Securing a “Cost Optimized” Smart GridJun 29, 2021
There is the old saying………. You get what
you pay for.
There are always options available to pay less for something. I am sure we have all paid less, thought we were getting a good deal, and then, only later, realize the compromises made without knowing it.
Think of an investment in new windows for your home. Security is often an important point. Regulations and standards make it possible to characterize the security different manufacturers offer, but do we really understand what that means in terms of the barriers placed in front of the intruder? After the installation, we may feel that we have under-invested and feel vulnerable. What can be done? Upgrade is not an option, as the locks and bolts are integrated into the windows and can’t just be replaced. It is generally cheaper to invest in burglar alarms, outside security lighting and door-bells with embedded cameras, than it is to start again.
It is similar with Smart Meters. It is always possible to find cheaper Smart Meters. There are standards, but if you purchase based purely on a standard and “cost optimize” within that selection, how do you know you achieve a security posture that is appropriate for the threats that your meters will be exposed to in the field?
Cyber-criminals will look for:
- Weaknesses in protection measures, such as access control
- Configuration options which may have been enabled to achieve security for acceptance functional testing, but may have been disabled to achieve performance in deployment
- Weaknesses or a lack of key management features
- Infrequent software and firmware updates leaving known security issues unpatched
- On-line certifications indicating broad compliance to standards but excluding higher-level security certifications
- Standards with complex optionality for security, leading to potential lower-security deployments, either by design or by accident.
The energy provider that focuses on “cost optimization” could easily fall foul of one of these and be exposing themselves, unknowingly, beyond their risk appetite. This is the same as investing in cheaper windows and then finding that the locks, although compliant with standards, don’t provide the “assumed” levels of protection.
So, this is where the equivalent to a burglar alarm comes in to provide a cost-effective security “overlay” for the smart meters. Threat detection and response systems work on the premise that the system will be attacked and attacks will be successful, and that the key point is reducing the time to respond to the attack. Deploying a threat detection and response solution is a lot cheaper than replacing all your smart meters! Just as deploying a burglar alarm is a lot cheaper than replacing all your windows.
NES Grid Watch provides a threat detection and response solution that is optimized for the low-voltage smart grid and is an ideal solution for those questioning the level of security that their “cost optimized” smart meter solution is provide them with.
- When do you buy a burglar alarm for the smart energy grid?
- How to Address Cybersecurity Vulnerabilities in the Low-Voltage Grid
- Energy Theft and Fraud Reduction