Kapsch Smart Energy GmbH ||Titel der PräsentationUntertitel der Präsentation1 Kapsch Smart Energy Eaton Sicherheit im Smart Metering Umfeld am Beispiel Stadtwerke Feldkirch

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering2 Smart Meter sind keine Computer PS3 Notebook Keine zugängliche Schnittstelle, Zugangsversuch: Alarm

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering3 Kommunikation in einem sicheren System…. Kapsch Smart Metering/ Grid Center SEM Sub MeteringSmart MeteringSecure transport Wireless or wired M2M Secure Communication wireless, wired DWH Daten eines Zählers, dynamisch verschlüsselt, RM nur auf Anfrage der Zentrale „Security by design“ Commissioning: nur zentral registrierte Zähler werden im System erfasst, Keys nur einmalig gültig Gewaltsames Eindringen  Alarm 20 stelliges PW, 3x falsch  Sperre und Alarm Tunnel

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering4 Zentrales System SEM von Kapsch „Stand alone System“ mit internen Schnittstellen zu EDM und ERP, Skada Event logging Zugriffs- Rechtemanagement Keine Bulk Kommandos Eigener PW Schutz bei switch off Datenbank des Kundenportals getrennt Kapsch: ISO und ISO Kunden: u.a. Paylife SEM

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering5 Kapsch Sicherheitsüberlegungen In our solution Security means protecting sensitive data and operations against unauthorized access, unauthorized usage, interruption and losses. Key security concepts within SEM solution:  Availability / Reliability including Utilization  Authentication  Authenticity / Integrity  Authorization / Confidentiality  Encryption  Data quality Key security levels:  Hardware part  Software and application part  Communication part

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering6 Security concepts – Description Availability / Reliability including Utilization Correct data and operations must be available when it is needed. It means that hardware, software and communication must work correctly with high availability and should be ready to serve at all times under given conditions. On other hand complete solution must be cost effective working with high utilization. Authentication In general authentication means Identifying and Confirming the identity of a party involved in the communication. It can be:  Device in the metering network (e.g. electricity meter which sends billing data)  User which uses SEM system (e.g. network administrator)  3rd party system which uses SEM data and services (e.g. ERP systems like SDK or SAP)  internal SEM modules. Authenticity / Integrity Specific part of authentication connected with authorization and data validation which ensures that the data are authentic and that the data cannot be changed without authorization.

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering7 Security concepts – Description Authorization / Confidentiality Authorization verifies the access rights to operations and data in cooperation with authentication.  Sensitive data must be protected against unauthorized access and usage. Data are protected using authorization and encryption mechanisms that only authorized party can access, decrypt and use the data. User which uses SEM system (e.g. network administrator)  Similar access is applied to operations that only authorized party can access or use specific operation. Encryption Encryption is used to protect sensitive data in transit or even to protect specific type of data in storage. Encryption is also used within authentication and authorization requests. Data Quality Incomming data must be checked if they are in a possible range. Missing data must be filled out.

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering8 GPRS – Zählerdatenverschlüsselung DIN (IPT) verschlüsselt 3GPP verschlüsselt (GEA1,2) M2M Gateway BSC/PCU SGSN GGSN SIG Gr Gn Gb Gi BTS MSC VLR MSC VLR HLR Abis Um A A Gs KMOD-FS10 Internet EVU Applikation Zähler VPN Tunnel IEC /53 (DLMS/COSEM) verschlüsselt EVU APN z.B. EvuMeter

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering9 Virtualization Praxis-Beispiel DMZ Web- Server DMZ Comm. Server Web Portal Clients GPRS VPN Fiber VPN Internal Clients Application Servers Databases DMZ Internet VPNs Internal Networks Hello :80 GET :80 Hello

Kapsch Smart Energy GmbH ||Kapsch Smart EnergySmart Metering10 Vergleich Deutschland: Marktmodell und Sicherheitsaspekte Gateway MSBEnergie- Lieferant XCustomer Netzbetreiber Energie- Lieferant XCustomer DA Private Network Public Network Access Rights Management

Kapsch Smart Energy GmbH Kapsch Smart Energy, a company of the Kapsch Group Please Note: The content of this presentation is the intellectual property of Kapsch AG and all rights are reserved with respect to the copying, reproduction, alteration, utilization, disclosure or transfer of such content to third parties. The foregoing is strictly prohibited without the prior written authorization of Kapsch TrafficCom AG. Product and company names may be registered brand names or protected trademarks of third parties and are only used herein for the sake of clarification and to the advantage of the respective legal owner without the intention of infringing proprietary rights. Ing. Mag. Christian Schober, MBA General Manager Kapsch Smart Energy GmbH Wienerbergstraße 53 | 1120 Vienna| Austria Phone | Mobile | DI Martin Malos, PHD Head Productmanagement Smart Metering Eaton GmbH