The Emerging Role of Standards in Utility Metering Practice

1
The Emerging Role of Standards in Utility
Metering Practice

• Daniel E. Nordell, PE
• Sr. Consultant
• Northern States Power Company
• d.nordell_at_ieee.org

2
Reasons for standards

• Safety - Standards specify minimum behavior of
  systems.
• Accuracy - Standards can specify system accuracy.
• Reliability - Standards can specify system
  reliability.
• Security - Standards can help to ensure
  information and system security.
• Openness - Standards give users options.
  Standards also give vendors the ability to
  specialize rather than build the entire system.

3
Reasons not to do standards

• Every clever engineer loves to invent. It is
  easier to invent than to discover what already
  exists.
• Vendors may not want to be constrained to
  externally-imposed specifications. They limit
  creativity.
• It is in the proprietary interest of the vendor
  to keep his customers captive.
• It is difficult to document technology (create a
  standard) and to read and understand standards.

4
Standards specify external behavior, not
internal design
5
Systems built without standards look like this.
6
Weve had metering standards with us for a long
time

• Standard meter base
• Standard electrical ratings
• Standards for meter accuracy

7
New challenges for Meter Standards

• Opening marketplace requires more customer
  information
• Electronic meters can provide lots of information
• Creative engineers can deliver that information
  in proprietary ways
• New standards needed for meter communication

8
Meter Standards include the following areas

• Physical
• Electrical
• Performance
• Communications
• Data models
• Application protocols

9
Who Makes Standards, Anyway?
International Standards ( ISO, IEC )
National Standards ( ANSI, NIST, IEEE )
Industry Standards - formalized practice
Industry Practice - informal practice
Proprietary Systems - vendor specific
10
Standards Groups

• ANSI C.12
• Traditional Electricity Metering standards group
  in North America
• Owns the meter base standards
• Developed Utility Industry End Device Data
  Tables (ANSI C12.19-1997 / IEEE 1377-1998) with
  IEEE SCC31 and Industry Canada
• Developed handheld meter reader communication
  standards
• Now working on modem and network communication
  interfaces

11
Standards Groups (continued)

• IEEE SCC31
• Roots in the AMR community
• Represents Water, Gas, and Electric communities
• Standards for system topology, telephone access,
  and security
• Collaborated with ANSI C.12 on End Device Data
  Tables

12
Standards Groups (continued)

• IEEE SCC36
• EPRI-developed Utility Communication
  Architecture specifies standards for electric,
  water, and gas communication infrastructure.
• Points to existing standards from the computer
  industry.
• Adds end device behavior and information
  definitions.

13
Standards Groups (continued)

• IEC TC13
• Equipment for Electrical Energy Measurement and
  Load Control
• One of the first Technical Committees of IEC
• Original charter has been expanded from measuring
  equipment to include load control and electronic
  meters
• Coordinates with TC57

14
Standards Groups (continued)

• Object Management Group
• OMG / CORBA is based on best industry practice
• CORBA provides a consistent Application Program
  Interface which is not addressed by data
  communication standards
• CORBA provides object interfaces

15
Why do communication standards?

• Imagine Personal computing without standards..
• Imagine hard disk drives without standards..
• Imagine an Internet without standards.

Lower cost, more flexibility, more opportunity.
16
An analogy Disk Drive Interfaces

• Originally required proprietary controllers
• Standard interfaces developed, manual setup
• Self-describing drives
• Smart plug-and-play operating systems

17
Data Communications Standards

• Required for communication of information from
  meters to other systems.
• Required to support mixed meter vendor
  environment.
• Issue Information security

18
Modern communication standards

• Traditional SCADA protocols combine datalink,
  network, and application layer functionality into
  a single package. Typically cannot be routed.
• Modern communication protocols divide the
  responsibility so that the payload can change
  physical media and can route through a network.

19
What standards are required to achieve
Interoperability
Application Protocols Data/Object Models
Application Presentation Session Transport Network
Data Link
Physical Electromechanical
Extended layer ISO standard layers
20
Security Issues (SCC31)

• Authorization Violation
• Eavesdropping
• Information Leakage
• Intercept/Alter
• Masquerade (Spoofing)
• Replay

21
Security Principles

• Security by obscurity is no security.
• Obscurity may protect for a while but will
  eventually be broken by clever intruders or
  revealed by an insider.
• Good security systems incorporate well-known (and
  secure) principles of operation along with
  protected keys.
• Avoid clever proprietary schemes. Most can be
  easily broken by cryptographers.
• Two types of systems
• Symmetrical (single) key - harder to protect
• Public / Private (two) key - more complex

22
Security Key Concepts
Single Key One key both encrypts and decrypts.
Dual Key Either key encrypts. The other one
decrypts.
23
Security Architecture must provide

• Authentication
• Encryption
• Access Control

24
Qualities of a good security system

• Publicly Available
• Keys Can Be Changed Faster Than Broken
• Cracking Time gt Useful Life Of Message
• Assure Message Is Unaltered (Integrity)
• Verifies Originator (Authenticates)
• Permits Broadcast/Multicast

25
Security for Electric Meters

• Must meet security criteria.
• Must fit on small computing platform.
• Must fit in protocol suite.
• Security is part of UCA protocol suite.
• SCC31 Security Subcommittee is developing
  recommendations for meters and contributing to
  ANSI C.12 protocol work.

26
Several Candidate Security Algorithms considered

• DES
• Diffie-Hellman
• RSA (PGP)
• IDEA
• CAST
• Skipjack

• Blowfish
• SAFER
• RC5
• ODS
• Rabin
• ElGamal

No Single Of Algorithm Met All Criteria, So A
Suite Was Needed
27
SCC31 Recommendation Use a Three Algorithm Suite
for Flexible Encryption

• RSA Public Key
• Slow, used for session key exchange
• DES / Triple DES Symmetric Key
• Fast, used for session encryption
• Diffie-Hellman
• Slow, used only for changing RSA key

28
Conclusion

• Standards are being developed not only for the
  measurement element but also for the meter
  register and for communications.
• These standards will play an increasingly
  important role in the emerging open marketplace.
• Security must be given serious consideration.

29
Security Contributions

• UCA Security Specifications (SCC31)
• Recommended Suite of Security Algorithms (Bill
  Rush / SCC31)
• Security Transformations Application Service
  Element for MMS (STASE-MMS)
• Based on ANSI T1.259-1997
• Draft report of the IEC TC57 AHWG06 on Security
• Integrating the best US and international
  security practices for use by IEC committees