Prime-Alliance security whitepaper

Overview of common security risks to smart metering, and security features in the PRIME protocol and beyond

WP-014-2020: Security monitoring for substation automation

This document present a strategy to monitor the security of substation. The strategy makes it difficult for advanced threats to execute controlled attacks. Advanced threats may be able to penetrate into substations. But this only has value for them if they can stay there, and control or disrupt the grid at a moment that is expedient for them. So, they somehow need to establish a permanent foothold in the substation, and establish communication with it. The strategy tries to detect such a foothold.

WP-010-2019: Security policy for substation automation

This document describes the recommended security policies for each of these roles. The policies cover:

  • Substation engineers configuring the equipment in the substation, including setting up the internal security measures
  • Other employees working at substations, but not configuring equipment
  • WAN network administrators configuring the perimeter firewalls
  • Team managers that need to enable the administrators and engineers to do their job securely
  • Security operations analysts responsible for coordinating vulnerability management and incident response
  • Procurement staff for buying new equipment with the right security capabilities

A concrete example policy is given aimed at each group. This policy is linked to the controls in ISO 27002. Guidance is given on implementing the example policy at a particular grid operator. The policies apply both to employees and contractors or service providers in the same role.

SA-201-2019: Security architecture for substation automation

This document proposes a security architecture for modern high voltage substations. The architecture has three layers of security defined based on the criticality of the assets:

  1. The first layer secure the substation perimeter to protect the monitoring and control capabilities. It ensures that only the control center can get measurements and switch equipment.
  2. The second layer secures the protection functions and interlockings within the substation from remote attacks. These functions most critical, as disabling them can lead to physical damage and safety risks.
  3. The third layer is protecting the engineering laptops against malware, so that attackers cannot use them to get into the substation.

These layers are designed to be strong enough to withstand professional attackers with high motivation and resources. They should provide protection against attacks such as those in Ukraine.

SM-301-2019: Security requirements for procuring smart meters and data concentrators

This document contains security requirements for procuring Smart Meters and Data Concentrators. They are intended as a common baseline that in line with more strict requirements or more detailed specifications used in different European countries.
The requirements are formulated in a technology-independent manner. They describe the security measures that need to be taken functionally, and do not make assumptions on communication protocols or technologies. The requirements cover both technical security measures, and process measures that Vendors should take to ensure secure development, production, and delivery of the devices.
The requirements have been written with an eye towards testing. For each requirement, recommendations are given for evaluating if it has been fulfilled. These recommendations are based on experience with testing many meters from different countries.