For over a decade, local and national government bodies around the world have been investing in “smart” initiatives – digital, intelligent, innovative & sustainable projects. One pioneering application for hardware security in this context is the smart energy sector, with its smart grid and smart meters. Energy infrastructures are a fundamental resource for today’s way of living. They are widespread, vulnerable and a strategic target for cyber-attacks – which is why they need to be protected.
How to secure smart metering, the energy sector & other utility companies
The Root of Trust for smart grids & smart metering environments
Just as any endpoint, smart grid devices collecting, storing and using business data or consumer information are vulnerable to an attack. How can governments & utility companies ensure that both their own and their citizens’ data is neither abused nor manipulated? How can they avoid financial or reputational damage to affected parties?
This huge network of connected end points and all their collected data needs to be encrypted, end-to-end! Governments and public authorities overall need to ensure that this is done properly.
Compared to software solutions, hardware solutions such as Hardware Security Modules (HSMs) offer maximum security even in the most hostile environments. The module can detect an attack when it is happening, including mechanical intrusions, overheating, power blackouts or chemical attacks, and automatically initiates the immediate deletion of cryptographic keys. In comparison, software-based keys can be captured in the moment of unlocking. Thus, they offer attackers the opportunity to study the software and attack via side channels, exploiting vulnerabilities and running attacks remotely.
With a FIPS 140-2 Level 3 (tamper evident) or Level 4 (tamper resistant) certification, Utimaco HSMs are ideally suitable for use within smart grid & smart metering environments. A FIPS 140-2 Level 4 physical security certified HSM is the perfect solution when the highest possible resistance against physical attacks is required.
Beyond smart metering and the smart grid: securing the utilities sector
Besides securing smart metering environments, Hardware Security Modules are equally suited for smart water and gas distribution or other smart city systems, e.g. intelligent waste disposal systems.
Successful evaluation of Utimaco HSMs
A Common Criteria evaluation laboratory has evaluated Utimaco CryptoServer CSe (FIPS 140-2 Level 3, physical security Level 4) based on the German BSI Technical Guideline BSI TR-03109 and Certificate Policy. Evaluation results show that it fulfills the requirements of the German Certificate Policy of the Smart Metering PKI:
- Secure random number generator DRG.4
- Tamper protection against attack potential “high” (exceeds required level “moderate”)
- Side-channel resistance against attack potential “high” (exceeds required level “moderate”) for algorithms AES-256, Diffie-Hellman key exchange, ECDSA signature generation and verification and ECDH key exchange
The evaluation certificate for Utimaco CryptoServer CSe is available here.
This evaluation gives energy and utility companies, as well as their customers the certainty that deployed IT components and devices – such as Utimaco HSMs – fulfill the requested legal security requirements.
Applications Utimaco HSMs can be used for
Governments and utility companies can work with Utimaco to take advantage of solid hardware security solutions for the following application scenarios:
- For confidentiality and data privacy, encryption with high quality cryptographic keys generated by
- a true random number generator
- together with digital signature creation for integrity, authenticity and non-deniability of data and
- a public key infrastructure (PKI) for unique identification of devices, end-to-end security can be ensured.
Challenges for public authorities, utility companies & the end-user
A major difference exists between the US and the European approach to smart energy distribution.
The US approach focuses on smart grid security
(US policy described in 42 U.S.C. ch. 152, subch. IX § 17381)
Motives for the evolution from traditional distribution to smart grids range from
- integration and management of decentralized energy production sites to
- energy efficiency with less need for spare capacities.
- Increased stability and reliability of the grid are reached via load balancing and management and the connection and disconnection of large-scale consumers.
- In addition, remote (dis)connection, inspection and maintenance are enabled, reducing operational costs for grid users, e.g. when moving from one address to another, or for implementing legal measures.
But therein lies the risks and challenges: from sabotage and manipulation to blackmailing and the threat of a partial or complete blackout. Preventing these threats requires awareness creation, and educating those in charge of network and data security matters.
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards define and govern the US efforts to secure the bulk power system. It applies to all owners, operators and users of the electric power system. To best safeguard related assets, security methods such as encryption and user authentication, e.g. using a public key infrastructure (PKI), are required. In this context, Hardware Security Modules ensure tamper-resistant protection of the cryptographic keys and processes used for encryption and PKIs.
The European approach is more centralized around smart meter security
Reasons for the installation of smart meters include
- the accuracy of measured data,
- reduced potential for intentional and unintentional human error and energy theft,
- and the possibility to offer a more flexible tariff structure.
Nonetheless, meter and data manipulation are a permanent risk factor – which is why countermeasures need to be implemented: e.g. anti-tamper mechanisms (tamper resistance and tamper detection) and verifying the plausibility and integrity of commands. The authentication of servers, meters and transmitted commands is crucial to prevent complete blackouts. Last but not least, data privacy concerns are equally important and require the encryption of measured data, data bases and customer information.
The German smart metering approach is regulated by the BSI Technical Guideline TR-03109 and the related Certificate Policy of the Smart Metering PKI. These define the requirements of functionality, interoperability and security of smart metering IT components. The focus is clearly on data privacy and the smart meter gateway as a central security component within the smart metering infrastructure. In addition, the Critical Infrastructure Protection (CIP, German: KRITIS) strategy and implementation plan provide key concepts and measures.