Difference between revisions of "Projects:2017s1-167c Smart Grid Security"
Line 74: | Line 74: | ||
the consumer is also flowing back to the operator. This two-way communication allows the | the consumer is also flowing back to the operator. This two-way communication allows the | ||
operator to adjust the energy according to the consumer needs. | operator to adjust the energy according to the consumer needs. | ||
+ | |||
+ | === What is Advanced Metering Infrastructure (AMI)? === | ||
+ | AMI is one of the major system within the smart grid which is used to connect the consumer | ||
+ | and the operator with a two way communication link. Its main purpose is to measure, | ||
+ | collect and analyse power usage data of consumers. The AMI is composed of different | ||
+ | technologies such as smart meters, Meter Data Management System (MDMS) and consumers | ||
+ | area network (HAN). Through AMI, operators are able to obtain electricity price in real time | ||
+ | while the consumers will be able to have control on their power usage and are able to see | ||
+ | real-time electricity prices [1]. | ||
+ | |||
+ | === What is a Smart Meter? === | ||
+ | A Smart Meter is an electronic meter installed at the consumer’s end which is able to monitor | ||
+ | and collect energy information of the consumer and then send it to the operator periodically, | ||
+ | around every 30 minutes or less. Different from a electromechanical meter a smart meter | ||
+ | contains bi-directional communication between the consumer and the utility provider which | ||
+ | sends usage information back to the utility. The smart meter is a main component in the | ||
+ | AMI. | ||
+ | |||
+ | === What is Home Area Network (HAN)? === | ||
+ | The HAN works as a network to connect the consumers appliances together. Such appliances | ||
+ | include, computers, smart televisions, lights, security systems, etc. This allows the appliances | ||
+ | to communicate with each other. | ||
+ | |||
+ | === What is Meter Data Management System (MDMS)? === | ||
+ | The Meter Data Management System is located and integrated at the consumer end. Information | ||
+ | and data obtained from the consumer via smart meters are stored and managed in | ||
+ | the MDMS software. It also provides report statistics and validation. | ||
+ | |||
+ | == Cyber Security Issues == | ||
+ | This introduction of the communication technology to the architecture caused | ||
+ | cyber security vulnerabilities in the AMI. Hence this section aims to address cyber security issues in AMI from previous research. | ||
+ | |||
+ | === Privacy Issues === | ||
+ | There are many concerns on privacy with the installation of a smart meter. If the AMI | ||
+ | was to be attacked or hacked, two main issues of privacy can occur; real time spying and | ||
+ | burglary, and identity theft [16]. | ||
+ | |||
+ | ==== Real time spying and burglary ==== | ||
+ | According to Mohassel et al., the smart meter is able to collect energy consumption data | ||
+ | in a shorter interval of around 20 mins average compared to the traditional meter which | ||
+ | is only done during the billing period. These shorter readings from the smart meter can | ||
+ | then be used to generate a profile of the consumer which for example can include number of | ||
+ | occupant and type of alarm system [6, 10]. This is backed up by Saputro and Akkaya where | ||
+ | they mentioned that from the amount of information the Smart Meter obtains, it can show | ||
+ | more than just the power usage of the consumer. The energy consumption information can | ||
+ | show if the consumer is at home or not by load monitoring. | ||
+ | |||
+ | Moreover, the operating time of an appliance can also be determined from the smart meter. | ||
+ | Additionally, if the energy consumption data is analysed over a period, a detailed graph can | ||
+ | be produced [7]. | ||
+ | |||
+ | Attackers are able to know what appliances were used on what | ||
+ | specific time of the day and the consumers daily routine can then be figured out. The graph | ||
+ | can be use as a surveillance on the consumer and can even be use to coordinate a burglary. | ||
+ | A burglar can know when to attack based on the graph, for example, the graph will have | ||
+ | no spike if the occupant went for a holiday. Other than that, this information can now be | ||
+ | obtained remotely without the need to be present at the target’s property. | ||
+ | |||
+ | ==== Identity theft ==== | ||
+ | |||
+ | Identity theft is an issue whereby the attacker uses the consumer’s identity to gain benefit | ||
+ | financially. A smart meter obtains more than just the energy consumption information from | ||
+ | a consumer compared to the traditional meter. The list of personal information obtained | ||
+ | by the smart meter and stored in the grid according to Liu et al. is as follows: consumers | ||
+ | name, phone number, home address, transaction history, meter reading, HAN, meter IP and | ||
+ | service provider [1]. This can cause serious privacy issues if the data in the Smart Meter | ||
+ | falls into the wrong hands. | ||
+ | |||
+ | Based on Saputro and Akkaya there are two ways an attacker can obtain the energy consumption information. Firstly, an attack can occur when transmitting the data from the | ||
+ | consumer to the utility. Secondly, it can either be done at the utility site or the consumer | ||
+ | site where the smart meter is present [7]. Privacy issue may not be a serious problem for | ||
+ | some people but a surprisingly large amount of people are concern on privacy which has led | ||
+ | to activist being formed to stop the installation of smart meters. To ensure that the public | ||
+ | are comfortable with smart meters and trust the utility, the data in the smart meter needs | ||
+ | to be protected via cyber security measures [8]. | ||
+ | |||
+ | === Denial-of-Service issues === | ||
+ | Another form of threat which is fairly common is a Denial-of-Service attack. Based on Mo | ||
+ | et al. a DoS attack is when the attackers send false request to the network to cause a | ||
+ | disruption or to temporarily make the service unavailable [15]. A successful DoS attack can | ||
+ | cause an issue at the consumer site. From Cleveland, the consumer can get delayed pricing | ||
+ | information on their smart meters which can cause financial problems [2]. Another major | ||
+ | problem from a DoS attack is when there is an outage in an area, the grid is unable to | ||
+ | restore power to it on time via the AMI [2]. | ||
+ | |||
+ | Based on Asri and Pranggono there are three | ||
+ | ways of executing a DoS attack, flooding attacks, vulnerability attacks and a new way of | ||
+ | attack called puppet attack introduced by Yi et al. [16, 17]. Flooding attack is a form of | ||
+ | Distributed Denial-of-Service attack (DDoS) where the attacker sends several SYN packet | ||
+ | to an invalid address an causes an error in the system [16]. Vulnerability attacks are done | ||
+ | by exploiting exposed software at the target which result in overuse of the CPU memory. | ||
+ | Puppet attack on the other hand is similar to the flooding attack, however puppet attacks | ||
+ | are less likely to be detected [17]. | ||
+ | |||
+ | === Unauthorized access and modification issues === | ||
+ | Another major threat in the AMI is when attackers issue their own commands into the | ||
+ | AMI or modify it. The types of different attacks can be classified into five different threats; | ||
+ | masquerade, firmware modification, buffer overflow, man-in-the-middle attack, and energy | ||
+ | theft. | ||
+ | |||
+ | ==== Masquerade ==== | ||
+ | From previous research, masquerade is shown as a threat where attackers impersonate the | ||
+ | control centre at the AMI headend [11]. As mentioned by Parks, the attackers can issue a | ||
+ | shutdown on multiple Smart Meters causing a high power without demand from the power | ||
+ | company. The power company will then lower the power and when the smart meters are | ||
+ | 15 | ||
+ | turned back on, the lack of power can cause a blackout [12]. Masquerade can be done through | ||
+ | authentication bypass. Another possible masquerade threat is at the consumers site where | ||
+ | the attackers can send false alarms from multiple smart meters to the control centre. The | ||
+ | result of this is the control centre will send maintenance team to those smart meters and | ||
+ | can cause performance and delay issues [11]. | ||
+ | |||
+ | Other than small threats, masquerade can be | ||
+ | used as a large-scale attack and can cause havoc nationwide as mentioned by Parks [12]. An | ||
+ | example of a large-scale attack is terrorist can cause power instability or blackout during | ||
+ | their own bombing attack. | ||
+ | |||
+ | ==== Firmware modification ==== | ||
+ | A threat also mentioned in the research of Adak et al. is firmware modification. This threat | ||
+ | is a major concern because attackers can modify the firmware remotely and once modified, | ||
+ | the AMI meter can function however the attacker wants. Although modifying the firmware | ||
+ | of the AMI is not an easy task and requires a certain amount of expertise, it should not be | ||
+ | taken lightly as it can have serious consequences [11]. | ||
+ | |||
+ | ==== Firmware modification ==== | ||
+ | A threat also mentioned in the research of Adak et al. is firmware modification. This threat | ||
+ | is a major concern because attackers can modify the firmware remotely and once modified, | ||
+ | the AMI meter can function however the attacker wants. Although modifying the firmware | ||
+ | of the AMI is not an easy task and requires a certain amount of expertise, it should not be | ||
+ | taken lightly as it can have serious consequences [11]. | ||
+ | |||
+ | ==== Buffer overflow ==== | ||
+ | According to Adak et al., buffer overflow is a very common type of attack these days. As the | ||
+ | name implies, the attacker can overflow the buffer in the AMI meter and can cause damage | ||
+ | to the data within the AMI or leak them [11]. The memory addresses gets modified during | ||
+ | a buffer attack which can cause system freeze. | ||
+ | |||
+ | ==== Man-in-the-middle Attack ==== | ||
+ | Man-in-the-middle attack is also a common cyber threat towards the AMI. This can be done | ||
+ | during the transmitting of data over the network. The attackers can implant false information | ||
+ | in the network from any node. The backhaul link is one way where the attackers can interfere | ||
+ | and also obtain the cryptographic key. [6] A few consequences of a man-in-the-middle attack | ||
+ | based on Liu et al. are modification of the billing data, financial loss, equipment damage | ||
+ | and human risks. | ||
+ | |||
+ | ==== Energy theft ==== | ||
+ | Lastly, energy theft has always been around since the first standard grids are introduced | ||
+ | and are still present in Smart Grids. According to McLaughlin et al. there are 2 types of | ||
+ | attackers; consumers and organized crime [13]. Customers are the main attackers to try | ||
+ | and steal energy via tampering the meter. Stealing energy by tampering the smart meter is | ||
+ | harder compared to the traditional meter, however due to the advancement of AMI, ways on | ||
+ | how to steal energy from smart meters can be easily obtained online [14]. Organized crime | ||
+ | is another culprit of energy theft. As mentioned by McLaughlin, these organizations are | ||
+ | professional hackers who take advantage of the AMI system to steal large amount of energy | ||
+ | [13]. | ||
+ | |||
+ | == Regulatory Requirements == | ||
+ | The cyber security issues in the AMI can be minimised by introducing regulatory requirements | ||
+ | and/or legislations which creates certain restrictions on the AMI for example the | ||
+ | handling of consumer’s data [18]. This section covers the current regulatory requirements | ||
+ | used in the AMI system and will also include suggested new laws to improve the cyber | ||
+ | security of the AMI. | ||
+ | |||
+ | === Policy for privacy === | ||
+ | A smart meter records the energy consumption of the consumer every 30 minutes or less. | ||
+ | Hence, the information obtained by a smart meter can be very detailed and can show the | ||
+ | lifestyle of the consumer. There are rising privacy concerns among the consumers if the | ||
+ | information happens to fall onto the wrong hands or misused by the utility provider. Privacy | ||
+ | is a major issue which directly involves the consumer and hence need to be enforced. Based | ||
+ | on Australian law, the federal privacy act 1988 ensures that the consumer’s information | ||
+ | (name, signature, address, bank details, telephone number and date of birth) is protected. | ||
+ | This applies to the AMI system for example, when the smart meter collects the consumer’s | ||
+ | personal information, the utility provider is not allowed to share it to other third parties | ||
+ | without having the consent from the consumer. Other than that, the utility provider will | ||
+ | always ensure that the third party complies with the federal privacy act when the third party | ||
+ | request to obtain the consumer’s information. | ||
+ | |||
+ | Moreover, the utility provider need to ensure the authenticity of the obtained consumer’s | ||
+ | personal information by ensuring the consumer updates their information regularly. On the | ||
+ | other hand, the information collected from the smart meter and kept by the utility provider | ||
+ | must be protected from unauthorised access. Another requirement to strengthen the privacy | ||
+ | of the consumer is the utility provider must conduct cyber security training for their staffs | ||
+ | and ensure frequent audits. | ||
+ | |||
+ | Additionally, the federal privacy act contains the Australian Privacy Principles (APP), also | ||
+ | formerly known as National Privacy and Principles. APP explains the use and storage of | ||
+ | personal information and set restrains for organisations with 3 million Australian dollars or | ||
+ | more annual turnover [20]. There are additional protection on the installation and data of | ||
+ | the smart meter as stated in the National Electricity Rules. | ||
+ | |||
+ | |||
+ | === Policy for unauthorized access and DoS === | ||
+ | Aside from policy regarding privacy issues, law enforcing the cyber security to prevent unauthorized | ||
+ | access issues should also be prioritized. The AMI is responsible on the measurement | ||
+ | and collection of energy usage of the consumers, and is done through network transmission. | ||
+ | Hence, the AMI is exposed and can be vulnerable to cyber attacks if there are no regulations | ||
+ | on the cyber security. | ||
+ | |||
+ | A few policies can be introduced to minimise cyber security issues within the AMI. For | ||
+ | example, a policy where the encryption of the information and cyber security protection of | ||
+ | the AMI and grid has to exceed a certain level of security. If such policy exists, this can | ||
+ | ensure that when the AMI is implemented, the design engineers follows a specific set of rules | ||
+ | and ensures that the cyber security is not easily penetrated. | ||
+ | |||
+ | Additionally, the policy can also defend against unauthorized access by making sure meter | ||
+ | protocols are implemented and for each stage of the data transmission process between the | ||
+ | consumer and utility provider there contains encryption. Other ways to enforce the cyber | ||
+ | security in the AMI includes implementing passwords in the smart meters according to the | ||
+ | appropriate standards and the addition of firewalls to separate the AMI network from the | ||
+ | internet [19]. | ||
+ | |||
+ | == Cyber Security Requirements == | ||
+ | Cleveland mentioned that each cyber security issue can be grouped into their appropriate | ||
+ | security requirements. This bond between the security requirements and threats means | ||
+ | that solutions to the cyber security issues can be implemented easier instead of solving on | ||
+ | each individual threat. Below are four different technical security requirements and their | ||
+ | corresponding descriptions [2]. | ||
+ | |||
+ | === Confidentiality === | ||
+ | Cleveland mentioned that in AMI, confidentiality means that consumer’s information and | ||
+ | data is only available to the authorized operator. This is important as a consumer because | ||
+ | of privacy issues. Without confidentiality, attackers can obtain detailed information of the | ||
+ | consumers for example energy usage patterns. This energy usage pattern is able to give | ||
+ | attackers information on whether the consumer is at home or not and their daily routine. | ||
+ | To keep the consumer’s data confidential, either the AMI network needs to be encrypted | ||
+ | so that attackers cannot easily hack or the utility provider needs to ensure the data is not | ||
+ | shared to other third parties [2]. | ||
+ | |||
+ | === Integrity === | ||
+ | According to Cleveland, integrity is to ensure the information and data received by the | ||
+ | operator is from the correct consumer. This means that the data collected by the smart | ||
+ | meter must not be altered or modified without authorised permission. Attackers can hack | ||
+ | and pose as the consumers and give false information to the operator. An example is when | ||
+ | the attackers increases the electricity demand of multiple consumers and if the generator is | ||
+ | unable to supply that amount of power, a blackout can occur [2]. | ||
+ | |||
+ | === Availability === | ||
+ | Based on Cleveland, availability is to ensure that the consumer’s information and data is | ||
+ | always available to the authorized operator. This is especially important for smart meters | ||
+ | as compared to the traditional meters, because the traditional meters allows estimate billing | ||
+ | while the smart meters are not able to do that. Attackers can cause a Denial-of-Service in | ||
+ | the AMI where the operator can not access the consumers’ information when needed. This | ||
+ | can cause delayed information and affecting the service for the consumers. At the consumer’s | ||
+ | site, it can cause delay to pricing and can affect consumer financially [2]. | ||
+ | |||
+ | === Accountability === | ||
+ | Another important security requirement is accountability as noted by Mohassel et al. accountability | ||
+ | is when the entities do not deny receiving information or when the entity did | ||
+ | not receive information but say otherwise. The AMI is a large network and does not own | ||
+ | by an entity, instead it consists of different individuals. This means that it is crucial to | ||
+ | have synchronized timestamps for the data in the network by each entity. Weak focus on | ||
+ | accountability can result in financial issues because one entity can declare that the data has | ||
+ | been sent and accuse that it has been lost in the network [2, 6]. | ||
+ | |||
+ | == Human Factor Requirements == | ||
+ | The cyber security issues in AMI cannot be solved with just technical and regulatory requirements. | ||
+ | As the AMI obtains information from the consumer, the community has to be | ||
+ | involved in reducing the issues. Additionally, requirement for personnel involved in the AMI | ||
+ | is also necessary and will be discussed. |
Revision as of 19:36, 28 October 2017
Contents
Project Team
Juin Hao Yau
Supervisor
Dr Matthew Sorell
Introduction
As our technology advances forward at a rapid rate, the current power grid use today has not been significantly modified or improved. The current power grid is not reliable and has been causing blackouts, voltage sags and other numerous problems over the years. A similar but better electric grid called smart grids are replacing the standard electric infrastructure but at a very slow pace. What differs from a smart grid and the standard electric grid is that a smart grid is more reliable, manageable, scalable, cost efficient and has two-way communication between the utility operator and the consumer.
A smart grid consists of different entities connected by multiple systems. Advanced metering infrastructure (AMI) is a system component within the smart grid which connects smart meters from the consumers to the operators and vice versa. However, smart grids are vulnerable to cyber security attacks because of its large use of communication technology. This cyber security issues are also present in the AMI. If the cyber security issues are not addressed well, it could cause the AMI to be vulnerable to cyber threats and have serious consequences. AMI system plays an important role in the smart grid and with its weak cyber security protocols, it naturally becomes attackers first target. This research will cover the issues of cyber security in AMI, determine the requirements to mitigate the issues, discuss about the cyber threats resulting from the issues and to finally draw a conclusion by giving recommendations.
Motivation
South Australia has been recently facing with energy crisis. Approximately 50% of South Australias energy comes from gas, 45% from wind energy and the remaining from solar, diesel and brown coal from Victoria. Wind energy has been proved to be not very reliable during the blackout on September 2016 and due to the closure of a few coal plants in Victoria, the demand for gas energy increases. One solution proposed was to use battery storage as a short-term fix. However, the upfront cost for battery storage is too expensive and is not as efficient compared to other methods.
A long-term solution for the energy crisis is to convert the traditional standard grid into a smart grid. By doing so, the operators and consumers are able to communicate with each other and control the energy flow during high demand. AMI plays an important role in assisting the smart grid to connect the operators and consumers. Other than that, a smart grid can recover from a blackout by rerouting another transmission line.
Furthermore, smart grids can help reduce energy cost for the consumers as the smart meters installed at the end user allows the consumer to monitor energy prices in near real time. With the AMI implemented, the utility provider no longer needs to send out the meter man to measure the energy usage once every few months, instead they can bill the consumers directly and more efficiently. For the utility provider, this saves cost on fuel for sending out a meter man, and for the consumer, they no longer need to worry about estimated billing when the meter man has no access to the meter.
Purpose of the project
The purpose of this project is to carry out an extensive research, discuss and provide an overall view on the Cyber Security Issues in AMI and can then be used as a general reference for future work. The aim is to first identify the current issues and causes from past research, discuss about the issues, list out the regulatory requirements and the cyber security requirements. This research will also include ways an attacker can exploit the AMI and the recommended resolutions.
Background
What is a Smart Grid?
Over the years the term smart grid has went through numerous changes, but in general it is used to describe power grids with enhanced communication and sensing system which improves the overall reliability. According to Liu et al. a smart grid is capable of analysing power usage information in real time [1]. What makes a smart grid more reliable than the standard power grid is that any outage in an area due to bad weather can be automatically rerouted from another working distribution line. This feature is called distribution intelligence. A smart grid is also capable of integrating different energy sources. This allows renewable and non-renewable energy to work well together.
One important feature of a smart grid is the two-way communication between the consumer and the operator unlike the standard grid which only flows one way. What this means is that electricity is not only flowing from the operator to the consumer but information from the consumer is also flowing back to the operator. This two-way communication allows the operator to adjust the energy according to the consumer needs.
What is Advanced Metering Infrastructure (AMI)?
AMI is one of the major system within the smart grid which is used to connect the consumer and the operator with a two way communication link. Its main purpose is to measure, collect and analyse power usage data of consumers. The AMI is composed of different technologies such as smart meters, Meter Data Management System (MDMS) and consumers area network (HAN). Through AMI, operators are able to obtain electricity price in real time while the consumers will be able to have control on their power usage and are able to see real-time electricity prices [1].
What is a Smart Meter?
A Smart Meter is an electronic meter installed at the consumer’s end which is able to monitor and collect energy information of the consumer and then send it to the operator periodically, around every 30 minutes or less. Different from a electromechanical meter a smart meter contains bi-directional communication between the consumer and the utility provider which sends usage information back to the utility. The smart meter is a main component in the AMI.
What is Home Area Network (HAN)?
The HAN works as a network to connect the consumers appliances together. Such appliances include, computers, smart televisions, lights, security systems, etc. This allows the appliances to communicate with each other.
What is Meter Data Management System (MDMS)?
The Meter Data Management System is located and integrated at the consumer end. Information and data obtained from the consumer via smart meters are stored and managed in the MDMS software. It also provides report statistics and validation.
Cyber Security Issues
This introduction of the communication technology to the architecture caused cyber security vulnerabilities in the AMI. Hence this section aims to address cyber security issues in AMI from previous research.
Privacy Issues
There are many concerns on privacy with the installation of a smart meter. If the AMI was to be attacked or hacked, two main issues of privacy can occur; real time spying and burglary, and identity theft [16].
Real time spying and burglary
According to Mohassel et al., the smart meter is able to collect energy consumption data in a shorter interval of around 20 mins average compared to the traditional meter which is only done during the billing period. These shorter readings from the smart meter can then be used to generate a profile of the consumer which for example can include number of occupant and type of alarm system [6, 10]. This is backed up by Saputro and Akkaya where they mentioned that from the amount of information the Smart Meter obtains, it can show more than just the power usage of the consumer. The energy consumption information can show if the consumer is at home or not by load monitoring.
Moreover, the operating time of an appliance can also be determined from the smart meter. Additionally, if the energy consumption data is analysed over a period, a detailed graph can be produced [7].
Attackers are able to know what appliances were used on what specific time of the day and the consumers daily routine can then be figured out. The graph can be use as a surveillance on the consumer and can even be use to coordinate a burglary. A burglar can know when to attack based on the graph, for example, the graph will have no spike if the occupant went for a holiday. Other than that, this information can now be obtained remotely without the need to be present at the target’s property.
Identity theft
Identity theft is an issue whereby the attacker uses the consumer’s identity to gain benefit financially. A smart meter obtains more than just the energy consumption information from a consumer compared to the traditional meter. The list of personal information obtained by the smart meter and stored in the grid according to Liu et al. is as follows: consumers name, phone number, home address, transaction history, meter reading, HAN, meter IP and service provider [1]. This can cause serious privacy issues if the data in the Smart Meter falls into the wrong hands.
Based on Saputro and Akkaya there are two ways an attacker can obtain the energy consumption information. Firstly, an attack can occur when transmitting the data from the consumer to the utility. Secondly, it can either be done at the utility site or the consumer site where the smart meter is present [7]. Privacy issue may not be a serious problem for some people but a surprisingly large amount of people are concern on privacy which has led to activist being formed to stop the installation of smart meters. To ensure that the public are comfortable with smart meters and trust the utility, the data in the smart meter needs to be protected via cyber security measures [8].
Denial-of-Service issues
Another form of threat which is fairly common is a Denial-of-Service attack. Based on Mo et al. a DoS attack is when the attackers send false request to the network to cause a disruption or to temporarily make the service unavailable [15]. A successful DoS attack can cause an issue at the consumer site. From Cleveland, the consumer can get delayed pricing information on their smart meters which can cause financial problems [2]. Another major problem from a DoS attack is when there is an outage in an area, the grid is unable to restore power to it on time via the AMI [2].
Based on Asri and Pranggono there are three ways of executing a DoS attack, flooding attacks, vulnerability attacks and a new way of attack called puppet attack introduced by Yi et al. [16, 17]. Flooding attack is a form of Distributed Denial-of-Service attack (DDoS) where the attacker sends several SYN packet to an invalid address an causes an error in the system [16]. Vulnerability attacks are done by exploiting exposed software at the target which result in overuse of the CPU memory. Puppet attack on the other hand is similar to the flooding attack, however puppet attacks are less likely to be detected [17].
Unauthorized access and modification issues
Another major threat in the AMI is when attackers issue their own commands into the AMI or modify it. The types of different attacks can be classified into five different threats; masquerade, firmware modification, buffer overflow, man-in-the-middle attack, and energy theft.
Masquerade
From previous research, masquerade is shown as a threat where attackers impersonate the control centre at the AMI headend [11]. As mentioned by Parks, the attackers can issue a shutdown on multiple Smart Meters causing a high power without demand from the power company. The power company will then lower the power and when the smart meters are 15 turned back on, the lack of power can cause a blackout [12]. Masquerade can be done through authentication bypass. Another possible masquerade threat is at the consumers site where the attackers can send false alarms from multiple smart meters to the control centre. The result of this is the control centre will send maintenance team to those smart meters and can cause performance and delay issues [11].
Other than small threats, masquerade can be used as a large-scale attack and can cause havoc nationwide as mentioned by Parks [12]. An example of a large-scale attack is terrorist can cause power instability or blackout during their own bombing attack.
Firmware modification
A threat also mentioned in the research of Adak et al. is firmware modification. This threat is a major concern because attackers can modify the firmware remotely and once modified, the AMI meter can function however the attacker wants. Although modifying the firmware of the AMI is not an easy task and requires a certain amount of expertise, it should not be taken lightly as it can have serious consequences [11].
Firmware modification
A threat also mentioned in the research of Adak et al. is firmware modification. This threat is a major concern because attackers can modify the firmware remotely and once modified, the AMI meter can function however the attacker wants. Although modifying the firmware of the AMI is not an easy task and requires a certain amount of expertise, it should not be taken lightly as it can have serious consequences [11].
Buffer overflow
According to Adak et al., buffer overflow is a very common type of attack these days. As the name implies, the attacker can overflow the buffer in the AMI meter and can cause damage to the data within the AMI or leak them [11]. The memory addresses gets modified during a buffer attack which can cause system freeze.
Man-in-the-middle Attack
Man-in-the-middle attack is also a common cyber threat towards the AMI. This can be done during the transmitting of data over the network. The attackers can implant false information in the network from any node. The backhaul link is one way where the attackers can interfere and also obtain the cryptographic key. [6] A few consequences of a man-in-the-middle attack based on Liu et al. are modification of the billing data, financial loss, equipment damage and human risks.
Energy theft
Lastly, energy theft has always been around since the first standard grids are introduced and are still present in Smart Grids. According to McLaughlin et al. there are 2 types of attackers; consumers and organized crime [13]. Customers are the main attackers to try and steal energy via tampering the meter. Stealing energy by tampering the smart meter is harder compared to the traditional meter, however due to the advancement of AMI, ways on how to steal energy from smart meters can be easily obtained online [14]. Organized crime is another culprit of energy theft. As mentioned by McLaughlin, these organizations are professional hackers who take advantage of the AMI system to steal large amount of energy [13].
Regulatory Requirements
The cyber security issues in the AMI can be minimised by introducing regulatory requirements and/or legislations which creates certain restrictions on the AMI for example the handling of consumer’s data [18]. This section covers the current regulatory requirements used in the AMI system and will also include suggested new laws to improve the cyber security of the AMI.
Policy for privacy
A smart meter records the energy consumption of the consumer every 30 minutes or less. Hence, the information obtained by a smart meter can be very detailed and can show the lifestyle of the consumer. There are rising privacy concerns among the consumers if the information happens to fall onto the wrong hands or misused by the utility provider. Privacy is a major issue which directly involves the consumer and hence need to be enforced. Based on Australian law, the federal privacy act 1988 ensures that the consumer’s information (name, signature, address, bank details, telephone number and date of birth) is protected. This applies to the AMI system for example, when the smart meter collects the consumer’s personal information, the utility provider is not allowed to share it to other third parties without having the consent from the consumer. Other than that, the utility provider will always ensure that the third party complies with the federal privacy act when the third party request to obtain the consumer’s information.
Moreover, the utility provider need to ensure the authenticity of the obtained consumer’s personal information by ensuring the consumer updates their information regularly. On the other hand, the information collected from the smart meter and kept by the utility provider must be protected from unauthorised access. Another requirement to strengthen the privacy of the consumer is the utility provider must conduct cyber security training for their staffs and ensure frequent audits.
Additionally, the federal privacy act contains the Australian Privacy Principles (APP), also formerly known as National Privacy and Principles. APP explains the use and storage of personal information and set restrains for organisations with 3 million Australian dollars or more annual turnover [20]. There are additional protection on the installation and data of the smart meter as stated in the National Electricity Rules.
Policy for unauthorized access and DoS
Aside from policy regarding privacy issues, law enforcing the cyber security to prevent unauthorized access issues should also be prioritized. The AMI is responsible on the measurement and collection of energy usage of the consumers, and is done through network transmission. Hence, the AMI is exposed and can be vulnerable to cyber attacks if there are no regulations on the cyber security.
A few policies can be introduced to minimise cyber security issues within the AMI. For example, a policy where the encryption of the information and cyber security protection of the AMI and grid has to exceed a certain level of security. If such policy exists, this can ensure that when the AMI is implemented, the design engineers follows a specific set of rules and ensures that the cyber security is not easily penetrated.
Additionally, the policy can also defend against unauthorized access by making sure meter protocols are implemented and for each stage of the data transmission process between the consumer and utility provider there contains encryption. Other ways to enforce the cyber security in the AMI includes implementing passwords in the smart meters according to the appropriate standards and the addition of firewalls to separate the AMI network from the internet [19].
Cyber Security Requirements
Cleveland mentioned that each cyber security issue can be grouped into their appropriate security requirements. This bond between the security requirements and threats means that solutions to the cyber security issues can be implemented easier instead of solving on each individual threat. Below are four different technical security requirements and their corresponding descriptions [2].
Confidentiality
Cleveland mentioned that in AMI, confidentiality means that consumer’s information and data is only available to the authorized operator. This is important as a consumer because of privacy issues. Without confidentiality, attackers can obtain detailed information of the consumers for example energy usage patterns. This energy usage pattern is able to give attackers information on whether the consumer is at home or not and their daily routine. To keep the consumer’s data confidential, either the AMI network needs to be encrypted so that attackers cannot easily hack or the utility provider needs to ensure the data is not shared to other third parties [2].
Integrity
According to Cleveland, integrity is to ensure the information and data received by the operator is from the correct consumer. This means that the data collected by the smart meter must not be altered or modified without authorised permission. Attackers can hack and pose as the consumers and give false information to the operator. An example is when the attackers increases the electricity demand of multiple consumers and if the generator is unable to supply that amount of power, a blackout can occur [2].
Availability
Based on Cleveland, availability is to ensure that the consumer’s information and data is always available to the authorized operator. This is especially important for smart meters as compared to the traditional meters, because the traditional meters allows estimate billing while the smart meters are not able to do that. Attackers can cause a Denial-of-Service in the AMI where the operator can not access the consumers’ information when needed. This can cause delayed information and affecting the service for the consumers. At the consumer’s site, it can cause delay to pricing and can affect consumer financially [2].
Accountability
Another important security requirement is accountability as noted by Mohassel et al. accountability is when the entities do not deny receiving information or when the entity did not receive information but say otherwise. The AMI is a large network and does not own by an entity, instead it consists of different individuals. This means that it is crucial to have synchronized timestamps for the data in the network by each entity. Weak focus on accountability can result in financial issues because one entity can declare that the data has been sent and accuse that it has been lost in the network [2, 6].
Human Factor Requirements
The cyber security issues in AMI cannot be solved with just technical and regulatory requirements. As the AMI obtains information from the consumer, the community has to be involved in reducing the issues. Additionally, requirement for personnel involved in the AMI is also necessary and will be discussed.