumers fairly well insulated from rapid cost increases. What impacts the electricity market most is a relatively fixed generation capability that nominally provides energy at a relatively fixed price. But the fixed price model is changing–since it frequently costs utilities a significant premium to supply power when demand outpaces generation capacity. A summer heat wave, for instance, can cost a utility millions of dollars if it needs to purchase power from the spot energy market at premium prices. Worse yet, when prices can’t be met due to regulated rate caps, utilities may be forced to impose rolling blackouts, creating worse economic disruptions for their customers.

Together these two factors–the overall rising cost of energy, and the cost impact of peak demand–are forcing utilities to consider new approaches to reducing energy demand. These approaches to energy security must work or our economic security will be in jeopardy.

Demand Response and Smart Metering

To help curtail peak demand and deal with the plight of higher energy prices without investing in expensive new generation capacity, utility companies are turning to economics and new technology. Advanced Metering Infrastructure (AMI) and Demand Response technology automates the conservation of electricity during peak usage periods by sending pricing signals to energy consumers. Conservation incentives or consumption penalties such as time of use (TOU) or critical peak pricing (CPP) have the effect of dynamically reducing energy demand.

Th Energy 2
Source: US DOE
Click here to enlarge image

Automated demand response programs will employ a variety of intelligent devices to reduce power consumption. In industrial settings, the energy requirements for each company need to be considered so as to minimize production impact. Power reductions in commercial building and residences, on the other hand, can be managed more programmatically.

Enabled by 2-way communications network and intelligent power meters, Advanced Metering Infrastructure will tie the utility more closely to residential and commercial energy users. AMI systems will provide day-ahead and near real-time information to home energy management consoles and enable frequent interval reads back to meter data management systems, using pricing to moderate demand. A home area network will be used to distribute power management information throughout the residence–much of it wirelessly. The intelligent metering system will help utilities to better control peak loads and will eventually allow them to offer new energy management and monitoring services to their customer base.

Increasing system intelligence allows more effective peak load reduction with less impact on productivity, comfort and safety. For instance, a building climate control system can react to demand response signals by adjusting set points and lighting in selective areas rather than in the entire building. Distributed demand response in the home will manage pool pump, water heater and HVAC circuits, signaling time-of-use pricing information to intelligent appliances in order to reduce or shift energy consumption to non-peak periods.

Early trials of active energy management programs have demonstrated that they are effective at reducing peak power loads by more than 20 percent while reducing overall consumption as well.

In addition to modernizing the distribution system to control demand, the aging power grid generation and transmission systems are also being upgraded. The electric grid, much of it based on 30 year old technology, is being made smarter to improve efficiency and reliability. Enhanced communications capability and distributed intelligence in electricity transmission and distribution infrastructure will create a Smart Grid that is able to dynamically adjust to system demands, isolate circuit faults, predict component failures, and route power efficiently from a growing number of more energy efficient generation resources.

Th Energy 3
Secure devices using digitally signed and validated firmware
Click here to enlarge image

null

Securing Millions of Smart, Networked Devices

As Smart Energy Home Area Networks with Demand Response capabilities, smart meters, building automation and Smart Grid infrastructure are deployed, hundreds of millions of new devices will be connected in one way or another to utility networks and the public Internet. Information about energy consumption and lifestyle will flow out of homes and offices as remote command and control signals flow in.

All of these nodes in the system are potential vulnerabilities–places a hacker can attack to inject unauthorized remote disconnects to blackout a region; places that criminals can lurk to spy on homeowners; ways to provide fraudulent readings in order to steal energy. To achieve energy security we need our energy management systems to be secured, end-to-end. This means protecting the confidentiality, integrity, availability and accountability of system information.

There are numerous assets to be protected, a number of threats to consider and several basic threat vectors that every device should guard against. Among the assets in meters and thermostats are the core firmware, encryption and authentication keys, access controls and authorization codes. Keys and authorization codes themselves protect remote disconnect logic, service logic, billing data, usage history, someday perhaps even information on the type and performance of home appliances.

Th Energy 4
Cost of Energy / Cost Impact of Peak Demand
Source: David W. DeRamus, Ph.D., Bates White LLC
Click here to enlarge image

Once these devices are on a network, most of them will be designed with remote management and firmware upgrade capability. In order to put our trust in these devices, the devices themselves must take steps to validate that firmware patches are authentic, and reject unauthorized or tampered software. Authentication and integrity checking should be done automatically whenever a device is booted or new software is about to be installed in order to prevent root kit or denial of service attacks, lest a million meters get recalled for corrupted firmware.

The first step is establishing a strong foundation for security–a root of trust for the device. This enables the device to validate its operating environment, including any modifiable software or configuration files. It is when firmware is being reprogrammed that devices can be most vulnerable.

To ensure system integrity, the core boot loader should be stored in protected (read only) memory. Signatures should be authenticated on firmware and sensitive configuration data. In order for those signatures to be legitimate, OEM authentication keys should also be protected from unauthorized modification–preferably stored in one-time-programmable (OTP) memory.

Demand response commands, especially emergency load shed requests, need to be digitally authenticated, and message protocols should be designed to prevent message replay attacks. Verifying the authenticity of a load shed requires not simply ensuring that a message is authentic; the keys used to authenticate a command also need to be protected as critical assets that can’t be updated remotely without authentication. Otherwise an attacker can send an authentic command by simply putting their own management keys into the device.

Meters should attest to the integrity of interval data by signing meter readings. Metering standard ANSI C12.22 provides for the transport of ANSI C12.19 metering data over “any network”. This standard will include encryption and public key signature scheme enhancements to ensure privacy and prevent meter fraud.

Th Energy 5
Click here to enlarge image

Critical transmission infrastructure such as substation switching components with SCADA interfaces also need to be protected from unauthorized access and tampering. If compromised, the assets, encryption and authentication keys, and sensitive command and control data can be used to turn off or overload a wide service area with critical ramifications on public safety.

Mutual authentication should be used between a device and the management system–this prevents attacks in both directions. Having a trusted device identity based on public key infrastructure provides this capability using a well understood and manageable framework.

ZigBee Smart Energy meters and home area network devices have encryption and authentication built into their specification. ZigBee Smart Energy uses Elliptic Curve Cryptography (ECC) public key technology as the basis for trusted device identities, simplifying network management and device provisioning.

When adding IP-based network security, for instance to support network management interfaces, best practice is to use proven, interoperable security protocols such as SSL and IPSec to protect network traffic and authenticate endpoints. These protocols form the basis of today’s Internet security architecture and will continue to be enhanced to meet emerging requirements.

For AMI networks with millions of encrypted meters particular attention needs to be paid to scalability. Systems must support frequent interval readings from numerous devices over unreliable networks. Encryption and verification are computationally expensive operations and can lead to processing bottlenecks as more and more devices come on line. The system should provide both high capacity and the ability to load balance encryption and key management for performance and failsafe operation.

A robust encryption and key management platform should be used to protect keying material and provision new devices. System requirements encompass not just the algorithms and protocols, but operational integrity. Sensitive keys must be stored in hardware security modules (HSMs) with policies and procedures for enrolling and authorizing system operators. These safeguards establish who has access to which keys and what parts of the system. All of these aspects must be designed, documented and enforced in order for the system to be secure.

Conclusion

AMI technology and the smart grid are critical to our energy security. As utilities and metering companies deploy advanced metering infrastructure, they need to deploy end-to-end security to safeguard the effectiveness of demand response programs and protect the stability of the grid.

The Certicom Security Architecture provides a trusted foundation that metering companies can leverage to meet their end-to-end security requirements, including customizable encryption and key management platforms for meters and the head-end.

Certicom has over 20 years of experience supplying security solutions for constrained environments. As an acknowledged leader in Elliptic Curve Cryptography (ECC), Certicom technology is ideal for metering devices constrained by memory, processing power and bandwidth.


About the Author:
Jim Alfred is the Director of Product Management for Certicom Corporation, the leading global provider of Elliptic Curve Cryptography (ECC). Jim has over 14 years of technical product development experience.

More in Home