Smart Meters Need More Protection from Hackers Read More Aug 05, 2019
Feeding the Big Data and Artificial Intelligence “Information-Appetite” – From the Low-Voltage Grid Read More Jul 23, 2019
How to Provide Protection In-Depth for Your Smart Grid Read More Jun 07, 2019
Managing the Smart Grid; Re-inventing the Wheel? Read More Dec 10, 2018
Smart Grid Cybersecurity: Planning for Chaos Read More Nov 21, 2018
Smart Grid, Smart Cities and the App Store Read More Sep 26, 2018
Tauron: Wrocław with a unique meter communication system in Europe Read More Sep 19, 2018
Making the smart grid intelligent: Using software to improve power reliability Read More Sep 12, 2018

A critical step utilities should be taking is to install monitoring and alarm systems to detect potential attacks.

Utilities should prepare to defend themselves against hackers attempting to access the grid via the new fleet of smart meters, says Emil Gurevitch, Senior Security Architect at Networked Energy Services (NES).

The industry is in a dilemma when it comes to cyber security, as while there is a need to share information, utilities do not want to talk openly for fear of exposing themselves to more threats or attracting negative press.

NES supplies smart meters to many countries in Europe, Middle East, Asia, Africa and Americas. In Europe, this includes Sweden, Finland, Denmark, Poland, Romania, France, Switzerland, Austria, Italy and Germany. Although many of these countries are less worried about the kind of national adversary threat that heightens tensions between the Ukraine, Russia, the US and China bring, there is a growing concern about criminal hackers looking to make financial gains or just disrupt the smart energy transition to make a name for themselves.

Wide attack surface
Not a lot of attention has been paid to smart meters, which is a relatively newer technology than SCADA systems for substation control and management of other parts of the smart grid, Gurevitch says. But clearly smart meter systems will become increasingly interesting for hackers as they create a wide attack surface with a varying range of security. There are easy ways to figure out what technology is out there, Gurevitch says. Public records of utility tenders and standards are all out in the open. A smart meter is very accessible – every home and office has one, normally in a private, out of the way place. Once the serial number is found, that can lead to an accurate account of what the technology is, and it can then be tested against known weaknesses.

The wave of smart meters being rolled out across Europe represents a huge investment, and utilities need to see a return on that expenditure – a single cyber-attack can wreck the business case a smart meter rollout. The life cycle of a smart meter is around 10-15 years, but that is a very long time in cyber security and a long time to be exposed to attack, Gurevitch says. Some utility executives understand the issue and are reviewing and improving their security posture, and some are in standby mode waiting for something to happen before taking action.  

A storm brewing
“Utilities have a chance to be proactive and anticipate attack rather than wait for something bad to happen. There’s a storm brewing and we have an opportunity to prepare for it,” he says.

Utilities should focus on monitoring, as at the moment many do not know what is happening at the grid edge Gurevitch says. “Some utilities are completely oblivious to the threat of attack, as if blindfolded.” Once monitoring systems are put in place and a threat is detected, the next stage is implementing the response. NES is developing such monitoring solutions in close collaboration with their utility customers and local partners.

Soon such security measures are likely be mandatory. There is a big push from the US regulator the Federal Energy Regulatory Commission, and Europe has several certifications and other initiatives underway.  

New threats
Europe has made a lot of progress and new smart meters have embedded security, while Asia and the Middle East are moving a little slower and are still in the development and deployment stage, says Nicolas Viot, head of the penetration testing team at Sogeti, part of the Capgemini group. He agrees with Gurevitch that one of the biggest challenges facing utilities is the length of time the smart meters will be in place. “In IT we are not used to supporting systems for such a long time,” he says. Future challenges include protection for end-user connectivity, as more consumers monitor consumption on mobile phones, smart homes and buildings solutions, smart cars, and digital rights management for example renting movies via smart TVs. “You have to look at new threats that will emerge,” he says. A future trend will be incorporating small producers of renewable energy into the grid, which will create a new cyber security challenge.

While it can be costly, it does not have to be, and cyber security spending will ultimately be worth it just like insurance, Gurevitch says. “Those investments will repay through reduced energy disruption, reduced loss of customer information and improved PR when these systems are subject to attacks by criminals.”

Big Data and Artificial Intelligence is the Answer 
The promise of Big Data and Artificial Intelligence is everywhere. And, in all cases, so are the results. One almost gets the impression that there is no problem that cannot be solved with these new technologies. The answer to everything is “Big Data and Artificial Intelligence”. Open a web-browser and you see advertising tuned to your latest on-line shopping. Turn on the TV and you see advertisements about how our leading IT providers are using Big Data and Artificial Intelligence to address social, economic and environmental challenges. Two extremes of direct application of Big Data and Artificial Intelligence.
The tools used to derive timely, actionable insight to both the biggest and the most mundane challenges have certainly hit the main stream. Using these tools has direct application to the smart grid. They can be used to increase reliability, improve operational efficiency, reduce energy loss, increase fair energy supply by reducing fraud and theft, identify illegal use of energy, enable other green energy initiatives, such as distributed generation, energy storage, and electric vehicles, and focus restoration by sociological and business priorities.
The piece which is often left out on all the buzz is where is all this data coming from and how it gets to the Big Data and Artificial Intelligence platforms. We know it ends up in data lakes and data marts, but where is this data created, how does it get to the systems that can create the value from it, and how do we know that it is secure as it makes this journey? And, then, how is this managed in a smart grid?
Smart Grid is the Answer 
Initiatives like the Clean Energy Package in Europe and the proposed Green New Deal in the US are driving the Energy Transition and putting focus onto the smart grid to achieve the improvements above. Similarly to Big Data and Artificial Intelligence, whenever the question concerns energy efficiency, the answer seems to be “the Smart Grid”.
A smart grid is generally split into 3 segments, the high-voltage, medium-voltage and the low-voltage. The high- and medium-voltage pieces are highly visible – they are major engineering projects and come with sophisticated communications, security and management capabilities in-built. Getting information to feed the big data and artificial intelligence platforms is no great challenge here because the infrastructure is already there.
The low-voltage grid is more challenging – the equipment is highly distributed, often antiquated, unmonitored and unmanaged, and mostly “passive” from an IT perspective. It has little or no mechanism to share information back to these big data and artificial intelligence platforms that are waiting for it. As such, this represents a sub-optimal use of major investments by DSOs. This is unfortunate because it is in the low-voltage grid that the energy transition, driven by the Clean Energy Package and other green energy and conservations initiatives, is going have the largest impact over the next decades:
• Increased distributed generation and storage – using residential scale equipment to generate solar, wind and hydro energy, store locally, and feed back into the local low-voltage grid
• Community energy and micro-grid – balancing the supply of energy within a community to minimise the demand on external centrally generated energy.
Both of these require a low-voltage grid that is highly optimised, and which can be dynamically switched through modes of operation to maintain that optimisation as demand and generation changes. So, the problem becomes, how to create information about the performance of the low-voltage grid, and then communicate that, securely, to the ever-hungry maws of the big data and artificial intelligence platforms.
Internet of Things is the Answer 
Connection of everything in the low-voltage grid to “the Internet of Things” could be the answer.
Of course, “everything” is really limited to those things with enough IT capability to connect and share information, where the coverage provides the service and where it is technically and economically viable to use the service at the volumes required. That is fine in the high- and medium- voltage grids but still has challenges in the low-voltage grid, where many millions of consumers and their equipment need to be connected and managed.
Energy suppliers need to consider the costs of deploying IT enabled equipment deep into the low-voltage grid, the costs of physically installing SIMs and associated SIM management, and the costs of monthly subscription for connecting to millions of end-points to collect many gigabytes (or even terabytes) of data each day.
Energy suppliers also need to consider the technology capabilities – there are several applicable network technologies, which can be used (NB-IoT and LTE-M being the most common).
These are wireless technologies, but it is also possible to connect through power-line communications to back-end systems which are Internet enabled. This approach does not involve a subscription fee, but is dependent on distances, quality and noise-levels of the power cable, and, so, like wireless communications, needs to be considered carefully.
Smart Meters are the Answer
So, the ability to connect to all low-voltage devices is a potential challenge – let’s look at the devices themselves and see if they are the answer.
The all-pervasive IT enabled equipment in the low-voltage grid are smart meters. These come in various shapes and sizes, ranging from the barely-smart through to the truly-smart, and are generally deployed at the edges of the low-voltage grid. Barely-smart meters are typically able to communicate low-volumes of “basic” consumption information relatively in-frequently, and simply exist to provide automated billing. At the other extreme, the truly-smart can be configured dynamically to report back on a wide range of voltage and power quality metrics, on a regular basis.
Of course, the truly-smart meters tend to attract a premium price tag that needs to be considered, when the DSO is also assessing their medium- and long-term investment strategy and business case. The reality is that, all too often, the DSO is under pressure to follow a policy of cost reduction, and this drives some to the barely-smart version of the smart meter. Unfortunately, these cannot actively participate in feeding the demands of big data and artificial intelligence, and so represent a lost opportunity to leverage the investments made in these platforms.
In any case, the smart meters generally only provide information about the customer service points and (sometimes) the substation transformer. This still leaves a big gap of coverage – effectively, the power cabling and associated distribution devices. However, some of the truly smart meters are addressing this space to provide an end-to-end view of low-voltage grid performance.
Don’t Look for the Silver-bullets – Practical Solutions are Needed
Putting aside the buzz around Big Data and Artificial Intelligence, Smart Grid and Smart Meters, there are practical solutions to presenting the volumes and types of information that is required to form timely insight for energy and operational efficiency and sociologically balanced green and fair energy programmes.
Where Will Information Come From
The low-voltage grid data needs to be created somewhere. Dedicated monitoring systems can be deployed, but they are often too expensive to be deployed as a “blanket” – rather they are deployed in specific known problem areas.
The most prevalent source of information across the low-voltage grid remains smart meters. The truly-smart meters allow large volumes of voltage and power information to be reported back to the DSO with enough frequency that they can spot trends, detect outages and short-term inefficiencies, gain insight, and take action.
DSOs should look at their smart meter procurement policy and be confident that smart meters will justify their big data and artificial intelligence investments and generate timely and actionable insight.
Where barely-smart meters are being deployed, DSOs will find themselves without detailed information of the low-voltage grid, be unable to feed big data and artificial intelligence platforms and be unable to adapt to the changing demands in the low-voltage grid.
Communication of Volumes of Data
The volume of data quickly scales up when one considers the millions of end-points that will have a smart meter; potentially to many gigabytes and even terabytes of data per day. The volumes and the subscription cost will challenge the standard wireless “Internet of Things” connectivity model. Communications of at least some of this payload over PLC will significantly reduce the cost and data volumes using wireless, and will allow the best of both technologies to be leveraged by the DSO.
A hybrid model of PLC and wireless will ensure both volumes and subscription cost remain manageable, and the data can be carried to the ever-hungry maws of the big data and artificial intelligence platforms.
PLC has received bad press over the last few years creating an impression that it is old technology. In fact, there are truly-smart meters based on PLC that employ the highest quality protocols to achieve high information rates, even in the most challenging network environments.
Some truly-smart meters extend these options by providing connectivity to physical networks, which terminate at the home, the multi-dwelling unit or in the street. In these cases, the standard communications provided by the smart meter is augmented, and either used to carry more information more frequently, or to provide a back-up in the event of one of the communications mechanisms failing. The latter resolves the problems of having “holes” in the big data. Some DSOs can even leverage fibre infrastructure provided by government programmes or their own investments and diversifications.
A lot of privileged information about the consumers and about the DSO is transported. The data lakes and data marts are highly secure, but the source of the data in the low-voltage grid and the communication through the low-voltage grid also needs to be as secure.
The built-in security features of the smart meters, the wireless and PLC communications needs to be carefully assessed so that the information shared with the big data and artificial intelligence platforms isn’t, accidentally, shared with the cyber-criminal fraternity. Again, typically, this is where the barely-smart meters are lacking, and so justify an extra careful assessment before selection.
Not Just Electrical Energy
Truly-smart meters tend to have additional communications capabilities in-built to allow connection within the consumer’s residence. This can be used to either connect to other WAN communications, such as the local ISP or community fibre infrastructure, in-home devices, or to gather information from other utility meters such as gas and water. All three utilities – electricity, gas and water – are scarce resources, and can be exposed into big data and artificial intelligence platforms via the truly smart meters.
Not Just End-points
Finally, the flow of energy within the low-voltage grid is as important to understand as the energy provided by and delivered to its end-points. The latest truly-smart metering solutions use their own on-board analytics to derive more information about how energy flows within the low-voltage grid, allowing far more fine-grain business insight to be generated and the guess-work taken out of what is happening between the sub-station and the consumer.

Smart grids are a critical national resource, and like any other, are subject to cyber attack. To date, smart grid cybersecurity strategies have focused on the perimeter. What happens when an attack is successful, and a cybercriminal gets past the perimeter? This is when defence in depth is needed.

A tempting target

A smart grid is a DSO’s (Distribution System Operator) largest investment and a national asset upon which mission critical and life-saving services rely. Government, business and residents rely on the service it provides every second of the day. It provides the energy supplier with their revenue, and through it, the DSO has access to highly privileged and sensitive customer information.

To achieve the social and economic benefits of a smart grid, sophisticated equipment has been deployed further into the less regulated and secured low-voltage grid. Whilst this meets the objectives for smart grid, it creates more points of entry that a cyber-criminal can exploit.

High profile and prestige smart city initiatives depend on smart grid for efficiency and optimisation – a successful attack could bring a smart city to its knees. So, these targets are attractive for extortion or high profile disruption – both motivators for financial and hostile government sponsored attackers.

These are not the only attractive targets – terrorism motivated attacks focus on many targets across the globe. Potentially all smart grids are a target to attacks focused on political or sectarian drivers.

Is protecting the perimeter enough?

The Information and Communications Technology (ICT) industry has found, to its cost, that relying on perimeter defence against cybercriminals is insufficient. A perimeter is a combination of ICT, processes and people. Even where the ICT piece achieves high theoretical protection, it is the process and the people that can create “loop-holes”, which the cyber-criminals are highly skilled at exploiting.

This is equivalent to relying solely on the strength of your locks to your home and hoping that no one else has a key or can pick the lock!

Modern cybersecurity solutions are a combination of defence in depth with the assumption that, eventually, protection will be breached. This means that only when detection and response are coupled with protection, is it possible offer a comprehensive defence.

If the smart grid was your home, you would be subscribing to a local community watch project (to monitor general threat), installing video cameras in front of your door (to monitor specific threat) and installing a burglar alarm within your home (to monitor for successful intrusion).

How strong can the perimeter be?

The smart grid is increasingly complex. Upgrading the perimeter to the latest standards may simply be too disruptive and time-consuming to do quickly and in response to new attack mechanisms. The reality is that the attacker always has the initiative and technology will lag – both in creating the solution and deploying it across national infrastructures.

The perimeter will always be porous.

If the smart grid was your home, you would be changing the locks every week!

Is visibility of security events enough?

Even if a DSO is aware of security events, they can be missing important indicators of attack, simply because they are lost in the background of low-level threat indicators and false positives. Common responses are to log everything or log nothing. In either case, some DSOs may be unable to spot the key indicators which would allow them to adopt a modified security posture in response to a threat or to react to block an attack or limit a penetration.

Making sense of all the information

A key concept implemented in many SIEM (Security Information and Event Management) systems is correlation of large volumes of isolated and (potentially) false positive events against a wide set of contextual information. Such context may include scheduled events, topological or geographical information, known threat information, historic information, known and anticipated methods of attack and actual attack elsewhere.

The challenge is that ICT SIEMS are focused on ICT infrastructure and do not have built-in “understanding” of smart grids to make sense of the specific information or context.

What is required in a SIEM is the ability to:

  • Monitor the smart grid without interrupting or disrupting the key service it offers
  • Interpret events from the smart grid
  • Have the right context by which to assess these events
  • Identify and be familiar with the types of attacks, which are specific to a smart grid,
  • Have awareness of attacks across a community.

With this new generation of SIEM, it is possible to build a defence in depth for the smart grid.

Outcomes of defence in depth

With such a SIEM in place, the DSO can defend itself in depth, and not rely on solely on the perimeter.

This is a little like being in the community crime watch, having a security camera outside your house and a burglar alarm inside. To continue the analogy, a home owner may even accept older locks if they have the deterrent and defence in depth.

Defence in depth provides for:

  • Evaluation of the current threat-level and changes over short, medium and long-term
  • Detection of a specific threat and initiation of responses to harden the smart grid in readiness for attack
  • Detection of attack and initiation of responses to protect the infrastructure within the perimeter
  • Detection of a successful intrusion and initiation of responses to limit damage
  • Shared information across a community concerning threat level and actual attacks
  • Localisation of the threat with the opportunity to go on the offensive against the cyber-criminal!

The business outcome

DSOs with such an SIEM will be less vulnerable to denial of service attack or ransom, theft of corporate or customer information, theft of smart grid infrastructure, and may also enjoy lower corporate insurance premiums.

The social outcome

Consumers will be less vulnerable to disruption of supply and publication of personal information.

About NES and Grid Watch

Networked Energy Services (NES) provides Smart Metering and Smart Grid products and services including industry leading security solutions. NES Grid Watch provides additional defence in depth beyond the Smart Meter perimeter.

As Smart Grids evolve, they start to look more and more like distributed IT and telecommunications networks.
Gone are the days where the Electricity Meter was simply a device to communicate consumption to generate bills – the latest generation of the Smart Meters are mini-computers, with IO and peripherals allowing them to connect to home devices, and on-board compute resource allowing monitoring, automation, control and analytics.

And the communications infrastructure is getting smarter with the latest generation of data concentrators providing very capable ruggedized compute platforms far into the field, with the ability to automate local energy brokering services.

This means that, suddenly, the functions and capabilities of the “nodes” in the Smart Grid are no longer static and defined by physical build. They are defined by configuration of software and firmware. There is a massive opportunity to innovate and create a Smart Grid; enabled by this flexibility, the function and performance of smart meters can be monitored and controlled remotely, and new services and capabilities introduced without needing to visit the customer. This is essential if the changes in the way we generate and use energy are to be enhanced by the Smart Grid.

This modernization brings its own challenges as well. As the equipment in the field becomes more sophisticated, how will monitoring, management and securing of these assets need to change?

The question is partially answered already – just look at the telecoms industry. 30 years ago, there was a phone, a copper cable connected to an exchange and some switching equipment, much of which was physical – you needed ear protectors to visit a telecoms exchange in the 1970s.

And then transformation! The switch becomes a DSL Access Module, the cable is often now coax or fibre, or sometimes replaced by radio, and the phone is replaced by a DSL Modem, and suddenly, the laptop, smart-phone and smart-home become the end-point that the consumer interacts with.

Utilities and the Smart Grid are perhaps 10 years into this same type of transformation, and so the industry should be asking…..

How did the telecommunications industry respond to this massive change?

The answer is that they implemented sophisticated, highly integrated network monitoring and management systems; addressing fault/performance management, inventory configuration management, service activation and engineering. Integration is facilitated through alignment to an overarching telecoms process model called eTOM, developed by the TMF, the Telecommunications Management Forum, and the associated information model (SID) and application framework (TAM). This means that the IT teams building these complex systems have a common language, and vendors can align their solutions to allow interoperability.

This was great for the new generation of equipment (no longer requiring headphones to visit), but then, just like with the Smart Grid, software started to dominate. At that point, the ITIL (Information Technology Infrastructure Library) family of processes, became essential. These apply problem and issue management, release management, configuration management, security and SLA management processes, which are essential in maintaining an IT network where software and IT platforms work together. (Does this sound like the Smart Grid that we are starting to see emerge?)

The TMF, recognising this transition, moved to embrace ITIL collaboratively, resulting in a set of standards which provide a framework for managing, monitoring and securing a sophisticated distributed, technological national resource – the telecommunications network.

The final transition was towards customer experience management; utilising the compute resource in the handset to monitor and control the quality of experience of the consumer. Now, management of telecommunications networks focuses on social impact, revenue impact and public image as much as technology.

So, what does this mean for Smart Grid? Well, instead of re-inventing the wheel, why not look at what the telecoms industry has achieved over the last 30 years, as they went through the same type of technological and social transformation that the energy industry is going through, only now?

It all starts with the intelligent devices in the field, just like in telecoms 30 years ago – select the Smart Grid solution providers that give you visibility of the infrastructure, the consumer’s service, the ability to control the service and the flexibility to adapt through software and firmware configuration. Focus on the parts of the infrastructure where visibility is hardest to achieve, such as the low-voltage grid, because, these are the areas where change is coming fastest, and will require agility to respond through remotely configurable devices.

NES supplies the most sophisticated and secure Smart Grid solutions available today, and its solutions form the foundation for any energy provider seeking to follow the path set by the telecommunications industry, as they transition from being a technology focused enterprise to a business driven by social impact, sustainability, security and customer experience.

Cybersecurity efforts have, by and large, neglected the newly built “smart” infrastructures in power grids. Emil Gurevitch, Security Engineer and Hacker, explains why they will be targeted, and what utilities should do to plan for the inevitable cyberattacks.

Smart grids will reduce emissions and create a wealth of savings for utilities, but the fast-paced adoption of new technology comes at the cost of increased risk of cyberattack.

Industrial control systems have been subject to such attacks, and significant effort has been put into securing them as a result. However, new, emerging technologies, such as smart meter infrastructures, have yet to be battle-tested, and utilities should expect them to inevitably have weaknesses.

Despite this, they are installed into the grid in an effort to keep companies competitive in the race to the smart grid, prioritizing increased operational efficiency and new business opportunities over potential bad actors. 

You may think that comparing smart meters to, say, the SCADA for substation control, is a bit of a stretch. And, to some extent, you would be right. However, if you take an adversarial look at it, you will probably find, that they pose a much greater risk than expected.

Emil Gurevitch,

Security Architect and Hacker

For example, utilities use smart meters to remotely switch power off, they use smart meter data in mission-critical processes that go well beyond billing, and they make significant investments to upgrade the physical grid infrastructure with communications networks that bind it all together. Utilities expect these newly built computerized infrastructures to gain new capabilities over time via remote software updates, thus increasing the return of investment. From an attacker’s perspective, we are looking at a system that we can misuse to switch power off, a system we can manipulate to disrupt or derail a utility’s mission-critical processes, and a centrally managed system of millions of connected devices that we can take control of and reprogram.

In the EU, Member States are required to implement smart metering. The latest report from the Joint Research Centre says that Member States have committed to rolling out close to 200 million smart meters for electricity by 2020. 

Efforts to secure these new technologies have largely focused on trying to prevent attacks from being successful. This is of course important, but new stories of cyber attacks hit the headlines almost every day, and it should be abundantly clear by now that not every attack can be blocked — utilities must therefore invest in early detection and incident response, especially for their newer technologies that may not be procured, developed, or operated with a bad actor in mind.

Making detection and response a core part your grid is crucial to protecting yourself and your consumers, and are cornerstones of creating a truly smart grid and city. 

So, how can we ensure detection and response is effective?

A starting block is to work through a series of cyberattack scenarios and assess how your technology and processes hold up. Simulating them in practice and training for them can be a cost-effective way to find areas of improvement.

Cyberattack scenarios

Here are three example scenarios that utilities should consider, and ask themselves “how do we detect this early?” and “how do we recover?”. 
They are described from the perspective of the attackers and are intentionally focused around the often-neglected smart meter system.
Keep in mind that these attack scenarios are likely to happen in parallel during a real cyberattack. For example, in the 2015 cyberattack on a power grid in Ukraine, attackers took control of substation control systems and switched off power, they bricked grid devices by sending malicious firmware updates, turned off backup power supplies, erased files on servers and workstations, and even flooded a call-center in an attempt to prevent people from learning about the incident. These individual attacks were centrally coordinated, and some of them were probably launched in parallel. This is how real cyberattacks work.

Hacker Scenario #1: Power Outages. We work for a nation state and our mission is to inflict power outages. We hack our way into the utility’s centralized smart meter control center, wait until the low-voltage grid is under high load, and then we start sending out disconnect commands to all the smart meters in the field. In the middle of the attack, we find that the utility has built-in limits on the number of disconnect commands you can launch from the central system within a given time period, but we find a way around it — like we always do — and remotely change the power thresholds on the meters instead, thus causing the meter to hit the limits immediately and disconnect.

It should be noted that, at the time of writing, there are no known successful cyberattacks misusing the smart meter system to switch power off in the grid. 

However, like the flow of electricity, attackers follow the path of least resistance. They will go through the smart meter system to achieve their mission if that is easier than to breach the SCADA for substation control.

Hacker Scenario #2: Manipulating Business Processes. This time, our mission is to manipulate a series of processes that base their decisions on the information received from the smart meters in the field — such as signal and power quality levels used for fault detection and load balancing.  We hack our way into a couple of carefully chosen, Internet-connected control nodes managing around 2,000 smart meters in total. We then start making slight but controlled changes in the information reported back to the utility, and ultimately achieve our mission.

Of course, smart meters are often not just used for billing consumers for the electricity they use. Smart meters are increasingly being used as grid sensors, monitoring the conditions of the edges of the grid. This is an extremely insightful data point from a Smart Grid perspective. By manipulating this data, attackers can directly change the view of a grid to their advantage.

Hacker Scenario #3: Stealing and Selling. We work for a criminal organization. The mission is to steal utility assets and sell them back to the utility (similar to a ransomware model). We are looking to cash out as much as possible, and as quickly as possible. So we go after what a utility relies on the most to operate: data and grid infrastructure. We outsource the development of new malware targeting smart meters, launch it, and take control of thousands of smart meters. Then we change their security keys, pushing the utility out of their own infrastructure. We also rent a classic ransomware service and launch a campaign against the utility’s central system, stealing large amounts of data. We then demand a ransom in return for the access to the hijacked smart meters in the field, as well as the data we stole. We then wait for the payout in ’Monero’ to come in.

Although ransomware campaigns are common, there are no known successful attempts at pushing a utility out of their own smart meters with ransomware. However, it is important to at least acknowledge that all of these new power grid infrastructures are essentially large, distributed networks of computers that can be hijacked for financial gains. 

The need for early detection and response planning

So, how would your utility hold up in these scenarios? In an environment with increasingly resourceful attackers and an increased attack surface, do utilities have the right technology and tools to detect intrusions early?

Attacks can be significantly hampered by early detection and pre-planned disaster response playbooks. However, as of right now, solutions aren’t being applied quickly enough to newer grid technologies.

It’s like having smoke alarms in your house — you want to be able to prevent a big fire from happening by knowing there’s smoke. Utilities need to begin installing their cyber security smart metering ‘smoke’ detectors.

Of course, a Smart Energy Grid is an integral part of a Smart City. The social and sustainability benefits of the Smart City are dependent on reliable and secure supply of energy, leveraging the changing role of distributed generation and maximising distribution efficiency. This is clearly understood by the energy industry and directs the quality and “intelligence” of Smart Grid solutions in these environments.  
Here is a whitepaper that will help you determine what type of Smart Grid is needed for a Smart City.

The linkage with the iTunes App Store may be a little harder to conceptualise, but that is exactly what Tauron, a leading DSO in Poland, has explained in a recent case study describing their deployment of a Smart Grid for their Smart City Wroclaw initiative. You can read the English version of this case study here, and the original in Polish here.

Tauron is referring to how their deployment of more than 360K meters allows the introduction of new meter vendors and services into their Smart Grid solution seamlessly; reliably working together and integrating with their back-end systems.

When you log into the iTunes App Store and download a new application, you just expect it to all work together. But, what does this mean? The application must function, yes. But, you expect the application to fit into the same security framework, co-exist with other applications sharing the same computing resource, offer the same user experience, interweave with other applications running on the same device and administrated through the same operational processes.

So, how does that translate into the Smart Grid in Tauron’s Smart City Wroclaw initiative?

Tauron has deployed an OSGP (Open Smart Grid Protocol) based solution which offers an unprecedented level of interoperability. OSGP certified meters do not just communicate over the same protocol. They communicate into the same head-end, they have the same operational controls and capabilities, they can be managed from the same operational screens and they apply the same stringent security capabilities. That is something which cannot be said for all AMI standards.

Tauron mentioned Mitsubishi Electric in their most recent case study, but other OSGP partners, including Apator and Networked Energy Services (NES), a leading supplier of highly sophisticated smart meters, have also provided OSGP certified meters for this Tauron project. You can find more information on the technology that brought this project to life here

So, let’s go back to Tauron’s endorsed linkage to the App Store:

  • Security – All OSGP devices implement industry leading security layers. An important aspect of this is that security across OSGP devices is always-on and fully enabled. There are no “chinks in the armour” for the OSGP devices. Regardless of which vendor provides the smart meters, security is uniform, fully enabled and stringent throughout the deployment.
  • Co-existence – All OSGP devices share the same underlying infrastructure resources and are designed to do so collaboratively. This covers the connection from the meter to the concentrator, the functions of the concentrator, the communications back to the HES, and its IT compute resource. None of the OSGP devices will “hog” resources and lead to performance issues elsewhere within the solution.
  • User experience – It is this conformity of performance which underpins the utility’s user experience. SLAs for all OSGP meters are monitored and managed centrally, and any remedial actions to improve SLAs in any black-spots are also standard and aligned to the OSGP characteristics rather than a specific meter vendor. By maintaining strong communications, the meters are able to share valuable information to the DSO including energy supply quality and energy flows from distributed generation.
  • Interweaving with other applications – OSGP meters offer the means to control consumer devices, interact with the Smart Home, and interact with other smart but non-communicating meters. Any OSGP meter, equipped for such local connectivity, is supported through the same operations and control framework, and follows open standards to connect with the consumer equipment.
  • Operational processes – Multi-vendor meter solutions often fragment at the operations layer. Alignment to a common protocol may not necessarily mean consolidation of operations to a single set of processes and a single set of operational screens. However, OSGP certified meters are managed through a single operational application, which provides fault, performance, accounting, configuration, remote device and security management.

So, when Tauron relates Smart Grid, Smart City and the App Store, they are illustrating how their vision for Smart Grid in the Smart City promotes a level of openness, expandability and flexibility should be achievable using leading Smart Grid protocols. The reality is not all standards guarantee this outcome. Tauron has demonstrated how this is a real and practical outcome, in its Smart City Wroclaw initiative, through the OSGP standard.

Original article in Polish retreived from 

Tauron has built an AMI smart metering system in the capital of Lower Silesia, in which OSGP-based (Open Smart Grid Protocol) meters from three manufacturers are being used, maintaining the highest standards of PLC communication security. The group emphasizes that this is the first such solution in Europe.
Initially, the company installed about 368 thousand meters in the area of the city of Wrocław as part of the AMIPlus Smart City Wrocław project. The installed devices are supplied by two different manufacturers. The smart meters are fully interoperable, which means that they interact and communicate with each other in the power grid.
“Interoperability is a unique feature of the system because it allows devices from different manufacturers to operate in the network and communicate with each other. This is a rare feature, but a very desirable one, as it increases the competitiveness of tender procedures. It also ensures greater investment in security since we are not reliant on only one equipment supplier,” says Mariusz Jurczyk, director of intelligent metering at Tauron Dystrybucja Pomiary.
This year, the company decided to install meters from a third manufacturer Mitsubishi Electric, which debuts on the domestic and European market. It is a three-phase meter, compliant with the OSGP standard   and associated PLC technology. Previously, the meter was tested for interoperability and compliance with the AMI specification. The specific procedure of verifying the meter for compliance with the OSGP standard is similar to the world of smartphones and platforms on which phones work.
“Our solution is more like the iOS platform and the rules prevailing in Apple’s App Store. To meet the standard, one has to undergo demanding testing procedures, and the same goes for all participating suppliers. As a result, we receive a meter that is compatible with the system and can be immediately included in operations, while maintaining high safety standards,” explains Mariusz Jurczyk.
Now, AMI meters from the new manufacturer   are installed in the Tauron Distribution network, mainly for newly connected customers. Wrocław is a city that is dynamically developing and expanding. It is also one of the most active investment regions in the country for multi-family housing. This causes continuous demand for AMI meters, mainly in the three-phase system.
Last year, Tauron Dystrybucja was the first energy company in Poland to release a new functionality that allows remote activation of the wireless communication interface in an intelligent electricity meter. As a result, Tauron's customers are the first to observe the energy consumption of individual devices in homes or offices in real time. This is possible thanks to a new service called HAN Tauron AMIPlus.
Since 2015, within the Wrocław region, Tauron Dystrybucja has been implementing the AMIplus Smart City Wrocław project related to the installation of smart metering. AMIplus is a system that allows automatic processing, transmission and management of measurement data. It enables two-way communication between electricity meters and the Distribution System Operator, while giving the customer access to current information on electricity consumption. Communication is done via the OSGP - based PLC technology.

Networked Energy Services (NES) and eSmart Systems have written a joint white paper about making the smart grid intelligent. This blog article is an extract - read the full white paper here

Timely actionable insight is the key to making the correct business and operational decisions. Over the last few decades, significant investment has been made in the monitoring and management of the medium- and high- voltage grids.

The latest generation of smart meters provides new levels of visibility of power and voltage quality at the substation transformer and the consumer. Some smart grid solutions even provide visibility of the low-voltage grid topology and connectivity, and can create measurements from within the low-voltage grid.

With the availability of information from the low-voltage grid, software solutions that process and analyse this information can make a positive contribution by providing timely actionable insight. This insight can be used to improve operational processes and can also have a positive impact on the quality of service that the end consumer receives.

In the following, we will explore how the latest smart metering solutions can be combined with new analytics tools to improve power reliability, by looking at three key scenarios:

  • Improving Power Quality
  • Assessing Impacts of Power Quality Problems
  • Restoring Service

Improwing power quality 
Improving power quality is the fundamental step to take. This involves gathering as much information as possible about the current and historical performance of the low-voltage grid, from the substation to the consumer, and exposing this into analytics tools to help highlight the indicators of network quality problems.

The sensor network exposes a wide range of voltage and power quality parameters, at the substation and consumer premise, but also at points deep in the low-voltage grid. This information can be used to identify capacity problems and non-optimal configurations in the low-voltage grid, which can, through analytics, be used to trigger proactive maintenance activities as well as respond to more immediate problems which are directly affecting consumers, such as voltage and power quality degradations.

Modern smart meters provide high resolution data about e.g. consumption. By using advanced analytics on consumption patterns it is possible to:

  • Group customers that have obvious similarities in consumption
  • Identify new types of consumption, such as EVs in a certain area or even identify those consumers who have just bought an EV
  • Identify new types of generation in an area, like those consumers who have highly effective solar panels.

This is information that affects the power distribution, so it is important to get an overview of this and it also helps in marketing use to make sure you increase the possibility for up-sales.

Assessing impacts 
With problems in the low-voltage grid identified, it then becomes important to identify the scope of the impacts. Through closer integration of the sensor network and the analytics framework, it becomes possible to assess impacts in terms of both affected consumers, but also the business and social impact of the outages.

Not only is the topology of the low-voltage grid mapped out by the sensor network; the mapping between the topology and physical infrastructure, and topology and consumers can also be defined through integration with back-end systems.

These capabilities mean that both the possible root-cause and impact of fault can be assessed:

  • Root-cause. Indicators of poor voltage or power quality can be mapped on the topology to «triangulate» towards a probable root-cause, such as a physically damaged line serving a wider range of consumers. The DSO can then dispatch field-engineers or technicians with more certainty as to the location of the fault, which, in turn, reduces the time to restore and the field work costs
  • With the root-cause identified, the same approach of using topology can be applied to identify those consumers depending on supply over the faulty infrastructure, and so the DSO is able to start prioritising work based on consumer impact and track the end-customer’s experience with greater accuracy.

To improve the process of impact assessment and get faster resolutions it is important to have a wider perspective, a holistic view. DSOs need to utilize all data available to see as many correlations as possible.

Restoring service 
With the root-cause and the consumer impact identified, it now becomes possible to stream-line how problems are resolved through:

Improved information: More of the right information, and more up-to-date information can be shared with the teams responsible for restoring the service. This can include information about the fault and information about possible recovery actions, such as identifying available capacity for re-routes.

Improved priority setting: Whilst prioritizing based on the number of impacted consumers is a positive first step, the ideal should be to prioritize based on commercial, business and social impacts. This requires close integration, through analytics, of a wide range of information sets which have not historically been part of the service restoration process.
The information generated from the sensor network provides a rich source of alarm/event and historical performance information, which can be used by the analytics framework to define actions, embedded into the field-engineer’s pack and accessed on-line by the engineer from the field if required.

With the amounts of data now available, we believe the ones who win are the ones that can utilize this data, do the right analysis and take the right actions.

The future for DSOs 
The combination of a sensor network in the low-voltage grid, together with an analytics framework to draw insight from the information it exposes, provides a new and exciting set of possibilities for DSOs:

  • The first step is to enrich the information available from the low-voltage grid; not just the voltage measurements at the substation and consumer, but also a wider range of quality information, on each phase of supply, with more detail within the low-voltage grid, and with additional topology discovery
  • The second step is to provide this information into an analytics framework so that the large volumes of information can be processed to extract timely, actionable business and operational insight.

Such systems are available today, with Networked Energy Services Patagonia Energy Applications Platform and smart meters, along with the eSmart Systems analytics frameworks being excellent examples.