Securing the largest IoT deployments in the world, the smart electric grid

Once you remove the hype surrounding the ‘Internet of Things’, you seldom find large, real-world deployments of ‘Smart, connected things’ that forms it. You also don’t co-relate the words IoT and Electric Grid. However, the Smart Electric Grid is actually one of the largest IoT deployments, with an estimated 500 million meters installed to date. This is expected to grow to 1 billion by 2020.

The smart grid infrastructure

A Smart Grid is nothing but a network of electrical suppliers, which is managed by a system of digitally controlled interfaces that can dynamically alter the flow and supply of electricity in response to micro and macro changes in demand. One way to think about this complex web of systems is in layers:

• A physical layer consists of power generators, transmitters, substations, distribution units, and energy consumers.
• The network layer sits on top of the physical layer and consists of communication and networking platform along with network gateway, head-units and smart meters.
• An application layer is built on top of the network layer and automates core functions such as transmission, distribution and grid resiliency through various energy management systems.
• An analytics layer generates value based on data generated from the application layer.

With the rise in grid-tied residential solar panel installations, the complexities in grid management have increased. Now, there are actual power generators at the end of the line.

Traditionally, proprietary and vertically specific software by domain specialist vendors were used for this purpose. In the future, it is feasible to expect that general-purpose software will be used for MDM and analysis, along with the use of some newer techniques like machine learning. Indeed, utilities may utilize an energy specific version of IBM’s Watson IoT or SAP’s Hana IoT to collate data from multiple sites and that public cloud platforms like AWS IoT and Microsoft Azure would be used for Asset Lifecycle.

Threat of cyberattacks

As with anything else, the implementation of connected ‘software’ solutions within OT leads to a sharp rise in the attack surface and threat vectors against AMI. Power is an essential commodity, and the non-availability of it can lead to catastrophic situations. A computer virus or worm can make its way from these systems and target smart meters, permanently disabling them. Or hackers can hack into a utility control system to turn off power to large sections of a city. This was seen very recently when the Russian hacker group Sandworm attacked a Ukrainian power grid, causing 220,000 people to lose power.

Secure meter communications over Wi-SUN

While a comprehensive analysis of AMI and Smart Meters is beyond the scope of this article, we can talk about one of the ways in which Smart Meter communications may be secured. Wireless Smart Ubiquitous Networks (Wi-SUN) is an IEEE 802.15.4g open-standards based technology, whose Field Area Network (FAN) specification was developed to address the need of low-power, long-range, peer-to-peer connectivity according to Gartner’s 2017 Hype Cycle for IoT Standards and Protocols report. Even more interesting, is that beyond the IEEE and IETF, Wi-SUN has come together to form the Wi-SUN Alliance (200+ members and counting) which also has a certification program where vendors are required to go through a testing process by independent testing labs to ensure compliance with Wi-SUN standards and specifications. (Disclaimer: GlobalSign is a member of the Wi-SUN Alliance).

Unlike competing standards (SigFox, LoRaWAN) Wi-SUN is a mesh network, and thus allows meter-to-meter communication. This reduces black spots compared to star networks, can better respond to outages by having multiple communication paths, and is cheaper to implement since you need fewer towers. Of course, because it is an open-standard there can be no proprietary vendor lock-in.

More importantly, Wi-SUN has several security features that set it apart from the competition. Some of these are:

• Following the IEEE 802.1AR spec for Device Identity.
• Certificate based authentication, including secure long-lived IDevID (birth certificates) as well as shorter-lived LDevID (operational certificates)
• Device hardening, non-exportable keys using security chip or PUF (Physically Unclonable Functions)
• Role-based Access Control
• Group-based key generation and management
• Network-layer encryption for WAN using IPSec (Internet Protocol security)
• Over-the-air upgrades for devices

As we can see, there have been various advancements within the electric grid infrastructure over the past several decades, and we’ve reached an exciting time where IoT is disrupting yet another industrial segment. While this raises several cybersecurity concerns, it is heartening to know that industry experts are actively working to adopt stringent security measures to ensure the safety of the smart grid. As smart meters become more ubiquitous, and get installed in millions of homes, we can rest assured that they will soon carry the best-in-class security technologies and tools available.