Smart energy and the smart grid are being discussed by everyone; however, there are still a lot of things to be considered if future security is to be ensured. One of these, mentioned with some hesitancy in ongoing discussions, is the security provided by the digital supply measuring and controlling devices that are coming out in the near future – no matter whether they are used to replace the black meters in your basement or whether they can be found lying flat and nice to look at on your tea table, almost like a tray for special purposes.
Just consider how much information can be retrieved or even influenced with the aid of a small power supply meter. You can easily think of a variety of ways in which the device can be used: for instance, to find out how many people live in an apartment, at what time the people are at home and when they watch TV. It may also be used to manipulate the power consumption measured. The meter might just as readily be switched off by hackers, and it is equally possible to store consumer data in profiles of social media. In addition, energy suppliers are interconnected with every client via the smart meter gateway, which is installed in every household. Hence, the customers are also interconnected with each other – which aggravates the security problem even more.
Against this background, one may well ask whether the customers’ consumption data is sufficiently protected against illegitimate access and evaluation and whether tariff data is secured against manipulation. What’s more: Is the controlling data in the smart meter secured in such a way as to prevent unauthorized third parties from switching off power supply throughout entire regions, to mention but one example? And finally: Are power supply companies sufficiently protected against attacks from the smart grid?
The attacks on industrial controlling systems with the help of the bugs Stuxnet, Duqu, Flame, Mahdi, Gauss, Shamoon, etc. and their successors, variants and derivates, which are transmitted via the internet, have proved that these are not purely theoretical questions. Not only very remote uranium centrifuges, but also our power supply and distribution networks are likely to be subject to attacks in the future. What is the situation of smart metering security like in Germany? Concrete security measures are set forth in the ‘“Technical Guideline BSI TR-03109” (Technische Richtlinie BSI TR-03109). They are also tested during the evaluation process on the basis of the “Protection Profile for the Gateway of a Smart Metering System” – and in accordance with what is referred to as “Common Criteria”. However, traditional approaches do not provide satisfactory solutions – just as the risks involved in traditional information technology cannot only be avoided using firewalls, intrusion detection and protection systems, anti-virus software and encryption.
Over and above that, all systems involved have to be checked, in particular, by using techniques to identify hitherto unknown vulnerabilities. The reason is that the past and present success of Stuxnet & Co. was caused by a number of previously unknown vulnerabilities that they benefitted from. This is why smart metering gateways too – have to be tested with a view to identifying hitherto unknown vulnerabilities. Hence, the following three techniques in particular, developed by Power Plus Communications AG and Open Limit Sign Cubes GmbH, are used within the framework of the first certification procedure for smart metering gateways in Germany:
Architectural Analysis – Threat Modeling:
Security has to be taken into account as early as in the design phase: this is the reason why the identification and verification of vulnerabilities starts with the analysis of documentation. The latter also includes the analysis of the program flow charts and data flow charts provided by and relating to all communication partners, ranging from energy suppliers and distributors to household appliances, other consumers, meters and indicating units.
Static Source Code Analysis:
The source code (white-box testing) of the target software is analyzed without executing it. This even extends as far as a semantic analysis and enables the identification of complex bugs, which may, for instance, be caused by race conditions, deadlocks or incorrect pointer administration.
Dynamic Analysis with the aid of “Fuzzing”:
You can use this “black box technique” to identify hitherto unknown vulnerabilities at little cost and without knowing the source code. For this purpose, suitable test data has to be entered into the target program. The processing of this data leads to errors of the target program (crash, high consumption of resources, such as calculation time). This abnormal behavior is recorded and pre-analyzed with the aid of a monitoring tool that enables the identification of vulnerabilities.
Even though smart metering may still be considered a “topic of the future” by many people, it is high time for us to integrate these security safeguarding techniques on a comprehensive scale. This is even more important as many of our hopes for the far-reaching success of smart metering are not only based on aspects of energy saving and consumption controlling, but also on other value-adding services which the new technique paves the way for. Hence, we should not forget that smart metering is too important to leave it solely in the hands of the consumers, who usually take only partial and superficial security measures by using antivirus freeware or similar software. We cannot ensure that the requirements for trustworthy, bug-free software are met unless we base our work on a comprehensive security concept that addresses all security aspects with the aid of suitable techniques.