Grid, gridder, smart grid

This post will briefly introduce the major aspects and goals of smart grids. For those not familiar with electrical grids, have a look at the former post for a quick intro. This article aims to describe the challenges and requirements smart grids are dealing with. Moreover, the need for an intelligent measurement network – the advances metering infrastructure (AMI) will be outlined

Some electricity industry body defines the smart grid as follows: “A Smart Grid is an electricity network that can intelligently integrate the behaviour and actions of all users connected to it -generators, consumers and those that do both – in order to efficiently ensure sustainable, economic and secure electricity supply. ” [1]. The definition clearly refers to the challenging dynamics of renewable energy resources (RES) whose generation heavily relies on the fluctuate availability of sun light, wind or maybe tides. Unfortunately, it less clearly addresses changes in behavior whereby the smart grid should not only be capable to react on actions but should also directly or indirectly influence consumption behavior.

There have been six major characteristics [2, 3] identified. These characteristics describe the key benefits of a smart grid. The reference even provides additional detail on the characteristics:

  1. “Enables Informed Participation by Customers 
  2. Accommodate s All Generation & Storage Options 
  3. Enables New Products, Services, & Markets 
  4. Provides Power Quality for the Range of Needs 
  5. Optimizes Asset Utilization & Operating Efficiency 
  6. Operates Resiliently to Disturbances, Attacks, & Natural Disasters ”

The upper halve of the characteristics is probably the most interesting from a retail customers view. However, the thesis I am currently working on will map to the part “Operates Resiliently to Disturbances, Attacks” of item six.

For the smart grid the basic electrical grid in the former post is enriched with new elements. The basic domain structure persists but an additional domain hosting distributed generators and distributed storage devices have been added to the smart grid blue print shown in the below figure.

The newly introduced domain hosts all sort of distributed energy resources (DER) such as generators and storages. The blueprint introduces a small wind park which contributes to the distribution domain and a PV installation with rechargeable batteries as buffer storage, Moreover, a freezer and an electrical vehicle (EV) were added to the consumer domain. Actually, the EV is not only a consumer but may also contribute to the grid as a storage in peak times. Its not the single items which are challenging for the grid but its the masses which require for more ‘smartness’. Small systems could also be grouped and centrally managed as a combined power plant to form a steady power resource. A more detailed view on improvements in the transmission and distribution domains with focus on security is given in [4].

Smart Grid Security

Thus, to ensure reliability of the grid the DSO and TSO must ensure that the power consumed and the power generated stays balanced otherwise efficiency and power quality (PQ) suffer. Unfortunately, poor PQ may quickly result in damaged consumer devices. To avoid such scenario, live information and detailed statistics of the consumer behavior, of generators capacity and of storage capacity is needed. Moreover, the operator will need to smartly attach or detach generators and consumer devices (EV) to their local storage or to the grid according to the power needs. The management of the grid balance is also known as demand-response. As good it sounds, management of so many components is much more complex and the recovery of a failure will demand for a controlled re-launch of DERs and bulk generators simultaneously at both ends of the grid. Additionally, dynamic-pricing or real-time pricing (RTP) or critical peak pricing (CPP) could help to reduce peak loads and would result in lower demand-response efforts. For real-time pricing, consumers will be kept informed on the current power rates. Consumers could then decide on whether to run heavy loads at the current pricing.

Hence, reporting consumption and switching loads will require a bi-directional channel being established between operator and consumer. The channel would then allow for delivery of detailed measurement from the consumer and DG side to the operators. Furthermore, it would enable the operator to actively manage DER and to push real-time information to the consumer facilities. The equipment and network necessary is known as the advanced metering infrastructure (AMI). I will provide a closer look to the AMI in upcoming posts. Stay tuned.

In order to securely operate smart grids, NERC (North American Electricity Reliability Corporation) and ENISA (European Network and Informations Security Agency) have prepared appropriate recommendations [5,6].

[1] EURELECTRIC, Smart Grids and Networks of the Future, 201, http://www.eurelectric.org/Download/Download.aspx?DocumentID=26620
[2] U.S. Department of Energy (DOE), 2009 Smart Grid System Report, 2009, http://www.doe.gov/sites/prod/files/2009%20Smart%20Grid%20System%20Report.pdf
[3] U.S. Department of Energy (DOE), 2010 Smart Grid System Report, 2012, http://www.doe.gov/sites/prod/files/2010%20Smart%20Grid%20System%20Report.pdf
[4] G. N. Sorebo and M. C. Echols, Smart Grid Security: An End-to-End View of Security in the New Electrical Grid, CRC Press, 2011, ISBN 978-1-4398-5587-4
[5] NERC Reliability Standards, http://www.nerc.com/page.php?cid=2%7C20
[6] ENISA Smart Grid Security Recommendations, http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security-recommendations

Introduction to the Electrical Grid

When it comes to industrial control systems (ICS) specifically to supervisory control and data acquisition (SCADA) then a basic unterstanding of the business is crucial. In the curse of my master thesis I am currently digging into parts of the electrical grid and try to examine the issues and security level of some specific protocols. Thus, I will regularly keep you posted on grid aspects over the next two months

For a starter, this article shall give a short introduction into electrical grids in general. It aims to introduce general terms and to state the difference between the former electrical grid architecture and the smart grid. Additionally, paradigm changes and challenges [1] to the current grid will be pointed-out and the conclusion will include some reasoning for a more flexible architecture – the smart grid.

Electrical grids consist of power plants that create electricity from some form of energy. They consist of towers and poles that hold wires to transport the electricity and finally make it available to the consumer. The figure provides an overview how these facilities are logically grouped into four major electric grid domains. The domain concept is not entirely new and was similarly outlined in a description of cyber security on the essential parts of the smart grid [2].

Generator domain; includes all sort of bulk power generation plants such as nuclear reactors, fossil fuel (coal or gas) plants as well as hydroelectricity plants. Typically, these are power plants that can continuously generate electricity of several hundred million watts (MW).

Transmission domain; represents the long-distance transmission network components. This includes components such as large interconnection nodes, substations and of course, cables either mounted on towers or buried underground. Electrical lines at this domain normally work on very high voltage. The voltage for that size of transmissions networks is  several hundred of thousand volts (kV). Among Europe typically values are 230kV and 400kV. Traditionally, the domain is under control of the transmission system operator (TSO). In some countries a national body or a super body of utilities operates that domain.

Distribution domain; provides the whole infrastructure to bring power to the end user (consumer). The domain also includes transformer equipment which is necessary to reduce the voltage as power is transported to the consumer. Bulk consumers typically get their power at higher voltages, for example 16kV, then common house holds for which 230 Volts and 400 Volts present common values. The domain is manged by the so-called distribution system operator (DSO).

Consumer domain; groups all sort of consumers. The industries as well as household regardless of the amount of consumption and the consumer geographic location.

The four domain model gives a good introduction into the basic concept of an electrical grid but it does by no means appreciate the full detail of the electrical grid nor does it fully model the energy flow. Due to the liberalization of the power market the generation domain is not exclusively subject to large utilities anymore. For example, consumers may want to invest into renewable energy such as photo voltaic (PV) equipment in order to cover their own power consumption and to supply current out of surplus production to others. Thus, “consumers are becoming producers or producing consumers – prosumers” [3].

Comparable changes also apply to the distribution domain. Local utilities more frequently setup own facilities to generate power which will be feed-in directly at the distribution level at high voltages. Distributed generation (DG) is nothing new to grid operators and utilities as it was already discussed in literature [4] in 2001. The referenced book [4] does also introduce several forms of generators and does recognize the technical and financial impact of distributed generation to the grid. The reader will find information on combustion turbines, PV systems, micro turbines, fuel cells, combined heat and power as well as background information on grid operations with distributed generation and storage. However, security relevant aspects are not being discussed.

Since 2001 distributed power generation significantly emerged due to renewable energy got political attention and national funding [5]. These fundings do not only focus on large installations but also take small generators in home scale into account. Meanwhile, distributed generation has taken off and demands for advances in measurement and operations of the electrical grid. Only the introduction of additional information technology (IT) will allow to coordinate all generators, storages and consumers and thus to ensure efficiency and reliability of the grid.

A functional and reliable grid is evident for a country’s stability. Therefore, governments provide guidance in form of critical infrastructure protection (CIP) programmes [6,7] and in form of written recommendations [8,9] on how to securely operate the IT stuffed new generations of grids.

References
[1] European Commission, Energy Efficiency Plan, 2011
[2] United States of America, H.R. 6582: American Energy Manufacturing Technical Corrections Act, 2012
[3] P. Hasse, Smartmeter: A technological overview of the German roll-out, 29th Chaos Communication Congress, Online http://events.ccc.de/congress/2012/Fahrplan/events/5239.en.html, 2012
[4] A. Borbely and J.F. Kreider, Distributed Generation: The Power Paradigm for the New Millenium, CRC Press, 2001, ISBN 0-8493-0074-6
[5] European Commission for Energy, Financing Renewable Energy in the European Energy Market, 2011
[6] North American Electric Reliability Corporation (NERC), http://www.nerc.com/
[7] Federal Office for Civil Protection (FOCP), The Swiss Programm on Critical Infrastructure Protection, Nov 2010, Online http://www.bevoelkerungsschutz.admin.ch/internet/bs/en/home/themen/ski. parsysrelated1.82246.downloadList.18074.DownloadFile.tmp/factsheete.pdf
[8] NIST Cyber Security Coordination Task Group, Security Profile for Advanced Metering Infrastructure, v2.0, June 2010
[9] ENISA, Smart Grid Security: Recommendations for Europe and Member States, July 2012, Online http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security-recommendations/at_download/fullReport

Note, this work is a preview version of an MSc Information Security dissertation in the fields of electrical grids.

Risks of DOM Based XSS due to “unsafe” JavaScript functions

Introduction

Several native JavaScript functions or properties like .eval() and .innerHTML as well as several jQuery functions like .html() and .append() are considered as “unsafe”, but why? The reason is that they allow DOM manipulation using strings containing HTML code (e.g.”<b>This text is bold</b>“), which can lead to DOM Based Cross-Site Scripting vulnerabilities. To be more specific: The usage of such functions is not a problem as long as no user input is directly embedded in an “unsafe” way. jQuery can help us to safely manipulate the DOM without executing XSS in user defined inputs. But do not by mistake assume jQuery is safe per se, it only provides us some helper function to manipulate the DOM more safely.

The subsequent sections show the difference between safe and unsafe usage of JavaScript and jQuery functions in the following scenarios:

Unsafe DOM manipulation using eval():

var txtField = "field1";
var txtUserInput = "'test@csnc.ch';alert(1);";
eval(
   "document.forms[0]." + txtField + ".value =" + txtUserInput
);

The last double quote causes the user input to be treated as JavaScript. This results in the following JavaScript code being executed by eval():

document.forms[0].field1.value = 'test@csnc.ch';alert(1);

Therefore the user input is executed:


Safe DOM manipulation using eval():

var txtField = "field1";
var txtUserInput = "'test@csnc.ch';alert(1);";
eval(
   "document.forms[0]." + txtField + ".value = txtUserInput"
);

The double quote at the end causes the user input NOT to be treated as JavaScript. This results in the following JavaScript code being executed by eval():

document.forms[0].field1.value = txtUserInput

Or in other words:

document.forms[0].field1.value = "'test@csnc.ch';alert(1);"

This results in the following HTML code:

<input type='text' id='field1' name='field1'
       value="'test@csnc.ch';alert(1);" />

Therefore the user input is not executed:

However, this snippet shows again how small the difference is between safe and unsafe usage of eval():

"document.forms[0]." + txtField + ".value =" + txtUserInput
"document.forms[0]." + txtField + ".value = txtUserInput"

Therefore it is recommended to completely ban this function from your JavaScript code.

Unsafe DOM manipulation using jQuery html():

var txtAlertMsg = "This is bold: ";
var txtUserInput = "test<script>alert(1)<\/script>";
$("#message").html(
   txtAlertMsg +"<b>" + txtUserInput + "</b>"
);

Or in other words:

$("#message").html(
   "This is bold: <b>test<script>alert(1)<\/script></b>"
);

This results in the following HTML code:

<div id='message'><b>test<script>alert(1)</script></b></div>

Therefore the user input is executed:


Safe DOM manipulation using jQuery html() and text():

var txtAlertMsg = "This is bold: ";
var txtUserInput = "test<script>alert(1)<\/script>";
$("#message").html(
   txtAlertMsg +"<b><div id='userInput'></div></b>"
);
$("#userInput").text(
   txtUserInput
);

Or in other words:

$("#userInput").text(
   "test<script>alert(1)<\/script>"
);

This results in the following HTML code:

<div id='message'>This is bold: <b>
   <div id='userInput'>test&lt;script&gt;alert(1)&lt;/script&gt;</div>
</b></div>

Therefore the user input is not executed:

Conclusion

  • eval() is evil
  • jQuery does not solve all your problems
  • When using JavaScript or jQuery functions to manipulate your DOM you always need to know if your content may contain user input. If yes you must only use functions which encode HTML / JavaScript strings like jQuery text().

Resources