lessons learned from the new smart meter risk...

Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands

� Johan Rambi

� Alliancemanager Privacy & Security Alliander

� Chairman Policy Committee Privacy & Security Netbeheer Nederland

� 16 January 2013

Netbeheer Nederland is a branch organization for grid operators (TSO/DSO’s)

2

Privacy & Security

Steps towards the P&S Requirements for Large-scale rollout of smart meters

Stakeholder

Analysis

Stakeholder

Analysis

P&S Requirements

Version 2.0

P&S Requirements

Version 2.0

3

AnalysisAnalysisPrivacy

&

Security

Requirements

Previous

Version 1.5

Privacy

&

Security

Requirements

Previous

Version 1.5

Redevelopment

Privacy &

Security

Sector

Requirements

Redevelopment

Privacy &

Security

Sector

Requirements

Large-scale rollout

Dutch Smart Meter

Requirements

(DSMR)

Large-scale rollout

Dutch Smart Meter

Requirements

(DSMR)

Risk

Analysis

Risk

Analysis

Study Audit

Committee

P&S

Study Audit

Committee

P&S

Version 2.0Version 2.0

Control

Measures

Control

Measures

Implementation

Guidelines

Implementation

Guidelines

Control

Objectives

Control

Objectives

Stakeholder analysis and ‘rule base’Stakeholder analysis and ‘rule base’

Goals of grid operators

Goals of grid operators

Stakeholders’ expectations

Stakeholders’ expectations

Norms and standards

Norms and standards

Formal legislation and regulations

Formal legislation and regulations

Privacy & Security Smart Metering Infrastructure Framework in NL

4

Measures‘how’ to realize it?

Measures‘how’ to realize it?

Requirements‘what’ to protect?

Requirements‘what’ to protect?

Considerationsand choices

Considerationsand choices

Formulation principles

Formulation principles

Riskanalysis

Riskanalysis

Privacy and security goalsPrivacy and security goals

DefineFocus-of-Interest


Define assetsDefine assets

Identifyprocesses

Identifyprocesses


StakeholderAnalysis

StakeholderAnalysis

Risk Analysis Methodology

Identify and assessthreat sources


5

Focus-of-InterestFocus-of-Interest

Group assetsGroup assets

Business ImpactAssessment (BIA)Business Impact

Assessment (BIA)

Identify and assess risksIdentify and assess risks

Prioritise andpresent risksPrioritise andpresent risks




Define assetsDefine assets Identify and assessthreat sources


StakeholderAnalysis

StakeholderAnalysis

Stakeholder Analysis

Identifyprocesses

Identifyprocesses

6




Assessment (BIA)



Stakeholders

Consumer Organizations

Sector

Energy suppliers

Grid operators

Society

Universities

Experts

7

Government

Meter vendors

Knowledge institutes






StakeholderAnalysis

StakeholderAnalysis

Identify processes

Identifyprocesses

Identifyprocesses

8




Assessment (BIA)



� Energy procurement� Energy Sales / Invoicing (Billing)� Disconnecting (switch off) defaulters

� Transmission energy� Managing power quality� Meter Management� Capacity Planning

Identify processes

Processes

Processes

Energy

Supplier

9

� Capacity Planning� Minimize grid losses� Market Facilitation: SVO, data collection & billing

� Energy consumption� Energy savings� Energy Production� Payment purchased products� Protection personal data

� Insight / advice on energy consumption of the private consumer

Processes

Private

Consumer

Grid Operator

Processes

ISP






StakeholderAnalysis

StakeholderAnalysis

Define Assets

Identifyprocesses

Identifyprocesses

10




Assessment (BIA)



Energy

Suppliers

EDSN

P4-Portal

Data Exchange

SuppliersSuppliers

Grid Operator A manages infrastructure for both electricity and gas

CentralSystem

A

CentralSystem

A

SmartE-meterSmart

E-meter

P0P0

Module, e.g.

display

Module, e.g.

display

P2P2

Data Con-

P3

P3

Customer

P4-Portal(EDSN)

P4-Portal(EDSN)

P4

P4

P4

P4

P1

P1

P3

P3

P3.1

P3.1

P3.2

P3.2

P1

P1

Define Assets

Independent Service

Provider (ISP)

11

ISPISP

Grid Operator B manages

infrastructure for gas only

Con-centrator

(DC)

Other meters

(G, water, …)

Other meters

(G, water, …)

P2P2

Central System

B

Central System

B

(EDSN)

Data Exchange

(EDSN)

Data Exchange

The clouds symbolise network technologies, such as GPRS, PLC (Power Line Communication), internet, etc.

P4

P4

P4

P4

P3.1

P3.1

P3.2

P3.2

Information Assets

Measurement

Data

Function Assets

Measuring

Function

System Assets

Meter

Define Assets

12

SwitchData

Configuration

Data

Monitoring

Data

Communication

Function

Switching

Function

Central System

Data

Concentrator

P4-Portal

(EDSN)






StakeholderAnalysis

StakeholderAnalysis

Identify and assess threat sources

Identifyprocesses

Identifyprocesses

13




Assessment (BIA)



� The threat sources refer to persons or parties responsible for a security incident. Note that disturbances are not always caused by human behavior. Think for instance of a system failure in the Data Concentrator, that is affecting the stored measurement data.

� Grid Operator� Employee� System error / malfunction Central system� System error / malfunction Data concentrator� System error / malfunction meter

Introduction


14

� Data communication provider� Fault Communications

� Energy Supplier� Employee� System energy supplier

� Private consumer

� External attacker� Researcher (academic / journalist)� Fun Hacker� Criminal Fraud� Terrorist

Persons

/

Parties

/

Technical


15






StakeholderAnalysis

StakeholderAnalysis

Group Assets

Identifyprocesses

Identifyprocesses

16




Assessment (BIA)



AssetAsset

AssetCategory

AssetCategory

StakeholderStakeholder

ProcessProcess

Link betweenAsset andProcess


Group Assets

17

CategoryCategory

AssetAsset

AssetCategory

AssetCategory

StakeholderStakeholder

ProcessProcess



Group Assets

18

CategoryCategory

FocusFocus





StakeholderAnalysis

StakeholderAnalysis



Business Impact Assessment

Identifyprocesses

Identifyprocesses

19




Assessment (BIA)



Business Impact Assessment – Impact Classifications

StakeholdersStakeholders

CategoriesStakeholder

Values

CategoriesStakeholder

ValuesClassificationsClassifications

DescriptionStakeholderValues on

classifications

DescriptionStakeholderValues on

classifications

20

Business Impact Assessment – Results

Related to Available,

Integrity orConfidentiality



Stakeholder(incl. process)Stakeholder

(incl. process)Values of

stakeholderValues of

stakeholderScore onBusinessImpact

Analysis

Score onBusinessImpact

Analysis

TotalScore BIAfor Asset

on A, I, or C

TotalScore BIAfor Asset

on A, I, or C

21

ConfidentialityConfidentiality

FocussedAsset

FocussedAsset

AnalysisAnalysis





StakeholderAnalysis

StakeholderAnalysis



Identify and assess risks

Identifyprocesses

Identifyprocesses

22




Assessment (BIA)



Identify and assess risks – Likelihood Classifications

Likelihood Categories

Very High High Medium Low Very Low

"Probably "Possible

23

Occurance in time

"Daily (more than 100 times a

year)"

"Monthly (10 to 100 times a

year)"

"Annual (1 to 10 times a

year)"

"Probably (once a year to

once in 10 years)"

"Possible (once in 10

years to once a century)"

� The calculation of the impact comes from the BIA, but the likelihood of the threat is determined during this step. Several aspects are taken into account:

� Which vulnerabilities in the assets can lead to the actual occurrence of this threat?� What threat sources have an interest? How important is that interest of threat source?� What is the extent of the technical complexity to abuse the vulnerability in real life?� What is the likelihood of an unintended disruption?

Identify and assess risks

Identified Threat

Identified Threat

RelatedAsset

RelatedAsset





Identify Likelihood

Identify Likelihood

The identified impact is taken from the Business Impact Assessment (BIA)

IdentifyImpactIdentifyImpact

24

Main ThreatMain Threat

Sub ThreatSub

Threat

Sub ThreatSub

Threat

Identify and assess risks – Count risk

25





StakeholderAnalysis

StakeholderAnalysis



Prioritise and present risks

Identifyprocesses

Identifyprocesses

26




Assessment (BIA)



Identified Threat

Identified Threat

RelatedAsset

RelatedAsset

Prioritise and present risks

Risk = Likelihood * ImpactRiskRisk

27

Main ThreatMain Threat

Sub ThreatSub

Threat

Sub ThreatSub

Threat

Risk AnalysisRisk Analysis


Stakeholder AnalysisStakeholder Analysis


Other input phase 1Other input phase 1

Open issuesP&S Requirements

Version 1.50

Open issuesP&S Requirements

Version 1.50

Official Privacy Code Smart Meter Grid

Operators

Official Privacy Code Smart Meter Grid

Operators

Other input phase 2Other input phase 2

Alignment withWorking

Group DSMR

Alignment withWorking

Group DSMR

P&S Requirements

Version 2.0

P&S Requirements

Version 2.0

Approach for redevelopment

28


AnalysisincidentsAnalysisincidents

Desk study P&SAudit CommitteeDesk study P&SAudit Committee

Essential Regulatory Recommedations for

E.C. (EG-2)

Essential Regulatory Recommedations for

E.C. (EG-2)

Experiences fromcode reviews

DSMR 4 meters

Experiences fromcode reviews

DSMR 4 meters

DocumentIntegral Vision

Smart Meter

DocumentIntegral Vision

Smart Meter

Open issues P&SDutch Smart Meter Requirements 4.0

Open issues P&SDutch Smart Meter Requirements 4.0

Experiences frompenetration testsDSMR 4 meters

Experiences frompenetration testsDSMR 4 meters

OperatorsOperators

P&S requirementsother European

countries

P&S requirementsother European

countries

Review P&S Audit Committee of the

P&S Requirements

Review P&S Audit Committee of the

P&S Requirements

Internal review grid operatorsInternal review grid operators

Group DSMRGroup DSMR

Alignment with EDSNabout P4-portal

Alignment with EDSNabout P4-portal

Review and alignment

ESMIG

Review and alignment

ESMIG


Control

Measures

Control

Measures

Implementation

Guidelines

Implementation

Guidelines

Control

Objectives

Control

Objectives

P&S Requirements

Version 2.0

P&S Requirements

Version 2.0


BIABIA

Asset

process

Asset

process



Stakeholder

Values

Stakeholder

Values

Structure of the requirements

Implementation

Grid Operator

Implementation

Grid Operator

OrganisationOrganisation

TechnicalTechnical

ProcessesProcesses


29

RisksRisksControl

Objectives

Control

Objectives

Control

Measures

Control

Measures

Implementation

Guidelines

Implementation

Guidelines

P&S Requirements

Version 2.0

P&S Requirements

Version 2.0


Asset

process

Asset

process



Stakeholder

Values

Stakeholder

ValuesBIABIA

Structure of the requirements


30

RisksRisksControl

Objectives

Control

Objectives

Control

Measures

Control

Measures

Implementation

Guidelines

Implementation

Guidelines

Implementation

Grid Operator

Implementation

Grid Operator

OrganisationOrganisation

TechnicalTechnical

ProcessesProcesses

CPNI.nlCPNI.nl

IRB

ICT Response

Board

(for Crisis)

IRB

ICT Response

Board

(for Crisis)

Expert Group 2

Data Privacy

and Cyber Security

Expert Group 2

Data Privacy

and Cyber Security

Nationaal

Cyber

Security

Centre

Nationaal

Cyber

Security

Centre

ENCSENCS

Dutch Data

Protection Authority

(CBP)

Dutch Data

Protection Authority

(CBP)

Working Group

Smart Grid

Cyber Security

Working Group

Smart Grid

Cyber Security

Policy Committee

Privacy & Security

Policy Committee

Privacy & SecurityNENNEN

Contact Group

Security and

Crisismanagement

Contact Group

Security and

Crisismanagement

ETSIETSI

Sta

nd

ard

isatio

nS

tan

dard

isatio

n

Project Group

Smart Grids

Project Group

Smart Grids

Audit Committee

Privacy & Security

Audit Committee

Privacy & Security

Netbeheer NederlandNetbeheer Nederland

Cyber

Security

Council

Cyber

Security

CouncilThe NetherlandsThe Netherlands

Smart Grid

Task Force

Steering committee

Smart Grid

Task Force

Steering committee

European SCADA

Control Systems

Information Exchange

(EuroSCSIE)

European SCADA

Control Systems

Information Exchange

(EuroSCSIE)

European

Commission

DG ENER

European

Commission

DG ENER

31

..DG HOME

CIIP for SCADA

and the Smart Grid

DG HOME

CIIP for SCADA

and the Smart Grid

..

..

CENELECCENELEC

NISTNIST STEGSTEG

M/490 Smart

Grid Steering

Committee

M/490 Smart

Grid Steering

Committee

U.S.A.U.S.A.

CENCEN

Sta

nd

ard

isatio

nS

tan

dard

isatio

n..

ENISAENISA

M/490 Smart

Grid Coordination

Group

M/490 Smart

Grid Coordination

Group

M/490 Working

Group for Smart

Grid Information

Security (WG SGIS)

M/490 Working

Group for Smart

Grid Information

Security (WG SGIS)

DECCDECC

U.K.U.K.

Thematic Network for

Critical Energy

Infrastructure

Protection (TNCEIP)

Thematic Network for

Critical Energy

Infrastructure

Protection (TNCEIP)

Cyber Security EG:

European Network of

Transmission System

Operators for Electricity

Cyber Security EG:

European Network of

Transmission System

Operators for Electricity

EuropeEurope

European

Reference Network

Critical Infrastructure

Protection (ERNCIP)

European

Reference Network

Critical Infrastructure

Protection (ERNCIP)

European

Commission

DG HOME

European

Commission

DG HOME

..

EUTCEUTCExpert Group

on Smart Grid

Security

Expert Group

on Smart Grid

Security

European

Commission

DG INFSO/CONNECT

European

Commission

DG INFSO/CONNECT

Security Toolbox M/490

32

Security Toolbox M/490 – Comparison with Dutch Risk Analysis methodology

� Make for this distinction of the different assets and grouping of the assets for instance a model like this:

Use Case x

Stakeholder 1 Stakeholder 2

33

Business

Process 1

Business

Process 2

Business

Process 3

Business

Process 1

Business

Process 2

Business

Process 3

Business

Process 4

Business

Process 5

Asset

Cate

go

ry 1

A 1 X X X

A 2 X X X X

Asset

Cate

go

ry 2

A 1 X X X X

A 2 X X X X


� For the information assets the impact of each use case should be defined, of course per category of the different stakeholders.

Use case x

To

tal

Stakeholder Stakeholder

Financial Reputation Safety Financial Reputation Operations Safety Regulation

34

Financial Reputation Safety Financial Reputation Operations Safety Regulation

Asset

Cate

go

ry x

Asset1

A

I

C

Asset2

A

I

C


� Now only for the information assets that score significant on impact potential threats are identified:

ID

Su

b

Th

rea

t

As

se

t

AIC

-Cla

s-

sific

atio

ns

Lik

elih

oo

d

Imp

ac

t

Ris

k

Re

ma

rks

Th

rea

t

Re

ma

rks

Ch

an

ce

1 …… Asset 2 A ……

1 A …… Asset 2 A ……

1 B …… Asset 2 A ……

35

1 B …… Asset 2 A ……

1 C …… Asset 2 A ……

2 …… Asset 2 A …… ……

3 …… Asset 2 A ……

3 A …… Asset 2 A ……

3 B …… Asset 2 A ……

3 C …… Asset 2 A ……

4 …… Asset 2 I ……

4 A …… Asset 2 I ……

4 B …… Asset 2 I ……


� Therefore an overall risk can be identified for each potential threat on an asset with a significant impact on the risk categories (operational, legal etc.). These threats should be the trigger to identify the needed “essential” requirements, and next to analyze the potential gaps in the existing standards:

Stakeholder AnalysisStakeholder Analysis Risk AnalysisRisk Analysis Identify the gaps

& define actions

Identify the gaps

& define actions

Actions to solve gapsActions to solve gapsStakeholder ValuesStakeholder Values

Impact on

Stakeholder processes

Impact on

Stakeholder processes

Impact onImpact on

Stakeholder processesStakeholder processes

Security GoalsSecurity Goals

Define “essential”

requirements

Define “essential”

requirements

Compare requirements

with standards

Compare requirements

with standards

Identify relevant

Standards

Identify relevant

Standards

Essential

Requirements

Essential

Requirements

RisksRisks GapsGaps

Actions to solve gapsActions to solve gapsStakeholder ValuesStakeholder ValuesImpact on

Stakeholder values

Impact on

Stakeholder values

Are we ready for Cyber Security?

37

Many thanks for your attention!

38

� Johan Rambi : Alliancemanager Privacy & Security

� Telephone : +316 11879945

� E-mail : [email protected]

lessons learned from the new smart meter risk...

Documents