D4.1 Executive Summary

Deliverable 4.1 tackles an important aspect of the technology development in the project which is ensuring an up-to-date understanding of the various cybersecurity concerns and existing solutions and identifying gaps and improvements. Cybersecurity is a challenging research and development area that needs to continuously evolve to keep pace with emerging threats and vulnerabilities. The activities leading to the deliverable have contributed considerably to identifying the appropriate technologies and standards and ruling out the less useful ones.

Some standards have been evaluated in D5.2 (e.g. ZigBee [2], FIPA-ACL [23], OpenADR [4]) for their relevance and suitability to Mas2tering. D4.1 revisits those standards to evaluate their security and their need for adding security standards and technologies to protect their implementation. Some standards (e.g. FIPA-ACL) have no built-in security while others do have limited security features (e.g. ZigBee). OpenADR has strong built-in security but lacks some considerations of consumer privacy.

D4.1 details the evaluation of security standards that are potentially useful for protecting the Mas2tering platform. Several security standards (e.g. ISO/IEC 2700 series [5], IPSec, NIST 7628 [6]) are evaluated based on multiple important aspects including their applicability and relevance to Mas2tering use cases. These evaluations include descriptions of recommendations regarding their use in the project. EBIOS [7] risk assessment method used for Mas2tering use cases (see Annex A) is compatible with IEEE 27001.  Other security standards are or will be used in the project include TLS (Transport Layer Security), IPSec, XACML as well as standard algorithms such as AES (Advanced Encryption Standard).

In order to ensure a secure implementation of the Mas2tering platform, this document also includes security analysis of the software technologies that will be used in the project. These include JADE [8] (Java Agent Development) framework, JEMMA [9] (Java Energy Management Application) framework and FIWARE [10] Generic Enablers. Their security features and weaknesses are outlined. Due to the security limitations of JADE, a security add-on called JADE-S is available which provides several features such as message authentication and encryption. JEMMA also has security shortcomings such as the lack of authentication and access control. Regarding Generic Enablers, it has been found that they often lack rigorous security testing and may not be reliable especially as security components. Therefore, the project identified alternative more reliable software components.

The deliverable includes guidelines and recommendations on security technologies and standards, and on security testing and verification of Mas2tering platform components. The recommendations aim to address security requirements and overcome the security weaknesses in the used standards and technologies. These recommendations include which standards should be used and what security configurations are needed such as those in relation to certificates and key sizes. The recommended security testing and verification activities are based on the use cases identifying specific security objectives and taking into consideration the identified security vulnerabilities from the risk assessment.

The annex contains the security and privacy requirements of the project based on the assessment of the attack scenarios and the potential vulnerabilities in the project’s three use cases. The requirements and the assessment are originally included as part of D2.1. The security and privacy requirements elicited from the risk assessment of the use cases have significantly complemented the initial security requirements specified in D2.1 leading to better understanding of the risks and broader focus on the appropriate security and privacy solutions. The scenarios and requirements are added to the annex for referencing purposes.

D4.1 Table of Contents

  • Executive summary
  • Document Information
  • Table of Contents
  • List of figures
  • List of tables
  • Abbreviations
  • Definitions
  • 1 Introduction
  • 1.1 Relationship to Other Deliverables
  • 1.2 Structure of the Document
  • 2 Cybersecurity and Smart Grid Standards.
  • 2.1 Security and Privacy Considerations in Standards Relevant to Mas2tering
  • 2.2 Security Standards for Smart Grid
  • 2.2.1 Evaluation Template
  • 2.2.2 Security Standard Evaluations
  • 3  Security and Privacy in Smart Grid, MAS technologies and FIWARE GEs
  • 3.1 Security and Privacy of Technologies Considered in Mas2tering
  • 3.1.1 JADE
  • 3.1.2 JEMMA
  • 3.1.3 FIWARE Generic Enablers (GEs)
  • 3.2 EU Research and Development for Smart Grid Cyber Security
  • 4 Guidelines on Addressing Vulnerabilities and Risks in Standards, Technologies and Implementations for Mas2tering
  • 4.1 Recommended technologies and standards for improvements
  • 4.1.1 Recommendations for security implementation
  • 4.1.2 Recommendations for privacy implementation
  • 4.2 Security Testing and Verification of Platform Components
  • Annex A. Mas2tering Security and Privacy Requirements
  • A.1  Use Case 1 – Secure and effective connection of commercial home energy boxes with smart meter and consumption profile optimisation
  • A.1.1  Risk Assessment of Use Case 1
  • A.1.2 Security and Privacy Requirements
  • A.2  Use Case 2 – Decentralized energy management in a local area with Multi-Agents
  • A.2.1 Risk Assessment of Use Case 2
  • A.2.2 Security and Privacy Requirements
  • A.3 Use Case 3 – Enhancing grid reliability, performance and resilience
  • A.3.1 Risk Assessment of Use Case 3
  • A.3.2 Security and Privacy Requirements
  • References

D4.1 Highlights

Security and Privacy in Smart Grid, MAS technologies and FIWARE GEs

This chapter describes security capabilities of existing technologies that are particularly relevant to Mas2tering. It also analyses related EU projects including the adequacy of their implemented solutions for use in Mas2tering.

Security and Privacy of Technologies Considered in Mas2tering

This section presents the analysis of the security and privacy of a number of technologies that have been selected to be used in the Mas2tering platform. These technologies include JADE platform and its extensions, relevant HAN technologies including JEMMA and FIWARE Generic Enablers.

JADE

JADE (Java Agent Development) is a popular MAS platform. It has been selected in order to provide the basis, on top of which the Multi-agent system for Mas2tering solution will be built. As such, it will play a central role in Mas2tering, and this is why we study it from a security point on view in this section. We first review the architecture of JADE and then describe how Security is tackled in JADE.

Basic JADE architecture

JADE is a distributed agent platform, which is composed of several Jade Agent Containers, running on different physical hosts. Each agent container may contain any number of agents, whereas there is only one main container, which contains special agents providing services that are unique to the platform: the AMS (Agent Management System) and the DF (Directory Facilitator).  Figure 1 shows an example of a JADE platform that is distributed over several physical hosts.

1

Figure 1: JADE Agent platform distributed over several containers[1]

Agents are Java threads with communication capabilities, provided by the platform allowing them to communicate with any other agent transparently of the physical location. Services in JADE are either provided as kernel services, which can be easily extended by add-ons, or can be provided by dedicated agents, as it is the case with AMS and DF.

The communication mechanism between agents is implemented differently depending on their respective physical location. If the agents are hosted in the same container, Java events are used; if the agents are located on the same hosts but in different container, RMI is used; if the agents are located on different platform instances, MTS (Message Transfer Service) is utilised. Messages are handled either by an IMTP (Internal Message Transfer Protocol) or by MTP (Message Transport Protocol) in the case messages are transmitted between distant hosts. MTP encodes the FIPA-ACL messages with which the agents communicate over transport layers. Jade already counts on implemented transfer protocols, namely: CORBA IIOP and HTTP, which are used by default. It is possible to use further protocols by adding plugins and configuring JADE to use them.

Distributed systems require greater attention to security issues, especially on multi agent systems that are composed of autonomous agents. The basic version of JADE has a number of security shortcomings, namely:

  • Messages are not authenticated: it is possible to forge messages and insert them in the current conversations between agents to induce the agents in an erroneous state.
  • Messages are not encrypted: it is straightforward to eavesdrop on the traffic and extract private information from the agents.
  • Agents are not authenticated: any agent can join a platform, even malicious ones, which may acquire private information or attack the system.
  • Access rights of agents are not controlled: any agent can communicate with any other agent and call any service.

While this platform is a core part of the Mas2tering implementation, further effort is required for providing high security to the system.

JADE-S

Due to the previous limitations of the basic JADE platform, an add-on was developed to tackle all the above mentioned issues. This add-on is called JADE-S, and it focuses on protecting JADE-based multi agent systems against security attacks. In the following, we describe JADE-S analysing its features and its limitations.

JADE-S, which is the combination of JADE and the JADE security add-on, is the most prominent security extension of JADE, which was developed by Telecom Italia. JADE-S is publicly distributed on JADE’s website and has been studied, used, and tested extensively. Figure 2 shows the architecture of JADE-S.

2

Figure 2: Architecture of JADE-S [20]

JADE-S provides four additional kernel services: security service (authentication), permission service (authorization), signature service (message signature), and encryption service (message encryption). In the following, we provide a short description on each of the provided services:

  • Agent authentication is based on JAAS (Java Authentication and Authorization Service). It is used to authenticate agents, and can be connected to a number of login modules. A login module checks login and password following an authentication protocol. All the agents and containers must be authenticated. Each time a user wants to attach a container to the platform, it has to authenticate it by providing a password. All the agents inside an authenticated container are authenticated. The login modules supported by JADE-S are Unix, Windows NT, Kerberos and plaintext password files. However, JAAS is designed to use plugins and as such new login modules can be written, for instance for LDAP authentication.
  • The permission service enforces on users a set of rules defined in an ACL (Access Control List). The organisation of the rules revolves around the concept of principals, roles and resources. A principal is an entity that can take action and be held accountable. Users, containers, agents and external entities are principals. Roles are groups where principals can be added or removed, and to which permission on resources are attached. Permissions can be delegated. The ACL is stored in a file, which uses JAAS syntax. All actions that agents can perform in the platform, except for mobility, can be permitted or denied, and are by default denied [‎21]. Such actions are the default Java access to resources and JADE-S specific rights to create/destroy principals (except users) and to send/receive messages. There is a global policy file in the main container, applying globally, and there can be other policy files local for each container, applying locally. Communications restrictions are limited as they do not restrict the usage of services provided by the agents. Finer control can be obtained by coding intermediary agents enforcing additional access control.
  • Message signature enforces message integrity and non-repudiation. In JADE-S, each agent owns a public and a private key pair by means of which it can sign in and encrypt messages. The verification of the message’s integrity is done automatically, whereas non-authenticated messages produce a failure message. Message signing and verification is done with the JCE (Java Cryptographic Extension). The main container serves the role of a CA (Certification Authority), thereby guaranteeing the authenticity of all the agents present in the MAS.
  • Encryption provides message confidentiality. It is done in JADE-S by encrypting all the FIPA-ACL messages the agent exchange with SSL using the JSSE (Java Secure Socket Extension). In JADE-S, only agent messages are encrypted, whereas messages used by the platform for its management are transmitted without encryption. Among such information sent in clear text are the passwords used by the JADE-S security service, which is a very serious security issue. In order to mitigate this issue it is necessary to put in place SSL connections for the IMTP. Such a secure connection is however available in JADE-S and it is implemented using mutually authenticated SSL connections between containers. Such an approach requires each container to have a certificate of its own and to possess the certificate of all the other containers it needs to communicate with, which can cause a scalability issue. Another consequence is that it requires each user to possess a certificate, which can be problematic for some users.

JADE-S also has a number of shortcomings, which were tackled in several academic papers. Unfortunately, no code is publicly available for these improvements. JADE-S is still under development, and does not cover all necessary features to secure MAS entirely.  Below, a list of identified shortcomings in the state of the art:

  • The message permissions are quite generic and limited since they only provide the possibility to determine the permission to send and receive messages to/from owners or agents.
  • Although it provides user/agent based permissions, it is not possible to determine own user specific permissions.
  • The encryption service cannot guarantee a secure channel for authentication and platform managing commands.
  • The documentation on JADE-S is still poor.

JEMMA

JEMMA (Java-based Energy ManageMent Application) is an open-source LGPL modular framework that facilitates the development of home energy management (monitoring and control) applications [‎18] It has been developed by Telecom Italia, one founding member of the non-profit Energy@home Association [‎19]. Current release is version 0.9.

The Energy Management System can be executed on a Home Gateway that is able to collect energy data (metering information) from the Home Area Network (HAN), and publish them in the Home Network (HN) and the Wide Area Network (WAN).

JEMMA supports the ZigBee Home Automation 1.2 and the ZigBee Gateway Device standards. JEMMA offers open APIs for GUIs, cloud services and third party services, and device abstraction layer APIs for connecting hardware devices as shown in the next figure.

j

Figure 3: JEMMA (source: http://ismb.github.io/jemma/)

j2

Figure 4: JEMMA architecture

This framework provides access to:

  • JEMMA appliances configuration GUI
  • Java Gal GUI
  • Apache Felix OSGi Web Console

j3

Figure 5: JEMMA appliances configuration GUI

j4

Figure 6: Java Gal GUI (ZigBee Admin Console)

The Apache Felix Web Console, as shown below, allows starting, updating or deleting OSGi bundles.

j5

Figure 7: Apache Felix OSGi Web Console

The default configuration of the JEMMA framework provides a HTTP access to the web portals depicted above, while one could expect to get a HTTPS connection instead. The configuration file config.ini allows activating easily the HTTPS protocol, though. However, it can be also observed that this configuration file contains a plain text password for accessing to Apache Felix OSGi Web Console, which is clearly not compliant with the state of the art! In addition, it seems that this configuration file is not protected against any alteration, and anyone with a write access profile could modify the parameters. It is then important to offer the right level of protection to this file.

All JEMMA features can be accessed remotely through a web-based RESTful APIs (more precisely: DAL WEB APIs – Device Abstraction Layer WEB APIs). JEMMA can also expose and virtualize as REST resources any smart appliance, energy storage or generation devices. REST APIs are used to provide access to Device and Function services

JEMMA has a number of security shortcomings, namely:

  • Encryption: JEMMA framework supports the HTTPS protocol. However, it is unknown if it is possible to configure the cipher suites.
  • Message signature: HTTP GET and POST requests are not signed. It is possible to forge fake messages.
  • Authentication & access control: No authentication is available. Any device can retrieve, through a HTTP GET request, a list of all available devices, including the device unique ID, which can be used to directly access to the device. Similarly, a HTTP GET request can be used to retrieve the list of the available functions supported by a device.
  • Access rights: A mere HTTP POST request can be used to invoke a remote operation on a function. Prior successful authentication or access control is not required.

FIWARE Generic Enablers (GEs)

Mas2tering security requirements can be satisfied through a range of solutions including secure development life cycle (built-in security) and usage of secure external functional components and security tools which can include the GEs. The following are the titles of the Mas2tering requirements specified particularly for the GEs:

52  GE latency on communication

53  GE low hardware resource constraints

54  GE Java Application servers’ compatibility

55  GE standard secure algorithms and protocols

56  GE documentation quality

57  GE stability

59  GE dependency handling

61  GE interoperability

62  GE connection confidentiality

63  GE data protection

64  GE on java web server

51  Identity management

65  GE flexibility in deployment

FIWARE GEs are currently categorised under seven categories, each focusing on a certain technology area e.g. security, IoT service enablement. D5.1 included discussion of a set of GEs that may be of relevance to the requirements of Mas2tering. Most of the evaluated GEs are in the security area including Identity Management GE, Security Monitory GE, Content Based Security GE and Authorization PDP GE. The following are some of the security-related considerations regarding the integration of the GEs into the Mas2tering platform:

–        Assurance regarding the reliability and robustness of the security functions requires intensive testing and wide user community and feedback regarding potential vulnerabilities. Based on the experience of TSSG in using the GEs the current versions lack satisfactory security assurance from the aspects described and often subject to runtime errors.

–        The instability of the FIWARE catalogue such as the removal of GEs and consequent loss of developer support, access to updates, etc. This also affects the reliance on the continuity of the security services provided by the GEs. Since the start of Mas2tering project Content Based Security GE has been removed and the Security Monitoring GE is deprecated.

–        In addition, in the context of another EU project Finesce[2] , TSSG carried out comparison of the current quality of the GEs to alternative commercial and open source software based on a set of criteria such as performance, compatibility, usability, reliability and maintainability. The results of the comparison show that alternatives are often scoring higher possibly due to their level of maturity compared to the more recently developed GEs.

–        Dependency of some of the security GEs on other GEs can further complicate their usage in Mas2tering platform and expose the platform to more cascading errors.

–        Some of the GEs are only available as an online service which makes it impossible or difficult to evaluate their security and becomes more reliant on trust in the competence and integrity of their service providers.

Despite the drawbacks described above, there seems to be active development going on to improve the GEs and progress their technology readiness level. Mas2tering project has identified alternative components that provide more reliable and stable functions. Such components include PANDA (access control to the HAN), ARX anonymization, JADE framework, cloud synchronization and forecasting service. These components are detailed in other deliverables such as D5.3.

EU Research and Development for Smart Grid Cyber Security 

This section discusses technologies developed and implemented as part of EU projects and EU R&D focused on cyber security. Tables in this section include description of the following projects:

–        SPARKSSmart Grid Protection Against Cyber Attacks;

–        SESAME – Securing the European Electricity Supply Against Malicious and accidental thrEats;

–        AFTER – A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration;

–        SCISSOR – Security in Trusted SCADA and Smart Grids;

–        SEGRID – Security for Smart Electricity GRIDs.

The listed projects have been selected based on their relevancy to cyber security technologies applied to the energy network. They have been then analysed in terms of general objectives, cyber security objectives, components and services developed, demonstration activities and relevance to the Mas2tering project.

Table 16 SPARKS- Smart Grid Protection Against Cyber Attacks

Smart Grid Protection Against Cyber Attacks (SPARKS)
Project Information
General scope of the project Focusing on medium and low voltage power distribution network, SPARKS aims to secure network connected and remotely controlled equipment, such as substation monitoring and control systems, Distributed energy Resources and flexible loads included in Demand Response programs. Moreover a focus on micro grids security aims to ensure a decentralized resilient power supply in the event of grid-disconnection.
Cyber security objectives –        Identification of challenges related to risk assessment for smart grids, including understanding of cyber-physical risks, connections between legacy systems and new smart grid systems;

–        Evaluating of a risk assessment method for smart grid, namely the SGIS Toolbox developed by SGIS working group of CEN-CENELEC-ETSI;

–        Development of models for assessing vulnerability of smart grid control loops such as the ones based on the Volt-VAR management in medium and low voltage distribution networks, including understanding of the physical risk associated with a cyber-attack also on micro grids;

–        Providing a summary and a rationalization of security reference architectures proposed by standard bodies and commercial offering from organizations for the detection and analysis of cyber-attacks, and other threads like mis-configurations, to smart grid and provision of control strategies aiming to ensure resilience of the grid.

Targeted security threats

 

 

–        Intrusions to SCADA ICS including devices that use both standards protocols, like IEC 61850, and Manufacturer Message Specific – MMS – devices, targeting specific vulnerabilities of such hybrid systems. Cyber-attacks and mis-configurations directed to Automatic Metering Infrastructures – AMIs.

Methodologies developed aim to detect intrusions by combining signature based approaches with stateful analysis and anomaly detection processes;

–        Side channel attacks directed to Advanced Metering Infrastructures – AMIs – by investigating the use of hardware implemented Physical Unclonable Functions – PFUs – on smart meters and gateways in order to provide authentication protocols generating cryptographic key to protect confidentiality of metered data exchanged.

End date 31st March 2017
URL https://project-sparks.eu/
Cyber security components and services
Physical components Hardware PFU – Physical Unclonable Functions – integrated in Smart Meters (interim)
Software Multi-attribute SCADA Intrusion Detection System – IDS – for systems using IEC 61850 protocol based on whitelist, stateful analysis and anomaly detection approaches from machine learning algorithms;

Security Information Analytics – SIA – device agnostic platform including two components:

–        Static rule analyser, which compare data against a database of expected behaviours;

–        Smart auto analyser (under development) based on machine learning procedures aiming identification of patterns and cluster in data and definition of normal behaviour, so helping identification of divergences;

Commercial services SPARKS Stakeholder Workshops: Series of workshops where members of the stakeholders group are invited in order to raise their awareness of smart grid cyber security issues as well as supporting industry members in the development of world-leading protective measures.

Members receive privileged access to projects results and can provide requirements and feedbacks related to project activities.

Demonstration activities
Scope Evaluation and Demonstration of the scientific and technological outcomes of the project in realistic scenarios (ongoing).

Smart grid test bed facilities include the AIT SmartEST Lab, the NIMBUS micro grid and the large-scale distribution network provided by partner SWW Wunsiedel.

Main results
Adequacy to Mas2tering
Adequacy SPARKS is particularly adequate to Mas2tering since it targets cyber security issues in the MV and LV grids. The software and methodologies developed in SPARKS could be considered for the elicitation of the Mas2tering cyber security requirements.
Comments Members of the SPARK project should be included in the Mas2tering Value Driven Advisory Group.

Table 17 Securing the European Electricity Supply Against Malicious and accidental thrEats (SESAME)

Securing the European Electricity Supply Against Malicious and accidental thrEats (SESAME)
Project information
General scope of the project To develop a Decision Support System (DSS) for the protection of the European energy system against malicious and accidental/natural attacks. Attacks are both physical (directed to components) and cyber (directed to monitoring systems, control and communication architecture, and so on).

The brief scope is to keep the electricity supply safe. In order to do this SESAME develops a prototype software package and a comprehensive regulatory framework for the security of electricity system in Europe.

Cyber security objectives The following objectives related to cyber security are targeted.

Concerning the decision making support tool:

–        Identify vulnerabilities of the grid (including generation plants) and detect their origins;

–        Accurately estimate the impact/damage of network failures;

–        Identify measures to prevent the occurrence of outages;

–        Identify measures to accelerate the restoration of the grid (ranked based on effectiveness and cost-benefit);

–        Perform contingency analysis of transmission and distribution networks and generation facilities;

–        Detect repetitive and long-term erroneous trends in the security of energy supply.

Concerning the regulatory framework, to deal with:

–        Economics of electricity security

–        Technology and innovation policy

–        Regulatory schemes at both national and the EU level

Targeted security threats Cyber security attacks include attacks directed towards monitoring systems, control and communication architecture.
End date 31/08/2014
URL https://www.sesame-project.eu/
Cyber security components and services
Software Prototype of a Decision Support System (DSS) for the identification and prevention of attacks, including:

–        System specification

–        Physical network modelling and optimal operational decision simulator (IRS)

–        Vulnerability identification module

–        Economic losses assessment module

–        User interface and system integration

–        Web-based applications

Other results Security of Electricity Supply (SES) indicators in Europe
Demonstration activities
Scope Implementation of the DSS to two regional electricity grid in Austria and Romania
Main results Initial feedback from involved stakeholders; authorities perspective in Austria and TSO perspective in Romania
Adequacy to Mas2tering
Adequacy Partially adequate to Mas2tering, since it mainly targets the transmission grid (TSO) and the generation plants.

Table 18 A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (AFTER)

A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (AFTER)
Project information
General scope of the project AFTER targets the issues related to vulnerability evaluation and contingency planning of the energy grids and generation plants. In particular AFTER aims at enhancing the TSO’s capabilities in creating, monitoring and managing secure interconnected electrical power system infrastructures.
Cyber security objectives The following objectives related to cyber security are targeted:

–        Identify boundaries of the integrated power and ICT systems, identify and classify hazards, threats and system vulnerabilities and define indicators for selected vulnerabilities;

–        Develop methodologies to cope with threads and vulnerabilities (including risk estimation and assessment, algorithms for defence plans, algorithms for restoration plans;

–        Develop tools and techniques to cope with threads and vulnerabilities (including prototypes tools for risk assessment, defence and restoration);

–        Develop concepts and techniques for physical and cyber security (including sensing, monitoring and software agent technologies for security, monitoring and early warning).

Targeted security threats AFTER targets in particular cascading events, consisting of vulnerable patterns which require delicate control systems. These control systems need to be protected against malicious attacks
End date 31/12/2014
URL http://www.after-project.eu/Layout/after/
Cyber security components and services
Software –        Global risk assessment tool (available online). This is able to elaborate probabilistic models for threats, component vulnerabilities and failures for TSOs.

–        Physical security support tool, devoted to detect and provide early warning of physical intrusion into energy system facilities including power plants and substation. The system is based on advanced algorithms to manage cameras.

–        Decision support tool for restoration, finalised at minimising the system restoration time after a failure and build new restoration strategies

Adequacy to Mas2tering
Adequacy Only partially adequate to Mas2tering. AFTER targets more physical than cyber security issues and also targets TSOs and transmission system. However some of the methodologies developed for risk assessments and early warning systems could be used and adapted to the scope of Mas2tering.

Table 19 SCISSOR – Security in Trusted SCADA and Smart Grids

SCISSOR – Security in Trusted SCADA and Smart Grids
Project information
General scope of the project SCISSOR’s general scope deals with the design of a new generation SCADA security monitoring framework, as those systems have been recognised as the weakest components of smart grids.
Cyber security objectives –         Development of tools for monitoring of traffic probes  including programmable traffic analysis, provision of new pervasive sensing technologies, system and software integrity verification, automatic detection and object classification using smart cameras;

–          Control and coordination of probes and sensors enforcing cryptographic protection by means of certificate-less identity/attribute-based encryption scheme.

Targeted security threats Cyber-attacks to SCADA systems based on commercial common low cost equipment such as Windows and Linux based industrial PCs or servers, commercial switches and embedded systems, and relying on the same Standard Internet Protocols ( TCP/IP, HTTP, FTP, UDP, etc.).
End date 31/12/2017
URL http://scissor-project.com/
Cyber security components and services
Software SCISSOR HMI, a user friendly human machine interface presenting to the human end user a real time view of SCADA system behaviour.
Adequacy to Mas2tering
Adequacy Partially adequate to Mas2tering. Although still at the beginning and targeting SCADA systems, SCISSOR shows many potential interaction with the Mas2tering solution
Comments To be evaluated again once the initial results of SCISSOR will be available.

Table 20 SEGRID – Security for Smart Electricity GRIDs

SEGRID – Security for Smart Electricity GRIDs
Project information
General scope of the project The main scope of SEGRID is the enhancement of smart grids protection against cyber-attacks. In order to do this SEGRID uses a risk management approach and a number of uses cases, these allowing definition of requirement for security, gaps identification for current technologies used for smart grid security and related standards and regulation frameworks. Novel security measures for smart grids will be developed and tested as main output of the project.
Cyber security objectives SEGRID project focuses on the following cyber security objective:

–        Identification of threats and pathways for future potential cyber-attacks related to the identified use cases (SEGRID use cases);

–        Gap analysis between the security requirements of SEGRID use cases and currently available solutions to cyber security issues;

–        Development of new security measures and methods for privacy, communication and security of systems included into smart grids;

–        Test of the proposed solutions in a realistic environment (SITE – Security Integration Test Environment);

–        Evaluation and improvement of currently available risk management methodologies in order to make them capable to identify and assess the risk factors that will be keys to the future smart grids of 2020 using a “gradually evolving system” approach.

Targeted security threats No specific security threat is yet targeted by the project, instead it focuses on security and privacy of the smart grid as a whole, that is intended as a “system of systems”, in the following use cases:

1)     Smart meter used for on-line reading of consumption and technical data;

2)     Load balancing renewable energy centrally;

3)     Dynamic power management for smart homes, smart offices, and electric vehicles;

4)     Load balancing renewable energy regionally (substation automation);

5)     Automatic reconfiguration of the power grid.

End date 30/09/2017
URL http://www.segrid.eu/
Cyber security components and services
Software –     Improvement of the Cyber Security Modelling Language (CySeMoL), originally developed by KHT in FP7 Viking, in order to extend its functionalities to obtain a better coverage of issues related to smart grids in general and to the SEGRID use cases in particular as well as to develop automatic generation of model from existing infrastructures;

–     Privacy-by-design toolbox, including new privacy design patterns and homomorphic encryption techniques aiming to collect less personal sensitive data without affecting the required functionalities.

Adequacy to Mas2tering
Adequacy Very adequate to Mas2tering, since it targets tools and methodologies similar to those required in Mas2tering. In particular, aspects like privacy by design and encryption are in common.

[1] http://jade.tilab.com/doc/programmersguide.pdf

[2] http://www.finesce.eu/

D4.1 Conclusion

Cybersecurity is a fast evolving area of research and development that aims to keep pace with advancing cybercrimes, intrusions, and various forms of cyber-attacks. Advancing cybersecurity for the smart grid is of particular importance in order to assure the success of rolling out of its technologies and protect the critical electricity infrastructure. A distributed multi-agent-based platform is developed in the scope of Mas2tering project, the detailed understanding of the available cybersecurity standards and technologies, and identification the gaps between existing standards and required standards are vital for the success of the project. The authors of the deliverable perform a security and privacy assessment of the three selected project use cases. The assessment helps identify areas of vulnerabilities and weaknesses that need to be addressed in the project. We then evaluate the state of the art of the security standards and technologies that are relevant to the project. In addition, we evaluate other relevant smart grid and telecommunication standards that are not security-focused from a security point of view. Based on this evaluation, we provide recommendations for improvements and justifications of choices made in the project.    

D4.1 Download Link

mas2tering_deliverable_4-1_state-of-the-art-standards-and-technologies-for-cybersecurity-of-smart-grids