ETSI TR 103 644 V1.1.1 (2019-12)

ETSI TR 103 644 V1.1.1 (2019-12)






TECHNICAL REPORT
CYBER;
Increasing smart meter security

---------------------- Page: 1 ----------------------
2 ETSI TR 103 644 V1.1.1 (2019-12)



Reference
DTR/CYBER-0037
Keywords
cybersecurity, smart meter

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2019.
All rights reserved.

DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TR 103 644 V1.1.1 (2019-12)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
Introduction . 4
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 6
3 Definition of terms, symbols and abbreviations . 9
3.1 Terms . 9
3.2 Symbols . 10
3.3 Abbreviations . 10
4 Security Monitoring Framework and its Components . 12
4.1 Introduction to the Security Monitoring Framework . 12
4.1.1 Overall architecture. 12
4.1.2 Critical Infrastructure Security Operations Centre (CI-SOC) . 15
4.1.2.1 Introduction . 15
4.1.2.2 CI-SOC and NORM . 17
4.1.2.3 CI-SOC Modules . 18
4.2 Security Aspects . 21
4.2.1 Introduction. 21
4.2.2 Communications Security . 21
4.2.3 Physical Security . 22
4.2.4 Double Virtualization . 23
4.2.5 Other Security Measures . 23
4.3 Threat Detection and Countermeasures . 23
4.3.1 Introduction. 23
4.3.2 List of security incidents and outline of countermeasures . 24
4.3.2.1 Purdue Model and Cyber Kill Chain . 24
4.3.2.2 Cyber-security related incidents . 25
5 Cyber Security for Smart Meters . 28
5.1 Introduction to the smart meter security . 28
5.2 Design Principles . 30
5.3 Separation of Functionalities . 31
5.4 Smart Meter Gateway . 32
5.4.1 Main functionalities . 32
5.4.2 Database-centric architecture . 32
5.4.3 Data privacy profiles . 33
5.5 Smart metrology Meter . 35
5.6 Low cost Phasor Measurement Unit (PMU) . 35
5.7 Physical Unclonable Function (PUF) component . 36
5.7.1 Introduction to the Physical Unclonable Function . 36
5.7.2 Bootstrapping services . 36
5.7.3 Authentication services . 36
5.7.4 Encryption services . 37
5.8 Security Agents . 37
5.9 Intelligence based data driven analysis of the communication patterns between meters . 40
5.10 Grid data consistency assessment . 41
5.11 NORM Security Administration Agent . 41
6 Privacy by Design in Smart Meters . 42
7 Conclusions . 43
History . 45

ETSI

---------------------- Page: 3 ----------------------
4 ETSI TR 103 644 V1.1.1 (2019-12)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Report (TR) has been produced by ETSI Technical Committee Cyber Security (CYBER).
Modal verbs terminology
In the present document "should", "should not", "may", "need not", "will", "will not", "can" and "cannot" are to be
interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
Cyber security of Critical Infrastructure (CI) is a serious and ongoing challenge that affects electricity, gas and water
production and distribution networks up to a regional scale. The significance of cyber-physical infrastructure security
substantially differs from cyber security in general, because of the implications imposed by the topology configuration
that obeys specific laws of physics, for example Kirchhoff's laws for electricity. For example, effective cyber security
analysis of energy distribution infrastructure is done in conjunction with application security in power systems to
prevent, mitigate, and tolerate cyber-attacks.
In the past, digital measurement equipment was networked over privately owned and isolated power lines only.
Currently, Energy Infrastructures use common and standardized communication protocols for bi-directional
communication, including 5G and Internet protocols. In new scenario, previously unknown networked agents can
interact with remote nodes of critical infrastructure. This fact has substantially changed the perception of cyber
infrastructure security aspects in all business scenarios, including the metering one. As an effect, utility companies in
general - and energy utilities specifically - require better safety measures, improved security, and highly reliable data
protection.
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TR 103 644 V1.1.1 (2019-12)
In the past, digital equipment was designed, manufactured, and deployed to end users in order to enable desired
business scenarios: it was a business dictating the functional specifications to lead the technology developments. For
example, when electro-mechanical energy meters were replaced by the new-generation ones, the deployment
country-wide of so called "smart" electronic energy meters it was driven by the requirement of enabling remote reading
of metering data collections for billing purposes. On competitive mass-markets, the price of standard smart meters has
been progressively reduced which ownership is retained by utility companies. As well as the price of the smart meters is
low, it is unlikely that a manufacturer will be able to implement highly sophisticated cybersecurity measures in a cheap
mass-market device because the extent of security of a machine relies on cost aspects. For this reason, the energy
utilities have continued to consider smart meters as part of their infrastructure.
After the advent and widespread of Internet of Things (IoT) and Machine-to-Machine (M2M) technologies, billions of
legacy smart meters were refurbished and differently networked over new channels in order to support more advanced
business scenario prospected by so-called "reference scenario for Smart Grid 2.0" [i.16] and [i.17]. As an effect of this,
in energy metering business domain, energy utilities have started demanding new functionalities. Examples are:
1) near real time measurements;
2) better accurate demand-oriented measurements;
3) power and energy quality data;
4) energy flow control features.
It caused a substantial change in the socio-technological latter of Smart Grid. Like any other Industrial Control System
(ICS) slowly refurbished and gradually re-developed over past three decades, a metering infrastructure offering flow
control functionalities contains software agents and mechanical relays deputed to execute remotely issued control
sequences. At one side, the cybersecurity imposes the use of cryptography and other identity management techniques.
At another side, the interoperability requirement in standard communication protocols imposes the network-wide
communication between agents [i.8]. Moreover, the industrial control protocols impose the real time delay-less
communication, which might conflict with some requirements dictated by the security protocols [i.9]. As a result,
critical energy infrastructures host several differently dated classes of digital equipment that can be operated by using
large number of different specifications. It opens up the possibility of cyber-attacks and manipulations of power and/or
energy demand.
The corpus of scientific literature has amply documented the above evidences by proposing ad hoc counter-measures,
but truly harmonized solution could be achieved thanks to the international standardization only. At one side, business
companies will be invited to invest more money in order to update their digital measurement equipment by making it
more safe and secure. At another side, the International Community challenges introducing an additional security layer
in order to cope with anomalies/crimes affecting inter-utility and cross-country.
It appears evident that fulfilling functional requirements imposed by legacy business is not enough in a new technology
scenario. For this reason, SUCCESS added a non-functional security requirement in order to evolve pre-existing
electronic digital metering equipment. In data communication perspective, Smart Meters are low-cost IoT devices. To
allow them to be better protected, new measurement devices can incorporate edge-based Security Agents (edge-SecA)
deputed to trace and monitor the network traffic originated by remote Control Agents in new scenarios of next-
generation Smart Grid (currently Smart Grid 2.0 [i.16]). As such, it is suggested to follow a common standard about the
above-mentioned security-oriented feature in order to allow coordinated and homogeneous implementations of the
security measures in the next-generation Multi-Agent Control System countrywide, Region-wide, and world-wide.
In the belief that the improved security monitoring features enable quicker risk management response, SUCCESS team
challenged to standardize the cooperative defence against staged cyber-attacks since it represents a risk hedging
measure that complements other risk-mitigation (whenever possible) features in critical infrastructures.

ETSI

---------------------- Page: 5 ----------------------
6 ETSI TR 103 644 V1.1.1 (2019-12)
1 Scope
The present document gives some indications for increasing Smart Meters security, based on the outcomes of the
SUCCESS H2020 project, with a focus on the cyber security aspects of the smart meters. The present document
provides an overview of the Security Monitoring Framework architecture including threat detection and
countermeasures. It includes design aspects regarding the cyber security of the smart meters, and the privacy by design
concept.
2 References
2.1 Normative references
Normative references are not applicable in the present document.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] "Functional reference architecture for communications in smart metering systems,
CEN/CLC/ETSI/TR 50572".
[i.2] ETSI TS 104 001:"Open Smart Grid Protocol (OSGP); Smart Metering/Smart Grid
Communication Protocol".
[i.3] ETSI TR 102 691: "Machine-to-Machine communications (M2M); Smart Metering Use Cases".
[i.4] ETSI TR 103 331: "CYBER; Structured threat information sharing".
[i.5] "Secure Architecture for Industrial Control Systems".
NOTE: Available at https://www.sans.org/reading-room/whitepapers/ICS/secure-architecture-industrial-control-
systems-36327.
[i.6] "Next Generation Real-Time Smart Meters for ICT Based Assessment of Grid Data
Inconsistencies".
NOTE: Available at https://www.mdpi.com/1996-1073/10/7/857.
[i.7] "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns
and Intrusion Kill Chains".
NOTE: Available at https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-
White-Paper-Intel-Driven-Defense.pdf.
[i.8] "European Commission's directive EU COM (2006) 786".
NOTE: Available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0786:FIN:EN:PDF.
[i.9] "European Parliament's report 2018/2088(INI), Report on a comprehensive European industrial
policy on artificial intelligence and robotics".
NOTE: Available at http://www.europarl.europa.eu/doceo/document/A-8-2019-0019_EN.pdf.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TR 103 644 V1.1.1 (2019-12)
[i.10] "European Commission's Directive 2006/42/EC, Machinery Directive".
NOTE: Available at https://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:157:0024:0086:EN:PDF.
[i.11] "European Commission's Directive 2014/35/EU, Low Voltage Directive".
[i.12] "Syncretic Use of Smart Meters for Power Quality Monitoring in Emerging Networks".
NOTE: Available at https://ieeexplore.ieee.org/abstract/document/7536160.
[i.13] "Secure Architecture for Industrial Control Systems".
NOTE: Available at https://www.sans.org/reading-room/whitepapers/ICS/secure-architecture-industrial-control-
systems-36327.
[i.14] "NOBEL GRID" Project website.
NOTE: Available at https://nobelgrid.eu/.
[i.15] "IEEE Standards Interpretations for IEEE Std 1588™-2008 IEEE Standard for a Precision Clock
Synchronization Protocol for Networked Measurement and Control Systems".
NOTE: Available at https://standards.ieee.org/content/dam/ieee-
standards/standards/web/documents/interpretations/1588-2008_interp.pdf.
[i.16] "The Smart Grid: Enabling Energy Efficiency and Demand Response", Fairmont Press, C.W.
Gellings, 2009.
[i.17] OpenADR 2.0: "Demand Response Program Implementation Guide".
NOTE: Available at https://www.openadr.org/assets/openadr_drprogramguide_1_1.pdf.
[i.18] "Next Generation Smart Meter", (V3) (final).
NOTE: Available at https://success-
energy.eu/files/success/Content/Library/Deliverables/700416_deliverable_D3.9.pdf.
[i.19] "Solution Architecture and Solution Description" (V3).
NOTE: Available at https://success-
energy.eu/files/success/Content/Library/Deliverables/700416_deliverable_D4.3.pdf.
[i.20] "Innovative approach to data privacy for energy services".
NOTE: Available at https://success-
energy.eu/files/success/Content/Library/Deliverables/700416_deliverable_D4.10.pdf.
[i.21] "Information Security Management Components and Documentation".
NOTE: Available at https://success-
energy.eu/files/success/Content/Library/Deliverables/700416_deliverable_D3_4.pdf.
[i.22] "Big Data in Critical Infrastructures Security Monitoring: Challenges and Opportunities", CoRR,
vol. abs/1405.0325, (03 July 2014).
NOTE: Available at https://arxiv.org/abs/1405.0325.
[i.23] "Information Security Management Components and Documentation", (V3).
NOTE: Available at https://success-
energy.eu/files/success/Content/Library/Deliverables/700416_deliverable_D3.6.pdf.
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TR 103 644 V1.1.1 (2019-12)
[i.24] "Description of Available Components for SW Functions, Infrastructure and Related
Documentation", (V.3).
NOTE: Available at https://success-
energy.eu/files/success/Content/Library/Deliverables/SUCCESS_D4.6_v28.pdf.
[i.25] "Cyber Kill Chain Defender for Smart Meters, Complex, Intelligent, and Software Intensive
Systems", pp 386-397, (2019).
NOTE: Available at https://link.springer.com/chapter/10.1007/978-3-319-93659-8_34.
[i.26] IETF RFC 3748: "Extensible Authentication Protocol (EAP)".
NOTE: Available at https://tools.ietf.org/html/rfc3748.
[i.27] IETF RFC 5246: "The Transport Layer Security (TLS) Protocol", (V1.2).
NOTE: Available at https://tools.ietf.org/html/rfc5246.
[i.28] "OAuth 2.0".
NOTE: Available at https://oauth.net/2/.
[i.29] IEEE EBCCSP (2017): "Secured Event-based Smart Meter".
NOTE: Available at https://ieeexplore.ieee.org/document/8022818.
[i.30] "On the security of SSL/TLS-enabled applications".
NOTE: Available at https://www.sciencedirect.com/science/article/pii/S2210832714000039.
[i.31] "The importance of a security, education, training and awareness program".
NOTE: Available at http://www.infosecwriters.com/Papers/SHight_SETA.pdf.
[i.32] "Critical Infrastructure Protection Review", (a report).
NOTE: Available at https://www.criticalinfrastructureprotectionreview.com/.
[i.33] "Reference Incident Classification Taxonomy".
NOTE: Available at https://www.enisa.europa.eu/publications/reference-incident-classification-taxonomy.
[i.34] "Lightweight Machine to Machine Technical Specification".
NOTE: Available at http://www.openmobilealliance.org/release/LightweightM2M/V1_0-20170208-A/OMA-TS-
LightweightM2M-V1_0-20170208-A.pdf.
[i.35] IEC 61850: "Communication networks and systems for power utility automation".
NOTE: Available at https://webstore.iec.ch/publication/6028.
[i.36] IEC TS 62351-6: "Power systems management and associated information exchange - Data and
communications security - Part 6: Security for IEC 61850".
NOTE: Available at https://webstore.iec.ch/publication/6909.
[i.37] IEC 61850-9-2:2011 - "Communication networks and systems for power utility automation -
Part 9-2: Specific communication service mapping (SCSM) - Sampled values over
ISO/IEC 8802-3".
NOTE: Available at https://webstore.iec.ch/publication/6023.
[i.38] "OASIS MQTT", (V5.0).
NOTE: Available at https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.pdf.
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TR 103 644 V1.1.1 (2019-12)
[i.39] IEC 62056-1-0:2014 - "Electricity metering data exchange - The DLMS/COSEM suite -
Part 1-0: Smart metering standardisation framework".
NOTE: Available at https://webstore.iec.ch/publication/6397.
[i.40] IEC TS 62056-1-1:2016 - "Electricity metering data exchange - The DLMS/COSEM suite -
Part 1-1: Template for DLMS/COSEM communication profile standards".
NOTE: Available at https://webstore.iec.ch/publication/24735.
TM
[i.41] IEEE 1588-2008 : "IEEE Standard for a Precision Clock Synchronization Protocol for
Networked Measurement and Control Systems".
NOTE: Available at https://standards.ieee.org/standard/1588-2008.html.
[i.42] GDPR (Reg. EU 679/2016).
NOTE: Available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=IT.
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
Complex System (CS): system composed of a big number of components, which can interact - individually or in
groups - with each other
NOTE: The collective behaviour of parts of a CS entails emergence of properties that can hardly be inferred from
properties of the parts. Some examples of distinct properties in a CS that arise from these relationships
are: non-linearity, spontaneous order, feedback loops, adaptation. CS is a kind of network where the
nodes represent the components and the links their interactions. The behaviour of CS might become
uncertain due to different kinds of interactions between their parts or between a given system and its
environment, for example dependencies, competitions, or relationships. After Aristotle, the CS is a
system in which the whole is more than the sum of its parts.
composability: capability to select and assemble system components in various combinations into valid system to
satisfy specific user requirements
NOTE: Composability is a system design principle that deals with the inter-relationships of components. The
essential features of composability are: modularity (self-contained property) that allows deploying
components independently and memoryless property that allows atomic transactions.
Critical Infrastructure (CI): infrastructure for which loss or damage in whole or in part will lead to significant
negative impact on one or more of the economic activity of the stakeholders, the safety, security or health of the
population
NOTE: Examples include power plants, drinking water, hospitals and train lines.
Cyber Physical System (CPS): integration of computation with physical processes
NOTE: CPS are physical and engineered systems whose operations are monitored, coordinated, controlled and
integrated by a computing and communication core. In a CPS, physical and software components are
deeply intertwined, each operating on different spatial and temporal scales, exhibiting multiple and
distinct behavioural modalities, and interacting with each other in many ways that change with context. In
other definition, CPS is defined as transformative technologies for managing interconnected systems
between its physical assets and computational capabilities.
cyber physical sub-systems: cyber-physical systems, which exhibit the features of systems of systems and can
comprise components, which by themselves are not cyber-physical, e.g. computer systems which manage the overall
system that consists of coupled cyber-physical subsystems, or a communication infrastructure
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TR 103 644 V
...