Page 45 - European Energy Innovation - Summer 2017 publication
P. 45
Summer 2017 European Energy Innovation 45
COMMUNICATION
SEGRID
Partners
while providing guidance and Distribution System
enhancements for use in Smart Operators
Grids. The SRMM is supported by a
tool and by practical guidance for Manufacturers
each step of the method. The SRMM
applies a stakeholder oriented Knowledge institutes
approach which takes into account
the dependency between Smart
Grid stakeholders.
• Vulnerability threat modelling – A Universities the TLS and DTLS protocols emerge
vulnerability threat modelling tool as the de-facto solutions for secure
models a network architecture and Figure 2: SEGRID project partners communication between for
all of its components and simulates instance, SCADA units and RTUs in
how difficult it is for cyber-attacks to we have developed a SCADA system secondary substations. However,
be successful. SEGRID has proposed that is able to operate correctly the protocol suffers from a severe
enhancements to an existing tool even under intrusions. The key idea security vulnerability, which makes
called securiCAD, to make it more 2 is to replicate the SCADA system, (D)TLS servers highly exposed to
suitable for use in Smart Grids and allowing replicas to deterministically a Denial of Service (DoS) attack.
for use in operational environments, execute the same sequence of SEGRID has proposed a solution that
so that changes in a network requests (e.g., operator commands) neutralizes the DoS attack described
architecture can be instantaneously in such a way that, despite the above. The proposed solution does
fed into the model and analyzed. failure of a fraction of the replicas, not break current standards, and
the remaining ones have the same has been successfully tested on real
• Security and Privacy Architecture state and ensure correctness of the RTUs communicating over a secure
DEsign (SPADE) – The SPADE offered services. DTLS channel.
iterative process has been conceived
to design, validate and evaluate • Resilient communication This work was funded by The EC as
security and privacy architectures infrastructure – Smart Grid part of the EU FP7 SEGRID project
for Smart Grid systems. The SPADE applications are typically run in under Framework 7 agreement 607109.
process produces as final outcome equipment inside the (primary) The views expressed are purely those
a security and privacy architecture, substation and are connected to e.g. of the authors and may not in any
ready to be deployed to fulfill the the head end system. In SEGRID, circumstances be regarded as stating
identified security and privacy we have focused on improving the an official position of the EC. ●
requirements, employing Security- resilience of the communications
by-Design and Privacy-by-Design outside of the substation, as these Contact details:
approaches. are spread over large geographical
areas, and consequently are more The SEGRID project: www.segrid.eu
Based on Risk assessments that were prone to failures. We have designed Reinder Wolthuis, project
conducted, the following security and implemented a new Software coordinator
measures were developed and tested: Defined Network (SDN) based Senior project manager and
solution to manage the network, consultant cybersecurity
• Resilient SCADA system – which connects the primary Email: reinder.wolthuis@tno.nl
Supervisory Control and Data substations to the control center(s) Tel.: +31 651 913 379
Acquisition (SCADA) systems of a DSO.
form the backbone of critical
infrastructures. One of the major • Improved resource management
threats of SCADA systems is an for (D)TLS – In Smart Grid systems,
attacker that gains access to the
SCADA system, which can result in
a catastrophic scenario. In SEGRID,
www.europeanenergyinnovation.eu
