Of course, a Smart Energy Grid is an integral part of a Smart City. The social and sustainability benefits of the Smart City are dependent on reliable and secure supply of energy, leveraging the changing role of distributed generation and maximising distribution efficiency. This is clearly understood by the energy industry and directs the quality and “intelligence” of Smart Grid solutions in these environments.
Here is a whitepaper that will help you determine what type of Smart Grid is needed for a Smart City.
The linkage with the iTunes App Store may be a little harder to conceptualise, but that is exactly what Tauron, a leading DSO in Poland, has explained in a recent case study describing their deployment of a Smart Grid for their Smart City Wroclaw initiative. You can read the English version of this case study here, and the original in Polish here.
Tauron is referring to how their deployment of more than 360K meters allows the introduction of new meter vendors and services into their Smart Grid solution seamlessly; reliably working together and integrating with their back-end systems.
When you log into the iTunes App Store and download a new application, you just expect it to all work together. But, what does this mean? The application must function, yes. But, you expect the application to fit into the same security framework, co-exist with other applications sharing the same computing resource, offer the same user experience, interweave with other applications running on the same device and administrated through the same operational processes.
So, how does that translate into the Smart Grid in Tauron’s Smart City Wroclaw initiative?
Tauron has deployed an OSGP (Open Smart Grid Protocol) based solution which offers an unprecedented level of interoperability. OSGP certified meters do not just communicate over the same protocol. They communicate into the same head-end, they have the same operational controls and capabilities, they can be managed from the same operational screens and they apply the same stringent security capabilities. That is something which cannot be said for all AMI standards.
Tauron mentioned Mitsubishi Electric in their most recent case study, but other OSGP partners, including Apator and Networked Energy Services (NES), a leading supplier of highly sophisticated smart meters, have also provided OSGP certified meters for this Tauron project. You can find more information on the technology that brought this project to life here.
So, let’s go back to Tauron’s endorsed linkage to the App Store:
- Security – All OSGP devices implement industry leading security layers. An important aspect of this is that security across OSGP devices is always-on and fully enabled. There are no “chinks in the armour” for the OSGP devices. Regardless of which vendor provides the smart meters, security is uniform, fully enabled and stringent throughout the deployment.
- Co-existence – All OSGP devices share the same underlying infrastructure resources and are designed to do so collaboratively. This covers the connection from the meter to the concentrator, the functions of the concentrator, the communications back to the HES, and its IT compute resource. None of the OSGP devices will “hog” resources and lead to performance issues elsewhere within the solution.
- User experience – It is this conformity of performance which underpins the utility’s user experience. SLAs for all OSGP meters are monitored and managed centrally, and any remedial actions to improve SLAs in any black-spots are also standard and aligned to the OSGP characteristics rather than a specific meter vendor. By maintaining strong communications, the meters are able to share valuable information to the DSO including energy supply quality and energy flows from distributed generation.
- Interweaving with other applications – OSGP meters offer the means to control consumer devices, interact with the Smart Home, and interact with other smart but non-communicating meters. Any OSGP meter, equipped for such local connectivity, is supported through the same operations and control framework, and follows open standards to connect with the consumer equipment.
- Operational processes – Multi-vendor meter solutions often fragment at the operations layer. Alignment to a common protocol may not necessarily mean consolidation of operations to a single set of processes and a single set of operational screens. However, OSGP certified meters are managed through a single operational application, which provides fault, performance, accounting, configuration, remote device and security management.
So, when Tauron relates Smart Grid, Smart City and the App Store, they are illustrating how their vision for Smart Grid in the Smart City promotes a level of openness, expandability and flexibility should be achievable using leading Smart Grid protocols. The reality is not all standards guarantee this outcome. Tauron has demonstrated how this is a real and practical outcome, in its Smart City Wroclaw initiative, through the OSGP standard.
Original article in Polish retreived from Cire.pl: http://bit.ly/2Dbzn8c
Tauron has built an AMI smart metering system in the capital of Lower Silesia, in which OSGP-based (Open Smart Grid Protocol) meters from three manufacturers are being used, maintaining the highest standards of PLC communication security. The group emphasizes that this is the first such solution in Europe.
Initially, the company installed about 368 thousand meters in the area of the city of Wrocław as part of the AMIPlus Smart City Wrocław project. The installed devices are supplied by two different manufacturers. The smart meters are fully interoperable, which means that they interact and communicate with each other in the power grid.
“Interoperability is a unique feature of the system because it allows devices from different manufacturers to operate in the network and communicate with each other. This is a rare feature, but a very desirable one, as it increases the competitiveness of tender procedures. It also ensures greater investment in security since we are not reliant on only one equipment supplier,” says Mariusz Jurczyk, director of intelligent metering at Tauron Dystrybucja Pomiary.
This year, the company decided to install meters from a third manufacturer Mitsubishi Electric, which debuts on the domestic and European market. It is a three-phase meter, compliant with the OSGP standard and associated PLC technology. Previously, the meter was tested for interoperability and compliance with the AMI specification. The specific procedure of verifying the meter for compliance with the OSGP standard is similar to the world of smartphones and platforms on which phones work.
“Our solution is more like the iOS platform and the rules prevailing in Apple’s App Store. To meet the standard, one has to undergo demanding testing procedures, and the same goes for all participating suppliers. As a result, we receive a meter that is compatible with the system and can be immediately included in operations, while maintaining high safety standards,” explains Mariusz Jurczyk.
Now, AMI meters from the new manufacturer are installed in the Tauron Distribution network, mainly for newly connected customers. Wrocław is a city that is dynamically developing and expanding. It is also one of the most active investment regions in the country for multi-family housing. This causes continuous demand for AMI meters, mainly in the three-phase system.
Last year, Tauron Dystrybucja was the first energy company in Poland to release a new functionality that allows remote activation of the wireless communication interface in an intelligent electricity meter. As a result, Tauron's customers are the first to observe the energy consumption of individual devices in homes or offices in real time. This is possible thanks to a new service called HAN Tauron AMIPlus.
Since 2015, within the Wrocław region, Tauron Dystrybucja has been implementing the AMIplus Smart City Wrocław project related to the installation of smart metering. AMIplus is a system that allows automatic processing, transmission and management of measurement data. It enables two-way communication between electricity meters and the Distribution System Operator, while giving the customer access to current information on electricity consumption. Communication is done via the OSGP - based PLC technology.
Networked Energy Services (NES) and eSmart Systems have written a joint white paper about making the smart grid intelligent. This blog article is an extract - read the full white paper here.
Timely actionable insight is the key to making the correct business and operational decisions. Over the last few decades, significant investment has been made in the monitoring and management of the medium- and high- voltage grids.
The latest generation of smart meters provides new levels of visibility of power and voltage quality at the substation transformer and the consumer. Some smart grid solutions even provide visibility of the low-voltage grid topology and connectivity, and can create measurements from within the low-voltage grid.
With the availability of information from the low-voltage grid, software solutions that process and analyse this information can make a positive contribution by providing timely actionable insight. This insight can be used to improve operational processes and can also have a positive impact on the quality of service that the end consumer receives.
In the following, we will explore how the latest smart metering solutions can be combined with new analytics tools to improve power reliability, by looking at three key scenarios:
- Improving Power Quality
- Assessing Impacts of Power Quality Problems
- Restoring Service
Improwing power quality
Improving power quality is the fundamental step to take. This involves gathering as much information as possible about the current and historical performance of the low-voltage grid, from the substation to the consumer, and exposing this into analytics tools to help highlight the indicators of network quality problems.
The sensor network exposes a wide range of voltage and power quality parameters, at the substation and consumer premise, but also at points deep in the low-voltage grid. This information can be used to identify capacity problems and non-optimal configurations in the low-voltage grid, which can, through analytics, be used to trigger proactive maintenance activities as well as respond to more immediate problems which are directly affecting consumers, such as voltage and power quality degradations.
Modern smart meters provide high resolution data about e.g. consumption. By using advanced analytics on consumption patterns it is possible to:
- Group customers that have obvious similarities in consumption
- Identify new types of consumption, such as EVs in a certain area or even identify those consumers who have just bought an EV
- Identify new types of generation in an area, like those consumers who have highly effective solar panels.
This is information that affects the power distribution, so it is important to get an overview of this and it also helps in marketing use to make sure you increase the possibility for up-sales.
With problems in the low-voltage grid identified, it then becomes important to identify the scope of the impacts. Through closer integration of the sensor network and the analytics framework, it becomes possible to assess impacts in terms of both affected consumers, but also the business and social impact of the outages.
Not only is the topology of the low-voltage grid mapped out by the sensor network; the mapping between the topology and physical infrastructure, and topology and consumers can also be defined through integration with back-end systems.
These capabilities mean that both the possible root-cause and impact of fault can be assessed:
- Root-cause. Indicators of poor voltage or power quality can be mapped on the topology to «triangulate» towards a probable root-cause, such as a physically damaged line serving a wider range of consumers. The DSO can then dispatch field-engineers or technicians with more certainty as to the location of the fault, which, in turn, reduces the time to restore and the field work costs
- With the root-cause identified, the same approach of using topology can be applied to identify those consumers depending on supply over the faulty infrastructure, and so the DSO is able to start prioritising work based on consumer impact and track the end-customer’s experience with greater accuracy.
To improve the process of impact assessment and get faster resolutions it is important to have a wider perspective, a holistic view. DSOs need to utilize all data available to see as many correlations as possible.
With the root-cause and the consumer impact identified, it now becomes possible to stream-line how problems are resolved through:
Improved information: More of the right information, and more up-to-date information can be shared with the teams responsible for restoring the service. This can include information about the fault and information about possible recovery actions, such as identifying available capacity for re-routes.
Improved priority setting: Whilst prioritizing based on the number of impacted consumers is a positive first step, the ideal should be to prioritize based on commercial, business and social impacts. This requires close integration, through analytics, of a wide range of information sets which have not historically been part of the service restoration process.
The information generated from the sensor network provides a rich source of alarm/event and historical performance information, which can be used by the analytics framework to define actions, embedded into the field-engineer’s pack and accessed on-line by the engineer from the field if required.
With the amounts of data now available, we believe the ones who win are the ones that can utilize this data, do the right analysis and take the right actions.
The future for DSOs
The combination of a sensor network in the low-voltage grid, together with an analytics framework to draw insight from the information it exposes, provides a new and exciting set of possibilities for DSOs:
- The first step is to enrich the information available from the low-voltage grid; not just the voltage measurements at the substation and consumer, but also a wider range of quality information, on each phase of supply, with more detail within the low-voltage grid, and with additional topology discovery
- The second step is to provide this information into an analytics framework so that the large volumes of information can be processed to extract timely, actionable business and operational insight.
Such systems are available today, with Networked Energy Services Patagonia Energy Applications Platform and smart meters, along with the eSmart Systems analytics frameworks being excellent examples.
Thanks to new technologies on the grid, utilities have at their disposal an unprecedented level of data sources and visibility on the grid.
However, perhaps the most dynamic area, the low-voltage (LV) grid is often overlooked by distribution system operators (DSOs).
In an Engerati webinar, Lars Garpetun, R&D Programme Manager at Vattenfall, one of Europe's largest producers and retailers of electricity and heat, gave his perspective on why DSOs should pay more attention to the LV grid.
Due to the cost, he explains, the LV grid is not monitored by the SCADA system, making it a black hole for Vattenfall. To combat this, the utility established a LV monitoring system based on data from the smart metering system.
He says: “It’s been running for a few years and is very cost-effective. Today we can monitor power outage and power quality data based on events generated by the meters when an unacceptable level of quality occurs.”
DSOs in tomorrow’s smart grid
The issue at hand for Vattenfall, however, is that the solution is not ‘intelligent’, focusing on reactive actions as opposed to proactive.
Garpetun explains the issues facing DSOs moving forwards: “The solution we currently use just gives us meter events when power voltage is out of an acceptable range. In the future, it will not be acceptable, nor should it be acceptable, for customers to alert the DSOs of power outage or quality issues when the event occurs.”
As the grid becomes more complex, Garpetun explains that DSOs will need to develop their LV capabilities: “Customers’ consumption patterns are changing, and with increased distributed energy resources such as electric vehicles, there will be a drastic impact on voltage networks. Today, we have no way of handling these issues of the future. The goal for us is to lower operational expenditures and improve customer satisfaction with early identification of weakness in the grid.”
Networked Energy Services (NES) is a project partner with Vattenfall as it shifts to make its grid operations intelligent. Jon Wells, Director of product marketing at NES, says: “In the past, it’s only been commercially viable to utilize SCADA for high and medium-voltage grids, but now it’s the LV grid where all of the dynamic energy usage happens.”
To combat these issues, NES has developed a new interface which can provide more proactive insights to DSOs. Wells explains: “The solution puts on top of the LV grid, two key components - what we’re calling a sensor network and an analytics framework.”
With this framework, DSOs can build a more accurate and detailed model of LV grid topology, obtain more detailed and fine-grain voltage and power supply and quality information from the substation to the consumer, and draw timely actionable insight for operational and business decision making.
Use cases for smarter LV grids
In the webinar, the panel of project partners discussed the key use cases for the intelligent LV grid:
1) Improving power quality
One of the key use cases, according to Wells, is thanks to the LV grid topology visibility gained from the sensor network layer.
He explains that with the understanding gained of the grid topology between the transformer and consumer, DSOs can get greater insight into how best to manage power quality.
Wells explains how: “DSOs are no longer limited to just looking at monitoring points at the network edge - they’re able to understand what’s going on deeper inside. This allows them to identify longer term degradation and trends, so that they don’t need to wait for a failure.”
This combined with the analytics framework means DSOs can use that new information in an intelligent, proactive way.
Wells says: “We can find out what the indicators are for failures and use them to predict and avoid future failures, look at datasets that give information of demographics to gain more insight into the growth and demand in certain areas, and then be able to understand more about the dynamics of consumption, supply and distribution across the LV grid.”
2) Assessing impacts
A second key use case for a smarter LV grid is to identify the impact to consumers of an event in the LV grid. Wells says: “By knowing more about the topology of the LV grid, we’re given greater insight into who may be impacted, but also we can start looking at the patterns of outages and where perhaps there’s a root cause creating wider impacts.”
The analytics framework can then look at this data and add value to it based on other data sources in the business or public domain, looking into things such as the social impact of an outage, as well as the economic and business impacts.
From there, Wells explains, operational measures can be intelligently evaluated: “We can use analytics models that are able to calculate the revenue generation of that consumer. So this can help us decide the priority criteria for fixing problems based on the social, economic and business impacts as well as the traditional technical severity considerations.”
3) Restoring service
The key concerns for DSOs restoring service in the smart grid is making operators able to identify the root cause faster, spot available capacity for re-routing and enriching information passed over to field crews.
Wells explains: “The sensor networks role in this is to identify the root cause through reachability of network health points (points in the network which are historically highly reliable communicators) and the topology, and also identify where there’s capacity to switch energy distribution flows and where there’s been a reroute to accommodate for that problem. Then it can help drive semi and fully automatic load control.”
Following the information gained here, the analytics framework can improve the dispatch of tasks to field work.
Wells says: “We can make information provided with the field work tasks more accurate, provide more detailed and contextual information, and also are able to bring in information from wider datasets in order to be smarter about that priority setting.”
The future for DSOs and the smart grid
Next generation metering systems can give DSOs the opportunity to improve business processes by implementing comprehensive monitoring of the low voltage grid which enables them to take a more proactive approach to operations.
Garpetun sees this as a crucial way for DSOs to gain the most benefit from the future smart grid, saying: “An advanced metering system with the ability to continually measure current and voltage in combination with advanced analytical methods are the key components to provide customers and DSOs better service and lower costs.”
To find out more about the difficulties posing DSOs in the smart grid future, watch our webinar “Making the smart grid intelligent: Using apps for power reliability” on demand now.
• New Regulation
• Distributed Energy Resources
Grid reliability is crucially important to safeguarding utility revenue, customer service and asset lifespan. NES tells Engerati how new distributed intelligence applications could help.
The branding of ‘smart grids’ makes them sound just that - smart. In terms of capabilities and technology, however, the low-voltage (LV) grid lacks intelligence, says Lars Molske, Product Manager, Low Voltage Grid Analytics & Distribution Outcomes at Networked Energy Solutions (NES).
According to Molske, Europe’s LV grid is not performing as reliably as it could be.
The reason for this? Outdated technology and processes. “We’ve been using estimates from the last 25-30 years to manage the networks. Now we have new technologies, people becoming more energy aware and more efficiently managing their usage, so the average consumption per customer is getting lower,” he explains.
“In addition, things like solar, energy efficiency and electric vehicles are changing the grid, and unfortunately utilities have no visibility of the LV grid.”
In distribution networks, Molske considers the LV grid to be the weak link in a smart chain. The difficulty he identifies is that it will require a different approach.He says, “so far we’ve made the transmission systems smart, as well as the medium-voltage grid to some extent, but making the LV grid smart with traditional methods, such as using SCADA solutions, would be expensive and impractical.” Using technologies like deep learning, machine learning, and artificial intelligence as grid applications is the natural next step for the local, LV grid, he argues.
“Most of the smart grid is not really ‘smart’. It’s mainly switching loads, but that response technology is the only thing I see as really intelligent. Even then, that’s following some really basic principles: if-then-else.” Instead, Molske and NES suggest there can be better leveraging of smart meters that are already in the LV grid, thanks to Europe’s smart meter rollout efforts. Although it may require distribution system operators (DSOs) to better use advanced metering infrastructure (AMI) systems.
Better usage for AMI in LV grids
“What we’re looking at is using smart meter infrastructure to provide more information about the grid - to identify voltage quality, observe anomalies and patterns and others items,” Molske explains.
If utilities then put that information into a machine learning platform, they can identify the problems before they happen by recognising patterns. This can increase their awareness of what happens in the grid, but also turn that into predictive analytics, reducing operational expenditures for maintenance and outage hours.
According to Molske, there are three factors as to why this technology has yet to take on the utility industry as it has elsewhere. “The first reason is that it’s a very careful industry, responsible for a critical infrastructure around the world. They don’t just jump on any trend or bandwagon to the future, but tend to be conservative.”
“Then,” he continues, “there’s the issue with machine learning, where you can only learn but only when you’ve got the data, so it can take a couple of years to develop a truly smart grid.”
Finally, there are difficulties from a resourcing perspective - many utilities are still trying to roll out smart meters. Molske explains, “processing smart meters and implementing the structure has been known to take 15-20 years for some DSOs. NES had this idea years ago, and utilities knew even then that it was the future. The problem was that utilities didn’t have any the appropriate resources, time and money to implement it in a meaningful way.”
Now that AMI systems are more commonplace, utilities and DSOs can begin to make their smart grids truly intelligent. By building this from existing infrastructures, it takes away the necessity from the utility to roll out new technology, adding new applications to the grid where the only cost is software licensing and data integration.
De-centralising LV management
Although this new technology enables utilities to solve previous difficulties regarding LV grid reliability, new difficulties naturally arise, such as data volume management.
Molske says, “with the new volume of data, it’s not economical to mine it in a centralised hub. If you’re getting 10 times more data per metering point and have to overlay with that grid topology and analyse the data, companies won’t have the resources or staffing, and currently don’t have the technology either.”
NES is able to take that responsibility away from utilities, handling the data and establishing value before reporting back with valuable insights.
One solution enabling this intelligent technology is the distributed control node (DCN). It can build the topology of the grid without connecting to the head-end system and run localised algorithms. Using this computing resource and machine learning, the DCN has the ability to one day control the entire data analytic process itself.
Molske says, “these intelligent technologies are standard in the computer technology world. By providing the DSO with targeted information about what’s happening in the grid without all of the white noise of the regularities that are happening, it offers more actionable and relevant data.”
Ultimately, a truly intelligent smart grid provides opportunities to save utilities in operational expenditure, from data handling to outage prevention and management.
“Why should utilities spend huge amounts of capital to collect, analyse and store data only to later throw it away? If 100% of relevant information could be identified in the field in a localised way and get packaged to be sent upstream, it cuts out cost massively,” says Molske.
With the smart grid exposing more relevant information, business analytics tools are able to focus on the combination of the technical information with other sources of data – weather, demographics, social importance of consumer, VIP consumer, revenue for consumer or grouping of consumers.
DSOs will, in turn, be able to prioritise their operations and maintenance on a wider set of inputs, and not only focus on the technical nature of a problem, minimising the economic and social impacts of outages and degradations.
“By extending the rich data sets from in-house line-of-business systems with external sources like weather, market information, home automation, transformer sensors and more, DSOs are able to maximize the return of their existing data and get valuable actionable insight with the use of data analytics”, says Erik Åsberg, CTO, eSmart.
New-age analytics tools, such as those provided by eSmart, coupled with machine learning and AI, and the rich underlying information provided by sophisticated smart metering solutions, DSOs can move from being grid-aware to becoming business aware.
For more information on NES’ smart grid solutions in practice, tune in to our webinar, “Making the smart grid intelligent: Using apps for power reliability”.
This paper provides smart grid security perspectives from a security expert involved in both attacking and defending these types of systems in practice. It is formatted as an interview, with questions and answers. The topics include smart grid threats, defensive approaches, and security certification perspectives.
Security is getting a lot of attention in all sorts of industries. For utilities, what are the main types of threats they face related to smart meter systems (AMI), and the smart grid in general?
There are three sets of threats that need to be addressed. There is the set of "old school" threats of fraud, theft and safety, which have long been a top concern for utilities. There is a newer and growing set of regulatory threats around non-compliance, such as the General Data Protection Regulation in Europe. Finally, there are the threats associated with the adoption, use and increasing reliance on information technology, such as cyberattacks that can prevent a utility from delivering its services. Some of these threats are similar to those of a traditional IT infrastructure, but their priorities and threat model usually differ significantly. For example, utilities use AMIs and smart grids to store, distribute, and manage energy using information technology. Therefore, they share many of the same assets and corresponding threats as other entities relying on information technology systems. There are three main types of threats I spend a lot of time thinking about while working on providing a safe and resilient platform for smart grids.
- Threats that disrupt or prevent utilities from delivering energy. Most of us rely on the availability of electricity to power heating systems, hospitals, communication systems, transportation systems, etc. Outages can have severe and even fatal consequences for us and our businesses. There are many threats that can result in outages; from nation-sponsored cyberattacks to software malfunction, operational mistakes and natural disasters.
Fig. 1: Key considerations of a security system.
- Threats originating from criminal organisations that monetise from a utility’s lack of security. Over the past years, we have seen a rapid increase in malware samples and attacks specifically targeting utilities managing AMIs and smart grids. “Smart” almost always means “vulnerable” which in turn means opportunity for cybercriminals. A common, and unfortunately effective, tactic is to demand a ransom in exchange for not damaging a utility's infiltrated systems and/or reputation.
- Threats that may compromise our privacy as utility customers. Utilities are responsible for handling and storing private information. This makes data leaks and unauthorised accesses to this data two of the main threats to privacy.
Of course, these are only part of the threat landscape that needs to be specifically mapped out by experts when conducting risk assessments for the specific grid at hand.
AMI and the smart grid is an evolution that continues to change within the industry, how has security and protection evolved over time, and what are the expected changes that we will see in the future?
Before AMIs and smart girds, the industry relied on physical security measures and obscurity to protect the power grid. Fences, door locks, guards, video surveillance, and the obscurity of physically-isolated proprietary control systems were often enough to manage the threats utilities were facing. In addition, incident response procedures were often wellestablished and fairly comprehensive.
The introduction of AMIs and smart grids, and thus information technology, changed everything and necessitated a new industry expertise: information security. However, although industry embraced the many operational and financial promises of AMIs and smart grids, information security expertise was severely lacking and properly securing these new and advanced systems became an afterthought at best. This resulted in fragile and insecure smart grid deployments developed from non-existent or misguided security recommendations.
We are only now seeing industry and nationleaders waking up to the “cyber” reality as devastating cyberattacks on utilities are publicly being disclosed. As a result, initiatives to establish nation-wide baseline security requirements and security certifications are in progress. Unfortunately, these initiatives may be too late in some cases and may even foster a compliancy-defined approach to security. We have learned from other industries that this is a harmful approach; an expert-driven risk-based approach to safe and resilient smart grids is the way forward.
Smart grids will continue to increase in complexity, and attacks will continue to increase in both sophistication and frequency. An adaptive and comprehensive approach to security is needed to keep up with this advancement and it starts with expertise, politics, and financial incentives.
How should a utility approach ensure security of its systems?
Utilities need to go beyond compliance, make information security an integral part of their core business and invest in it accordingly, focus not only on protective measures but in detection and incident response as well, conduct independent risk assessments on a regular basis with their technology vendors, and most importantly, obtain as much expert knowledge as possible in order to determine exactly how and precisely where to invest in security.
A misconception that I often hear is the assumption that the internet and the smart grid share identical system characteristics. In reality, smart grids differ greatly from the internet in terms of communication technologies, network reliability, smart meter/ server resources, and threat model.
A consequence of applying an internet-biased security mindset to the smart grid can result in degradation of performance forcing utilities to compromise on security in order to meet service-level agreements (SLAs). You must understand the technical differences in order to apply the appropriate security measures. There is no one-size-fits-all when it comes to securing these complex systems.
There are various certifications used by utilities to ensure compliance to various standards and processes. How does certification factor into security solutions and implementations?
One on side, certification provides a minimum baseline of practice and raises the bar for all. Certifications also provide transparency and accountability for security and compliance,and helps utilities demonstrate to regulators and legislators that they are doing their job. If security certification becomes part of regulation, then it also forces utilities to spend money on security. These are all positive and important factors of certification.
On the other side, however, security certifications can discourage utilities to go beyond compliance as there is little financial incentive to do so. Certification processes also have a long-standing reputation for being disruptive, cost ineffective, and providing superficial security assurances. Certification can also discourage new practices and technology adoption because of the need for re-certification. Finally, certifications are slow-moving which is in direct contrast to the fast-changing threat landscape that they hopelessly try to keep up with. That being said, I do believe a regulated security program can be beneficial to the industry if it is able to resolve the issues mentioned before, help hold utilities financially liable for securing the power grids that we all rely on, and to use it as a tool to foster a risk-based and comprehensive approach to security.
What are the key areas needed to ensure a secure system?
Utilities should continuously strive to maintain a safe and resilient system. To do so, three key areas need to be covered: protection, detection, and incident response.
Protection is about trying to prevent security breaches from happening in the first place. Encryption and authentication are two examples of preventative security measures designed to protect the confidentiality and integrity of information, respectively. There is one thing we have learned in the security industry – the highly skilled and focused attackers will always find a way to either break through or entirely circumvent the protective measures. This brings us to detection and incident response.
Detection is about detecting security breaches before, after, or as they are happening. It is important to have measures in place for monitoring both incoming and outgoing events. There are many attacks that go undetected once they have infiltrated the system.
Incident response is about being able to handle breaches of security in a timely and efficient manner. It relies on people, processes, and technology. During a crisis, it is essential to have an action plan in place to regain control of the situation as fast as possible.
You mentioned that "comprehensive security" is the essential approach for utilities. What does this mean to you?
“Comprehensive security” is a loaded term. It means different things to different people. For me, basically, it means that your security goes through a continuous cycle of three stages:
- Identify: Pinpointing areas of concern and prioritising them based on risk. This is also known as risk assessment. For a risk assessment to be considered comprehensive, keeping up to date with current threats is crucial.
- Improve: Design and implementation of the security measures used to address the identified areas of concern.
- Evaluate: Evaluating all of the security measures in practice. This needs to be done internally as well as by an expert third-party ensuring a fresh perspective. In relation to the previous question, it is worth noting that comprehensive security leads to compliancy.
Some industry experts state that utilities should conduct risk assessments to identify the areas of concern, what is involved in a risk assessment?
The ultimate goal of a risk assessment is to answer the following question: where should we invest in security? To answers this question, utilities must first identify and prioritise their assets. Next, they need to enumerate all threats to the assets. Finally, they must assess and rank each threat according to the impact and likelihood of the threat. Based on the rankings, a decision can be made as to which risks need to be addressed. This is the classic approach. The hard part, as always, is hidden in the details.
A version of this paper was published in Smart Grids Polska, issue 16. Contact Emil Gurevitch, Networked Energy Services, firstname.lastname@example.org
Tauron Distribution is at the final stage of the AMIplus Smart City Wrocław project. Over 350,000 AMI smart meters were installed between 2014-2017. The present work concentrates on optimizing the meter reading system solution and completing the installation of meters in the southern part of the city.
AMIplus is a smart metering system that enables automatic processing, transmission and management of measurement data. It enables bi-directional communication between the electricity meters and the distribution company while providing the customer with up-to-date information on their electricity consumption.
Tauron Distribution installed AMI smart meters from two manufacturers, NES and Apator, in its distribution network. The meters use power line communications and are compliant with OSGP (Open Smart Grid Protocol).
Measurement data from the AMI meters is available for Tauron Distribution customers on the dedicated Tauron eLicznik platform. The platform is available through Tauron’s website, as well as from mobile devices based on the most popular platforms including iOS, Android, and Windows Mobile.
Tauron Distribution has provided HAN service to Tauron AMIplus customers in the AMIplus Smart City Wrocław project. This enables customers to access measurement data directly from their energy meter in real time. Activation of the service is carried out through the Tauron eLicznik portal.
The solution implemented in Wrocław has made it possible to improve the method of obtaining readings from electricity meters. The readings are obtained as a remote reading, without the need for a field technician. The method of operating the measuring system has also changed. At present, the vast majority of the maintenance work for the measuring system is performed remotely, without the involvement of assembly services.
Additional Project Information
In addition to the 350,000 smart meters, Tauron’s AMIplus Smart City Wroclaw project includes more than 2,400 NES data concentrators along with head-end system software from NES. All transmitted data is encrypted using the AES128 bit standard. The smart meters provide greater than 99.5% daily availability of 15 minute energy profiles for 4 values (active power import/export and reactive power import/export) along with energy billing data and events.