Protection against cyber attacks in the Smart Grid
Due to the increased use of renewable energy sources in power supply, network operators will increasingly rely on smart grids in the future. These intelligent power grids make optimum use of system capacity through ongoing coordination between producers, consumers and storage facilities, thus enabling intelligent energy management. This requires a comprehensive ICT infrastructure that is closely linked to the power grid and will be exposed to similar risks as the Internet is currently. Numerous questions remain unanswered in this context, such as how the many new ICT components will affect security and what new risks and attack scenarios will result. One thing is certain: security gaps in this critical infrastructure would have fatal consequences for the power supply and thus for almost all areas of public life. In the SG² (Smart Grid Security Guidance) project, experts from the AIT Austrian Institute of Technology are therefore analyzing the ICT security aspects of future smart grid technologies and effective protective measures against cyber attacks. The project is being carried out within the national security research program KIRAS together with Austrian research institutions, industrial partners, network operators and government agencies.
In a first step, an architecture model for a future Smart Grid was developed based on Austrian and European pilot projects, which includes both the ICT infrastructure and the power grid. Using this model, the experts are now conducting sound threat and risk analyses. Potential weaknesses range from a lack of security mechanisms in transmission protocols and inadequate verification of access authorizations to the wanton manipulation of devices and data. In parallel, individual Smart Grid components are also subjected to security analyses in the form of penetration tests. Within the framework of these tests, the researchers want to examine IT control components of a transformer station in the laboratory for weak points through fictitious hacker attacks. Finally, protective measures will be derived from the collected analyses and compiled in a comprehensive catalog. This protection manual is intended to enable Austrian energy network operators and political decision-makers to arm the domestic energy infrastructure against cyber attacks. In the planned EU project SPARKS (Smart Grid Protection Against Cyber Attacks), AIT researchers and European partners want to go one step further. In addition to in-depth analyses, the aim is to develop and test concrete security technologies and components against malicious attacks on the combined electricity and data network. The SmartEST laboratory at the AIT, in which the effects of cyber attacks on entire sections of the network can be realistically examined, will be one of the tools used for this purpose.