Utilities and the Smart Grid
The United States Department of Energy defines the smart grid as a “class of technology which brings utility electricity delivery systems into the 21st century”. This 21st century technology requires 21st century security to protect its vast networking systems.
Any incapacitation to the energy system could have a crippling effect on a nation’s security, economy, and on the health and safety of its citizens. As with any computer-based remote control and automation technology, the threat of criminals gaining access to critical data is very real.
- One software hack can prevent load distribution of energy, causing rolling blackouts
- Hacktivists can shut down cooling/heating systems, threatening public health and safety
- Criminals can steal energy for commercial or personal use, by manipulating or tampering with smart meters
Strong encryption and authentication mechanisms help protect against these threats.
Public Key Infrastructure (PKI) and Certificate Authority
PKI is a technology involving asymmetric encryption, in which certificates comprised of public and private keys are used for both the encryption and decryption of information. A strong PKI enables the mutual authentication of field devices with the home site, meaning that these devices will only communicate with each other once they are verified by a parent source.
A direct implementation of this technology is with secure Over-the-Air (OTA) software updates, providing a cost-efficient solution to deploy updates across a wide network. Object signing, with a centralized certificate authority, ensures the authorized transmission of data between two endpoints, in this case, the manufacturer sending out updates and field devices. Any device, software, code, or piece of data that attempts to infiltrate the networked system would be rejected. The meter, pole-top device, or network couldn’t accept any changes because it would not be from the a trusted source.
Authentic Metering and Billing
In unprotected smart grid systems, criminals can siphon energy from one location to another with relative ease. Encryption technology protects the authenticity of usage numbers produced. Likewise, advanced monitoring and alerting capabilities from Futurex devices alert system administrators about infrastructure health, including SMS, SMTP, SMNP, and syslog.
Many customer devices are subject to the weather and natural/man-made disasters. Futurex embedded cryptographic technology, in the form of the ESM1000. The Futurex Hardened Enterprise Security Platform has inherent disaster recovery engineered in the physical hardware. Utility provides can add additional disaster recovery and high availability with centralized management by utilizing the Guardian9000 for high availability, secure backups, centralized configuration, and load balancing.
Multifactor authentication ensures device access is unique to the individual. There are three methods of identifying a user:
- Something users know, such as a password or code
- Something users have, such as a badge or smart card
- Something users are, such as a fingerprint or retina signature
For example, a user may be required to enter a password and present a smart card. If another employee finds the card, but does not know the password, they cannot gain access. Similarly, if one user knows another user's password, the information becomes useless because the fingerprint scanner cannot be bypassed. In some cases, all three methods can be required.
Current smart meter deployments use generalized passwords that are often shared between personnel and users. This means that access to meters, networks, pole-top devices, and the like, are subject to external threats. Multifactor authentication significantly improves the accuracy of access logs and manages interactions with individual users.
Hardened Enterprise Security Platform Solutions
Integrate small form-factor encryption devices directly into a variety of environments for on-site data security
- Supports all common key types and protocols
- Optional external self-contained enclosure
- Optimized size, weight, power, and cooling characteristics
- Supports mutual authentication under a trusted root certificate
Encrypt, manage, and store high volumes of your sensitive data in Futurex’s best-in-class attached storage solution
- Support for multiple separate databases within a single SAS9000 unit
- Adjustable, customizable role-based separation of duties
- Automatic hard drive replication and advanced hardware redundancy features
- Ten hot-swappable storage bays
Hardened, enterprise-class key and certificate lifecycle management solutions
- Full symmetric and asymmetric key and certificate management
- Robust, versatile API for programmatic automation of repetitive tasks
- Easy, convenient generation of certificate trees
- Permission-based user management system with dual control
- Customized monitoring and alerting