NESCO releases a new white paper entitled “PKI Security Considerations for AMI, Smart Grid and ICS Networks”. This paper describes common problems associated with large-scale deployment of PKI technology in two sets of emerging and legacy technologies used within the electric sector: Smart Grid/Automated Metering Infrastructure and Industrial Control System networks.
The effects of a compromised manufacturer’s private key or signing process can result in an attacker impersonating components of the Automated Metering Infrastructure (AMI). This may include the Meter Management System (MMS) or the meters entrusted to relay messages within the AMI mesh. As a results, the confidentiality, non-repudiation and authentication functions can be compromised, resulting in disclosure of customer data or the introduction of fraudulent control commands, including remote disconnection at the meter itself. While Industrial control systems may have the added benefits of better physical protection they are still vulnerable to similar types of remote attacks on PKI as Smart Grid AMI systems.
The technical mitigations for these weaknesses often falls to the manufacturers and maintainers of the equipment. In most cases, the end users of the equipment (utilities and other operators of this infrastructure) are unable to implement the missing or incorrect PKI functionality in the products without violating warranties or risking operational disruption.
Resolving to minimize these disruptions, this paper explores mitigation strategies and questions that are intended to guide further discussions among electric sector asset owners, operators, equipment manufacturers, and vendors are provided in this paper.
Read the paper in its entirety: Download