In this article Ira Winkler discusses how meter vulnerabilities are changing his mind about the potential for a wide-spread attack to the nation’s electrical infrastructure.
The grid is unique in that most of the grid’s assets are publicly accessible. With that in mind, good security practitioners will ASSUME that public assets like meters will be compromised.
The trick is how to build a resilient smart grid even when most of the assets are subject to compromise. The key is to protect sensitive upstream assets from compromised endpoints. By designing a grid network to enforce the security concept of least privilege, we can go a long way to building a resilient grid. This would include things like
- Wireless mesh meters do not trust each other (they only forward traffic). Instead, the trust relationship is between the data center and each meter.
- Define and enforce the protocols and application-level functions that can come from field devices, and can be sent to field devices. One way to do this is through network- and application-level firewalling.
- Enforce strong authentication between field assets and the data center, to ensure that only authorized devices are connecting to the grid.
- Enforce data integrity to prevent the introduction of unauthorized commands in the system.
These kinds of safeguards apply to both the Automated Metering Infrastructure, as well as for Distribution Automation (e.g., pole-top) devices.
While securing the grid on an end-to-end basis is a significant technical challenge, there are standards and best practices that can be applied to reduce vulnerabilities.