ma: include grammar & language fixes by reviewer #1
This commit is contained in:
jaseg
parent
07a354e969
commit
be7775ca0d
1 changed files with 20 additions and 20 deletions
|
|
@ -120,46 +120,46 @@
|
|||
\chapter{Introduction}
|
||||
|
||||
%FIXME: sprinkle this section with citations.
|
||||
In the power grid as in other engineered systems we can observe an ongoing diffusion of information systems into
|
||||
industrial control systems. Automation of these control systems has been practiced for the better part of a century
|
||||
already. Throughout the 20th century this automation was mostly limited to core components of the grid. Generators in
|
||||
In the power grid, as in many other engineered systems, we can observe an ongoing diffusion of information systems into
|
||||
industrial control systems. Automation of these control systems has already been practiced for the better part of a
|
||||
century. Throughout the 20th century this automation was mostly limited to core components of the grid. Generators in
|
||||
power stations are computer-controlled according to electromechanical and economic models. Switching in substations is
|
||||
automated to allow for fast failure recovery. Human operators are still vital to these systems, but their tasks have
|
||||
shifted from pure operation to engineering, maintenance and surveillance.
|
||||
|
||||
With the turn of the century came a large-scale trend in power systems to move from a model of centralized generation
|
||||
built around massive large-scale fossil and nuclear power plants towards a more heterogenous model of smaller-scale
|
||||
generators working together. In this new model large-scale fossil power plants still serve a major role but two new
|
||||
With the turn of the century came a large-scale trend in power systems to move from a model of centralized generation,
|
||||
built around massive large-scale fossil and nuclear power plants, towards a more heterogenous model of smaller-scale
|
||||
generators working together. In this new model large-scale fossil power plants still serve a major role, but two new
|
||||
factors come into play. One is the advance of renewable energies. The large-scale use of wind and solar power in
|
||||
particular from a current standpoint seems unavoidable for our continued existence on this planet. For the electrical
|
||||
grid these systems constitute a significant challenge. Fossil-fueled power plants can be controlled in a precise and
|
||||
quick way to match energy consumption. This tracking of consumption with production is vital to the stability of the
|
||||
grid. Renewable energies such as wind and solar power do not provide the same degree of controllability, and they
|
||||
introduce a large degree of uncertainty due to the unpredictable way of the forces of nature.
|
||||
introduce a larger degree of uncertainty due to the unpredictability of the forces of nature.
|
||||
|
||||
Along with this change in dynamic behavior renewable energies have brought forth the advance of distributed generation.
|
||||
Along with this change in dynamic behavior, renewable energies have brought forth the advance of distributed generation.
|
||||
In distributed generation end-customers that previously only consumed energy have started to feed energy into the grid
|
||||
from small solar installations on their property. Distributed generation is a chance for customers to gain autonomy and
|
||||
shift from a purely passive role to being active participants of the electricity market\cite{crastan03}.
|
||||
|
||||
To match this new landscape of decentralized generation and unpredictable renewable resources the utility industry has
|
||||
had to adapt itself in major ways. One aspect of this adaption that is particularly visible to ordinary people is the
|
||||
had to adapt itself in major ways. One aspect of this adaptation that is particularly visible to ordinary people is the
|
||||
computerization of end-user energy metering. Despite the widespread use of industrial control systems inside the
|
||||
electrical grid and the far-reaching diffusion of computers into people's everyday lives the energy meter has long been
|
||||
one of the last remnants of an offline, analog time. Until the 2010s many households were still served through
|
||||
electromechanical Ferraris-style meters that have their origin in the late 19th
|
||||
century\cite{borlase01,ukgov04,bnetza02}. Today under the umbrella term \emph{Smart Metering} the shift towards fully
|
||||
computerized, often networked meters is well underway. The roll out of these \emph{Smart Meters} has not been very
|
||||
smooth overall with some countries severely lagging behind other countries. As a safety-critical technology smart
|
||||
metering technology is usually standardized on a per-country basis. This leads to an inhomogenous landscape with in some
|
||||
instances wildly incompatible systems. Often vendors only serve a single country or have separate models of a meter for
|
||||
each country. This complex standardization landscape and market situation has led to a proliferation of highly complex,
|
||||
custom-coded microcontroller firmware. The complexity and scale of this often network-connected firmware makes for a
|
||||
ripe substrate for bugs to surface.
|
||||
smooth overall with some countries severely lagging behind. As a safety-critical technology, smart metering technology
|
||||
is usually standardized on a per-country basis. This leads to an inhomogenous landscape with--in some instances--wildly
|
||||
incompatible systems. Often vendors only serve a single country or have separate models of a meter for each country.
|
||||
This complex standardization landscape and market situation has led to a proliferation of highly complex, custom-coded
|
||||
microcontroller firmware. The complexity and scale of this--often network-connected--firmware makes for a ripe substrate
|
||||
for bugs to surface.
|
||||
|
||||
A remotely exploitable flaw inside a smart meter's firmware\footnote{
|
||||
There are several smart metering architectures that ascribe different roles to the component called \emph{smart
|
||||
meter}. Coarsely divided into two camps these are systems where all metering and communication functions resides
|
||||
meter}. Coarsely divided into two camps these are systems where all metering and communication functions reside
|
||||
within one physical unit and systems where metering and communication functions are separated into two units called
|
||||
the \emph{smart meter} and the \emph{smart meter gateway}\cite{stuber01}. An example for the former are setups in
|
||||
the USA, an example of the latter is the setup in Germany. For clarity, in this introductory chapter we use
|
||||
|
|
@ -168,15 +168,15 @@ A remotely exploitable flaw inside a smart meter's firmware\footnote{
|
|||
} could have consequences ranging from impaired billing functionality to an existential threat to grid
|
||||
stability\cite{anderson01,anderson02}. In a country where meters commonly include disconnect switches for purposes such
|
||||
as prepaid tariffs a coördinated attack could at worst cause widespread activation of grid safety systems by repeatedly
|
||||
connecting and disconnecting Megawatts of load capacity in just the wrong moments\cite{wu01}.
|
||||
connecting and disconnecting megawatts of load capacity in just the wrong moments\cite{wu01}.
|
||||
|
||||
Mitigation of these attacks through firmware security measures is unlikely to yield satisfactory results. The enormous
|
||||
complexity of smart meter firmware makes firmware security extremely labor-intensive. The diverse standardization
|
||||
landscape makes a coördinated, comprehensive response unlikely.
|
||||
|
||||
In this thesis instead of focusing on the very hard task of improving firmware security we introduce a pragmatic
|
||||
solution to the in our minds likely scenario of a large-scale compromise of smart meter firmware. In our proposal the
|
||||
components of the smart meter that are threatened by remote compromise are equipped with a physically separate
|
||||
In this thesis, instead of focusing on the very hard task of improving firmware security we introduce a pragmatic
|
||||
solution to the--in our opinion likely--scenario of a large-scale compromise of smart meter firmware. In our proposal
|
||||
the components of the smart meter that are threatened by remote compromise are equipped with a physically separate
|
||||
\emph{safety reset controller} that listens for a reset command transmitted through the electrical grid's frequency and
|
||||
on reception forcibly resets the smart meter's entire firmware to a known-good state. Our safety reset controller
|
||||
receives commands through Direct Sequence Spread Spectrum (DSSS) modulation carried out on grid frequency through a
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue