Page 45 - European Energy Innovation - Summer 2017 publication
P. 45

Summer 2017 European Energy Innovation  45




while providing guidance and                 Distribution System
enhancements for use in Smart                Operators
Grids. The SRMM is supported by a
tool and by practical guidance for           Manufacturers
each step of the method. The SRMM
applies a stakeholder oriented               Knowledge institutes
approach which takes into account
the dependency between Smart
Grid stakeholders.

• Vulnerability threat modelling – A          Universities                                   the TLS and DTLS protocols emerge
    vulnerability threat modelling tool                                                      as the de-facto solutions for secure
    models a network architecture and        Figure 2: SEGRID project partners               communication between for
    all of its components and simulates                                                      instance, SCADA units and RTUs in
    how difficult it is for cyber-attacks to      we have developed a SCADA system            secondary substations. However,
    be successful. SEGRID has proposed           that is able to operate correctly           the protocol suffers from a severe
    enhancements to an existing tool             even under intrusions. The key idea         security vulnerability, which makes
    called securiCAD, to make it more 2          is to replicate the SCADA system,           (D)TLS servers highly exposed to
    suitable for use in Smart Grids and          allowing replicas to deterministically      a Denial of Service (DoS) attack.
    for use in operational environments,         execute the same sequence of                SEGRID has proposed a solution that
    so that changes in a network                 requests (e.g., operator commands)          neutralizes the DoS attack described
    architecture can be instantaneously          in such a way that, despite the             above. The proposed solution does
    fed into the model and analyzed.             failure of a fraction of the replicas,      not break current standards, and
                                                 the remaining ones have the same            has been successfully tested on real
• Security and Privacy Architecture              state and ensure correctness of the         RTUs communicating over a secure
    DEsign (SPADE) – The SPADE                   offered services.                           DTLS channel.
    iterative process has been conceived
    to design, validate and evaluate         • Resilient communication                   This work was funded by The EC as
    security and privacy architectures           infrastructure – Smart Grid             part of the EU FP7 SEGRID project
    for Smart Grid systems. The SPADE            applications are typically run in       under Framework 7 agreement 607109.
    process produces as final outcome             equipment inside the (primary)          The views expressed are purely those
    a security and privacy architecture,         substation and are connected to e.g.    of the authors and may not in any
    ready to be deployed to fulfill the           the head end system. In SEGRID,         circumstances be regarded as stating
    identified security and privacy               we have focused on improving the        an official position of the EC. ●
    requirements, employing Security-            resilience of the communications
    by-Design and Privacy-by-Design              outside of the substation, as these       Contact details:
    approaches.                                  are spread over large geographical
                                                 areas, and consequently are more          The SEGRID project:
Based on Risk assessments that were              prone to failures. We have designed       Reinder Wolthuis, project
conducted, the following security                and implemented a new Software            coordinator
measures were developed and tested:              Defined Network (SDN) based                Senior project manager and
                                                 solution to manage the network,           consultant cybersecurity
• Resilient SCADA system –                       which connects the primary                Email:
    Supervisory Control and Data                 substations to the control center(s)      Tel.: +31 651 913 379
    Acquisition (SCADA) systems                  of a DSO.
    form the backbone of critical
    infrastructures. One of the major        • Improved resource management
    threats of SCADA systems is an               for (D)TLS – In Smart Grid systems,
    attacker that gains access to the
    SCADA system, which can result in
    a catastrophic scenario. In SEGRID,
   40   41   42   43   44   45   46   47   48   49   50