Just as any endpoint, smart grid devices collecting, storing and using business data or consumer information are vulnerable to an attack. How can governments & utility companies ensure that both their own and their citizens’ data is neither abused nor manipulated? How can they avoid financial or reputational damage to affected parties?
This huge network of connected end points and all their collected data needs to be encrypted, end-to-end! Governments and public authorities overall need to ensure that this is done properly.
Compared to software solutions, hardware solutions such as Hardware Security Modules (HSMs) offer maximum security even in the most hostile environments. The module can detect an attack when it is happening, including mechanical intrusions, overheating, power blackouts or chemical attacks, and automatically initiates the immediate deletion of cryptographic keys. In comparison, software-based keys can be captured in the moment of unlocking. Thus, they offer attackers the opportunity to study the software and attack via side channels, exploiting vulnerabilities and running attacks remotely.
With a FIPS 140-2 Level 3 (tamper evident) or Level 4 (tamper resistant) certification, Utimaco HSMs are ideally suitable for use within smart grid & smart metering environments. A FIPS 140-2 Level 4 physical security certified HSM is the perfect solution when the highest possible resistance against physical attacks is required.
Besides securing smart metering environments, Hardware Security Modules are equally suited for smart water and gas distribution or other smart city systems, e.g. intelligent waste disposal systems.
A Common Criteria evaluation laboratory has evaluated Utimaco CryptoServer CSe (FIPS 140-2 Level 3, physical security Level 4) based on the German BSI Technical Guideline BSI TR-03109 and Certificate Policy. Evaluation results show that it fulfills the requirements of the German Certificate Policy of the Smart Metering PKI:
The evaluation certificate for Utimaco CryptoServer CSe is available here.
This evaluation gives energy and utility companies, as well as their customers the certainty that deployed IT components and devices – such as Utimaco HSMs – fulfill the requested legal security requirements.
Governments and utility companies can work with Utimaco to take advantage of solid hardware security solutions for the following application scenarios:
A major difference exists between the US and the European approach to smart energy distribution.
(US policy described in 42 U.S.C. ch. 152, subch. IX § 17381)
Motives for the evolution from traditional distribution to smart grids range from
But therein lies the risks and challenges: from sabotage and manipulation to blackmailing and the threat of a partial or complete blackout. Preventing these threats requires awareness creation, and educating those in charge of network and data security matters.
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards define and govern the US efforts to secure the bulk power system. It applies to all owners, operators and users of the electric power system. To best safeguard related assets, security methods such as encryption and user authentication, e.g. using a public key infrastructure (PKI), are required. In this context, Hardware Security Modules ensure tamper-resistant protection of the cryptographic keys and processes used for encryption and PKIs.
Reasons for the installation of smart meters include
Nonetheless, meter and data manipulation are a permanent risk factor – which is why countermeasures need to be implemented: e.g. anti-tamper mechanisms (tamper resistance and tamper detection) and verifying the plausibility and integrity of commands. The authentication of servers, meters and transmitted commands is crucial to prevent complete blackouts. Last but not least, data privacy concerns are equally important and require the encryption of measured data, data bases and customer information.
The German smart metering approach is regulated by the BSI Technical Guideline TR-03109 and the related Certificate Policy of the Smart Metering PKI. These define the requirements of functionality, interoperability and security of smart metering IT components. The focus is clearly on data privacy and the smart meter gateway as a central security component within the smart metering infrastructure. In addition, the Critical Infrastructure Protection (CIP, German: KRITIS) strategy and implementation plan provide key concepts and measures.
Here you will find brochures and data sheets, as well as our well-known “HSM for Dummies” e-book for download. We also provide you with a comprehensive set of case studies, white papers and past webinars. In the Utimaco Portal you can access integration guides and register for the Utimaco HSM simulator or to access our broad knowledge base.All downloads