Cybersecurity: Plugging smart grid weaknesses

Jun 05, 2013
Cybersecurity: Plugging smart grid weaknesses
New protocols are needed in the smart grid security framework to protect the privacy of individuals charging electric vehicles. Credit: iStockphoto/Thinkstock

Power companies are increasingly upgrading to smart grids—national or state-based intelligent computer systems that collect information from consumers and suppliers in order to automatically improve the grid's efficiency and reliability. The National Institute of Standards and Technology in the United States has produced a set of cybersecurity guidelines, called NISTIR 7628, for smart grid programmers across the globe. However, Aldar Chan and Jianying Zhou at the A*STAR Institute for Infocomm Research in Singapore point out that, although the guidelines are comprehensive, they lack standardized instructions for scenarios that may arise with new technologies such as electric vehicles. Chan and Zhou have also identified two key weaknesses within NISTIR 7628.

When people plug in and charge , the bridge the '' and the real world. "If there is no binding of identities between the cyber and physical domains, how can we be sure the information provided by the smart grid accurately reflects what is happening in the real world?" asks Chan. "We have little knowledge about cross-domain vulnerabilities, not to mention security mechanisms to withstand coordinated cyber–physical attacks."

Chan and Zhou examined the NISTIR 7628 framework using the scenario of a person charging an electric vehicle on a grid. This framework is designed to provide a very because as well as requiring a user login to pay for electricity, the car itself also needs device authentication when plugged in. In this way, a car reported as stolen would be barred from charging. Nevertheless, there may be ways of altering plug-in systems that would allow stolen vehicles to charge.

"NISTIR 7628 seems to separate cybersecurity from physical security without proper guidelines on how the two should be blended under this scenario," explains Chan. "These gaps could mean the system is open to a coordinated cyber–physical attack."

Chan and Zhou also examined the data that the smart grid system would hold. These include personal and banking details, and the physical location of the vehicle and how long it had been there—the perfect combination for criminals to exploit.

"NISTIR 7628 takes a utility company-centric perspective here," explains Chan. "Although there is caution about consumer privacy issues involving smart meters, little attention is paid to driver privacy."

Chan and Zhou are keen to improve the NISTIR 7628 framework: "We are developing a cyber–physical authentication protocol to strengthen login security, and a protocol to balance accountability and privacy regarding the location data the smart grid can hold on individuals."

Explore further: Study: Social media users shy away from opinions

More information: Chan, A. and Zhou, J. On smart grid cybersecurity standardization: Issues of designing with NISTIR 7628. IEEE Communications Magazine 51, 58–65 (2013). ieeexplore.ieee.org/xpl/articl… jsp?arnumber=6400439

add to favorites email to friend print save as pdf

Related Stories

Florida electric utility completes smartgrid installations

May 05, 2013

(Phys.org) —Florida Power & Lighting has completed its $800 million smart grid upgrade, with installations of 4.5 million smart meters. Smart meters are digital devices that use radio frequencies to communicate ...

NIST releases final Smart Grid 'Framework 2.0' document

Feb 29, 2012

An updated roadmap for the Smart Grid is now available from the National Institute of Standards and Technology (NIST), which recently finished reviewing and incorporating public comments into the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0. ...

NIST releases update to smart grid framework

Oct 26, 2011

An expanded list of standards, new cybersecurity guidance and product testing proposals are among the new elements in an updated roadmap for Smart Grid interoperability released today for public comment by the National Institute ...

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0