Abstract
The Smart Grid is gradually attracting the attention of government, industry and academia. It is a next generation electricity network that depends on two-way communication between its elements, being more reliable, more efficient and self-healing, with automatic meter reading and dynamic pricing1. Smart Grid technology presents new cyber security threats that should be addressed. Deploying a Smart Grid without suitable cyber security might result in serious consequences, such as grid instability, utility fraud, and the loss of user information and energy consumption data. Due to the various architectures that assure communication within the Smart Grid, it is a challenge to design an advanced and strong cyber security concept that can be smoothly deployed to protect the devices in the Smart Grid's infrastructure. This article focuses on Smart Grid cyber security threats to Home Area Networks (HANs) and Neighbourhood Area Networks (NANs). It aims at providing knowledge management and deep analysis of the threats to HANs and NANs, including one of the biggest cyber security threats, advanced malware. Smart Grid Malware mitigation is essential to ensure the proper functioning and efficient operation of the utility companies and the private home economy. Advanced malware has a variety of anti-detection features like dynamic encryption, code obfuscation and stealth operation. The offensive part of advanced malware has a mechanism to disguise who, when and where will be attacked.
The Smart Grid is one of the most critical infrastructure services of today's nation state, so comprehensive cyber security and privacy mechanisms are needed to guarantee its continuous and reliable operation. The new smart metering is the gateway between the Smart Grid and our homes or businesses, enabling dynamic pricing (NIST 2014) and information exchange with smart home devices (IoT), which are all connected.
Despite its critical importance, research on smart home and Smart Grid security issues is still in its early stage. As a result, we are motivated to investigate Smart Grid cyber security issues further 2. Cyber-security, both for critical infrastructure in general and for the Smart Grid, which is a fundamental element of it, is a very troubling issue because the number of attacks on critical infrastructure is continuously increasing. According to an NCCIS report3, ICS-CERT responded to 295 cyber incidents (Figure 1), the majority of them (230) first detected in the business networks of critical infrastructure organizations. Some 59% of the reported incidents occurred in the energy sector, which exceeded all the incidents reported in other sectors combined.
A key element of the Smart Grid is the availability of Advanced Metering Infrastructure (AMI), with a constant and stable connection to the utility company. This paper attempts to provide an overview of the main cyber security threats to the Smart Grid with a focus on the smart meter. Its goal is to present a summary of the state-of-the-art smart meter cyber security threats and provide a better understanding of the direction of future research which is required in this field. Most of the topics mentioned in the paper can be extended to other areas of cyber security research, educational applications/knowledge management and different industries.
Threats can be defined as the range of possible actions that can be taken against a system4. They can be classified according to different criteria, for example: accidental or deliberate actions (safety failures, equipment failures, carelessness, natural disasters), insider or outsider (criminal groups, terrorists, nation-states/foreign intelligence services), or by the techniques of attack (physical destruction, theft, malware, communication threats, escalation of privileges, data base injection, denial of service, replay, spoofing, social engineering, phishing, spam). In this paper, the attention of the author will be focused on the malware that could affect the Smart Grid. According to the ENISA 2016 report, malware remained the number one cyber-threat, increasing to one million new samples per day and one can assume that it will remain one of the top three threats in 2017.
The Smart Grid is one of the most critical infrastructure services of today's nation state, so comprehensive cyber security and privacy mechanisms are needed to guarantee its continuous and reliable operation. The new smart metering is the gateway between the Smart Grid and our homes or businesses, enabling dynamic pricing (NIST 2014) and information exchange with smart home devices (IoT), which are all connected.
Despite its critical importance, research on smart home and Smart Grid security issues is still in its early stage. As a result, we are motivated to investigate Smart Grid cyber security issues further 2. Cyber-security, both for critical infrastructure in general and for the Smart Grid, which is a fundamental element of it, is a very troubling issue because the number of attacks on critical infrastructure is continuously increasing. According to an NCCIS report3, ICS-CERT responded to 295 cyber incidents (Figure 1), the majority of them (230) first detected in the business networks of critical infrastructure organizations. Some 59% of the reported incidents occurred in the energy sector, which exceeded all the incidents reported in other sectors combined.
A key element of the Smart Grid is the availability of Advanced Metering Infrastructure (AMI), with a constant and stable connection to the utility company. This paper attempts to provide an overview of the main cyber security threats to the Smart Grid with a focus on the smart meter. Its goal is to present a summary of the state-of-the-art smart meter cyber security threats and provide a better understanding of the direction of future research which is required in this field. Most of the topics mentioned in the paper can be extended to other areas of cyber security research, educational applications/knowledge management and different industries.
Threats can be defined as the range of possible actions that can be taken against a system4. They can be classified according to different criteria, for example: accidental or deliberate actions (safety failures, equipment failures, carelessness, natural disasters), insider or outsider (criminal groups, terrorists, nation-states/foreign intelligence services), or by the techniques of attack (physical destruction, theft, malware, communication threats, escalation of privileges, data base injection, denial of service, replay, spoofing, social engineering, phishing, spam). In this paper, the attention of the author will be focused on the malware that could affect the Smart Grid. According to the ENISA 2016 report, malware remained the number one cyber-threat, increasing to one million new samples per day and one can assume that it will remain one of the top three threats in 2017.
| Original language | American English |
|---|---|
| Pages (from-to) | 55-66 |
| Number of pages | 12 |
| Journal | e-mentor |
| Volume | 2017 |
| DOIs | |
| State | Published - 15 May 2017 |