DLTs as building blocks for European EPES
In the development of power systems, the focus of communication and security has almost always been on network reliability. Safety has always taken precedence over security, and in a sense, it still does. Until recently, communication has been considered a key enabler for the grid. However, with smart grids, the information infrastructure supporting the monitoring and management activities of the power system has become an important, if not the most important, part of a reliable power system.
Computer security is typically defined through four aspects that contribute to preventing the flow of
information from being compromised. The first aspect is confidentiality: Ensuring that communication is visible only to those involved. The second one is integrity: Care is taken not to allow data to be modified without permission. The third one is availability: The flow of information or resources is not blocked without permission. The fourth and final one is non-repudiation: If an action occurred, its events are not disputed and, accordingly, if an action did not happen, it was not claimed to have occurred.
As security thinking has originally evolved from the world of information technology (IT), the priority of these aspects has long been in line with the list above. This has been justified because the confidentiality of messages in typical IT communications is usually more relevant to users and the system than the punctuality of messages. However, in the case of smart grids, the environment is more in the realm of operational technology (OT) instead of IT. While all four aspects are still relevant in the context of smart grid communication, their relative order of importance may need to be revisited.
The main focus of PHOENIX Project is to protect the European Electrical Power and Energy System (EPES), throughout the production process to consumption phase, against cyberattacks caused by malicious activities. For this purpose, PHOENIX offers a cyber-shield armour to European EPES where cybersecurity and privacy incidents can be recorded and shared securely among responsible parties and can be further used for prevention, detection and mitigation of cyberattacks.
Distributed Ledger Technologies (DLTs) provides a tamper-proof, mutually trusted database for collaboration among a set of computers. Therefore, the PHOENIX project considers DLT a promising solution for establishing agreements and securely sharing information among different entities. For instance, European EPES can benefit from DLTs for storing and sharing the diagnostic logs and metering information, which is collected by a SCADA server. In DLTs, data are structured as a chain of blocks where each block contains a cryptographic hash of its content, as well as the previous block. This feature guarantees the integrity of shared data. More specifically, it eliminates the possibility of block modifications, since the new hash of the block would not match its predecessor’s block content in case of any alteration. Additionally, each block stored on ledgers includes the address of an entity that creates its content. Hence, DLTs can efficiently address the non-repudiation aspect of the data that is shared among ledgers.
Apart from data integrity and non-repudiation, DLTs offer trust among several distrusting nodes in the absence of trustworthy third-parties. To this end, DLTs employ different consensus mechanisms to grant admission for appending a new block. Consequently, DLTs provide a high degree of data availability through the deployment of consensus protocols and replicating data records on a set of computers.
Last but not least, DLTs can fulfil the confidentiality of the shared data through various encryption mechanisms. For this purpose, the creator of a block first encrypts the block content and later share the encrypted data with other nodes. Considering the characteristics described above, DLTs are capable of addressing all aspects of data security which are essential in the context of smart grid communication.