Specification-based Intrusion Detection System for Smart Meters
UT Dallas: Alvaro Cardenas (previously Fujitsu)
To ensure the security and reliability of a modernized power grid, the current deployment of millions of smart meters requires the development of innovative situational awareness solutions to prevent compromised devices from impacting the stability of the grid and the reliability of the energy distribution infrastructure. To address that issue, we introduced a specification-based intrusion detection sensor called Amilyzer that can be deployed in the field to identify security threats in real time. Amilyzer monitors the traffic among meters and access points at the network, transport, and application layers to ensure that devices are running in a secure state and that their operations respect a specified security policy. It does so by implementing a set of constraints on transmissions made using the C12.22 AMI protocol that ensure that all violations of the specified security policy will be detected. In the course of this effort, we identified potential AMI failure scenarios and translated them into a sound security policy; developed detection technologies to run on low-computation hardware with limited memory; and designed a comprehensive but cost-efficient monitoring architecture. The soundness of the implemented constraints was verified using a formal framework, and the security policy was defined based on the set of failure scenarios for AMI identified by the NESCOR group. Amilyzer has been successfully deployed by a utility partner since December 2012 and is currently monitoring a 100,000-meter AMI.
IDS and Automated Response for AMI: Presented by Robin Berthier and Ahmed Fawaz
during the TCIPG Industry Workshop in October 2012
Specification-based IDS for AMI: Presented by Robin Berthier during the TCIPG industry
workshop in November 2011.