SECURING CRITICAL ENERGY INFRASTRUCTUREDR. PANAGIOTIS PASCHALIDIS08. November 2018

P3 IS A GLOBAL NETWORK OF INNOVATIVE AND CREATIVE EXPERTS,SERVING CUSTOMERS IN FIVE INDUSTRIES

22018

AEROSPACE TELECOMMUNICATIONS ENERGY PUBLIC SECTORAUTOMOTIVE

Consulting, management support and testing

services for the automotive industry

Consulting, application and implementation services for all major OEMs and

their tier 1 suppliers

Consulting, engineering and testing services

for the whole telecommunications

industry

Innovative solutions based on a scientific background

for energy transition

A combination of wide range technical know-how

and long term management experience

>30 SUBSIDIARIES in the whole P3 group

32018

P3 GROUPOVER TWO DECADES P3 HAS

GROWN WORLDWIDE TO BECOME A WELL ESTABLISHED

MARKET PLAYER

>45 LOCATIONS in 15 countries

>3700 EMPLOYEES from more than 40 nations

REVENUE>370 m euros

75% OF OUR PEOPLEare engineers

EVOLUTION PATH TOWARDS THE INTELLIGENT GRID

42018

Transmission Substation

Generation

Home

Business Industry

EV

Solar (pV) Farm

SCADA

High voltageMedium voltageLow voltageCommunication flow

Wind Farm

Smart Meter

Smart Meter

Smart Meter

Distribution Substation

Supervisory Control and Data Acquisition (SCADA) System in the power grid

EVOLUTION PATH TOWARDS THE INTELLIGENT GRID

52018

Transmission Substation

Generation

Home

Business Industry

EV

Solar (pV) Farm

SCADA

High voltageMedium voltageLow voltageCommunication flow

Wind Farm

Smart Meter

Smart Meter

Smart Meter

Distribution Substation

Supervisory Control and Data Acquisition (SCADA) System in the power grid

EVOLUTION PATH TOWARDS THE INTELLIGENT GRID

62018

Transmission Substation

Generation

Home

Business Industry

EV

Solar (pV) Farm

SCADA

High voltageMedium voltageLow voltageCommunication flow

Wind Farm

Smart Meter

Smart Meter

Smart Meter

Distribution Substation

Supervisory Control and Data Acquisition (SCADA) System in the power grid

(Wireless) communication network for critical energy infrastructure

How can we ensure security?

What are the operational and roll-out scenarios and stakeholders?

What is the cost impact & structure?

R&D PROJECTS

72018

BERCOM – Hardened LTE for critical energy infrastructure

Dedicated communication network 4G/5G to meet increased security requirements

Cost-Benefit analysis for different scenarios of network roll-out (e.g. by CI-operators)

SUCCESS – Cyber Security for critical energy infrastructure

Multi-layered security concept on a Pan-European level

Partners

Sep 2015 Feb 2019

Partners

May 2016 Nov 2018Trial Site28th Nov.Dublin

CYBER SECURITY STARTS WITH DATA

82018

Information

Data

Alert

Response

CYBER SECURITY STARTS WITH DATA

92018

Analyse data – detect attacks

Collect data

Identify countermeasures

Apply countermeasures

CYBER SECURITY FOR CRITICAL INFRASTRUCTURE

102018

A layered solution

Devices – smart meters

Communications

Operator level security

Regional and international level security

CYBER SECURITY FOR CRITICAL INFRASTRUCTURE

112018

A layered solution

Devices – smart meters

Communications

Operator level security

Regional and international level security

DEVICES – SMART METERS

122018

• Modern devices enable new functions, increasing the attack surface.

• Smart meters are subject to cyber attacks but are not able to detect threats and attacks on the smart grid, due to limited computational ability

• Meters have large lifecycles and long certification times in comparison to IT components.

Communication

• Distributed DoS• Man-in-the-

Middle• EM/RF

Interception• Masquerade

IT

• Virus/Worms• IP hijacking• Evaluation of

privileges• Software

alteration

Utility

• Theft of the fixedhardware

• UnauthorizedPhysical access

UNBUNDLED SMART METER CONCEPT

132018

• Separate the Smart Meter in: o Metrology Zone: a certified metrology part. o Smart Zone “business logic”: modules to increase the cyber

robustness.• Increased flexibility and security:

o Individual updates for each zone enables frequent security-related IT-updates without need for a recertification of the electric part.

• A unique Security Agent module handles all communication with the DSO security module (data analysis and attack detection) to reduce number of critical interfaces.

• Enhanced security measures such as hardware encryption, e.g. Physically Unclonable Functions (PUF), apply for special actors (secure element).

1. The unbundled smart meter concept was proposed in the NOBELGRID project and is being evolved within the SUCCESS project

„Smart“ zoneBusiness logic

Metrology zone

Unbundled Smart Meter (USM)

Risks: networkedover internet

updates

EUROPEAN CRITICAL INFRASTRUCTURE SECURITY CONCEPT

142018

Operator 1 …Operator 2 Operator 3 Operator N

• Distribution network operators (DSO) connect more than 95% of customers with the energy network

• More than 90% of renewable energy sources are installed in the distribution system

• Due to the implementation of the same HW and SW solutions through Europe, simultaneous security attacks to several systems are possible

• DSOs have no opportunity to exchange data in case of security attacks

EUROPEAN CRITICAL INFRASTRUCTURE SECURITY CONCEPT

152018

Operator 1 …Operator 2 Operator 3 Operator N

European security analytics network

API API API API

• Big Data analysis of aggregated data from operators

• Use of open data sources (social media, weather etc)

• Alertness based on live data information sharing

• Resilience to wide scale distributed attacks

• Trust community of critical infrastructure operators

• Benefits of scale in security

COMMUNICATION NETWORK SCENARIOS

162018

Possible scenarios for communication network operationPublic Commercial

Central European network

National state-run network

Privately-run network Functionalities withincommercial network

COMMUNICATION NETWORK SCENARIOS

172018

Core NetworkRadio Access

eNB

MME

S-GW P-GW

HSS

Core NetworkRadio Access

eNB

MME

S-GW P-GW

HSS

Core NetworkRadio Access

eNB

MME

S-GW P-GW

HSS

Dedicated network Shared network

Possible scenarios for (technical) network realization

Possible scenarios for communication network operationPublic Commercial

Central European network

National state-run network

Privately-run network Functionalities withincommercial network

NETWORK OPERATIONAL SCENARIOS AND TECHNICAL REALIZATIONS

2018

Dedicated network Full control of the network

and communication Traffic prioritization High initial CAPEX Spectrum acquisition

(wireless) Under-utilization of the

network

Non-dedicated network Short implementation time

and ubiquity

Reliable MNO required

Wholesale agreement with more than a single MNO

Definition of appropriate SLA for SCADA communication

Hybrid network Dedicated virtual mobile

operator (full MVNO) Smooth migration towards

a dedicated LTE network Public Safety network sharing Active sharing with MNO /

DSO (BBU, spectrum sharing, etc.)

Core NetworkRadio Access

eNB

MME

S-GW P-GW

HSS

Core NetworkRadio Access

eNB

MME

S-GW P-GW

HSS

Core NetworkRadio Access

eNB

MME

S-GW P-GW

HSS

Dedicated network Shared network

Possible scenarios for (technical) network realization

QUALITATIVE ASSESSMENT OF TECHNICAL NETWORK REALIZATIONS

192018

CAPEX OPEX Implementation time Network Control

Dedicated network

Non-dedicated network

Dedicated MVNO

Public Safety Sharing

MNO passive Sharing

MNO passive und active Sharing

Very good Unfavourable

COST ANALYSIS OF AN LTE ROLLOUT FOR CI

202018

Total Investment

Annualised CAPEX

Annual OPEX

Total Cost of Ownership (TCO)

Cost calculation

LTE NetworkNominal Planning

Network Dimensioning

COST ANALYSIS OF AN LTE ROLLOUT FOR CI

212018

Input Output

Demographic and geographic

data

Network coverage &

traffic profile

LTE NetworkNominal Planning

QoSParameters

Network Dimensioning

Network Planning Stages

Nominal Planning

• Gathering of pre-planning information

• Coverage, capacity & QoStargets

• Services definition

• Network dimensioning

• CAPEX & OPEX identification

• Field measurements

• Model Tuning• Site selection• Parameter

planning• Digital maps

needed

• Pre-launch & post-launch optimization

• Parameter tuning

• Capacity• Coverage• Interference

1DetailedPlanning

2Network

Optimization

3

COST ANALYSIS OF AN LTE ROLLOUT FOR CI

222018

Investment figures

Annuityfactors

OPEXfactors

Total Investment

Annualised CAPEX

Annual OPEX

TCO*Network Sharing factors

Cost ModuleInput Output * Total Cost of Ownership

Demographic and geographic

data

Network coverage &

traffic profile

LTE NetworkNominal Planning

QoSParameters

Network Dimensioning

LTE ROLLOUT FOR CI IN DIFFERENT EU COUNTRIES

232018

34.979,25 km2

LTE Band 20 LTE coverage 99,6%High energy market concentration

92.138,62 km2

LTE Band 20LTE coverage 98,8%High energy market concentration

410.277,72 km2

LTE Band 20 + Band 31 LTE coverage 100,0%Low energy market concentration

358.322,17 km2

LTE Band 20 + Band 31LTE coverage 96,6%Low energy market concentration

549.832,44 km2

LTE Band 20 LTE coverage 93,8%High energy market concentration

COST STRUCTURE OF NATIONWIDE ROLLOUT

242018

COST STRUCTURE OF NATIONWIDE ROLLOUT

252018

Radio Accessnetwork

Core network

Spectrum

COST STRUCTURE OF NATIONWIDE ROLLOUT

262018

SOLUTION FEASIBILITY – QUALITATIVE ASSESSMENT

272018

Size of energy distribution system operators

Dedicated network rollout

NationalRegional & local

National Regional Larger

Regional & local Regional & local Local Regional & local

Dedicated w/o spectrum acquisition costs

NationalRegional & local

National Regional Larger

Regional & local Regional & local Local Regional & local

Passive network sharingNational

Regional & localNational Regional Larger

Regional & local Regional & local Local Regional & local

Dedicated full MVNONational &

regional Regional National & regional Regional Larger & regional

Local Local Local Local Local

Very good Unfavourable

ENABLING CI COMMUNICATION – A TECHNOLOGY COMPARISON

282018

Optic-fibre nationwide rollout• Costly and time-consuming activity• Not economically feasible for exclusive SCADA

communication (network under utilization)

LTE offers an alternative solution• High technology penetration throughout EU• Faster and cost-efficient network rollout• Smooth migration towards low cost, low complexity

and low consumption end-devices

292018

COMMUNICATIONS FOR ENERGY

THE NEXT GENERATION WIRELESS NETWORKS PROVIDE

A FEASIBLE, LOW COST AND FUTURE PROOF

COMMUNICATIONS SOLUTION

LAYERED ANALYTICS SOLUTIONS HAVE A REALISTIC POTENTIAL TO

INCREASE EUROPEAN SECURITY

CONTACT US FORCOMMUNICATION NETWORKS AND END-TO-END SECURITY SOLUTIONS

302018

NETWORK PLANNINGfor critical infrastructure operators

SECURITY ANALYSIS AND TESTINGTo guarantee exchange of information in a secure

and confidential manner

COST-BENEFIT ANALYSIS OF COMMUNICATION SOLUTIONSfor network operators and critical infrastructure operators

CERTIFICATION ISO 27KBest practices for information security

YOUR CONTACT

DisclaimerThis document and all information contained herein is the soleproperty of P3. No intellectual property rights are granted by thedelivery of this document or the disclosure of its content. Thisdocument shall not be reproduced or disclosed to a third partywithout the express written consent of P3. This document and itscontent shall not be used for any purpose other than that forwhich it is supplied.

Germany - AachenP3 communications GmbHAm Kraftversorgungsturm 352070 AachenGermany

Web www.p3-group.com

2018 31

Dr. Panagiotis Paschalidis+49 151 571 33 218Panagiotis.Paschalidis@p3-group.com

322018

THANK YOU

342018

Blueprint for Pan-European Resilient CriticalInfrastructures based on LTE Communications

352018