Ensuring a Secure and Resilient Smart Grid:

Cyber-Attacks and Countermeasures

Charalambos Konstantinou
Electrical and Computer Engineering
NYU Polytechnic School of Engineering
E–mail: ckonstantinou@nyu.edu

Abstract—Over the past years, advanced Smart Grid tech- TCP/IP connections, for higher speeds and for minimizing
nologies are deployed in order to enhance grid efficiency and the cost, although they are vulnerable to various attacks [4]
resiliency. Their increased dependency on cyber-resources [5] [6], e.g. TCP SYN and IP spoofing. Modern processor-
arXiv:1502.00237v1 [cs.CR] 1 Feb 2015

however, has an immediate impact to the exposure of grid based power grid devices may be infected with malware
devices to potential vulnerabilities. This paper surveys the
prior their placement and installation into the system.
latest on Smart Grid security. Specifically, it focuses on the
deep understanding of the risk in terms of threats, vul-
Therefore, research community should move towards to
nerabilities and consequences that arise from cyber-attacks. the development of new solutions based on the new devel-
Further, it explores relevant published literature for defense oped Smart Grid architecture and considering the potential
and mitigation techniques against Smart Grid attacks. cyber-security threats.
The ultimate aim of Smart Grid is to enhance reliability,
I. I NTRODUCTION efficiency and security. The latter must be examined care-
The most critical infrastructure domain today is the elec- fully since malicious threats and consequently cyber-attacks
tric power grid since its reliable operation is correlated with in electric power systems are increasing. Cyber-security
the proper functioning of all the other critical infrastructure efforts focus on attack prevention and defense strategies,
sectors. During the last years, Information and Commu- while the first step to deploy protection mechanisms is
nication Technologies (ICT) modernize the current grid the understanding and detection of security breaches within
by establishing dynamic and interactive communication the network. The objective of this paper is to provide an
between the power equipment. However, the inadequate overview of the threat surface of Smart Grid, examine
level of security measures prior the implementation of those cyber-security risks and attacks and finally review proposed
technologies led to a greater threat landscape. It has shown security solutions to thwart those attacks.
[1] that non-compliance with the highest levels of security The rest of the paper is organized as follows. Section II
within the grid may result to a variety of severe effects examines the network architecture of power grid and identi-
that may have an impact on data integrity and even cause fies the differences between the Industrial Control System’s
degradation of systems’ availability. (ICS) security concerns and the Information Technology
The transition of power grid from a centralized, producer- (IT) environment; this Section also provides information
controlled network to a decentralized, consumer-interactive on attack methodologies against the energy sector based
network is already under-way. Power systems are becoming on real cyber-security incidents. Section III presents related
increasingly dependent on modern devices and computer work on existing proposed security solutions for the Smart
communication. Hence, new security and privacy chal- Grid infrastructure and discuss some of the constraints
lenges arise since the potential risks are growing. Network that may exist for each methodology. Finally, Section IV
connections increase potential cascade failure, the growing concludes the paper and indicates guidelines for future
number of interconnections results in the creation of new work.
paths to undermine systems, the large number of smart
II. T HREAT L ANDSCAPE OF S MART G RID
nodes multiply the entry points for Denial of Service
(DoS) attacks and in general the complexity of the new A. Network Architecture of Smart Grid
formed system increases errors and potential attackers. The network structure of electric power grid indicates
For example, many communication protocols in Energy that it is a highly complex physical system. For instance,
Management Systems (EMSs) and Supervisory Control statistics [7] in 2010 showed that there are more than 130
And Data Acquisition (SCADA) systems were not designed million customers, over 2000 power distribution substations
for critical-security environments, thus several attacks are and about 5600 distributed energy centres and all over
possible [2] [3]. Firewalls mainly do not detect intrusions the US. The conceptual model of Smart Grid network,
through insider connections or trusted parties. Monitor- presented in Fig. 1, illustrates that Smart Grid consists
ing and communication devices usually use Ethernet and of seven logical domains: Bulk Generation, Transmission,

1
 nents in real time without security and reliability failures.
Nevertheless, evidently Smart Grid devices being in use
today such as relays and data concentrators are based on
microprocessor architectures and therefore are perceptive
to attacks whose roots arise from traditional attacks against
the cyber-infrastructure.
B. Growing Threats
The development of Smart Grid in terms of better control
and higher reliability requires the establishment of security
mechanisms in order to support the new sophisticated
features. In the past, several real world examples have
shown that the power grid as an ICS is exposed to various
threats that can lead to severe consequences.
Fig. 1. Conceptual Reference Diagram for Smart Grid Information In April 2001, hackers installed a rootkit into the network
Networks [12]. of California Independent System Operator (Cal-ISO).
Distribution, Customer, Markets, Service Provider and Op- While the attacks were on going, rolling blackouts swept
erations. The first four domains can generate, store and the state affecting over 400,000 utility customers [15]. In
deliver electricity in a two-way communication technology. January 2003, Slammer worm exploiting a buffer overflow
The rest domains essentially manage the power flow and vulnerability on Microsoft’s SQL Servers, overload net-
provide necessary information or services to power utilities. works and disabled data servers. Thereafter, the monitoring
A key component of Smart Grid’s network is the SCADA system of Ohio’s Davis-Besse nuclear power plant was
system. SCADA technologies are responsible for monitor- offline for five hours [16]. In January 2008, CIA claimed
ing and control the vital functions of generation, trans- that a cyber-attack had caused a multi-city power outage
mission and distribution domains. SCADA systems consist at an unspecified location outside the U.S [17]. Operation
of four basic components [8]: field interface devices (e.g. Night Dragon, uncovered in 2010, was targeting oil, gas
Programmable Logic Controllers (PLCs), Remote Terminal and energy companies using common hacking tools in
Units (RTUs)), a communication system (e.g. radio, cable, order to find project details and financial information about
satellite), a central Master Terminal Unit (MTU), and oil-gas exploration and bids [18]. The Stuxnet incident
Human Machine Interface (HMI) systems or software. (discovered in 2010) and its relatives Duqu, Flame and
Smart Grid is a combination of the power grid and Gauss are some of the most talked-about cases of targeted
communication networks, thus communication protocols attacks [19]. While the Duqu, Flame and Gauss focused
and standards consist another primary part of the grid’s ar- on traditional espionage scopes, Stuxnet [20] presented a
chitecture. The most common protocols for communication foundational shift in malware with its ability to usurp the
in the grid are IEC60870-5 and DNP3 [8]. The former one operation of an ICS by manipulating PLCs using four zero-
is mostly used in Europe for the communication between day vulnerabilities and spreading through injected portable
RTUs and MTU in SCADA systems [9] [10]. In Asia and media drives.
North America the most prevalent used protocol is DNP3 As cyber-security concerns have grown, the identification
which is currently being replacing by IEC 61850 since it of vulnerabilities that exist within ICS architectures and
supports more enhanced capabilities including a peer-to- more precisely within the platforms supporting the electric
peer communication mode for field devices [11]. grid should be examined thoroughly. Analysis performed
The Smart Grid phenomenon is like an ”Internet of watts” by the National Institute of Standards and Technology
[13] because of the similarities between the Smart Grid (NIST) [14] determined vulnerabilities that may be found in
network (as an ICS) and the Internet (as the main element typical ICSs, and proposed guidelines for addressing these
of an IT environment) in terms of hierarchical structure issues. Particularly, policy and procedure vulnerabilities
and complexity. However, there are fundamental differ- must be examined thoroughly based on the established
ences between these two systems in many features [14]. guidelines and management systems. Network and platform
For example, performance and reliability requirements are vulnerabilities can be mitigated through various security
different between them. Furthermore, different risks and controls such as OS and application patching, security
priorities must be assigned in each system; the prioritization software, encrypted network communications etc. However,
of security attributes in the ICS environment compared trying to enumerate all possible threats and vulnerabilities
to IT systems is reversed. Availability and integrity are in the Smart Grid is not practical taking into account
primary concerns, while confidentiality is pushed aside the system’s complexity and the fact that new types of
to ensure easy and fast dataflow between critical compo- attacks are based on zero-day exploits. In addition, even
vulnerabilities are well known, the problem is escalating.

2
 Malicious Insider: An authorized employee or in general
a legitimate user can access privileged system’s resources
to perform malicious actions. Insider’s knowledge of the
defense mechanisms allow him to easily circumvent pro-
tection settings and deploy a powerful attack [32].
Portable Media: Most devices used in Smart Grid infras-
tructure are not directly connected to untrusted networks
(e.g. Internet). Nonetheless, media or devices can be in-
filtrated inside the trusted perimeter by personnel causing
malware transferring into the system (e.g. Stuxnet [20]).
Supply Chain: Backdoors or malicious codes can be
installed into devices prior the shipment to the target
location. That may provide access to unauthorized users
Fig. 2. Cyber-incidents reported to ICS-CERT from October 2012–May [33] without having physical system access.
2013 across all critical infrastructure sectors [21].
2) Communications:
In the latest monitor report [21] of Industrial Control Vulnerabilities in Common Protocols: The existing pro-
Systems Cyber Emergency Response Team (ICS-CERT) tocols used in the Smart Grid inherit their vulnerabilities
the received notifications for incidents across all critical into the grid components. For example Modbus client-
infrastructure sectors were more than 200. As shown in server protocol was designed for low-speed serial commu-
Fig. 2, 53% of the incidents hit the energy sector and nication in process control networks. Therefore, it cannot
the majority of them involved cyber-attacker techniques; in address security issues and several attacks are possible:
other words, attacks are determined as ”deliberate actions broadcast message spoofing attack, baseline response re-
which alter, disrupt, degrade or destroy computer systems play attack, response delay attack etc. [34]. Furthermore,
or networks or the information and/or programs resident widely adopted IP-based protocols (e.g. IEC 61850 [11]
in or transiting these systems or networks” [22]. uses TCP/IP as a part of its protocol stacks) have vulner-
abilities that may result in DoS attacks [4] [5] [6].
C. Attacks Classification and Methodologies Firewalls: Firewalls consist an essential part of the net-
This section makes an introduction to malicious attacks work perimeter, hence their poor configuration settings can
which could induce catastrophic damage to the Smart Grid. be detected and leveraged by attackers as entry points into
After reviewing NIST guidelines [1] and existing research the system; and therefore led them to inject large number
on cyber-security, pertinent issues are categorized into two of packets into the network that may cause congestion and
major groups, attacks that could compromise systems and limits to the network’s availability [35].
devices and attacks that could impact the communication False Data Injection: An adversary can attack the Smart
of the Smart Grid. Grid by attacking the EMS via faking meter data (replay
1) Systems and Devices: attack) and misleading EMS by the state estimator to
Software Vulnerabilities: Buffer overflows, integer over- make bad decisions [36]. Also, if an attacker has already
flows, and Structured Query Language (SQL) injection compromised one device he can take advantage of the
can provide an attacker with the ability to disrupt the configuration of a power system to launch attacks by
normal operation of devices such as PLCs, RTUs and injecting false data to the monitoring center [37] causing a
IEDs [23] [24]. In addition, many control systems are huge financial impact on electricity markets [38].
running firmware and operating systems with published Identity Spoofing: Identity spoofing attacks allow at-
vulnerabilities making them open for attacks [25] [26]. tackers to impersonate an authorized user [27] and hence
Malware: An attacker can develop malicious software spoofed messages into the network appear as they originate
[27] and spread it on target systems. Specifically, malware from a trusted system. For example, if the attacker can
can be used to replace or add any function to a device or manipulate some network address (e.g. Address Resolution
system (e.g. smart meters [28], PLCs [20]). For example, Protocol (ARP)) [39] or routing mechanisms Man in the
it can inject malicious control communication programs Middle (MitM) attacks can be launched to the network.
[29], send sensitive information and manage the control MitM attacks due to possible routing layer vulnerabilities
operation of devices. such as weak authentication protocols or poor integrity
Authentication: NIST requirements [1] recommend that checking [40] in firmware may eventually enable DoS
each device has a unique key and credentials so that, if attacks [1].
one is attacked, others will not be affected. However, many Virtual Private Network (VPN): VPNs create secure
devices lack of authentication support, hence unauthorized encrypted connections (tunnels) to make sure of secure and
users could gain access and manipulate system settings and confidential data transmission between a client device and
operations [30], [31]. a server device. However, VPN only secures the tunnel and

3
 TABLE I networks consist of four fields: one header and three data
TAXONOMY OF BASIC CYBER - ATTACKS IN S MART G RID fields (16 bytes). The header contains the destination IP
address and all other nodes except the recipient cannot read
Device attack: Compromise the control of a grid device. Usually
the first step of a sophisticated attack.
the data payload and will simply discard it. To indicate
whether a message is encrypted or not, the header adds an
Data attack: Insert, modify or delete data in the network traffic
in order to mislead Smart Grid’s decision systems. extra AES status flag; thus this message may be transmitted
Privacy attack: Learn or infer users private information by through other networks. Experiment results indicate that
analyzing electricity usage data. the data transmission is secure assuming there are no
Network availability attack: Delay or cause failure of commu- eavesdroppers on the Ethernet network.
nications due to alterations on computational and communication Specification-based Intrusion Detection System (IDS):
resources of Smart Grid.
Berthier et al. [46] after studying the threat models and
not the client or the server. If the VPN is not integrated into constraints of Advanced Metering Infrastructure (AMI),
a suitable firewall then an attacker could hijack the VPN they analyze the requirements for host intrusion detection
connection [41]. design. Based on a literature survey they propose that the
Eavesdropping: Monitoring network traffic gives the best IDS solution for AMI is a specification-based detection
opportunity to attackers to gather, examine and thus deduce technique which identifies deviations from a correct behav-
information from communication patterns, compromising ior profile using logical specification. A machine learning
the confidentiality of communications in the Smart Grid. algorithm is shown in [47] which classifies fixed-length
A typical example is to sniff IP packets on the Local Area patterns generated via sliding window techniques [48] to
Network (LAN) or intercepting wireless transmissions on infer the classification of variable-length patterns from the
the Home Area Network (HAN) [42]. aggregation of the machine learning based classification
Access through Database Links: Databases used in ICS results.
are often connected to computers or databases with web- IDS via Attestation: A propitious new approach to
enabled applications located on the business network. Gain- provide remote code verification is a technology called
ing access to the database on the business network allows attestation. Code attestation enables an external entity to
attackers to exploit the communication channel between the inquire the software that is executing on a system in a way
two networks and hence bypass the security mechanisms that prevents malware from hiding. Since attestation reveals
used to protect the control systems environment [43]. a signature of executing code, even unknown software will
The aforementioned cyber-attacks can be classified into alter that signature and thus can be detected. LeMay et
four broad categories based on their security objectives and al. have studied hardware-based approaches for attestation
consequences at the time of their deployment, as presented [49] [50]. Software-based attestation is an approach that
in Table I [44]. does not rely on specialized hardware, but makes some as-
sumptions that the verifier can uniquely communicate with
III. S ECURITY C OUNTERMEASURES the device under verification [51]. Shah et al. demonstrate
To maintain the reliability and stability of the Smart the feasibility of this concept on SCADA devices [52].
Grid as a system, cyber-security protection technologies are Authentication: Fouda et al. [53] propose a lightweight
necessary for defending against adversary actions. Since two-step mutual authentication protocol by combining the
threats are constantly evolving, protection demands ad- public key encryption scheme [54] and Diffie-Hellman key
vanced cyber-security mechanisms. Thus, the development agreement scheme [55]. Based on the proposed protocol
of a secure Smart Grid should encounter the following forward secrecy is guaranteed since each session requires
fundamental security techniques for defending the above random numbers which are deleted after the generation of
mentioned cyber-attacks: the session key. Since field devices in the Smart Grid often
have limited storage space, the authors in [56] addressed
A. Devices the authentication issue from a storage load minimization
Malware Protection: In previous research [45] a method perspective. According to their findings, the proposed one-
for firmware diversity is presented, capable of significantly time signature scheme reduces the signature size by 40%
slowing a large-scale compromise of smart meters. It and the storage load on receiver by a factor of 8. Both
proposes a form of return address encryption to protect authentication schemes [53] [56] adopt public key cryp-
addresses on the stack that can be implemented via binary tography without specifying how public keys are managed.
rewriting. Smart Meter Data Privacy: Kalogridis and Efthymiou
Communication: Zhang et al. [31] proposed a 256-bit [57] [58] propose a method that transforms customer’s
Advanced Encryption Standard (AES) as a security solution electrical energy signature to hide behavioral patterns. In
for the traffic between two Smart Grid devices in Ethernet Smart Grid metering there are two types of data: low-
networks. In their design, all data packets in Ethernet frequency data (periodic power use summary–cannot cause

4
privacy leakage) and high frequency data (detailed power substation networks. Using a cross-layer approach they aim
usage patterns related to users private lives). The idea is to secure substation’s inter-communications based on IPsec
to assign each smart meter two IDentification signatures, multicast. Algorithms were also developed to detect four
one for Low-Frequency data transmission (LFID) and the classified multicast configuration anomalies.
other for High-Frequency data transmission (HFID). The Other protocols should also be taken into account for se-
authors focus on the initial device registration process when cure communications. IEC 62351 for example, is a support
a smart meter joins the grid. Using two separate steps, the standard for IEC 61850 related to security and technical
smart meter first informs the utility about its LFID and the requirements of vendors. Fries et al [11] indicate that IEC
LFID public key, which in turn passes them to the proper 62351 should be updated due to issues related with demand
community gateway. At the second step, the smart meter response and customer participation in the grid.
sends its HFID and HFID public key to a trusted third Authentication requirements are also important for the
party (escrow), and the escrow forwards them to the control design or the upgrade of communications protocols used in
center. Since the utility is not involved in the second step, the power grid system. Wang et al. [64] propose an efficient
the HFID remains unknown. multicast authentication scheme named ”TV-HORS” which
combines one-way hash chains with ”TV-OTS”, a novel
B. Network
signature model – Time Valid One Time Signature – in
Smart Meters Communication: Li et al. [59] propose order to avoid frequent public key distribution. The scheme
a data aggregation protocol that can be used to aggregate according to their results minimizes the computational cost,
Smart Meter communications to a gateway. The protocol it has low communication overhead, and it is robust to
uses a spanning tree rooted at the gateway device, and malicious attacks. Those requirements are also the base for
performs aggregation at each node by combining child the proposed authentication scheme ”DREAM” [65].
node packets and sending the resulting packet to its parent.
Communication Channel Capacity: Li et al. [66] work
This protocol uses homomorphic encryption to protect
towards the determination of communication channel ca-
the privacy of the data. Also, Bartoli et al. [60] analyze
pacity that is needed to guarantee security. The used
the trade-off between security and efficiency and design
model which can be applied to a simplified dynamic Smart
two algorithms for per-hop and end-to-end communication
Grid model, considers a single receiver and sender, and
protocol respectively. An AES-Counter with Cipher Block
it is assumed that there is an eavesdropper listening. The
Chaining-Message Authentication Code (AES-CCM) is
information from the calculation of the channel capacity
used with 128 bit shared key to encrypt the line between the
could be eventually essential for the determination of a
meter and the gateway and according to their experiment
secure network topology for the Smart Grid.
results ensures that their protocol is reliable and energy
efficient. IDS Modules: Zhang et al. [67] propose a hierarchical
Topology Design: A network topology represents the IDS framework, where an IDS module is installed distribut-
connectivity structure among nodes, which can have an edly along the network hierarchy. Particularly, on SCADA
impact on the robustness against attacks. Lee et al. [61] control centers in the top layer, on community gateways
examine the resiliency of Internet topologies under attack- in the middle layer and on smart meters in the bottom
ing strategies, with various metrics including ”path-failure layer. Each module has two components: a recorder (for
ratio” and ”attack power” (ratio of the failure to attack). logging and accuracy evaluation) and a classifier (for at-
The idea presented can be expanded to the Smart Grid net- tack classification). According to the authors, the classifier
work topology because of the routes’ similarities which an must be trained before put in use (e.g. machine learning
attacker must follow to achieve his purpose. Experiments techniques such as Support Vector Machines (SVMs)) in
in the paper reveal that ”path-based” attacks can result in order to invoke an alarm if an attack is detected.
greater damage to the connectivity of a network than other Wired, Wireless and Sensor Networks: Networking se-
types of attacks. Thus, connecting networking nodes to be curity problems in the Smart Grid environment mostly
highly resilient under attacks can be the basis to build a focus on issues of the wired, wireless, and sensor networks.
secure communication architecture in the Smart Grid. For wired networks, Sun et al. [68] propose that Ethernet
Protocols: IEC 61850 communication standard defines Passive Optical Networks (EPON) would be a promising
data formats and interoperability technologies for commu- solution for the Smart Grid broadband access networks. For
nication in power systems [11]. IEC 61850 intends to re- wireless networks, the NIST report [1] states that schemes
place DNP3 in substation communications and additionally like 802.11i would improve the deployment of secure Smart
it is believed that can be potentially used for outside substa- Grid wireless networks. Moreover, Metke and Ekl [69]
tion communication in future power systems [62]. Zhang argue that wireless Smart Grids could be further secured
and Gunter [63] propose a prototype multicast system with existing standards like 802.16e (Mobile WiMax) and
SecureSCL (Secure Substation Configuration Language) to 3GPP LTE. For sensor networks, proposed solutions [1]
handle publish-subscribe connections in IEC 61850 power [69] [70] include that wireless mesh networks should be

5
deployed in the AMI in order to overcome bad links by TABLE II
using redundant communication paths. However, wireless S ECURITY TECHNIQUES FOR DEFENDING BASIC CYBER - ATTACKS
mesh technologies are vulnerable to several attacks such
as message modification, route injection, cross-layer traffic Devices: Malware Protection, Communication, Specification-
based IDS, IDS via Attestation, Authentication, Smart Meter
injection, etc. [1]. Existing routing protocols lack tech- Data Privacy
niques to secure the data and the paths due to their inherent Network: Smart Meters Communication, Topology Design, Pro-
distribution features [1]. Without routing security, traffic in tocols, Communication Channel Capacity, IDS Modules, Wired,
the AMI is not reliable. Bennett and Wicker [70], however, Wireless and Sensor Networks, Ethernet Switches, Firewalls and
among other recommendations, propose the solution of Gateway Controllers
establishing a dedicated path between two communication Manangement: Cryptography, Access Control
nodes to address ”black hole” attacks against the AODV
results, their design does not require a complex setup
(Ad Hoc On Demand Distance Vector) routing protocol.
procedure and is scalable in terms of small packet overhead
Ethernet Switches, Firewalls and Gateway Controllers:
(128 bytes). The proposed mechanism however, requires
The power grid has two major directional informa-
a central key-generating server to distribute a private key
tion flows: bottom-up and top-down. Therefore, Ethernet
for a certain device or a user. In general, there are some
switches, firewalls and gateway controllers are valuable
constraints regarding cryptography and key management
for cyber-security because they are the gatekeepers to sub-
[73] related to communications (different channels have
stations. The above mentioned components can contribute
dissimilar bandwidths), devices power and storage (do not
to the necessary network separation such as Demilitarized
have enough processing power and storage to perform
Zones (DMZs) but most importantly, they could perform
advanced encryption and authentication techniques), and
traffic control on information flows in Smart Grid to block
connectivity (all devices, certificate authorities, and servers,
undesired or even suspicious flows generated by malicious
must be connected at all times).
nodes [71].
Access Control: In order to limit the access only to au-
C. Management thorized personnel, Cheung et al. [74] propose a Smart Grid
Cryptography: Cryptographic approaches are becoming role-based access control (SRAC) strategy. Each regional
primary countermeasures against malicious cyber-attacks. network in this model, preserves the security policy for
Additional to the encryption and authentication procedures the inside community and residential networks and also
[31] [60] [30] [31] [53] [56] [64] [65] key manage- operates as the communication interface with users from
ment processes are also part of cryptographic methods. other regional networks according to the predefined role
Insufficient management of the key process may result constraints. For instance, users may have multiple roles, but
in possible key disclosure to adversaries and eventually conflict of interest of those roles must be prevented. The
jeopardize the purpose of secure communications in the authors suggest an XML-based security policy and based
grid. Public key Infrastructure (PKI) is a classic public key on case studies show that the proposed SRAC model is
management system which publishes the public key values effective.
used in public key cryptography. The necessity for PKI The above mentioned countermeasures against cyber-
arises from the trust assumptions behind digital signature attacks are summarized in Table II.
verification. When the scale is large (such as the power
grid infrastructure) a PKI is needed using digital signatures
to establish trust that a given public key is owned by a IV. C ONCLUSIONS
particular identity. PKI is not by itself an authentication,
authorization, auditing, privacy or integrity mechanism; it is This paper presents an overview of security related issues
an infrastructure that supports these needs and operations. It on the Smart Grid environment. It examines the architecture
does not infer trust by itself, but requires the establishment of the current grid infrastructure and present threats and
of a trust base, on which PKI can rely. That means that vulnerabilities that arise from the highly complexity of
the basis of trust must be established on a particular lever, the grid as a system. Also, it enumerates possible cyber-
e.g. business level, before it can be accepted by the PKI. attack techniques able to exploit the security breaches
Thus, PKI is a system that is used to create, storage and of the power grid infrastructure. Finally, related work on
distribute digital signatures which verify that a particular existing and future security solutions is presented. In the
key belongs to a certain entity. future, a platform profiling methodology will be developed,
A good example to deploy PKI technology into the Smart based on monitoring and controlling grid components inter-
Grid is proposed by Hayden et al. [72]. By using an nally (through hardware performance counters), externally
identity-based cryptograph (IBC) method, the authors ad- (through network profiling) and in an intermediate stage
dress the authenticity and confidentiality issues in an AMI (through the system board, JTAG, and external connec-
communication network. According to the implementation tions).

6
 R EFERENCES [23] Idaho National Laboratory, “Vulnerability Analysis of Energy
Delivery Control Systems,” 2011.
[1] National Institute of Standards and Technology. (2010) Guidelines [24] Davis, M., “SmartGrid Device Security Adventures in a
for smart grid cyber security, NIST IR-7628. http://csrc.nist.gov/ new medium ,” http://www.blackhat.com/presentations/bh-usa-09/
publications/PubsNISTIRs.html#NIST-IR-7628. MDAVIS/BHUSA09-Davis-AMI-SLIDES.pdf, 2009.
[2] P. Huitsing, R. Chandia, M. Papa, and S. Shenoi, “Attack tax- [25] D. Wei, Y. Lu, M. Jafari, P. Skare, and K. Rohde, “An integrated
onomies for the modbus protocols,” Critical Infrastructure Protec- security system of protecting smart grid against cyber attacks,” in
tion, vol. 1, pp. 37–44, 2008. Innovative Smart Grid Technologies (ISGT), 2010, 2010, pp. 1–7.
[3] S. East, J. Butts, M. Papa, and S. Shenoi, “A taxonomy of attacks [26] R. Anderson and S. Fuloria, “Who controls the off switch?” in
on the dnp3 protocol,” Critical Infrastructure Protection, vol. 3, Smart Grid Communications (SmartGridComm), 2010 First IEEE
pp. 67–81, 2009. International Conference on, 2010, pp. 96–101.
[4] C. L. Schuba, I. V. Krsul, M. G. Kuhn, E. H. Spafford, A. Sun- [27] J. Wang, Computer Network Security. Beijing: Higher Education
daram, and D. Zamboni, “Analysis of a denial of service attack on Press and New York: Springer Berlin Heidelberg, 2009.
tcp,” in IEEE Symposium on Security and Privacy, 1997. [28] D. Kundur, X. Feng, S. Liu, T. Zourntos, and K. Butler-Purry, “To-
[5] A. Yaar, A. Perrig, and D. Song, “Pi: A path identification wards a framework for cyber attack impact analysis of the electric
mechanism to defend against ddos attacks,” in IEEE Symposium smart grid,” in Smart Grid Communications (SmartGridComm),
on Security and Privacy, 2003. 2010 First IEEE International Conference on, 2010, pp. 244–249.
[6] M. J. and R. P., “A taxonomy of ddos attack and ddos defense [29] I. N. Fovino, A. Carcano, M. Masera, and A. Trombetta, “An
mechanisms,” SIGCOMM Comput. Commun. Rev., vol. 34, no. 2, experimental investigation of malware attacks on scada systems,”
pp. 39–53, 2004. International Journal of Critical Infrastructure Protection, vol. 2,
[7] U.S. Department of Energy, Office of Electricity Delivery and no. 4, pp. 139–145, 2009.
Energy Reliability, “GridWorks: Overview of the Electric Grid,” [30] Wightman, R., “Hacking and Exploiting PLCs,” 2012.
http://sites.energetics.com/gridworks/grid.html, 2010. [31] P. Zhang, O. Elkeelany, and L. McDaniel, “An implementation of
[8] National Communications System, Technical Report, “Supervisory secured smart grid ethernet communications using aes,” in IEEE
Control and Data Acquisition (SCADA) systems,” http://www. SoutheastCon 2010 (SoutheastCon), Proceedings of the, 2010, pp.
scadahacker.com/library, 2004. 394–397.
[9] S. Ward and et al., “Cyber security issues for protective relays,” [32] S. Spoonamore and R. L. Krutz, “Smart Grid and Cyber Chal-
IEEE Power Enginnering Society General Meeting, pp. 1–27, lenges,” http://www.whitehouse.gov/files/documents/cyber/.
2007. [33] M. Rogers and C. D. Ruppersberger, “Investigative Report on
[10] S. Hong and M. Lee, “Challenges and direction toward secure com- the U.S. National Security Issues Posed by Chinese Telecom-
munication in the scada system,” in 8th Annual Communication munications Companies Huawei and ZTE,” in U.S. House of
Networks and Services Research Conference, 2010, pp. 381–386. Representatives, 112th Congress, 2012.
[11] S. Fries, H. Hof, and M. Seewald, “Enhancing iec 62351 to im- [34] Y. Mo, T.-H. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig,
prove security for energy automation in smart grid environments,” and B. Sinopoli, “Cyber-physical security of a smart grid infras-
The 5th International Conference on Internet and Web Applications tructure,” Proceedings of the IEEE, vol. 100, no. 1, pp. 195–209,
and Services (ICIW 2010), pp. 135–142, 2010. 2012.
[12] National Institute of Standards and Technology, “NIST Framework [35] T. Nash, “Backdoors and holes in network perimeter,” http://ics-
and Roadmap for Smart Grid Interoperability Standards, Release cert.us-cert.gov/control systems/, 2005.
2.0, Special Publication 1108R2.” [36] O. Kosut, L. Jia, R. Thomas, and L. Tong, “Malicious data attacks
[13] Alstrom Grid and Intel and McAfee, “Smart Grid Cyber on smart grid state estimation: Attack strategies and countermea-
Security,” http://www.mcafee.com/us/resources/white-papers/wp- sures,” in Smart Grid Communications (SmartGridComm), 2010
smart-grid-cyber-security.pdf, 2013. First IEEE International Conference on, 2010, pp. 220–225.
[14] National Institute of Standards and Technology, “NIST Guide to [37] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks
Industrial Control Systems (ICS) Security, Special Publication 800- against state estimation in electric power grids,” in Proceedings
82.” of the 16th ACM Conference on Computer and Communications
[15] SANS Institute, “Can Hackers Turn Your Lights Off? The Security, ser. CCS ’09. New York, NY, USA: ACM, 2009, pp.
Vulnerability of the US Power Grid to Electronic Attack,” 21–32.
http://www.sans.org/reading-room/whitepapers/hackers/hackers- [38] L. Xie, Y. Mo, and B. Sinopoli, “False data injection attacks in
turn-lights-off-vulnerability-power-grid-electronic-attack-606. electricity markets,” in Smart Grid Communications (SmartGrid-
[16] D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, Comm), 2010 First IEEE International Conference on, 2010, pp.
and N. Weaver, “Inside the slammer worm,” IEEE Security and 226–231.
Privacy, vol. 1, no. 4, pp. 33–39, 2003. [39] U. Premaratne, J. Samarabandu, T. Sidhu, R. Beresh, and J.-
[17] A. Paller, “Cia confirms cyber attack caused multi-city power C. Tan, “An intrusion detection system for iec61850 automated
outage,” SANS Newsbites, vol. 10, no. 5, 2008. substations,” Power Delivery, IEEE Transactions on, vol. 25, no. 4,
[18] McAfee Foundstone Professional Services and McAfee pp. 2376–2383, 2010.
Labs, “Global Energy Cyberattacks: Night Dragon,” [40] DHS, “Common cyber security vulnerabilities observed in dhs
http://www.mcafee.com/us/resources/white-papers/wp-global- industrial control systems assessments,” http://ics-cert.us-cert.gov/
energy-cyberattacks-night-dragon.pdf. control systems/, 2009.
[19] B. Bencsth, G. Pk, L. Buttyn, and M. Flegyhzi, “The cousins of [41] G. Dondossola, “Smart grid cyber security, the value of risk,”
stuxnet: Duqu, flame, and gauss.” Future Internet, vol. 4, no. 4, http://www.ieee-isgt-2012.eu/wp-content/uploads/2012/08/Value-
pp. 971–1003, 2012. of-Risk Dondossola IEEE-PES-ISGT-Europe-2012.pdf, 2012.
[20] T. Chen and S. Abu-Nimeh, “Lessons from stuxnet,” Computer, [42] D. Dzung, M. Naedele, T. von Hoff, and M. Crevatin, “Security
vol. 44, no. 4, pp. 91–93, 2011. for industrial communication systems,” Proceedings of the IEEE,
[21] “ICS-CERT,” http://ics-cert.us-cert.gov/sites/default/files/ICS- vol. 93, no. 6, pp. 1152–1177, 2005.
CERT Monitor April-June2013.pdf. [43] DHS, “Improving industrial control systems cybersecurity
[22] W. A. Owens, K. W. Dam, and H. S. Lin, Technology, Policy, Law, with defense-in-depth strategies,” http://ics-cert.us-
and Ethics Regarding U.S. Acquisition and Use of Cyberattack cert.gov/control systems/, 2009.
Capabilities. The National Academies Press, 2009. [44] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing

7
 smart grid: cyber attacks, countermeasures, and challenges,” Com- [63] J. Zhang and C. Gunter, “Application-aware secure multicast
munications Magazine, IEEE, vol. 50, no. 8, pp. 38–45, 2012. for power grid communications,” in Smart Grid Communications
[45] S. McLaughlin, D. Podkuiko, A. Delozier, S. Miadzvezhanka, and (SmartGridComm), 2010 First IEEE International Conference on,
P. McDaniel, “Embedded firmware diversity for smart electric 2010, pp. 339–344.
meters,” in 5th USENIX Workshop on Hot Topics in Security [64] Q. Wang, H. Khurana, Y. Huang, and K. Nahrstedt, “Time valid
(HotSec 2010), 2010. one-time signature for time-critical multicast data authentication,”
[46] R. Berthier, W. Sanders, and H. Khurana, “Intrusion detection for in INFOCOM 2009, IEEE, 2009, pp. 1233–1241.
advanced metering infrastructures: Requirements and architectural [65] Y. Huang, W. He, K. Nahrstedt, and W. Lee, “Dos-resistant
directions,” in Smart Grid Communications (SmartGridComm), broadcast authentication protocol with low end-to-end delay,” in
2010 First IEEE International Conference on, 2010, pp. 350–355. INFOCOM Workshops 2008, IEEE, 2008, pp. 1–6.
[47] N. Stakhanova, S. Basu, and J. Wong, “On the symbiosis of [66] H. Li, L. Lai, and R. Qiu, “Communication capacity requirement
specification-based and anomaly-based detection,” Computers and for reliable and secure state estimation in smart grid,” in Smart
Security, vol. 29, no. 2, pp. 253–268, 2010. Grid Communications (SmartGridComm), 2010 First IEEE Inter-
[48] K. Ku-Mahamud, N. Zakaria, N. Katuk, and M. Shbier, “Flood national Conference on, 2010, pp. 191–196.
pattern detection using sliding window technique,” in Modelling [67] Y. Zhang, L. Wang, W. Sun, R. Green, and M. Alam, “Distributed
Simulation, 2009. AMS ’09. Third Asia International Conference intrusion detection system in a multi-layer network architecture of
on, 2009, pp. 45–50. smart grids,” Smart Grid, IEEE Transactions on, vol. 2, no. 4, pp.
[49] M. LeMay, G. Gross, C. A. Gunter, and S. Garg, “Unified architec- 796–808, 2011.
ture for large-scale attested metering,” in Proceedings of the 40th [68] S. Zhongwei, H. Sitian, M. Yaning, and S. Fengjie, “Security
Annual Hawaii International Conference on System Sciences, ser. mechanism for smart distribution grid using ethernet passive
HICSS ’07. IEEE Computer Society, 2007. optical network,” in Advanced Computer Control (ICACC), 2010
2nd International Conference on, vol. 3, 2010, pp. 246–250.
[50] M. LeMay and C. Gunter, “Cumulative attestation kernels for
[69] A. Metke and R. Ekl, “Security technology for smart grid net-
embedded systems,” Smart Grid, IEEE Transactions on, vol. 3,
works,” Smart Grid, IEEE Transactions on, vol. 1, no. 1, pp. 99–
no. 2, pp. 744–760, 2012.
107, 2010.
[51] A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, “Swatt: [70] C. Bennett and S. Wicker, “Decreased time delay and security
software-based attestation for embedded devices,” in Security and enhancement recommendations for ami smart meter networks,” in
Privacy, 2004. Proceedings. 2004 IEEE Symposium on, 2004, pp. Innovative Smart Grid Technologies (ISGT), 2010, Jan 2010, pp.
272–282. 1–6.
[52] A. Shah, A. Perrig, and B. Sinopoli, “Mechanisms to provide [71] I. Barda, “Cyber security for advanced smart-grid applications,”
integrity in scada and pcs devices,” 2008. ISGF conference, 2013, http://indiasmartgrid.org/en/.
[53] M. Fouda, Z. Fadlullah, N. Kato, R. Lu, and X. Shen, “A [72] H.-H. So, S. Kwok, E. Lam, and K.-S. Lui, “Zero-configuration
lightweight message authentication scheme for smart grid com- identity-based signcryption scheme for smart grid,” in Smart Grid
munications,” Smart Grid, IEEE Transactions on, vol. 2, no. 4, Communications (SmartGridComm), 2010 First IEEE Interna-
pp. 675–685, 2011. tional Conference on, 2010, pp. 321–326.
[54] S. Aboud, M. Al-Fayoumi, M. Al-Fayoumi, and H. Jabbar, “An [73] S. Iyer, Cyber Security for Smart Grid, Cryptography, and Privacy.
efficient rsa public key encryption scheme,” in Information Tech- International Journal of Digital Multimedia Broadcasting, 2011.
nology: New Generations, 2008. ITNG 2008. Fifth International [74] H. Cheung, A. Hamlyn, T. Mander, C. Yang, and R. Cheung,
Conference on, 2008, pp. 127–130. “Role-based model security access control for smart power-grids
[55] J. Herzog, “The diffie-hellman key-agreement scheme in the computer networks,” in Power and Energy Society General Meet-
strand-space model,” in Computer Security Foundations Workshop, ing - Conversion and Delivery of Electrical Energy in the 21st
2003. Proceedings. 16th IEEE, 2003, pp. 234–247. Century, 2008 IEEE, 2008, pp. 1–7.
[56] Q. Li and G. Cao, “Multicast authentication in the smart grid with
one-time signature,” Smart Grid, IEEE Transactions on, vol. 2,
no. 4, pp. 686–696, 2011.
[57] G. Kalogridis, C. Efthymiou, S. Denic, T. Lewis, and R. Cepeda,
“Privacy for smart meters: Towards undetectable appliance load
signatures,” in Smart Grid Communications (SmartGridComm),
2010 First IEEE International Conference on, 2010, pp. 232–237.
[58] C. Efthymiou and G. Kalogridis, “Smart grid privacy via
anonymization of smart metering data,” in Smart Grid Com-
munications (SmartGridComm), 2010 First IEEE International
Conference on, 2010, pp. 238–243.
[59] F. Li, B. Luo, and P. Liu, “Secure information aggregation for
smart grids using homomorphic encryption,” in Smart Grid Com-
munications (SmartGridComm), 2010 First IEEE International
Conference on, 2010, pp. 327–332.
[60] A. Bartoli, J. Hernandez-Serrano, M. Soriano, M. Dohler, A. Koun-
touris, and D. Barthel, “Secure lossless aggregation for smart
grid m2m networks,” in Smart Grid Communications (SmartGrid-
Comm), 2010 First IEEE International Conference on, 2010, pp.
333–338.
[61] H. Lee, J. Kim, and W. Lee, “Resiliency of network topologies
under path-based attacks,” in IEICE Trans. Commun., vol. E89-B,
2006, p. 28782884.
[62] S. Mohagheghi, J. Stoupis, and Z. Wang, “Communication pro-
tocols and networks for power systems-current status and future
trends,” in Power Systems Conference and Exposition, 2009. PSCE
’09. IEEE/PES, 2009, pp. 1–9.