The ever growing population and need for energy has culminated in an energy crisis. Old, traditional energy sources are running low and the transition to renewable ones has begun. The electric grid, however, is very old, being inefficient and incapable of meeting the needs of today. One solution for these problems is to utilize a two-way flow of electricity and information, also known as Smart Grid. As Smart Grid utilizes information and communications technology, it will be exposed to information security threats. Smart Grid comprises of many systems, creating a complex automation environment. Thus, even if making Smart Grid secure is troublesome, it is essential to ensure its security since the consequences of successful attacks can be disastrous. This thesis is part of CLEEN SHOK Smart Grids and Energy Markets project and studies the information security of the Smart Grid demonstration environment. The main goals are to analyze and test the information security of the Smart Grid implementation, and to generate a best practice information security checklist for different players in the Smart Grid environment.
The thesis is divided into four phases. In the literature study the focus is on information security landscape and features, as well as Smart Grid on general level. This phase includes a presentation of the conceptual model of Smart Grid and the demonstration environment on a general level. In the analysis demonstration environment is analyzed through threat modelling and closer examination of the demonstration equipment. The threat model works from the customer´s point of view, concentrating on home energy management system, and providing high abstract level analysis, whereas the examination of the equipment provides more specific analysis. In the testing, the demonstration environment is tested, and the results are presented. This phase also includes the testing layout and introduces the software used for the testing. The final section focuses on generating a best practice security list. This checklist provides the top 10 critical controls of information security for the Smart Grid environment, especially for a home automation environment.
In the course of the study, it is indicated that the information security of the demonstration environment has shortages. The most common vulnerabilities are due to wrong software configurations, and using vulnerable versions of software. The most critical part of the demonstration environment is the end user's device, which in this study was ThereGate. This equipment has many security issues that need to be taken care of. Se-curing ThereGate is essential in regard to the entire system's dependability and security.
To secure dependable Smart Grid, stronger methods like strong client authentication are required. As long as standards only recommend and do not require information security methods, like encryption, they will not be used, and thus, they will make the system more vulnerable. As a result, it can be said that more security research is required in order to secure a dependable Smart Grid
