Projects - User contributions [en]

Projects:2017s1-167c Smart Grid Security

2017-10-28T13:24:15Z

A1660770:

== Project Team ==
Juin Hao Yau

== Supervisor ==
Dr Matthew Sorell

== Introduction ==
As our technology advances forward at a rapid rate, the current power grid use today has
not been significantly modified or improved. The current power grid is not reliable and has
been causing blackouts, voltage sags and other numerous problems over the years. A similar
but better electric grid called smart grids are replacing the standard electric infrastructure
but at a very slow pace. What differs from a smart grid and the standard electric grid
is that a smart grid is more reliable, manageable, scalable, cost efficient and has two-way
communication between the utility operator and the consumer.

A smart grid consists of different entities connected by multiple systems. Advanced metering
infrastructure (AMI) is a system component within the smart grid which connects
smart meters from the consumers to the operators and vice versa. However, smart grids are
vulnerable to cyber security attacks because of its large use of communication technology.
This cyber security issues are also present in the AMI. If the cyber security issues are not
addressed well, it could cause the AMI to be vulnerable to cyber threats and have serious
consequences.
AMI system plays an important role in the smart grid and with its weak cyber security protocols,
it naturally becomes attackers first target. This research will cover the issues of cyber
security in AMI, determine the requirements to mitigate the issues, discuss about the cyber
threats resulting from the issues and to finally draw a conclusion by giving recommendations.

== Motivation ==
South Australia has been recently facing with energy crisis. Approximately 50% of South
Australias energy comes from gas, 45% from wind energy and the remaining from solar, diesel
and brown coal from Victoria. Wind energy has been proved to be not very reliable during
the blackout on September 2016 and due to the closure of a few coal plants in Victoria, the
demand for gas energy increases. One solution proposed was to use battery storage as a
short-term fix. However, the upfront cost for battery storage is too expensive and is not as
efficient compared to other methods.

A long-term solution for the energy crisis is to convert the traditional standard grid into a
smart grid. By doing so, the operators and consumers are able to communicate with each
other and control the energy flow during high demand. AMI plays an important role in
assisting the smart grid to connect the operators and consumers. Other than that, a smart
grid can recover from a blackout by rerouting another transmission line.

Furthermore, smart grids can help reduce energy cost for the consumers as the smart meters
installed at the end user allows the consumer to monitor energy prices in near real time.
With the AMI implemented, the utility provider no longer needs to send out the meter man
to measure the energy usage once every few months, instead they can bill the consumers
directly and more efficiently. For the utility provider, this saves cost on fuel for sending out
a meter man, and for the consumer, they no longer need to worry about estimated billing
when the meter man has no access to the meter.

== Purpose of the project ==
The purpose of this project is to carry out an extensive research, discuss and provide an
overall view on the Cyber Security Issues in AMI and can then be used as a general reference
for future work. The aim is to first identify the current issues and causes from past
research, discuss about the issues, list out the regulatory requirements and the cyber security
requirements. This research will also include ways an attacker can exploit the AMI and the
recommended resolutions.

== Background ==

=== What is a Smart Grid? ===
Over the years the term smart grid has went through numerous changes, but in general it
is used to describe power grids with enhanced communication and sensing system which
improves the overall reliability. According to Liu et al. a smart grid is capable of analysing
power usage information in real time [1]. What makes a smart grid more reliable than the
standard power grid is that any outage in an area due to bad weather can be automatically
rerouted from another working distribution line. This feature is called distribution intelligence.
A smart grid is also capable of integrating different energy sources. This allows
renewable and non-renewable energy to work well together.

One important feature of a smart grid is the two-way communication between the consumer
and the operator unlike the standard grid which only flows one way. What this means is
that electricity is not only flowing from the operator to the consumer but information from
the consumer is also flowing back to the operator. This two-way communication allows the
operator to adjust the energy according to the consumer needs.

=== What is Advanced Metering Infrastructure (AMI)? ===
AMI is one of the major system within the smart grid which is used to connect the consumer
and the operator with a two way communication link. Its main purpose is to measure,
collect and analyse power usage data of consumers. The AMI is composed of different
technologies such as smart meters, Meter Data Management System (MDMS) and consumers
area network (HAN). Through AMI, operators are able to obtain electricity price in real time
while the consumers will be able to have control on their power usage and are able to see
real-time electricity prices [1].

=== What is a Smart Meter? ===
A Smart Meter is an electronic meter installed at the consumer’s end which is able to monitor
and collect energy information of the consumer and then send it to the operator periodically,
around every 30 minutes or less. Different from a electromechanical meter a smart meter
contains bi-directional communication between the consumer and the utility provider which
sends usage information back to the utility. The smart meter is a main component in the
AMI.

=== What is Home Area Network (HAN)? ===
The HAN works as a network to connect the consumers appliances together. Such appliances
include, computers, smart televisions, lights, security systems, etc. This allows the appliances
to communicate with each other.

=== What is Meter Data Management System (MDMS)? ===
The Meter Data Management System is located and integrated at the consumer end. Information
and data obtained from the consumer via smart meters are stored and managed in
the MDMS software. It also provides report statistics and validation.

== Cyber Security Issues ==
This introduction of the communication technology to the architecture caused
cyber security vulnerabilities in the AMI. Hence this section aims to address cyber security issues in AMI from previous research.

=== Privacy Issues ===
There are many concerns on privacy with the installation of a smart meter. If the AMI
was to be attacked or hacked, two main issues of privacy can occur; real time spying and
burglary, and identity theft [16].

==== Real time spying and burglary ====
According to Mohassel et al., the smart meter is able to collect energy consumption data
in a shorter interval of around 20 mins average compared to the traditional meter which
is only done during the billing period. These shorter readings from the smart meter can
then be used to generate a profile of the consumer which for example can include number of
occupant and type of alarm system [6, 10]. This is backed up by Saputro and Akkaya where
they mentioned that from the amount of information the Smart Meter obtains, it can show
more than just the power usage of the consumer. The energy consumption information can
show if the consumer is at home or not by load monitoring.

Moreover, the operating time of an appliance can also be determined from the smart meter.
Additionally, if the energy consumption data is analysed over a period, a detailed graph can
be produced [7].

Attackers are able to know what appliances were used on what
specific time of the day and the consumers daily routine can then be figured out. The graph
can be use as a surveillance on the consumer and can even be use to coordinate a burglary.
A burglar can know when to attack based on the graph, for example, the graph will have
no spike if the occupant went for a holiday. Other than that, this information can now be
obtained remotely without the need to be present at the target’s property.

==== Identity theft ====

Identity theft is an issue whereby the attacker uses the consumer’s identity to gain benefit
financially. A smart meter obtains more than just the energy consumption information from
a consumer compared to the traditional meter. The list of personal information obtained
by the smart meter and stored in the grid according to Liu et al. is as follows: consumers
name, phone number, home address, transaction history, meter reading, HAN, meter IP and
service provider [1]. This can cause serious privacy issues if the data in the Smart Meter
falls into the wrong hands.

Based on Saputro and Akkaya there are two ways an attacker can obtain the energy consumption information. Firstly, an attack can occur when transmitting the data from the
consumer to the utility. Secondly, it can either be done at the utility site or the consumer
site where the smart meter is present [7]. Privacy issue may not be a serious problem for
some people but a surprisingly large amount of people are concern on privacy which has led
to activist being formed to stop the installation of smart meters. To ensure that the public
are comfortable with smart meters and trust the utility, the data in the smart meter needs
to be protected via cyber security measures [8].

=== Denial-of-Service issues ===
Another form of threat which is fairly common is a Denial-of-Service attack. Based on Mo
et al. a DoS attack is when the attackers send false request to the network to cause a
disruption or to temporarily make the service unavailable [15]. A successful DoS attack can
cause an issue at the consumer site. From Cleveland, the consumer can get delayed pricing
information on their smart meters which can cause financial problems [2]. Another major
problem from a DoS attack is when there is an outage in an area, the grid is unable to
restore power to it on time via the AMI [2].

Based on Asri and Pranggono there are three
ways of executing a DoS attack, flooding attacks, vulnerability attacks and a new way of
attack called puppet attack introduced by Yi et al. [16, 17]. Flooding attack is a form of
Distributed Denial-of-Service attack (DDoS) where the attacker sends several SYN packet
to an invalid address an causes an error in the system [16]. Vulnerability attacks are done
by exploiting exposed software at the target which result in overuse of the CPU memory.
Puppet attack on the other hand is similar to the flooding attack, however puppet attacks
are less likely to be detected [17].

=== Unauthorized access and modification issues ===
Another major threat in the AMI is when attackers issue their own commands into the
AMI or modify it. The types of different attacks can be classified into five different threats;
masquerade, firmware modification, buffer overflow, man-in-the-middle attack, and energy
theft.

==== Masquerade ====
From previous research, masquerade is shown as a threat where attackers impersonate the
control centre at the AMI headend [11]. As mentioned by Parks, the attackers can issue a
shutdown on multiple Smart Meters causing a high power without demand from the power
company. The power company will then lower the power and when the smart meters are
15
turned back on, the lack of power can cause a blackout [12]. Masquerade can be done through
authentication bypass. Another possible masquerade threat is at the consumers site where
the attackers can send false alarms from multiple smart meters to the control centre. The
result of this is the control centre will send maintenance team to those smart meters and
can cause performance and delay issues [11].

Other than small threats, masquerade can be
used as a large-scale attack and can cause havoc nationwide as mentioned by Parks [12]. An
example of a large-scale attack is terrorist can cause power instability or blackout during
their own bombing attack.

==== Firmware modification ====
A threat also mentioned in the research of Adak et al. is firmware modification. This threat
is a major concern because attackers can modify the firmware remotely and once modified,
the AMI meter can function however the attacker wants. Although modifying the firmware
of the AMI is not an easy task and requires a certain amount of expertise, it should not be
taken lightly as it can have serious consequences [11].

==== Firmware modification ====
A threat also mentioned in the research of Adak et al. is firmware modification. This threat
is a major concern because attackers can modify the firmware remotely and once modified,
the AMI meter can function however the attacker wants. Although modifying the firmware
of the AMI is not an easy task and requires a certain amount of expertise, it should not be
taken lightly as it can have serious consequences [11].

==== Buffer overflow ====
According to Adak et al., buffer overflow is a very common type of attack these days. As the
name implies, the attacker can overflow the buffer in the AMI meter and can cause damage
to the data within the AMI or leak them [11]. The memory addresses gets modified during
a buffer attack which can cause system freeze.

==== Man-in-the-middle Attack ====
Man-in-the-middle attack is also a common cyber threat towards the AMI. This can be done
during the transmitting of data over the network. The attackers can implant false information
in the network from any node. The backhaul link is one way where the attackers can interfere
and also obtain the cryptographic key. [6] A few consequences of a man-in-the-middle attack
based on Liu et al. are modification of the billing data, financial loss, equipment damage
and human risks.

==== Energy theft ====
Lastly, energy theft has always been around since the first standard grids are introduced
and are still present in Smart Grids. According to McLaughlin et al. there are 2 types of
attackers; consumers and organized crime [13]. Customers are the main attackers to try
and steal energy via tampering the meter. Stealing energy by tampering the smart meter is
harder compared to the traditional meter, however due to the advancement of AMI, ways on
how to steal energy from smart meters can be easily obtained online [14]. Organized crime
is another culprit of energy theft. As mentioned by McLaughlin, these organizations are
professional hackers who take advantage of the AMI system to steal large amount of energy
[13].

== Regulatory Requirements ==
The cyber security issues in the AMI can be minimised by introducing regulatory requirements
and/or legislations which creates certain restrictions on the AMI for example the
handling of consumer’s data [18]. This section covers the current regulatory requirements
used in the AMI system and will also include suggested new laws to improve the cyber
security of the AMI.

=== Policy for privacy ===
A smart meter records the energy consumption of the consumer every 30 minutes or less.
Hence, the information obtained by a smart meter can be very detailed and can show the
lifestyle of the consumer. There are rising privacy concerns among the consumers if the
information happens to fall onto the wrong hands or misused by the utility provider. Privacy
is a major issue which directly involves the consumer and hence need to be enforced. Based
on Australian law, the federal privacy act 1988 ensures that the consumer’s information
(name, signature, address, bank details, telephone number and date of birth) is protected.
This applies to the AMI system for example, when the smart meter collects the consumer’s
personal information, the utility provider is not allowed to share it to other third parties
without having the consent from the consumer. Other than that, the utility provider will
always ensure that the third party complies with the federal privacy act when the third party
request to obtain the consumer’s information.

Moreover, the utility provider need to ensure the authenticity of the obtained consumer’s
personal information by ensuring the consumer updates their information regularly. On the
other hand, the information collected from the smart meter and kept by the utility provider
must be protected from unauthorised access. Another requirement to strengthen the privacy
of the consumer is the utility provider must conduct cyber security training for their staffs
and ensure frequent audits.

Additionally, the federal privacy act contains the Australian Privacy Principles (APP), also
formerly known as National Privacy and Principles. APP explains the use and storage of
personal information and set restrains for organisations with 3 million Australian dollars or
more annual turnover [20]. There are additional protection on the installation and data of
the smart meter as stated in the National Electricity Rules.

=== Policy for unauthorized access and DoS ===
Aside from policy regarding privacy issues, law enforcing the cyber security to prevent unauthorized
access issues should also be prioritized. The AMI is responsible on the measurement
and collection of energy usage of the consumers, and is done through network transmission.
Hence, the AMI is exposed and can be vulnerable to cyber attacks if there are no regulations
on the cyber security.

A few policies can be introduced to minimise cyber security issues within the AMI. For
example, a policy where the encryption of the information and cyber security protection of
the AMI and grid has to exceed a certain level of security. If such policy exists, this can
ensure that when the AMI is implemented, the design engineers follows a specific set of rules
and ensures that the cyber security is not easily penetrated.

Additionally, the policy can also defend against unauthorized access by making sure meter
protocols are implemented and for each stage of the data transmission process between the
consumer and utility provider there contains encryption. Other ways to enforce the cyber
security in the AMI includes implementing passwords in the smart meters according to the
appropriate standards and the addition of firewalls to separate the AMI network from the
internet [19].

== Cyber Security Requirements ==
Cleveland mentioned that each cyber security issue can be grouped into their appropriate
security requirements. This bond between the security requirements and threats means
that solutions to the cyber security issues can be implemented easier instead of solving on
each individual threat. Below are four different technical security requirements and their
corresponding descriptions [2].

=== Confidentiality ===
Cleveland mentioned that in AMI, confidentiality means that consumer’s information and
data is only available to the authorized operator. This is important as a consumer because
of privacy issues. Without confidentiality, attackers can obtain detailed information of the
consumers for example energy usage patterns. This energy usage pattern is able to give
attackers information on whether the consumer is at home or not and their daily routine.
To keep the consumer’s data confidential, either the AMI network needs to be encrypted
so that attackers cannot easily hack or the utility provider needs to ensure the data is not
shared to other third parties [2].

=== Integrity ===
According to Cleveland, integrity is to ensure the information and data received by the
operator is from the correct consumer. This means that the data collected by the smart
meter must not be altered or modified without authorised permission. Attackers can hack
and pose as the consumers and give false information to the operator. An example is when
the attackers increases the electricity demand of multiple consumers and if the generator is
unable to supply that amount of power, a blackout can occur [2].

=== Availability ===
Based on Cleveland, availability is to ensure that the consumer’s information and data is
always available to the authorized operator. This is especially important for smart meters
as compared to the traditional meters, because the traditional meters allows estimate billing
while the smart meters are not able to do that. Attackers can cause a Denial-of-Service in
the AMI where the operator can not access the consumers’ information when needed. This
can cause delayed information and affecting the service for the consumers. At the consumer’s
site, it can cause delay to pricing and can affect consumer financially [2].

=== Accountability ===
Another important security requirement is accountability as noted by Mohassel et al. accountability
is when the entities do not deny receiving information or when the entity did
not receive information but say otherwise. The AMI is a large network and does not own
by an entity, instead it consists of different individuals. This means that it is crucial to
have synchronized timestamps for the data in the network by each entity. Weak focus on
accountability can result in financial issues because one entity can declare that the data has
been sent and accuse that it has been lost in the network [2, 6].

== Human Factor Requirements ==
The cyber security issues in AMI cannot be solved with just technical and regulatory requirements.
As the AMI obtains information from the consumer, the community has to be
involved in reducing the issues. Additionally, requirement for personnel involved in the AMI
is also necessary and will be discussed.

=== Awareness on cyber security ===
The publics knowledge on the importance of cyber security in the AMI is limited. Hence, the
government and organisations involved in smart grid program should educate the public and
promote awareness. If the issues of cyber security in AMI is spread out and known to the
public, additional steps can be taken to reduce the vulnerability of a cyber attack. The public
can take precautions, for example installing a CCTV near a smart meter. Furthermore, the
government should also emphasise on the law on tampering the smart meter. This can
reduce the potential attackers towards the AMI.

Other than raising awareness among the public, it is also important that personnel involved
in the smart grid are familiar with the cyber security issues in AMI. This is because the personnel
are involved in manufacturing, installing and maintaining the AMI and an awareness
on cyber security could improve the overall cyber security in the AMI. Additionally, this can
result in cyber security being prioritise when operating and implementing the smart grid
[24].

=== Personnel training ===
To create awareness among personnel as stated in the above section, training programs need
to be introduced. This training program should cover awareness on cyber security issues,
cyber security requirements, and the appropriate actions when a cyber attack occurs [24].
A utility provider with cyber security in mind could minimise cyber security issues in AMI.
Apart from that, personnel with the appropriate training will know the necessary steps to
take if a cyber attack occurs to avoid further damages.

== Cyber Threats in the AMI ==
There are many cyber security loopholes in the AMI as discussed in the above sections.
Hence, attackers will find many ways to exploit the AMI based on those loopholes. Most
of these attacks are mainly to gain financial benefit. Other cases of non-financial benefit
attacks are usually unlikely and not practical to occur but will still be discussed. This
section will cover the different ways an attacker can exploit the AMI and can be categorised
into four groups; tampering on energy usage, billing others, insider threat, attempt burglary
and nation state attack.

=== Tampering on energy usage ===

One reason for the deployment of the smart grid was to resolve the issue with energy theft.
Although smart meters were able to eliminate the standard ways to steal energy from the
traditional meter, it introduces new hacking methods via the network. With the right tools
and resources, the data in the smart meter can be tampered. There are various approaches
for an attacker to alter the energy usage, they include: administrative access, modifying
smart meter firmware, intercepting the data transmission link.

==== Administrative access ====

Similar to the traditional meter, the smart meter stores the total energy consumption used
by the household. This data can be hacked and modified via obtaining the smart meter
password to grant administrative rights. Obtaining the smart meter password does not
require much work for the attackers as once the smart meter is physically tampered, a
device for monitoring is able to capture the passwords [13]. These passwords according to
McLaughlin et al. is transmitted into the open without much security protection.

Once the attacker gained administrative rights on the smart meters, they are able to modify
the total energy consumption data which then affects the electric bill. This allows the
attacker to use more energy than they are actually paying. Additionally, with the administrative
rights, attackers can also alter the audit logs stored in the smart meter. Audit logs
are a record of timestamps when the smart meter is being accessed via administrative rights.
Modifying audit logs need to be done in conjunction with total energy consumption data as
it erases evidence on tampering.

==== Modifying smart meter firmware ====
Modifying the total energy consumption data using administrative access only provides a
limited control over the smart meter. Hence, some attackers would choose to reverse engineer
the firmware on the smart meter directly instead. When the smart meters firmware is
modified, the attacker has full access on tariffs for Time of Use (TOU) pricing, event logs,
received and executed commands [6, 13]. The smart meter can then be reprogramed to
report fake data.

==== Intercepting the data transmission link ====
Apart from tampering on the energy usage at the smart meter end, the introduction of AMI
also enables attackers to attack during the transmission of data from the consumers smart
meter to the utility provider. When the data is being transmitted, it passes through several
nodes, these nodes can then be targeted by the attackers if the security protocols are weak.
The attackers can inject their own data into the transmitting data when it passes a node.

Before injecting false data into the network, the attackers need to first intercept the communication
which is on the backhaul link. Attackers can tap a line near the first backhaul
link [13]. Once this is done, the attackers are ready to inject false data by removing the
original data being transmitted. However, as the AMI contains encryption in the network,
the attackers are required to retrieve the encryption key which can be found in the smart
meter. Instead of the smart meter accepting the data from the utility provider, the attackers
can now accept via their devices and send false data. This leads to an attack technique called
spoofing or masquerade as discussed previously. Additionally, attackers can attack when the
utility provider and smart meter has already connected. This involves a man-in-the-middle
attack at the node.

=== Billing others ===
Another method to steal energy is to bill the electricity to others instead. In order to do
this, the attacker would first need to select a target (most often the targets have to be living
nearby). After selecting a target, the attackers will hack into the targets smart meter to
obtain identity information for example the meter IP. The attacker will then modify the data
of their own smart meter to the targets meter IP. The attacker can also modify the targets
smart meter to avoid the utility provider from detecting duplicate meters. This is often
used by organised crime who are dealing with illegal businesses such as marijuana/cannabis
farming. To maintain these farms, a large amount of electricity usage is needed, hence the
attackers will resort to stealing energy to increase business revenue.

Besides billing others for financial gain, attackers can tamper the smart meter of a specific
household so that the target household gets billed higher than their energy usage. For
example, the target will get charged twice the cost per kWh. The attackers usually has no
real motives other than to cause disturbance or for revenge.

=== Insider threat ===
The AMI system can also be exploited from within the utility provider. This can be a
problem as it is not easy to detect abnormality within the utility. Insiders can either work
for their own financial benefit or can be planted by the power generation provider. These
insiders can either modify the pricing or the peak usage in the AMI system.

==== Pricing modification ====
An insider can modify the system at the AMI head end or the consumers end so that the
pricing of electricity can then be altered to suit them. The insider can reduce the price
of the electricity in an area (most likely the place the insider resides) so that the insiders
electricity bill will be lower than the usual price. Furthermore, the insider will also increase
the price of the electricity in another area to balance out the utilitys revenue to avoid any
suspicion. This pricing modification by the insider can be done either via administrative
access or physical hacking access.

Administrative access is usually done by insiders who are working in that particular department,
in this case, the department which is involved in getting pricing information. They
can then alter the price virtually without having to physically access the AMI head end
system [12]. Physical hacking access on the other hand requires an insider who has a decent
level of hacking and knowledge of the protocols involved. This is essential because they do
not have administrative access and would need to bypass certain security measures.

==== Peak usage modification ====
The insider can also modify peak usage to gain financial benefit for the organization the
insider is working for. Modifying peak usage is useful for power generation providers because
the insider can increase the peak usage and price to produce a false electricity demand
information. When the utility provider noticed that the demand for electricity increased
they will then require to buy more electricity from the power generation provider. This could
cause the utility provider to lose revenue and the power generation provider to increase in
revenue. The possible scenario for this to happen can be when a power generation provider
offers money to a personnel who desperately needs financial help to modify the data. The
methods to modify peak usage is similar to modifying pricing [12].

=== Attempt burglary ===
Apart from energy theft, attackers can make money by exploiting the AMI to gain information
on a target so that they can attempt a burglary. As mentioned previously, the data
obtained by a smart meter specifically the energy consumption data can be used to monitor
or spy on a particular household. The information once hacked tells the attacker if there is
anyone home at that time. It can also be plotted on to a graph and analysed to learn about
the household’s daily routine or show if the household is on vacation.
The target chosen has to be someone who is wealthy as the effort put into this method for
attempting burglary may not be the most efficient. One way to be able to identify a wealthy
household as oppose to a not so wealthy household is to also monitor the energy consumption
data. If a particular household uses more energy than an average household, means that
money is not an issue for that household. Moreover, the graph also shows the number of
appliances available in that household. Different peaks of the graph show different types of
appliances. All of this can be done by just obtaining the energy consumption data.

=== Nation state attack ===
The AMI can also be exploited by large criminal enterprises whose goal may not just be the
AMI system but to cause harm or disturbance to the surrounding. These organisations could
plan to cause a disturbance in the power grid so that their final motives could succeed. The
terrorist can hack via the consumers end and slowly work their way up to the AMI head end
by hacking wireless communication links [12]. Furthermore, the terrorists can also exploit
the weak security for AMI connectivity. The motives of this terrorists could be broken down
into two groups; terror attack and manipulating the society.

==== Terror attack ====
Terrorists can target the power generation through the AMI system to cause a blackout so
that their planned bombings could take place. The AMI system allows the utility provider
to switch off any flow of electricity to a household if the electric bill is overdue. This feature
also known as disconnect commands can be taken advantage by the terrorists where once
hacked into the AMI head end, they can send an off command to any large area. Once a
blackout occurs and the terrorist attack, the emergency response could be slow. The police and fire department along with the ambulance would be busy dealing with the blackout and
could have a shortage of emergency forces to respond to an attack later.

==== Manipulating the society ====
An attack which involves manipulating the society may not seem reliable but the effects
of it could cause emotional distress, behaviour changes and internal conflicts between the
public and the government. The AMI system can be hacked by the terrorist and can modify
the billing information of the consumers. This can cause economic issues among the public
whereby the poor get poorer and people working in the electricity field get richer. When
the public are pressured by issues regarding financial and economic instability, they tend to
blame it on the government, and when the government does not appeal to the public, protest
or even civil unrest could occur. This gives the attacker control on the lives of the society
and must be prevented. Furthermore, the attacker can use this as a political tool to shift
the tide to favour a political party during an election campaign for example.

== Recommendations ==
This section aims to introduce a few important recommendations that could help mitigate
the cyber security issues present in the AMI system and to reduce the practicality of exploiting
the AMI system. Based on the practicality and severity analysis of the exploits, it is
important to first address and provide recommendations to the issue which has the highest
average of both practicality and severity.

=== Recommendations for tampering attacks ===
Tampering issues need to be addressed first because it is the base of all other threats hence,
solving tamper issues can slow down and mitigate other cyber threats in the AMI. It is crucial
for the public and personnel to be aware and fully understand the vulnerability of the AMI
system. Creating awareness is the first step towards mitigating cyber security threats. The
public and personnel need to be properly educated so that necessary precautions can be
taken. For example, an educated consumer will notice any abnormality when monitoring
their energy usage and will report it to the utility provider for investigation. Similarly, a welleducated
personnel will understand the importance of cyber security and knows which part
of the AMI system needs attention so that necessary security protocols can be implemented
or strengthen.

For petty thefts and small groups of attackers, their main target would be the smart meter.
Hence, enforcing the security at the smart meter would be the first priority. There are several
recommendations to lower the threat level for tampering, one way is to strengthen the password
which is used to access the smart meter. However, the password can also be obtained
via monitoring the open as mentioned previously. Thus, proper security protection on the
password is essential. Furthermore, although modifying the firmware of the smart meter
requires a certain amount of expertise from the attacker, if the attacker is able to tamper
with the firmware, the results could be severe. Thus, it is recommended to design lockable
microcontrollers to prevent reinstallation of the firmware [11]. It is also recommended to
encrypt the firmware in the smart meter.

The AMI communication network contains many nodes which when hacked can be used to
connect all other nodes, hence, all the nodes should be encrypted. Although encrypting
every node of the AMI network may seem sufficient, a stronger encryption is also needed to
avoid unnecessary cyber security threat. Stronger encryption would slow down the hacking
process of the attacker. The AMI network functions by constantly having to send and
receive signals thus attackers can take advantage of this feature. One way to discourage
attackers from launching a man-in-the-middle attack is to have all signals authenticated regardless of whether the signal is coming from the consumer or going out of the utility
provider. To reinforce this method, the authentication can be made stronger for example,
more complicated passwords or even biometrics.

Despite all the enforcing of the security protocols, not all utility provider would follow the
same level of security measures, hence it is essential to have certain standards introduced.
For example, a standard on having a stronger security protocol could help the AMI system
mitigate small threats. These standards ensure that the AMI system has a minimum level of
cyber security measures. However, a problem arises because the standards need to satisfy all
the relevant stakeholders. This means that the stakeholders need to agree upon a common
protocol and the level of cyber security. It is not as straightforward as it is for all the
stakeholders to come to terms, as each stakeholder has a different view and requirement on
the issue and only look to benefit themselves.

Additionally, legislations are important as it forces the implementers to take necessary cyber
security precautions when designing the AMI system. These standards can then be implemented
in one of the legislations to make it mandatory for the AMI system. Legislations
can be used to solve the problem regarding different stakeholders requirement. When the
government is more involved in regulating the cyber security in AMI, it forces all other
stakeholders to take the same cyber security precautions.

=== Recommendations for insider attacks ===
Utility provider who take insider attacks for granted could face serious financial consequences.
To prevent this, it is essential to create a certain level of awareness within the utility provider.
The awareness could include educating personnel regarding insider threats and to mention
the possibility of one to occur. Most of the problem with insider threats are that when
the issue has finally been found, it is already too late. Thus, when personnel are aware
of such threats, any suspicious activity or mismatch pricing information will be reported
immediately.
Moreover, the utility provider could perform frequent audit check ups or software integrity
testing on the system. This allows, any modified data internally to be detected and actions
can be taken. In addition to audit check ups, engineers at the AMI head end should also carry
out regular cyber security tests to keep the cyber security protocols up to date. As the AMI
system is constantly evolving, new technologies will be integrated, and the cyber security will
contain more loopholes and susceptible to attacks. These tests can help address this issue
because when the engineer runs the security tests on the system and it does not perform
well, it will then be notified so that a better cyber security protocol can be implemented.
Similar to the recommendation for tampering issue, the commands present in the utility provider needs to be authenticated and with a stronger authentication. Insiders can issue
their own commands when they have gotten in to the communication network of the AMI
system. By authenticating the commands, the insider would require bypassing the authentication
which means it is less efficient to hack.

=== Recommendations for billing others and burglary ===
The cyber-attack of billing others and burglary involved in first obtaining the information
of the consumer. Hence as mentioned previously, one recommendation is to anonymise the
data of the consumer. When the consumers information is anonymous, it is harder for the
hacker to track back the information hacked from the network to the original consumer. For
the case of billing others, extra recommendations are required and are similar to tampering
which is enforcing the security protocols at the smart meter and at the nodes throughout
the network. Additionally, the meter IP of each household should also not be exposed to
the open.

=== Recommendations for nation state attack ===
Nation state attack is probably the hardest threat to mitigate given the commitment and
resources of the attacker. Nevertheless, there are a few recommendations to slow down such
attacks or reduce the practicality of the attack so that the AMI system is a less tempting target.
The utility provider could implement firewalls within the AMI network to help prevent
the attackers from using consumer end to attack. A combination of the recommendations
mentioned above and the recommendations here will be able to mitigate if not slow down a
terrorist attack from occurring.

The nation state attack which involved manipulating of behaviour can be mitigated with
awareness similar to the recommendation in tampering attacks. Educating the public and
personnel on the possibility of such an attack would not only make the public more vigilant,
but actions can be taken if such an event occurs.

== Conclusions ==

The current standard grid is slowly reaching its lifetime with many problems including
blackouts, this calls for a need to transition into a smart grid. South Australia which is
currently facing with energy crisis is an example which could benefit from a smart grid. The
purpose of this research project is to identify the cyber security issues present in the AMI,
determine the requirements to reduce the cyber security issues, analyse the impact of the
issues on the AMI, and to provide recommendations to the cyber threats.
The introduction of communication networks within the AMI architecture has caused several
cyber security issues. These cyber security issues are first identified and explained so that a
list of possible attacks on the AMI can be determined. Each cyber security issue is associated
with a type of attacker. It is essential to address the types of attacker so that necessary
precautions can be taken towards them.

The cyber security issues can be minimised to an extent by following certain requirements.
The regulatory requirements are essential in keeping the design of cyber security in the
AMI up to date and works in conjunction with standards. Additionally, cyber security
requirements can be used when implementing new security measures to minimise cyber
security issues. It allows cyber security issues to be grouped up in to specific category
of security requirements so that design engineers can easily implement security measures.
Educating the public and personnel is one requirement not to be overlooked as the effect
of such requirement can greatly impact the AMI system. It helps provide awareness among
the public and personnel so that necessary precautions can be taken before the need for it
arises.

This research explores the consequences of cyber security issues which is the exploitation
of the AMI. There are many cyber threats that could or could not occur depending on the
practicality of the attacks which will be analysed and given a grade. The AMI is particularly
vulnerable to tampering attacks and insider threat while billing others and burglary are less
likely to occur. The possibility for a nation state attack to occur on the other hand varies
depending on the situation and motives of the attacker. However, it should not be taken
lightly as the impact on a nation state attack is severe.

Several recommendations have been made in order to reduce the cyber threats and to ensure
the AMI is less vulnerable to cyber attacks. It is mentioned that tampering attacks represent
the base of all other threats, hence a proper mitigation method for tampering attacks can
be used as a reference point to implement other recommendations. It is crucial to address
the cyber security issues present in the AMI at an early stage of the design process as the
consequences of a cyber attack is not to be taken lightly. As for existing AMI infrastructures,
this project can help create certain awareness so that the necessary precautions can be taken.

As the concept of a smart grid is still fairly new to many countries, this research project
can also shed some light on the cyber security issues in AMI. This project hopes to provide
engineers and personnel a general reference and guide when implementing cyber security of
an AMI system.

== Reference ==
[1] J. Liu, Y. Xiao, S. Li, W. Liang and C. Chen, “Cyber Security and Privacy Issues in
Smart Grids,” in IEEE Communications Surveys & Tutorials, vol. 14, no. 4, Fourth
Quarter 2012.
[2] F. M. Cleveland, “Cyber Security Issues for Advanced Metering Infrastructure (AMI),”
Proceedings of the IEEE Power and Energy Society General Meeting: Conversion and
Delivery of Electrical Energy in the 21st Century, pp. 15, 2008
[3] N.Liu, J.Chen, L.Zhu, J.Zhang and Y.He, “A Key Management Scheme for Secure Communications
of Advanced Metering Infrastructure in Smart Grid,” in IEEE Transactions
on Industrial Electronics, vol. 60, no. 10, October 2013.
[4] R. Berthier, W. H. Sanders and H. Khurana, “Intrusion Detection for Advanced Metering
Infrastructures: Requirements and Architectural Directions,” 2010 First IEEE
International Conference on Smart Grid Communications, Gaithersburg, MD, 2010, pp.
350-355.
[5] Y.Yan, Y.Qian and H.Sharif, “A Secure and Reliable In-network Collaborative Communication
Scheme for Advanced Metering Infrastructure in Smart Grid,” in IEEE WCNC
2011.
[6] R. R. Mohassel, A. S. Fung, F. Mohammadi and K. Raahemifar, “A survey on advanced
metering infrastructure and its application in Smart Grids,” in IEEE 27th Canadian
Conference on Electrical and Computer Engineering (CCECE), Toronto, ON, 2014, pp.
1-8.
[7] N. Saputro and K. Akkaya, “On preserving user privacy in Smart Grid advanced metering
infrastructure applications,” Security and Communication Networks, vol. 7, no.
1, pp. 206-220, 2013.
[8] P. Deng and L. Yang, “A secure and privacy-preserving communication scheme for Advanced
Metering Infrastructure,” 2012 IEEE PES Innovative Smart Grid Technologies
(ISGT), Washington, DC, 2012, pp. 1-5
[9] R. Berthier, W. H. Sanders and H. Khurana, “Intrusion Detection for Advanced Metering
Infrastructures: Requirements and Architectural Directions,” 2010 First IEEE
International Conference on Smart Grid Communications, Gaithersburg, MD, 2010, pp.
350-355.
[10] R. Shein, “Security Measures for Advanced Metering Infrastructure Components,” 2010
Asia-Pacific Power and Energy Engineering Conference, Chengdu, 2010, pp. 1-3.
[11] K. Adak, J. Mohamed and S. H. Darapuneni, “Advanced Metering Infrastructure Security,”
A Capstone Paper, University of Colorado, Boulder, 2010.
[12] R. C. Parks, “Advanced Metering Infrastructure Security Considerations,” Sandia Report,
Sandia National Laboratories, 2007
[13] S. McLaughlin, D. Podkuiko, and P. McDaniel, “Energy theft in the advanced metering
infrastructure,” in Proc. the 4th International Conference on Critical Information
Infrastructures Security, Springer, 2010, pp. 176-187
[14] R. Jiang, R. Lu, Y. Wang, J. Luo, C. Shen and X. S. Shen, “Energy-theft detection
issues for advanced metering infrastructure in smart grid,” in Tsinghua Science and
Technology, vol. 19, no. 2, pp. 105-120, April 2014.
[15] Y. Mo, T. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig and B. Sinopoli, “CyberPhysical
Security of a Smart Grid Infrastructure,” in Proceedings of the IEEE, vol. 100,
no. 1, pp. 195-209, Jan. 2012.
[16] S. Asri and B. Pranggono, “Impact of Distributed Denial-of-Service Attack on Advanced
Metering Infrastructure,” Wireless Personal Communications, vol. 83, no. 3, pp. 2211-
2223, 2015.
[17] P. Yi, T. Zhu, Q. Zhang, Y. Wu and L. Pan, “Puppet attack: A denial of service
attack in advanced metering infrastructure network,” Journal of Network and Computer
Applications, vol. 59, pp. 325-332, 2016.
[18] K. Curtis, in Speech to Thinkfuture Smart Infrastructure Conference 2010 on smart
infrastructure and privacy, Parliament House, Canberra, 2010.
[19] U.S. Department of Energy, “Smart Grid Legislative and Regulatory Policies and Case
Studies”, U.S. Energy Information Administration, Washington, D.C., 2011.
[20] “Australian Privacy Principles— Office of the Australian Information Commissioner
- OAIC”, Oaic.gov.au, 2017. [Online]. Available: https://www.oaic.gov.au/privacylaw/privacy-act/australian-privacy-principles.
[Accessed: 10- Sep- 2017].
[21] Australian Privacy Principles, fact sheet 17. Australia: Office of the Australian Information
Commissioner, 2014.
[22] Australian Privacy Principles - a summary for APP entities. Australia: Office of the
Australian Information Commissioner, 2014.
[23] J. Lazar and M. McKenzie, “Australian Standards for Smart Grids Standards
Roadmap”, Standards Australia, pp. 1-36, 2012.
[24] E. Egozcue, D. Rodrguez, J. Ortiz, V. Villar and L. Tarrafeta, “Smart Grid Security”,
European Network and Information Security Agency, 2012.
[25] “Stop Smart Meters Australia”, Stop Smart Meters Australia, 2017. [Online]. Available:
https://stopsmartmeters.com.au/. [Accessed: 29- Sep- 2017].
[26] “Cyber Security — Energy Networks Australia”, Energynetworks.com.au, 2017. [Online].
Available: http://www.energynetworks.com.au/cyber-security. [Accessed: 18-
Sep- 2017].
[27] B. Murrill, E. Liu and R. Thompson II, “Smart Meter Data: Privacy and Cybersecurity”,
Congressional Research Service, 2012.
[28] “Smart Meters - Advanced Metering Infrastructure Cost Benefit
Analysis”, Smartmeters.vic.gov.au, 2017. [Online]. Available:
http://www.smartmeters.vic.gov.au/about-smart-meters/reports-andconsultations/advanced-metering-infrastructure-cost-benefit-analysis.
[Accessed:
29- Sep- 2017].
[29] C.King, “Advanced Metering Infrastructure (AMI), Overview of System Features and
Capabilities”, 2004

Projects:2017s1-167c Smart Grid Security

2017-10-28T09:06:35Z

A1660770:

Projects:2017s1-167c Smart Grid Security

2017-10-28T08:33:45Z

A1660770:

Projects:2017s1-167c Smart Grid Security

2017-09-10T07:45:56Z

A1660770: Created page with "== Project Team == Juin Hao Yau == Supervisors == Dr Matthew Sorell == Introduction == Smart grids are the next generation of power grids which can improve the standard grid..."

== Project Team ==
Juin Hao Yau

== Supervisors ==
Dr Matthew Sorell

== Introduction ==
Smart grids are the next generation of power grids which can improve the standard grid
in terms of efficiency, reliability, connectivity and is more cost efficient. Over the years,
the traditional grid has been facing with many power problems which lead to blackouts.
Because of this many countries are slowly replacing the traditional grid with smart grid and
other countries will soon adopt smart grids. A smart grid is composed of different systems
and a major system is the Advanced Metering Infrastructure (AMI). AMI is not a single
system by itself, but contains sub-systems like smart meters, Home Area Network (HAN)
and Meter Data Management System (MDMS) which connects the customer to the operator.
The AMI is able to provide two-way communication between the customer and operator as
the communication link not only provides electricity but also information. However, because
the smart grid is interconnected and contains communication systems, it is more susceptible
to cyber attacks. In order to ensure the safety of the smart grid in terms of cyber security,
it is important to first focus on the cyber security issues in AMI. The cyber security issues
in AMI can be categorized into three main parts; privacy issues, unauthorized command
and modification issues, and Denial-of-Service issues. It is also important to identify the
perpetrator involve in the cyber security issues. From previous research, attackers can range
from customers to terrorists. This research will first identify cyber security issues in AMI
and their appropriate causes then to discuss them. The aim of this research is to provide an
overall view of cyber security issues in AMI and to act as a reference and guide for future
AMI works.