SCIENCE
Sensus Joins EnerNex and Oak Ridge National Laboratory to Heighten Cyber Security in Smart Meters with New Function Extraction Technology for Vulnerability Detection
Sensus has announced a partnership with EnerNex and Oak Ridge National Laboratory (ORNL) to conduct a demonstration of the Automated Vulnerability Detection (AVUD) system. The AVUD project, funded by the Office of Electricity Delivery and Energy Reliability, U.S. Department of Energy, is developing a system for cyber security vulnerability detection in smart grid components. The system, known as the Function Extraction or FX system, will apply the newly developed technology of software behavior computation. The project will initially focus on improving security in software that controls smart meters.
As part of the joint collaboration, Sensus is providing smart meter architecture, firmware and source code to be evaluated, with EnerNex contributing expertise in evaluating smart grid utility technologies. ORNL devised the Function Extraction (FX) technology evaluation platform to perform static analysis of the compiled software and device firmware. FX technology is a powerful analytical technique that will be used to:
-- Compute the behavior of software in all circumstances of use to determine everything it does
-- Detect inclusion of both unintended and maliciously inserted vulnerabilities in smart grid components
By directly analyzing the compiled software, AVUD will be able to detect the inclusion of both unintended and maliciously inserted vulnerabilities in smart grid components. Based on this information mitigations for these vulnerabilities can be recommended.
Cyber security for energy delivery systems has emerged as one of the nation's most serious grid modernization and infrastructure protection issues. A team of ORNL and EnerNex cyber security experts is currently completing development of the AVUD system and will be demonstrating the technology with Sensus. High-Performance Computing (HPC) capabilities available at ORNL will be employed in the analysis. Success with this demonstration project could ultimately present opportunities to improve reliability and security for other smart grid components.
"We saw immediate value in this project," said Balu Ambady, security director at Sensus. "We were eager to join EnerNex and ORNL, to participate in an effort that can lead to early detection of vulnerabilities in smart grid components like meters, and development of uniform standards for improving data security of the smart grid applications."
According to Sandy Bacik, principal consultant, AVUD co-principal investigator at EnerNex, once the AVUD project is complete, the FX technology could prove beneficial in the development life cycle for smart grid components in tandem with ongoing quality assurance testing.
"The software present in smart meters is the initial target for this effort," Bacik said. "While testing can only provide information about the specific scenarios actually observed, static analysis with FX can provide information about system behavior under any circumstances of use, and provides a significantly more robust means of vulnerability detection."
Rick Linger, Senior Cyber Security Researcher, AVUD co-principal investigator at ORNL, said, "It is our hope and anticipation that this gives us a more powerful analysis capability to detect any vulnerabilities that may be present in the code."
Ambady added, "In the future, all advanced meter vendors would want to integrate this type of technology into their QA cycles."
Sensus continues to make data and cyber security high priorities and it is working to strengthen industry standards. Sensus has participated in several third-party certification processes for network integrity, and in early 2011 became the first advanced meter infrastructure (AMI) vendor to achieve both Achilles Communication and Practices Certifications for overall cyber security through the industrial testing and certification firm, Wurldtech Security Technologies. In addition, Sensus has licensed the IBM Tivoli Key Lifecycle Manager (TKLM) software to provide users of its FlexNet wireless AMI product with the leading encryption key management utility for all deployments of electric, gas and water metering devices and distribution automation solutions.