Utility Grid Automation and Risk Management
S.E. McLaughlin, P.D. McDaniel
Penn State University, US
Keywords: smart meter, security, penetration testing
Abstract:Smart meters are the nervous system of the smart grid. As the large scale deployment of AMI becomes a reality, the security of commodity smart meters becomes a primary concern both for utility providers and their customers. This presentation will outline the approach and preliminary results of a study of the security of a commercially available AMI solution. Threats to accurate billing, auditing, as well as customer privacy and public safety issues are examined. The effectiveness of physical and anti-tamper protections as well as the wireless and telephone modem communication protocols and use of cryptography for the secure storage and transmission of billing data are analyzed. We present our penetration testing methodology as a template for future security investigations of commercial AMI products. The analysis method includes the construction of trust and threat models, the identification of risks and the design of a plan for penetration testing, and general models for red-teaming grid infrastructures.