Smart Grid Security Guidance (SG2)
Die Stromversorgung der Zukunft (Smart Grids) wird weit mehr auf IKT setzen als das bisher der Fall ist, und damit werden Cybersecurity-Risiken auch zu einer Gefahr für die Energieversorgung. Viele Sicherheitsfragen in diesen zukünftigen Netzen sind noch ungeklärt, denn die speziellen Umgebungen erfordern neuartige Sicherheitsmechanismen und -prozesse. Ziel des Projektes (SG)² ist daher eine systematische Untersuchung von Smart Grid Technologien in Bezug auf IKT-Sicherheitsaspekte und die Erforschung von Gegenmaßnahmen. Aufbauend auf einer fundierten Bedrohungs- und Risikoanalyse aus einer gesamtstaatlichen Sicht und auf Sicherheitsanalysen von Smart Grid Komponenten werden Maßnahmen für Stromnetzbetreiber erforscht, die zur Erhöhung der Sicherheit der Computersysteme in der kritischen Infrastruktur "Energie" der Zukunft dienen.
A drastic change in modern power grids is underway. Conventional means of providing energy by centralised suppliers will not be sufficient to ensure the energy supply of our society in the future. Therefore, Information and Communication Technologies (ICT) are increasingly applied, for example, to allow a flexible integration of wind-, solar-, or biomass energy into the existing power grid. This integration of energy providers, consumers, producers and utilities by means of ICT is the cornerstone of a Smart Grid.
With the increasing use of novel smart grid technologies, a comprehensive ICT network is established parallel to the electricity grid, which due to its large size, number of participants and access points will be exposed to similar hazards as the current Internet. However, the reliable energy supply of this system depends on the effective operation of ICT, and similar security problems such as in the current Internet would have severe consequences. Potential threats range from meter manipulation to directed, high-impact attacks on the critical infrastructure of the energy carrier that could damage or bring down parts of the national power grid, which can also affect adjacent power lines. It is essential that security measures are put in place to ensure a future smart grid does not succumb to these threats, and endanger this critical national infrastructure.
The goal of the project Smart Grid Security Guidance - (SG)² - is to study such countermeasures. The project investigates and develops methods, concepts and process models, and accompanying software tools to minimize the risk posed by the threats described, and to ensure the security of smart grids in Austria. Novel approaches to the modeling of complex ICT-supported smart grid architectures will be defined in the project, and form the basis for an analysis and evaluation of primary forms of attack and attack surfaces, and for the estimation of impacts.
These architectural models are examined with respect to threats and vulnerabilities, in order to determine the most effective protective measures against possible attacks. Electricity providers have traditionally focused on ensuring the safety and reliability of their infrastructure. However, in the future, malicious attacks that hinder the increasingly networked ICT components within their systems need to be accounted for too. An important outcome of the (SG)² project will thus be a taxonomy and catalogue of countermeasures that can be applied to ensure the security of smart grids for a given threat. For a realistic risk assessment, the project also deals with penetration tests and security analysis of smart grids components. Because of the complexity of securing a smart grid, tools will be developed to support the use of the guidelines and methodologies produced in the project.
Various international organisations have developed guidelines and frameworks that can be used to improve the security of Smart Grids, such as NIST in the USA and ETSI in Europe. However, because they do not consider aspects such as local market conditions, requirements and deployments, these guidelines cannot be directly applied in an Austrian context. Furthermore, they have seen limited real-world application, making it unclear how suitable they are for their intended purpose. Bringing together national and international experts in the area of cyber security and smart power grids, the (SG)² project will build on this existing work, and develop models, methodologies and toolsets for ensuring a secure smart grid in Austria. These fundamental pillars of a secure smart grid will be evaluated using real-world components of a smart grid and pilot projects.