SECURING CRITICAL ENERGY INFRASTRUCTUREDR. PANAGIOTIS PASCHALIDIS08. November 2018
P3 IS A GLOBAL NETWORK OF INNOVATIVE AND CREATIVE EXPERTS,SERVING CUSTOMERS IN FIVE INDUSTRIES
22018
AEROSPACE TELECOMMUNICATIONS ENERGY PUBLIC SECTORAUTOMOTIVE
Consulting, management support and testing
services for the automotive industry
Consulting, application and implementation services for all major OEMs and
their tier 1 suppliers
Consulting, engineering and testing services
for the whole telecommunications
industry
Innovative solutions based on a scientific background
for energy transition
A combination of wide range technical know-how
and long term management experience
>30 SUBSIDIARIES in the whole P3 group
32018
P3 GROUPOVER TWO DECADES P3 HAS
GROWN WORLDWIDE TO BECOME A WELL ESTABLISHED
MARKET PLAYER
>45 LOCATIONS in 15 countries
>3700 EMPLOYEES from more than 40 nations
REVENUE>370 m euros
75% OF OUR PEOPLEare engineers
EVOLUTION PATH TOWARDS THE INTELLIGENT GRID
42018
Transmission Substation
Generation
Home
Business Industry
EV
Solar (pV) Farm
SCADA
High voltageMedium voltageLow voltageCommunication flow
Wind Farm
Smart Meter
Smart Meter
Smart Meter
Distribution Substation
Supervisory Control and Data Acquisition (SCADA) System in the power grid
EVOLUTION PATH TOWARDS THE INTELLIGENT GRID
52018
Transmission Substation
Generation
Home
Business Industry
EV
Solar (pV) Farm
SCADA
High voltageMedium voltageLow voltageCommunication flow
Wind Farm
Smart Meter
Smart Meter
Smart Meter
Distribution Substation
Supervisory Control and Data Acquisition (SCADA) System in the power grid
EVOLUTION PATH TOWARDS THE INTELLIGENT GRID
62018
Transmission Substation
Generation
Home
Business Industry
EV
Solar (pV) Farm
SCADA
High voltageMedium voltageLow voltageCommunication flow
Wind Farm
Smart Meter
Smart Meter
Smart Meter
Distribution Substation
Supervisory Control and Data Acquisition (SCADA) System in the power grid
(Wireless) communication network for critical energy infrastructure
How can we ensure security?
What are the operational and roll-out scenarios and stakeholders?
What is the cost impact & structure?
R&D PROJECTS
72018
BERCOM – Hardened LTE for critical energy infrastructure
Dedicated communication network 4G/5G to meet increased security requirements
Cost-Benefit analysis for different scenarios of network roll-out (e.g. by CI-operators)
SUCCESS – Cyber Security for critical energy infrastructure
Multi-layered security concept on a Pan-European level
Partners
Sep 2015 Feb 2019
Partners
May 2016 Nov 2018Trial Site28th Nov.Dublin
CYBER SECURITY STARTS WITH DATA
82018
Information
Data
Alert
Response
CYBER SECURITY STARTS WITH DATA
92018
Analyse data – detect attacks
Collect data
Identify countermeasures
Apply countermeasures
CYBER SECURITY FOR CRITICAL INFRASTRUCTURE
102018
A layered solution
Devices – smart meters
Communications
Operator level security
Regional and international level security
CYBER SECURITY FOR CRITICAL INFRASTRUCTURE
112018
A layered solution
Devices – smart meters
Communications
Operator level security
Regional and international level security
DEVICES – SMART METERS
122018
• Modern devices enable new functions, increasing the attack surface.
• Smart meters are subject to cyber attacks but are not able to detect threats and attacks on the smart grid, due to limited computational ability
• Meters have large lifecycles and long certification times in comparison to IT components.
Communication
• Distributed DoS• Man-in-the-
Middle• EM/RF
Interception• Masquerade
IT
• Virus/Worms• IP hijacking• Evaluation of
privileges• Software
alteration
Utility
• Theft of the fixedhardware
• UnauthorizedPhysical access
UNBUNDLED SMART METER CONCEPT
132018
• Separate the Smart Meter in: o Metrology Zone: a certified metrology part. o Smart Zone “business logic”: modules to increase the cyber
robustness.• Increased flexibility and security:
o Individual updates for each zone enables frequent security-related IT-updates without need for a recertification of the electric part.
• A unique Security Agent module handles all communication with the DSO security module (data analysis and attack detection) to reduce number of critical interfaces.
• Enhanced security measures such as hardware encryption, e.g. Physically Unclonable Functions (PUF), apply for special actors (secure element).
1. The unbundled smart meter concept was proposed in the NOBELGRID project and is being evolved within the SUCCESS project
„Smart“ zoneBusiness logic
Metrology zone
Unbundled Smart Meter (USM)
Risks: networkedover internet
updates
EUROPEAN CRITICAL INFRASTRUCTURE SECURITY CONCEPT
142018
Operator 1 …Operator 2 Operator 3 Operator N
• Distribution network operators (DSO) connect more than 95% of customers with the energy network
• More than 90% of renewable energy sources are installed in the distribution system
• Due to the implementation of the same HW and SW solutions through Europe, simultaneous security attacks to several systems are possible
• DSOs have no opportunity to exchange data in case of security attacks
EUROPEAN CRITICAL INFRASTRUCTURE SECURITY CONCEPT
152018
Operator 1 …Operator 2 Operator 3 Operator N
European security analytics network
API API API API
• Big Data analysis of aggregated data from operators
• Use of open data sources (social media, weather etc)
• Alertness based on live data information sharing
• Resilience to wide scale distributed attacks
• Trust community of critical infrastructure operators
• Benefits of scale in security
COMMUNICATION NETWORK SCENARIOS
162018
Possible scenarios for communication network operationPublic Commercial
Central European network
National state-run network
Privately-run network Functionalities withincommercial network
COMMUNICATION NETWORK SCENARIOS
172018
Core NetworkRadio Access
eNB
MME
S-GW P-GW
HSS
Core NetworkRadio Access
eNB
MME
S-GW P-GW
HSS
Core NetworkRadio Access
eNB
MME
S-GW P-GW
HSS
Dedicated network Shared network
Possible scenarios for (technical) network realization
Possible scenarios for communication network operationPublic Commercial
Central European network
National state-run network
Privately-run network Functionalities withincommercial network
NETWORK OPERATIONAL SCENARIOS AND TECHNICAL REALIZATIONS
2018
Dedicated network Full control of the network
and communication Traffic prioritization High initial CAPEX Spectrum acquisition
(wireless) Under-utilization of the
network
Non-dedicated network Short implementation time
and ubiquity
Reliable MNO required
Wholesale agreement with more than a single MNO
Definition of appropriate SLA for SCADA communication
Hybrid network Dedicated virtual mobile
operator (full MVNO) Smooth migration towards
a dedicated LTE network Public Safety network sharing Active sharing with MNO /
DSO (BBU, spectrum sharing, etc.)
Core NetworkRadio Access
eNB
MME
S-GW P-GW
HSS
Core NetworkRadio Access
eNB
MME
S-GW P-GW
HSS
Core NetworkRadio Access
eNB
MME
S-GW P-GW
HSS
Dedicated network Shared network
Possible scenarios for (technical) network realization
QUALITATIVE ASSESSMENT OF TECHNICAL NETWORK REALIZATIONS
192018
CAPEX OPEX Implementation time Network Control
Dedicated network
Non-dedicated network
Dedicated MVNO
Public Safety Sharing
MNO passive Sharing
MNO passive und active Sharing
Very good Unfavourable
COST ANALYSIS OF AN LTE ROLLOUT FOR CI
202018
Total Investment
Annualised CAPEX
Annual OPEX
Total Cost of Ownership (TCO)
Cost calculation
LTE NetworkNominal Planning
Network Dimensioning
COST ANALYSIS OF AN LTE ROLLOUT FOR CI
212018
Input Output
Demographic and geographic
data
Network coverage &
traffic profile
LTE NetworkNominal Planning
QoSParameters
Network Dimensioning
Network Planning Stages
Nominal Planning
• Gathering of pre-planning information
• Coverage, capacity & QoStargets
• Services definition
• Network dimensioning
• CAPEX & OPEX identification
• Field measurements
• Model Tuning• Site selection• Parameter
planning• Digital maps
needed
• Pre-launch & post-launch optimization
• Parameter tuning
• Capacity• Coverage• Interference
1DetailedPlanning
2Network
Optimization
3
COST ANALYSIS OF AN LTE ROLLOUT FOR CI
222018
Investment figures
Annuityfactors
OPEXfactors
Total Investment
Annualised CAPEX
Annual OPEX
TCO*Network Sharing factors
Cost ModuleInput Output * Total Cost of Ownership
Demographic and geographic
data
Network coverage &
traffic profile
LTE NetworkNominal Planning
QoSParameters
Network Dimensioning
LTE ROLLOUT FOR CI IN DIFFERENT EU COUNTRIES
232018
34.979,25 km2
LTE Band 20 LTE coverage 99,6%High energy market concentration
92.138,62 km2
LTE Band 20LTE coverage 98,8%High energy market concentration
410.277,72 km2
LTE Band 20 + Band 31 LTE coverage 100,0%Low energy market concentration
358.322,17 km2
LTE Band 20 + Band 31LTE coverage 96,6%Low energy market concentration
549.832,44 km2
LTE Band 20 LTE coverage 93,8%High energy market concentration
COST STRUCTURE OF NATIONWIDE ROLLOUT
242018
COST STRUCTURE OF NATIONWIDE ROLLOUT
252018
Radio Accessnetwork
Core network
Spectrum
COST STRUCTURE OF NATIONWIDE ROLLOUT
262018
SOLUTION FEASIBILITY – QUALITATIVE ASSESSMENT
272018
Size of energy distribution system operators
Dedicated network rollout
NationalRegional & local
National Regional Larger
Regional & local Regional & local Local Regional & local
Dedicated w/o spectrum acquisition costs
NationalRegional & local
National Regional Larger
Regional & local Regional & local Local Regional & local
Passive network sharingNational
Regional & localNational Regional Larger
Regional & local Regional & local Local Regional & local
Dedicated full MVNONational &
regional Regional National & regional Regional Larger & regional
Local Local Local Local Local
Very good Unfavourable
ENABLING CI COMMUNICATION – A TECHNOLOGY COMPARISON
282018
Optic-fibre nationwide rollout• Costly and time-consuming activity• Not economically feasible for exclusive SCADA
communication (network under utilization)
LTE offers an alternative solution• High technology penetration throughout EU• Faster and cost-efficient network rollout• Smooth migration towards low cost, low complexity
and low consumption end-devices
292018
COMMUNICATIONS FOR ENERGY
THE NEXT GENERATION WIRELESS NETWORKS PROVIDE
A FEASIBLE, LOW COST AND FUTURE PROOF
COMMUNICATIONS SOLUTION
LAYERED ANALYTICS SOLUTIONS HAVE A REALISTIC POTENTIAL TO
INCREASE EUROPEAN SECURITY
CONTACT US FORCOMMUNICATION NETWORKS AND END-TO-END SECURITY SOLUTIONS
302018
NETWORK PLANNINGfor critical infrastructure operators
SECURITY ANALYSIS AND TESTINGTo guarantee exchange of information in a secure
and confidential manner
COST-BENEFIT ANALYSIS OF COMMUNICATION SOLUTIONSfor network operators and critical infrastructure operators
CERTIFICATION ISO 27KBest practices for information security
YOUR CONTACT
DisclaimerThis document and all information contained herein is the soleproperty of P3. No intellectual property rights are granted by thedelivery of this document or the disclosure of its content. Thisdocument shall not be reproduced or disclosed to a third partywithout the express written consent of P3. This document and itscontent shall not be used for any purpose other than that forwhich it is supplied.
Germany - AachenP3 communications GmbHAm Kraftversorgungsturm 352070 AachenGermany
Web www.p3-group.com
2018 31
Dr. Panagiotis Paschalidis+49 151 571 33 [email protected]
322018
THANK YOU
342018
Blueprint for Pan-European Resilient CriticalInfrastructures based on LTE Communications
352018