Presentation in London, March 2017, at 7th anual conference on European Smart Grid Cyber Security. Summary: . Overview of smart meters deployment in Brazilian pilot projects • Threat assessment in smart meters • Possible attacks in Brazilian power companies • Methodology of vulnerability assessment • Security tests results

1. The Brazilian experience
Smart meter security assessment
in smart grid projects
March 2017
José Reynaldo Formigoni Filho, MSc
Information and Communication Security Technology Manager
CPqD Foundation

2. AGENDA
Smart grid and smart meters’ deployment in Brazil
Smart meter’s threats and frauds in Brazil
Smart meter security assessment R&D project
Security test procedures and results
Concluding remarks

3. THE GRID DEPLOYMENT: CURRENT
BRAZILIAN SITUATION
• R&D Phase
• Pilot Projects
• Government funds
First wave of
smart grid
• Smart metering
commercial deployments
• Automation and
operations integration
Second wave of
smart grid
•Distributed generation and
storage
•EV
•IT-OT integration
• Big data analytics
Third wave of
smart grid
Developed
countries
Brazil

4. FOREIGN POWER COMPANIES IN BRAZIL

5. THE SMART GRID DEPLOYMENT: CURRENT
BRAZILIAN SITUATION
• 13 pilots R&D projects
• US$ 100 mi from Aneel Funds
• Total of smart meters: almost 200.000
Digital City
10.000
Cidade Inteligente
10.000 EDP Bandeirante
Cidade Inteligente
10.000 Elektro
Eletropaulo Digital
84.000
Cidade do Futuro
4.200
Smart Grid
27.000
Cidade Inteligente - Búzios
10.000 - Ampla
Redes Inteligentes Celpe
850
Energia Mais
Celge
Smart Grid
EV and
DG
Cidade Inteligente
Aquirás - Coelce
20.000
Parintins Smart Grid
3000

6. COMMERCIAL SMART METER DEPLOYMENT
• Industrial and commercial
medium and large customers
(Group A): almost 100% are
using electronic meters (the
minority of these are smart
meters)
• Residencial and commercial
small customers (Group B): the
deployment has just started
Rio de Janeiro: 1 million
smart meters for Group B in 5
years
2 million smart meters for
Group B

7. THE MAIN THREATS
• Energy usage frauds:
Fraud energy consumption,
is a major threat and
concern of the utilities,
because it directly affects
their income
• Propagation of malicious
code to other meters
through the AMI: one of the
most dangerous threats with
high possibility to spread
malwares, which may cause
irreparable loss to the power
company.
• Malicious interruption of
electricity: terrorist acts, promotion
of chaos
• User privacy violation: data from
smart meters can show client
behavior
The most important
threat in Brazil

8. NON TECHNICAL LOSSES
The cyberattacks are within 5,74%
and are targeted at industrial and
commercial customers
Non technical losses (MV and LV)
Technical losses (MV and LV)
Total losses (MV and LV)
Total losses for each group in 2016

9. HOW BRAZIL IS DEALING WITH
THE CYBERSECURITY PROBLEM?
• Brazil does not have a minimum cybersecurity framework for the power sector
• Aneel has not dealt with this subject as a critical infrastructure problem to the country
• How are the companies facing this problem?
Group 1
Foreign Controller
• Bring the methodologies
from abroad and do the
adaptations for the
Brazilian reality
Group 2
Brazilian Controller
With know How
• They are trying to
develop their own
framework based on
experiences from USA
and EC
Group 3
Brazilian Controller
Without know How
• They are hiring R&D
Centers and Universities
to help them develop
their own framework

10. SECURITY ASSESSMENT METHODOLOGY FOR SMART METER
• Name: R&D in security assessment for smart meters
• Client:
• Sponsor: Aneel R&D Fund
• 30-month project totally executed by CPqD Foundation
• Number of customers: 2.4 mi
• 8th biggest power company in Brazil
• Number of cities: 228

11. SECURITY ASSESSMENT METHODOLOGY FOR SMART METER
Goal 1
Methodology for security
assessment
Goal 2
Smart Meter Cyber Security
Laboratory Deployment
Goal 3
Security analysis and
tests of smart meter
State of the art survey for
smart meter security
Specification of the test
environment
Development of the
security assessment
methodology for smart
meter
Security tests
Implementation of Smart Meter
Security Training Platform
Laboratory deployment
Laboratory operation
Knowledge and
technology transfer
Security Assessment for Smart Meters
Functional tests

12. • Name: Smart meter security assessment laboratory
• Number of labs: 2 (CPqD and Elektro)
• Short term subjects:
• Perform all tests specified by the methodology (security and fuctional tests)
• Offer the security assessment evaluation for other power companies and smart meters
suppliers.
• Medium term subject:
• To become the first national laboratory for RTM 586 (the Brazilian Standard for fuctional
requirements) certified by Inmetro*, our national metrology institute
• To become the first national laboratory for security assessment certified by Inmetro*
LABORATORY DEPLOYMENT
*INMETRO – Instituto Nacional de Metrologia

13. TEST RESULTS: GENERAL OVERVIEW
• Number of manufacters: 6
• Number of smart meter models tested: 8
• Main assumptions:
• Hadware and software tests were performed
• Intrusion tests performed: "black box” approach
• The tests were performed at CPqD. A subset of these tests
were performed at the Elektro’s lab.

14. TEST PROCEDURES
• Initial hardware evaluation of the smart meter
• Copy of the non-volatile memory
• Data capture at the bus
• Entropy analysis of information collected from the electronic
components
• Searching for cryptographic keys on information collected
from the electronic components
• Firmware analysis
• Exploiting vulnerabilities in the firmware

15. HARDWARE TEST RESULTS
• It is the first set of security tests to be done
• Normally, the manufacturers do not provide any information related to
the hardware architecture of smart meters
• Tester’s skills:
• Electrical circuits
• Communication protocols (I2C, SPI, serial)
• Embedded systems
• Microcontroller architecture
• Reading datasheets and layouts of printed circuit boards (PCB)

16. TEST RESULTS
• Functional tests (RTM 586)
• 14 smart meters tested
• In 13 of them was possible to access the metering
parameter via optical interface
• Security tests
• A 100% presented software and hardware vulnerabilities

17. CONCLUDING REMARKS
• The Brazilian power companies have begun to pay more attention to the
cybersecurity problem
• Currently, Aneel does not have a clear position on this subject
• Companies already face problems with fraud in electronic meters for
commercial and industrial customers
• The problem will be much greater with the deployment of smart meters for
residential consumers

18. CONCLUDING REMARKS
• Discussions on standardization and certification of security requirements
for smart meters are in early stages
• Aneel's major concern regarding the insertion of minimum security
requirements in smart meters is cost increase because our tariff is based on
cost
• However, considering the amount of vulnerability found in our tests, some
actions should be taken by the government bodies to mitigate the problem.

19. CONCLUDING REMARKS – PAPERS AND BOOK
The Book
• Published by Elektro at the end of
2016
• Only in Portuguese!
International papers:
• Smart Meters Security Assessment in the Brazilian
Scenario. The Third International Conference on Smart
Grids, Green Communications and IT Energy-aware
Technologies - Lisbon, Portugal. March 24, 2013
• A Fast Attack against a Smart Meter Authentication
Protocol. Proc. of the 3rd International Conference on
Informatics, Environment, Energy and Applications. IEEA
2014. China, 27-28 March, 2014.
• MeterGoat: A Low Cost Hardware Platform for Teaching
Smart Meter Security. ICCGI 2014 - The Ninth International
Multi-Conference on Computing in the Global Information
Technology - Sevilha – Espanha. June 22, 2014
• Implementation Aspects of MeterGoat, a Smart Meter
Security Training Platform. SINCONF 2014 - The 7th
Internation Conference on Security of Information and
Networks - Glasgow - Reino Unido. September 1, 2014
reynaldo@cpqd.com.br

20. TRANSFORMANDO
EM REALIDADE
w w w . c p q d . c o m . b r
José Reynaldo Formigoni Filho
Information and Communication Security Technology Manager
CPqD Foundation
Tel.: +55 19 3705-7121 / Fax: +55 19 3705-6833
Cel.: +55 19 99838-2321
reynaldo@cpqd.com.br
www.cpqd.com.br
THANK YOU!