At the beginning of February, the NIST released a draft of the Smart Grid Security Strategy and Requirements document in development. This product is aimed at defining the approach and trade-offs between flexibility, energy efficiency, and security in modern electrical grids. This is a high level committee approach and collaboration between the Department of Energy (DOE), the Department of Homeland Security (DHS), the Federal Energy Regulatory Commission (FERC), and the National Institute of Standards (NIST). Authorship and participation has included Government and Industry.
An industry opinion on this document is offered at the Smart Grid Security blog.
The document is extremely high level, and is not prescriptive about the technology to be used to secure the energy grid. However, it sets the table for discussion of solutions. Specifically, it prescribes:
- ‘Defense-in-Depth’ — Layered approaches to security, just like in DoD Anti-Tamper systems
- Threat categories to include ‘Deliberate Man-Made Threats’, specifically political and economic attacks from without the network, as well as disgruntled employees with physical access to systems
- An entire chapter is devoted to protecting privacy or otherwise sensitive information on the grid
- The document notes that ‘physical security’ will be addressed in next versions
Even more important, however, is the chapter on ‘R&D Themes for the Smart Grid’. There are five categories recommended, the first being DEVICE level research.
The section on device-level research (Section 6.2) recommends very highly for increased R&D into anti-tamper and intrusion detection technology at the device level. Excerpted below:
6.2.1 Cost Effective Tamper Resistant Device Architectures
Improve Cost Effective Higher Tamper Resistant and Survivable Device Architectures
As IEDs play more critical roles in the Smart Grid, one needs to ensure that the devices are not easily attacked by firmware updates, commandeered by a spoofed remote device, or swapped out by a rogue device.
At the same time, because of the unique nature and scale of these devices, protection measures need to be cost effective (deployment and use) and mass producible. There are some initial forms of these technologies in the field but there is a growing belief that they need to be further improved as security researchers have already demonstrated penetrations of these devices, even with some reasonable protections. Further, it is important to assume devices will become penetrated and there must be a method for their containment and secure recovery using remote means. This is of great importance to maintain the reliability and overall survivability of the Smart Grid. Please see Chapter Three for a discussion of defense-in-depth on a systems basis that would begin to address these issues.
Research is needed in devising scalable, cost-effective device architectures that can form a robust hardware and software basis for overall systems level survivability and resiliency that:
Are highly tamper resistant and evident, and can provide for secure remote recovery
Improve security of firmware/software upgrades
Without these R&D advances, local attacks can become distributed/cascading large scale attack campaigns.
As the NIST document implies, some of these technologies do exist, such as the Acalis secure processor. However, the technology needs to become more cost-effective and mass producible.
This is precisely the path CPU Tech is taking with the Acalis secure processor, in an attempt to bring military-level Anti-Tamper protection to a wider critical infrastructure market in the future.