Lucie Langer

Privacy issues of smart e-mobility

The increasing adoption of Smart Grids brings about significant benefits such as enhanced efficiency and sustainability, but entails also severe threats to consumer privacy due to the possibility of establishing detailed user profiles. Existing efforts mostly focus on privacy issues in Smart Metering. However, the Smart Grid contains other important use cases whose privacy challenges have not received much attention to date. In this paper we aim to raise awareness for privacy issues in e-mobility, which will be a cornerstone application of the future Smart Grid. In particular, we study in detail the properties of privacy-relevant e-mobility use cases, the actors involved in those scenarios, and the data they exchange as part of their interaction. We investigate to which extent existing solutions can be applied to address emerging privacy challenges in e-mobility, and propose privacy-aware design patterns.

From old to new: Assessing cybersecurity risks for an evolving smart grid

Abstract Future smart grids will consist of legacy systems and new ICT components, which are used to support increased monitoring and control capabilities in the low- and medium-voltage grids. In this article, we present a cybersecurity risk assessment method, which involves two interrelated streams of analyses that can be used to determine the risks associated with an architectural concept of a smart grid that includes both legacy systems and novel ICT concepts. To ensure the validity of the recommendations that stem from the risk assessment with respect to national regulatory and deployment norms, the analysis is based on a consolidated national smart grid reference architecture. We have applied the method in a national smart grid security project that includes a number of key smart grid stakeholders, resulting in security recommendations that are based on a sound understanding of cybersecurity risks.

Smart grid cybersecurity risk assessment

As much as possible, it is important that the smart grid is secure from cyber-attacks. A vital part of ensuring the security of smart grids is to perform a cybersecurity risk assessment that methodically examines the impact and likelihood of cyber-attacks. Based on the outcomes of a risk assessment, security requirements and controls can be determined that inform architectural choices and address the identified risks. Numerous high-level risk assessment methods and frameworks are applicable in this context. A method that was developed specifically for smart grids is the Smart Grid Information Security (SGIS) toolbox, which we applied to a voltage control and power flow optimization smart grid use case. The outcomes of the assessment indicate that physical consequences could occur because of cyber-attacks to information assets. Additionally, we provide reflections on our experiences with the SGIS toolbox, in order to support others in the community when implementing their own risk assessment for the smart grid.

Establishing a Smart Grid Security Architecture

Abstract The chapters in this book discuss a range of issues that are important in establishing an effective security architecture for a Smart Grid environment. These issues include the role of architecture within a secure development lifecycle, as well as the particular importance of technologies such as security analytics and device identification. This chapter brings together this and other information to discuss the process of establishing a security architecture for a particular Smart Grid environment, as well as several aspects of the architecture that are not yet well-developed in such industry standard reference architectures as NISTIR 7628. The chapter then continues by discussing the process of applying the resulting architecture in designing and implementing a Smart Grid security solution.

Architecture-driven smart grid security management

The introduction of smart grids goes along with an extensive use of ICT technologies in order to support the integration of renewable energy sources. However, the use of ICT technologies bears risks in terms of cyber security attacks which could negatively affect the electrical power grid. These risks need to be assessed, mitigated and managed in a proper way to ensure the security of both current and future energy networks. Existing approaches have been either restricted to very specific components of the smart grid (e.g., smart meters), or provide a high-level view only. We therefore propose an architecture-driven security management approach for smart grids which goes beyond a mere abstract view without focusing too much on technical details. Our approach covers architecture modeling, risk identification and assessment as well as risk mitigation and compliance checking. We have proven the practical usability of this process together with leading manufacturers and utilities.

Cyber Security Challenges in Heterogeneous ICT Infrastructures of Smart Grids

A drastic change in modern power grids is underway. Conventional means of providing energy by centralized suppliers will not be sufficient to ensure the energy supply of our society in the future. Therefore, Information and Communication Technologies (ICT) are increasingly applied, for example, to allow a flexible integration of wind-, solar-, or biomass energy into the existing power grid. This integration of energy providers, consumers, producers and utilities by means of ICT is the cornerstone of a Smart Grid. With the increasing use of novel smart grid technologies, a comprehensive ICT network is established parallel to the electricity grid, which due to its large size, number of participants and access points will be exposed to similar hazards as the current Internet. However, the reliable energy supply of this system depends on the effective operation of ICT, and similar security problems such as in the current Internet would have severe consequences. Potential threats range from meter manipulation to directed, high-impact attacks on the critical infrastructure of the energy carrier that could damage or bring down parts of the national power grid. It is essential that security measures are put in place to ensure a future smart grid does not succumb to these threats, and to safeguard this critical national infrastructure at all times. One of the main challenges when building up smart grids is to cope with the heterogeneous character of applied technologies. Since product life cycles can span several decades, the overall system complexity will considerably grow in the next years due to the application of many different protocols and technical solutions. This heterogeneity eventually increases the attack surfaces to a smart grid and might also lead to an increased vulnerability. In this paper, we survey the most relevant protocols and standards today, and investigate their application and potential conflicts in future security-relevant smart grid use cases. 

The RASSA Initiative --- Defining a Reference Architecture for Secure Smart Grids in Austria

The goal of the Reference Architecture for Secure Smart Grids in Austria RASSA initiative is to design and establish a technical reference architecture specification in coordination with all relevant stakeholders. This goal is realized across multiple projects. This paper first motivates the need for developing a coordinated smart grids reference architecture for Austria involving all relevant actors, such as infrastructure operators, manufacturers, and public agencies. After a description of most prominent international reference architecture efforts, first results on how to develop a reference architecture serving as a blueprint for further smart grids solutions is described. Necessary coordination and communication efforts to achieve a nationally accepted and internationally aligned process are described. The paper closes with an outlook on a practical application of the principles defined in order to meet stakeholder requirements through target-group-specific involvement.

Analysing cyber-physical attacks to a Smart Grid: A voltage control use case

ICT and SCADA systems will play an increasingly operationally critical role in the smart grid. Cyber-attacks to these systems have the potential to result in outcomes in the physical domain. For example, power systems equipment could be damaged, reduced power quality could occur - potentially leading to blackouts - and, in extreme cases, result in safety-related incidents. Recently developed cybersecurity risk assessment guidelines for the smart grid reflect this understanding. However, they provide limited input about how these risks should be analysed. In this paper, we present how event trees - an inductive modelling technique - can be used to explore the potential impact of a cyber-attack to information assets in the smart grid. Using event tree analysis, we have examined cyber-attacks in the context of a voltage control use case, indicating how power grid protection measures may influence the outcome of such an attack and its physical impact to a smart grid.

The Evolution of the Smart Grid Threat Landscape and Cross-Domain Risk Assessment

Future power grids will make extensive use of information and communication technology (ICT) to integrate renewable energy sources and support novel functionalities. Consequently, smart grids provide a much larger surface for cyber-attacks, which makes cybersecurity risk assessment a task of major importance for the security and resilience of future energy supply. Risk assessment in smart grids is, however, challenging due to their cyber-physical nature and the mix of legacy systems and new components. This chapter investigates different types and potential impacts of cybersecurity threats to smart grids, focusing on different smart grid domains in three comprehensive case studies. The challenges of risk assessment in future power grids are reflected, and different risk assessment frameworks proposed to date are discussed, including their applicability to smart grids.

On Socio-Technical Concerns for Smart Grid Security and Resilience

The future smart grid will make use of ICT to support the inclusion of new renewable energy sources and advanced energy services. In some cases, the Internet will be used as part of this critical infrastructure, e.g., to enable communication with end-user services. Consequently, developing technologies for ensuring the security and resilience of smart grids and the Internet are of paramount importance. For these technologies to be widely adopted, important socio-economic aspects must be considered, which will be addressed in a new EU-funded project, called SPARKS. In this paper, two examples are given of how socio-economic aspects affect security and resilience of smart grid development. The first one outlines the chain-of-custody issue, which might influence the security architecture of a smart grid. The second one outlines a bottleneck in the institutional setting, which might restrict the flexibility and resilience at the distribution level of smart grids.