Welcome Message from David Thomson, New NES CEO Read More Jun 04, 2018
Smart Grid Security Perspectives Read More Jan 02, 2018
Tauron Distribution has installed over 350,000 smart meters in Wrocław Read More Oct 02, 2017
( Original in Polish )
NES emphasizes critical importance of Smart Grid security Read More Aug 03, 2017
I am very pleased to have recently joined Networked Energy Services and honoured to be its new CEO. I look forward to a highly successful working relationship with all of our customers and partners.
 
Previous to joining NES, I held a variety of leadership positions within Honeywell Smart Energy, the Elster Group and Invensys plc. So I come to NES with a strong understanding of the industry and the needs and objectives of utilities. This is why I am so excited about NES, which has a great reputation for high quality, secure, interoperable standards-based solutions. I believe that NES is well positioned to help existing customers as well as other utilities realize smart grid benefits beyond just the traditional smart metering functions through our Patagonia Energy Applications Platform (EAPTM). Patagonia EAPTM, with its focus on applications and analytics integrated into a flexible framework, is unique within the market.
 
I believe the utility industry is at critical point as it needs to find the best ways to address a variety of issues including:
 
• Security
• Reliability
• New Regulation
• Competition
• Costs
• Distributed Energy Resources
 
I believe that technology can have a significant positive impact on all of these issues, and NES is committed to providing solutions and technologies that enable Utilities to address these critical items as well as other important issues. NES can provide secure solutions with upgradeable devices that improve reliability, reduce operating costs and offer integration with new supply sources including solar, electric vehicles, micro-generation and storage facilities. Our solutions can be utilized as an essential part of not just the smart grid but the larger smart city as the industry and markets mature.
 
As you probably know, NES has already developed a great core technology and offers an outstanding innovation base. We plan to continue this direction by building on our strengths and expanding our product and services to further support our customers. Some of the key areas of focus are:
 
Energy Applications Platform
 
We continue to be excited about the recent introduction of Patagonia Analytics solutions into the NES EAPTM product portfolio. These solutions will be important as our customers address the next wave of challenges and seek return on investment for their on-going investments in the smart grid. The NES Patagonia EAPTM leverages the distributed intelligence provided by our Distributed Control Nodes (DCNs) and smart meters, reliable and secure communications, and our Headend System (HES) to provide cost effective visibility of energy supply performance and characteristics in the low-voltage grid. This, in turn, can be exposed into SCADA Systems and other business decision making tools to help utilities: reduce technical and non-technical losses, reduce or defer infrastructure investment, operate more efficiently, and understand more about consumers’ experiences.
 
Security
 
A continued top priority for NES is providing secure devices and solutions to ensure that smart metering and smart grid services and consumer information are protected. While GDPR has been a key focus recently for utilities and DSOs, data integrity protection will become more critical than even GDPR, as smart metering and smart grid information is used to make business decisions and automate processes. NES Intrusion detection and response provides an indispensable mechanism to identify unauthorised access, limiting exposure to attacks and quickly locking out the attacker. NES security follows a risk-based approach that tackles the real exposures and risks arising from a fast-moving threat-landscape, and has been reviewed and approved by a third party firm specializing in security audits. We will continue to innovate and strive to lead the industry in offering backwards compatible solutions that provide for protection of our customers’ information and service reliability.
 
Communications
 
Another key NES objective is to provide solutions that offer robust, reliable and flexible communications. We will continue to enhance our communication technologies (PLC, cellular, Ethernet, etc.) to ensure that our communications performance and reliability remains the best in the industry and provide utilities with communications flexibility. We recently introduced our point-to-point (P2P) meter. This P2P 2G/3G meter provides connectivity over the mobile network, for those cases where PLC may not be the preferred solution, and integrates into the NES head-end system, so utilities can consolidate management of their meters with the existing PLC infrastructure. This reflects NES’s commitment to make the communications with smart meters as reliable as possible and maintain our industry leading SLAs. The new P2P 2G/3G Smart Meter’s capabilities include future proofing features such as over-the-air upgrades for modem and meter firmware, as well as a field swappable communication module design, allowing module replacements without interrupting electricity service to customers.  The solution also supports unique system capabilities, such as SMS shoulder tap, quick system registration, and last gasp outage alarms that produce operational savings created by reduced installation costs and efficient data rate usage.
 
Production
 
In addition to our solution, our management team is keenly focused on executing our production strategy, which includes improving our production capabilities including providing better quality and shorter delivery times. By incorporating best practices and a continuous improvement philosophy, we will ensure that our support and delivery teams are able to meet all of our commitments. As part of our strategy, Jonathan Watt has joined our senior leadership team and will serve as our Chief Performance Officer. Jonathan is a highly experienced Supply Chain, Operations and Business Performance Improvement specialist who led the Procurement function within the Elster business from 2013 to 2017. He has experience and very strong contacts within the European electronics and metering markets at both customer and supplier levels. Initially, he will focus on our key supplier relationships and value chain, along with a broader concern of driving business performance improvement.
 
Summary
 
Our commitment to providing our customers with the most secure and reliable smart grid foundation remains essential to our business. We will continue to invest in R&D, with a goal to provide more innovation to the smart grid and smart metering solutions offered by NES. We are dedicated to furthering the success of smart grid initiatives and we look forward to joining together with you to deliver valuable results and measurable improvements in safety, reliability, and efficiency. If I have not met you yet, I look forward to meeting all of our customers and partners in person, and most importantly, we look forward to continue providing products and services that exceed your expectations and help the industry with the evolution and innovation towards establishing a truly smart grid.
 

This paper provides smart grid security perspectives from a security expert involved in both attacking and defending these types of systems in practice. It is formatted as an interview, with questions and answers. The topics include smart grid threats, defensive approaches, and security certification perspectives. 

Security is getting a lot of attention in all sorts of industries. For utilities, what are the main types of threats they face related to smart meter systems (AMI), and the smart grid in general? 

There are three sets of threats that need to be addressed. There is the set of "old school" threats of fraud, theft and safety, which have long been a top concern for utilities. There is a newer and growing set of regulatory threats around non-compliance, such as the General Data Protection Regulation in Europe. Finally, there are the threats associated with the adoption, use and increasing reliance on information technology, such as cyberattacks that can prevent a utility from delivering its services. Some of these threats are similar to those of a traditional IT infrastructure, but their priorities and threat model usually differ significantly. For example, utilities use AMIs and smart grids to store, distribute, and manage energy using information technology. Therefore, they share many of the same assets and corresponding threats as other entities relying on information technology systems. There are three main types of threats I spend a lot of time thinking about while working on providing a safe and resilient platform for smart grids. 

  • Threats that disrupt or prevent utilities from delivering energy. Most of us rely on the availability of electricity to power heating systems, hospitals, communication systems, transportation systems, etc. Outages can have severe and even fatal consequences for us and our businesses. There are many threats that can result in outages; from nation-sponsored cyberattacks to software malfunction, operational mistakes and natural disasters. 


Fig. 1: Key considerations of a security system.

  • Threats originating from criminal organisations that monetise from a utility’s lack of security. Over the past years, we have seen a rapid increase in malware samples and attacks specifically targeting utilities managing AMIs and smart grids. “Smart” almost always means “vulnerable” which in turn means opportunity for cybercriminals. A common, and unfortunately effective, tactic is to demand a ransom in exchange for not damaging a utility's infiltrated systems and/or reputation. 
  • Threats that may compromise our privacy as utility customers. Utilities are responsible for handling and storing private information. This makes data leaks and unauthorised accesses to this data two of the main threats to privacy.

Of course, these are only part of the threat landscape that needs to be specifically mapped out by experts when conducting risk assessments for the specific grid at hand.  

AMI and the smart grid is an evolution that continues to change within the industry, how has security and protection evolved over time, and what are the expected changes that we will see in the future? 

Before AMIs and smart girds, the industry relied on physical security measures and obscurity to protect the power grid. Fences, door locks, guards, video surveillance, and the obscurity of physically-isolated proprietary control systems were often enough to manage the threats utilities were facing. In addition, incident response procedures were often wellestablished and fairly comprehensive.

The introduction of AMIs and smart grids, and thus information technology, changed everything and necessitated a new industry expertise: information security. However, although industry embraced the many operational and financial promises of AMIs and smart grids, information security expertise was severely lacking and properly securing these new and advanced systems became an afterthought at best. This resulted in fragile and insecure smart grid deployments developed from non-existent or misguided security recommendations.

We are only now seeing industry and nationleaders waking up to the “cyber” reality as devastating cyberattacks on utilities are publicly being disclosed. As a result, initiatives to establish nation-wide baseline security requirements and security certifications are in progress. Unfortunately, these initiatives may be too late in some cases and may even foster a compliancy-defined approach to security. We have learned from other industries that this is a harmful approach; an expert-driven risk-based approach to safe and resilient smart grids is the way forward.

Smart grids will continue to increase in complexity, and attacks will continue to increase in both sophistication and frequency. An adaptive and comprehensive approach to security is needed to keep up with this advancement and it starts with expertise, politics, and financial incentives. 

How should a utility approach ensure security of its systems? 

Utilities need to go beyond compliance, make information security an integral part of their core business and invest in it accordingly, focus not only on protective measures but in detection and incident response as well, conduct independent risk assessments on a regular basis with their technology vendors, and most importantly, obtain as much expert knowledge as possible in order to determine exactly how and precisely where to invest in security.

A misconception that I often hear is the assumption that the internet and the smart grid share identical system characteristics. In reality, smart grids differ greatly from the internet in terms of communication technologies, network reliability, smart meter/ server resources, and threat model.

A consequence of applying an internet-biased security mindset to the smart grid can result in degradation of performance forcing utilities to compromise on security in order to meet service-level agreements (SLAs). You must understand the technical differences in order to apply the appropriate security measures. There is no one-size-fits-all when it comes to securing these complex systems. 

There are various certifications used by utilities to ensure compliance to various standards and processes. How does certification factor into security solutions and implementations? 

One on side, certification provides a minimum baseline of practice and raises the bar for all. Certifications also provide transparency and accountability for security and compliance,and helps utilities demonstrate to regulators and legislators that they are doing their job. If security certification becomes part of regulation, then it also forces utilities to spend money on security. These are all positive and important factors of certification.

On the other side, however, security certifications can discourage utilities to go beyond compliance as there is little financial incentive to do so. Certification processes also have a long-standing reputation for being disruptive, cost ineffective, and providing superficial security assurances. Certification can also discourage new practices and technology adoption because of the need for re-certification. Finally, certifications are slow-moving which is in direct contrast to the fast-changing threat landscape that they hopelessly try to keep up with. That being said, I do believe a regulated security program can be beneficial to the industry if it is able to resolve the issues mentioned before, help hold utilities financially liable for securing the power grids that we all rely on, and to use it as a tool to foster a risk-based and comprehensive approach to security. 

What are the key areas needed to ensure a secure system? 

Utilities should continuously strive to maintain a safe and resilient system. To do so, three key areas need to be covered: protection, detection, and incident response.

Protection is about trying to prevent security breaches from happening in the first place. Encryption and authentication are two examples of preventative security measures designed to protect the confidentiality and integrity of information, respectively. There is one thing we have learned in the security industry – the highly skilled and focused attackers will always find a way to either break through or entirely circumvent the protective measures. This brings us to detection and incident response.

Detection is about detecting security breaches before, after, or as they are happening. It is important to have measures in place for monitoring both incoming and outgoing events. There are many attacks that go undetected once they have infiltrated the system.

Incident response is about being able to handle breaches of security in a timely and efficient manner. It relies on people, processes, and technology. During a crisis, it is essential to have an action plan in place to regain control of the situation as fast as possible. 

You mentioned that "comprehensive security" is the essential approach for utilities. What does this mean to you? 

 “Comprehensive security” is a loaded term. It means different things to different people. For me, basically, it means that your security goes through a continuous cycle of three stages:

  • Identify: Pinpointing areas of concern and prioritising them based on risk. This is also known as risk assessment. For a risk assessment to be considered comprehensive, keeping up to date with current threats is crucial.
  • Improve: Design and implementation of the security measures used to address the identified areas of concern.
  • Evaluate: Evaluating all of the security measures in practice. This needs to be done internally as well as by an expert third-party ensuring a fresh perspective. In relation to the previous question, it is worth noting that comprehensive security leads to compliancy.

 

Some industry experts state that utilities should conduct risk assessments to identify the areas of concern, what is involved in a risk assessment? 

The ultimate goal of a risk assessment is to answer the following question: where should we invest in security? To answers this question, utilities must first identify and prioritise their assets. Next, they need to enumerate all threats to the assets. Finally, they must assess and rank each threat according to the impact and likelihood of the threat. Based on the rankings, a decision can be made as to which risks need to be addressed. This is the classic approach. The hard part, as always, is hidden in the details.

Acknowledgement

A version of this paper was published in Smart Grids Polska, issue 16. Contact Emil Gurevitch, Networked Energy Services, emil.gurevitch@networkedenergy.com

Tauron Distribution is at the final stage of the AMIplus Smart City Wrocław project. Over 350,000 AMI smart meters were installed between 2014-2017. The present work concentrates on optimizing the meter reading system solution and completing the installation of meters in the southern part of the city.

AMIplus is a smart metering system that enables automatic processing, transmission and management of measurement data. It enables bi-directional communication between the electricity meters and the distribution company while providing the customer with up-to-date information on their electricity consumption.

Tauron Distribution installed AMI smart meters from two manufacturers, NES and Apator, in its distribution network. The meters use power line communications and are compliant with OSGP (Open Smart Grid Protocol).

Measurement data from the AMI meters is available for Tauron Distribution customers on the dedicated Tauron eLicznik platform. The platform is available through Tauron’s website, as well as from mobile devices based on the most popular platforms including iOS, Android, and Windows Mobile.

Tauron Distribution has provided HAN service to Tauron AMIplus customers in the AMIplus Smart City Wrocław project. This enables customers to access measurement data directly from their energy meter in real time. Activation of the service is carried out through the Tauron eLicznik portal.

The solution implemented in Wrocław has made it possible to improve the method of obtaining readings from electricity meters. The readings are obtained as a remote reading, without the need for a field technician. The method of operating the measuring system has also changed. At present, the vast majority of the maintenance work for the measuring system is performed remotely, without the involvement of assembly services.

Additional Project Information

In addition to the 350,000 smart meters, Tauron’s AMIplus Smart City Wroclaw project includes more than 2,400 NES data concentrators along with head-end system software from NES. All transmitted data is encrypted using the AES128 bit standard. The smart meters provide greater than 99.5% daily availability of 15 minute energy profiles for 4 values (active power import/export and reactive power import/export) along with energy billing data and events.

NES urges utility providers to brace for cyberattacks on power grids


Over the last two months, the world has been subject to two major ransomware attacks. The most recent being an attack known as 'Petya', a malicious software that spread through large firms that led to PC's and essential data being locked up and held for ransom. Prior to this incident, the 'Wannacry' ransomware locked data from nearly 230,000 computers used by leading international organizations in at least 150 countries, including the UK’s National Health Service, Russian Ministry of Interiors, and FedEx. These attacks, once again, brought to forefront the significance of cyber security at a time when cyber-crime has evolved into a growth industry with low risks and high returns.

In light of this event, Networked Energy Services Corporation (NES), a global smart grid market leader with the industry’s leading Patagonia Energy Applications Platform (EAP ™), has thrown the spotlight on the critical role of security in Smart Grids. The connected infrastructures in power grids such as intelligent networks, smart meters, and Internet of Things (IoT) solutions have increased the possibility of cyber threats in the energy sector. In line with this, the company has urged the community, individuals, organizations and utility providers alike to be prepared to deal with cyberattacks for national security and economic well-being. Utility providers such as Dubai Electricity and Water Authority and Sharjah Electricity and Water Authority in the UAE are stepping up their efforts to ensure security in their grids from such attacks with the installation of smart meters, which is currently underway across the country in a bid to complete over one million smart meters by 2020.

Michel Madi, CEO – Middle East, Africa and India, Networked Energy Services Corporation, said: “Smart Grids are not just electrical infrastructure but are huge data networks that are critical for the seamless functioning of the various economic sectors of a country. It has now become imperative for key sectors, particularly energy, to ensure the implementation of the latest security solutions to secure Smart Grids and avert risks. The UAE is one of the leading countries in the region on track in safeguarding their services as the country’s smart metering market looks to increase at a rate of 9 per cent over 2016 to 2024 in line with its Energy Plan 2050.”  NES offers various important security related recommendations including adopting a systematic approach to assess cyber risks, improving the protection of energy systems, fostering a performance-based cybersecurity culture; framing cybersecurity guidelines; and promoting physical preparedness and resilience.

About Networked Energy Services Corporation (NES)

Networked Energy Services Corporation is a global smart energy leader in the worldwide transformation of the electricity grid into an energy control network, enabling utilities to provide their customers with a more efficient and reliable service, to protect their systems from current and emerging cybersecurity threats, and to offer innovative new services that enable active, intelligence use of energy. NES was formed as a result of the spinoff of Echelon Corporation’s Grid Modernization Division in October 2014. NES is headquartered in the US with R&D centers located in Silicon Valley, North Dakota and Poland, and sales offices throughout the world. NES’ smart grid technology is used in nearly 40 million smart meters and other smart end devices around the world. NES is a member of the OSGP Alliance, a global association of utilities and smart grid companies, which promotes the Open Smart Grid Protocol and cooperates to provide utilities greater value by enabling true, independently-certified, multi-vendor interoperability based upon open international specifications and standards. You can find out more information about NES, its Patagonia Energy Applications PlatformTM (including grid management software, distributed control nodes, and smart meters) and services at: www.networkedenergy.com.

View all NES News

We are the Smart Grid Security Experts.

The Patagonia Security Platform is an integral part of every process of the NES solution.