Steffen Fries

Enhancing IEC 62351 to Improve Security for Energy Automation in Smart Grid Environments

Information security has gained tremendous importance for energy distribution and energy automation systems over the last years. Standards like IEC61850 offer standardized communication services and standardized data models for communication in energy automation. IEC 61850 is flanked by the standard IEC 62351 that especially addresses security and specifies technical requirements which have to be met by vendors. Especially, vendors that cover the entire energy automation chain with their product portfolio face new demanding challenges imposed by new use cases that come with the rise of the Smart Grid. This paper describes the current state of the standardization of IEC 62351, gives an overview of current and new use cases, and discusses potential enhancements of the standard to address new use cases. The enhancements allow multiple parallel distinguishable sessions based on MMS and proper authentication as well as authorization.

Secure Identifiers and Initial Credential Bootstrapping for IoT@Work

Internet of Things is gaining momentum in industrial automation environments. The objectives of the EU project IoT@Work are to transfer Internet of Things approaches to industrial automation environments and to develop mechanisms and protocols to enable plug & work of devices. Identification of things or devices as part of a network, service, or application in a secure manner is one of the most important requirements for reliable operation. In this paper we present the requirements to secure identifiers and propose an approach suitable in industrial automation. As secure identifiers rely on cryptographic credentials, we compare different approaches to initially bootstrap these credentials and analyse applicability in Internet of Things scenarios.

Smart Grid Cyber Security – An Overview of Selected Scenarios and Their Security Implications

Information security has gained tremendous importance for energy distribution and energy automation systems over the last years. Cyber security for the Smart Grid is crucial to ensure reliable and continuous operation of the Smart Grid. IT security is a major concern especially for new use cases, comprising the utilization of decentralized energy resources, the control of energy consumption and connected smart metering, as well as electro mobility. All these scenarios extend the energy network with an information and communication infrastructure to realize the envisioned functionality. Nevertheless, bridging both worlds goes along with new security requirements that need further evolvement or development of technical and organizational solutions. Prominent Smart Grid scenarios and their security implications are described. Moreover, the current state of Smart Grid security standardization and regulation is summarized.

Smart Grid Information Exchange – Securing the Smart Grid from the Ground

The Smart Grid is based on information exchange between various stakeholders using open communication technologies to control the physical electric grid through the information grid. Protection against cyber attacks is essential to ensure a reliable operation of the Smart Grid. This challenge is addressed by various regulatory, standardization, and research activities. After giving an overview of the security demand of a Smart Grid, existing and appearing standardization activities are described. Moreover, an overview is given about potential roles in Smart Grid environments, which have been analyzed in the context of an EIT ICT Labs questionnaire.

Protecting Voice over IP Communication Using Electronic Identity Cards

Using communication services like voice services, chat services and web 2.0 technologies (wikis, blogs, etc) are a common part of everyday life in a personal or business context. These communication services typically authenticate participants. Identities identify the communication peer to users of the service or to the service itself. Calling line identification used in the Session Initiation Protocol (SIP) used for Voice over IP (VoIP) is just one example. Also, further mechanisms rely on identities, e.g., white lists defining allowed communication peers. Trusted identities prevent identity spoofing. They are a basic building block for the protection of VoIP communication. However, providing trusted identities in a practical way is still a difficult problem. Identity cards have been introduced by many countries supporting electronic authentication and identification of citizens, e.g., the German “Elektronischer Personalausweis” (ePA). As many German citizens will possess an ePA soon, it can be used as security token to provide trusted identities. Authentication and identification are important building blocks in the protection of VoIP communication, keying material established during authentication can be used for further protection of the communication. This paper describes how identity cards can be integrated within SIP-based voice over IP telephony to reliably identify users and authenticate participants using as example the German ePA.

New security mechanisms for network time synchronization protocols

As evolving security concerns have prevailed, the network time synchronization protocol community has been actively engaged in the development of improved security mechanisms for both the IEEE 1588 Precision Time Protocol (PTP) and the IETF Network Time Protocol (NTP). These activities have matured to the point where this year should see the finalization of the first new security mechanisms for time protocols in ten years. This paper provides an overview of the two solutions being developed, compares and contrasts those solutions, and discusses relevant use cases and deployment scenarios.

Profiling the Protection of Sensitive Enterprise Multimedia Communication

Voice is, besides email, the major personal communication technology used by employees of an enterprise. Additionally, multimedia communication is getting used more and more in the form of video conferences to decrease travel cost and support environmental protection. Besides oral communication also documents, e.g. presentations, may be shared. Thus sensitive information is likely to be exchanged as part of the communication. Hence, an appropriate security level is of great relevance to protect enterprise’s confidential information. Historically, security measures for communication systems have either been targeted to prevent fraud, thereby securing the operator’s business model, or to provide military-class end-to-end encryption. Neither approach targets the security objectives of enterprises using private and public communication infrastructure for sensitive business exchanges. It is common practice within enterprises to define different data protection classes and associated rules that have to be respected when dealing with sensitive information. Thus, the main contribution here is on one hand an evaluation of relevant available or known security technology from the perspective of protecting sensitive enterprise communication, and a roadmap for an incremental, step-wise introduction of security features in multimedia (including voice and video) communication that allows for a step-wise (incremental) introduction of security features required for different security levels.

Security Governance for Enterprise VoIP Communication

Voice is, besides email, the major personal communication technology for businesses. As it is often used for sensitive conversations, an appropriate security level is of great relevance. Historically, security measures have either been targeted to prevent fraud, thereby securing the operatorpsilas business model, or to provide military-class end-to-end encryption. Neither approach targets the security objectives of enterprises using private and public voice communication for sensitive business exchanges. A graded approach to VoIP security for enterprise communication allows for a step-wise introduction of security features required for voice communication of different security levels similar to common data protection classes.