IT-Security for Smart Grids in Germany: Threats, Countermeasures and Perspectives

Abstract

The sustainable energy transition is one of the most ambitious projects in Germany. Its progress and challenges are observed by many other countries. In that regard, latest research activities emphasise innovative concepts and technologies for energy distribution grids. Under the general term smart grid, intelligent control mechanisms are needed to cope with arising challenges of volatile and decentralised renewable energy resources. This creates new security threats for the critical energy supply infrastructure. T raditionally, energy production and distribution has been part of a centralised and closed system. Today, renewable energy resources are decentralised and interconnected to virtual power plants using shared networks, such as the internet. The so called "air gap" has been closed. For the most part, energy distribution grids do no longer rely on physical and local measures for control and stabilisation; they have become more dynamic and centrally controlled instead. Furthermore, established proprietary and energy specific systems are replaced by standard IT protocols and commercial-of-the-shelf hardware. This development raises further security concerns. Known threats from the office IT are applicable to industrial control systems (ICS), now. The research project SEnCom (System security of energy distribution grids with integrated information and communication technologies) addresses these concerns and examines the nearby future to discover emerging IT security threats in German energy distribution grids. While traditional and centralised control systems are considered to be relatively secure, this paper will introduce findings based on a threat model for decentralised locations in an energy distribution grid. These results reveal particular weaknesses regarding the topics monitoring and integrity protection of ICS in the German energy sector. In addition, an insight into the current state of the art for the protection of ICS and an introduction of countermeasures (e. g Trusted Computing) to discovered weaknesses, in energy distribution grids, is provided. In conclusion, the paper wants to encourage energy distribution operators and ICS vendors to be more proactive in terms of IT security, because if not, the energy distribution grid may become a vulnerable target for hacking attacks (e. g. cyber terrorism) in the future.