GISFI Meeting #5 GISFI Iot 201106104

GISFI Meeting #5 GISFI_IoT_201106104

Hyderabad, India – June 20-22 2011

Agenda item:WG IoT

Source:TCS

Title:Technical Report on “User Data Privacy in Smart Grids”

Document for:Discussion and approval to accept as baseline Technical Report document

GISFI TR ab.cde V1.1.0(2011-09)

Technical Report

Global ICT Standardisation Forum for India;

Technical Working Group IoT;

Technical Report on “User Data Privacy in Smart Grids”;

(Release 1)

The present document has been developed within GISFIand may be further elaborated for the purposes of GISFI.

GISFI TR ab.cde V1.1.0 (2011-09)

1

Release 1

Keywords

<Privacy, Smart grid, Wireless mesh networks, Deliver response, Demand response

GISFI

GISFI office address

Global ICT Standardisation Forum for India (GISFI),

Singhad Campus, Gat 308/309, Kusgaon (Bk.)

Off. Mumbai– Pune Expressway, Lonavala, India

Tel.: +91 2114 304 353 / 401 Fax: +91 2114 278304

Internet

E-mail:

Copyright Notification

No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© 2011, GISFI

All rights reserved.

Contents

Contents......

Intellectual Property Rights......

Foreword......

1Scope......

2References......

2.1Normative references......

2.2Informative references......

3Definitions, symbols and abbreviations......

3.1Definitions......

3.2Symbols......

3.3Abbreviations......

4Introduction......

5A typical smart grid system......

5.1Smart grid communication requirements......

6Personal information on the smart grid......

6.1Digitization of smart meter information......

6.2Changes experienced by the utilities......

6Privacy recommendations for smart grids......

7Privacy in smart grids – use case scenarios......

7.1 Background: wireless mesh networks......

7.2 Use case scenario 1: customer information access......

7.3 Use case scenario 2: customer enablement......

7.4Potential requirements resulting from use cases......

8Conclusion......

Annex <A>: Title of annex......

A.1First clause of the annex......

A.1.1First subdivided clause of the annex......

Annex <y>: Bibliography......

History......

Intellectual Property Rights

IPRs essential or potentially essential to the present document may have been declared to GISFI. The information pertaining to these essential IPRs, if any, is publicly available for GISFI members and non-members, and can be found in GISFIyyyy: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to GISFI in respect of GISFI standards", which is available from the GISFI Secretariat. Latest updates are available on the GISFI Web server (

Pursuant to the GISFI IPR Policy, no investigation, including IPR searches, has been carried out by GISFI. No guarantee can be given as to the existence of other IPRs not referenced in GISFIyyyy (or the updates on the GISFI Web server) which are, or may be, or may become, essential to the present document.

Foreword

This Technical Report (TR) has been produced by GISFI Working Group (WG)Internet of Things (IoT).

The present document may be referenced by other TRs and Technical Standards (TS) developed by GISFI WGIoT. The present document is a TR and therefore, the content is informative, but when this TR is referenced by a TS, the referenced clauses may become normative with respect to the content of the referencing TS.

1Scope

The present document makes a study on the privacy requirements of user data in smart grid environments. It also presents Use Case descriptions for privacy of user data in smart grids in context of Internet of Things (IoT) communications. The described Use Cases will be used to derive service requirements and capabilities of the functional architecture specified in GISFI WGIoT.

2References

References are either specific (identified by date of publication and/or edition number or version number) or nonspecific.

• For a specific reference, subsequent revisions do not apply.
• Non-specific referencemay be made only to a complete document or a part thereof and only in the following cases:

-if it is accepted that it will be possible to use all future changes of the referenced document for the purposes of the referring document;

-for informative references.

Referenced documents which are not found to be publicly available in the expected location might be found at

NOTE:While any hyperlinks included in this clause were valid at the time of publication GISFI cannot guarantee their long term validity.

2.1Normative references

The following referenced documents are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of the referenced document (including any amendments) applies.

[1]GISFI EN xxx xxx-y: "title".

[2]GISFI EN zzz zzz: "title".

2.2Informative references

The following referenced documents arenot essential to the use of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest version of the referenced document (including any amendments) applies.

[i.1]GISFI TR xxx xxx: "zzzzzzzzzzzzzzzzzzzzzzzzzz".

[i.2]….

3Definitions, symbols and abbreviations

3.1Definitions

Smart Grid: a type of electrical grid which attempts to predict and intelligently respond to the behaviour and actions of all electric power users connected to it – suppliers, consumers and those that do both – in order to deliver reliable, economic, and sustainable electricity services.

3.2Symbols

For the purposes of the present document, the following symbols apply:

<symbol<Explanation>

<2nd symbol<2nd Explanation>

<3rd symbol<3rd Explanation>

3.3Abbreviations

For the purposes of the present document, the following abbreviationsapply:

FIPPAFreedom of Information and Protection of Privacy Act

MFIPPAMunicipal Freedom of Information and Protection of privacy Act

IoTInternet of Things (Communications)

IESOIndependent Electricity System Operator

EBEnergy Board

AMIAdvanced Metering Infrastructure

OEBOntario Electricity Board

IEDIntelligent Electronic Devices

DRDeliver Response

4Introduction

Embracing a positive-sum model whereby privacy and energy conservation may be achieved in unison is key to ensuring consumer confidence in electricity providers, as Smart Grid projects are initiated. Customer adoption and trust of Smart Grid energy savings programs is an integral factor in the success of energy conservation.

What constitutes “personal information” on the Smart Grid is the subject of much discussion. Personal information is defined by the Freedom of Information and Protection of Privacy Act (FIPPA) and the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), as “recorded information about an identifiable individual.” Once it becomes apparent that a Smart Grid technology, system or project will involve the collection of personal information, privacy considerations begin to apply, such as limiting the amount of personal information collected, used or disclosed, and the safeguarding of that information. The digitization of smart meter information has an impact on privacy experienced in other areas where traditional paper records are being transferred into digital form. Digital smart meter data, like all digital data, is vulnerable to accessing, copying, matching, merging and massive dissemination.

The changing nature and vast increase of information gathered on the Smart Grid is also resulting inchanges in the nature of utilities as power providers. Lack of integration between various systems inthe area of communications, operations and information systems, is a significant gap within whichchallenges may arise for utilities. Utilities should be aware of the gaps and opportunities to integrate privacy technologies into these systems, such as the introduction of smart transformers and power linemonitors, and the centralization and integration of data and processes.

Integration of privacy in system design extends to a “trilogy” of encompassing applications: 1) IT systems; 2) accountablebusiness practices; and 3) physical design and networked infrastructure. It may be accomplished by practicing the following seven fundamental principles:

1. Smart Grid systems should feature privacy principles in their overall project governance framework and proactively embed privacy requirements into their designs in order to prevent privacy-invasive events from occurring.
2. Smart Grid systems must ensure that privacy is the default -- the “no action required” mode of protecting one’s privacy – its presence is ensured.
3. Smart Grid systems must make privacy a core functionality in the design and architecture of Smart Grid systems and practices – an essential design feature.
4. Smart Grid systems must avoid any unnecessary trade-offs between privacy and legitimate objectives of Smart Grid projects.
5. Smart Grid systems must build in privacy end-to-end, throughout the entire life-cycle of any personal information collected.
6. Smart Grid systems must be visible and transparent to consumers – engaging in accountable business practices – to ensure that new Smart Grid systems operate according to stated objectives.
7. Smart Grid systems must be designed with respect for consumer privacy, as a core foundational requirement.

Each best practice can be applied by utilities in the planning of their Smart Grid activities. This is illustrated through two uses case scenarios describing the implementation of privacy design principles into Smart Grid projects in the areas of: (1) customer information access, and (2) customer enablement. The customer information access uses case scenario shows how all customers must be authenticated, and how multiple consecutive access failure attempts will disable the account. In the first scenario, protecting access to customer information will foster trusting relationships – allowing the customer to trust the utility, and therefore increasing the likelihood of his/her participation to realize the benefits of the Smart Grid. The customer enablement use case scenario examines how privacy concepts may be built into the core design, directly involving customers in the dynamic management of the electrical grid.

While the Smart Grid has the potential to deliver substantial value, it represents a significant endeavour that will require privacy risk mitigation measures to be taken. Many technologies and standardsare still in their early stages of development, and not all will move into commercialization or reacha suitable practice point for mass deployment. The costs and time required, as well as the benefitsattained, will depend on the scope and pace of implementation, technology trends, and consumeracceptance and adoption. Utilities have an interest in ensuring that consumer adoption of SmartGrid energy saving programs is not impeded by fears relating to privacy. Electricity providers mustembrace a new positive-sum business model — one that is protective of privacy — or risk losingconsumer confidence and the public’s trust [1].

Privacy standards are needed against which utility stakeholders can map their Smart Grid developmentsand implementation [2].The purpose of this technical report is to put forward a standard design procedure for privacy for adoption in Smart Grid implementation, in order to protect consumer data privacy. The purpose of this document is to identify the privacy issues in Smart Grids and propose some approaches to tackle some of these issues.

5A typical smart grid system

Smart metering provides the anchor tenant for improved communications across the distributionsystem; communications provide for the convergence of information technologies with the delivery of power. The numerous that this convergence provides is labeled as the “Smart Grid”. A Smart grid is defined as [3]: “The advanced information exchange systems and equipment that when utilized together improve the flexibility, security, reliability, efficiency, and safety of the integrated power system and distribution systems, particularly for the purposes of:

a)enabling the increased use of renewable energy sources and technology, including generation facilities connected to the distributed systems,

b)expanding opportunities to provide demand response, price information and local control to electricity customers,

c)accommodating the use of emerging, innovative and energy-saving technologies and system control applications, or

d)supporting other objectives that may be prescribed by regulations”.

While exactly what will comprise the Smart Grid in the future is unknown, major components will include advanced metering infrastructure, time-of-use pricing, demand management, and the creation of a Smart Metering Entity. In order to implement time-of-use prices, electricity distribution companies must achieve four things: (i) install smart meters, (ii) enroll those smart meters with the Meter Data Management Repository (“repository”) maintained by the independent electricity system operator (IESO), (iii) incorporate time-of-use prices within their services, and (iv) file their program with the energy board (EB) of the city or the state.

Electricity distributors will be required to adhere to functional specification criteria wheninstalling smart meters, metering equipment, systems and technology.The specifications require aminimum functionality of hourly meter reads, and the ability to transmit this information withoutfield visits. Smart meters contain an advanced metering communication device, and each has avisible display that includes its identification number and meter serial number. Transmission of meterreads may be as frequent as necessary to meet requirements, and must be done using an approvedprotocol and file structure. Distributors with advanced metering control computers may store upto 60 days worth of meter reads, and must not aggregate meter reads into rate periods or calculateconsumption data prior to sending the information to the IESO’s repository. The smart meter systemmust also report on confirming data linkages between the advanced meter communication device,the meter serial number and the customer’s account. The smart meter system, including some partsthe repository must also log successful transfer of meter reads as well as log unsuccessful attempts,including the cause and status of such attempts. In addition, the system must confirm the accuracyof meter readings and report suspected cases of meter theft, tampering or interference.

An Advanced Metering Infrastructure (AMI) is required to have security features to preventunauthorized access to the AMI and meter data and to ensure authentication to all AMI elements. The IESO will use a unique ID for each electricity point of delivery (physical or virtual), includingindividual residences or multiple meters. The repository maintains internal links that relate eachpoint to metered quantities. The master directory links all points, meters, and utilities. Meter readsare stored in the repository including interval consumption data and billing quantity data. It cansupport meter reads from 5 to 60 minute intervals. Meter data is aggregated for reporting and analysis.The repository can flag data as outdated and schedule it for re-aggregation when it is required. Therepository supports overrides to allow for the utility to update inaccurate information.

The AMI will also need to meet all applicable federal, provincialand municipal laws, codes, rules, directions, guidelines, regulations and statutes, includingrequirements of regulatory authorities and agencies.

5.1Smart grid communication requirements

Assessing communications needs of various Smart Grid applications require an understanding of: (1) the control loop timeline of the application, (2) the amount of data that need to be transferred at any particular time, (3) the number of devices with which communication must be maintained, and (4) the overall communication capacity of the proposed system. An application’s timeline and tolerance for latency in transferring and analyzing data or control signals are critical for determining appropriate communication capability. For example, the gathering of metering data for daily meter collection can tolerate a latency period of many hours (and even a period of several days in the case of monthly billing). But real-time, control-oriented applications such as volt/VAr control, integration of distributed generation resources, and distribution switching require latency periods of no more than two seconds [4].

Contemporaneous consideration must also be given to the consistency or predictability of a particular application’s activity. For example, a utility generally can schedule the collection of metering data and gradually perform such collection throughout the day or night in order to smooth out any data peaks. Many of the applications with the most stringent latency needs (i.e., outage alerts, system control applications etc.), however, are asynchronous in nature and their activity therefore, cannot be scheduled. A utility’s full analysis of its communication needs must address all such application timelines, latency tolerances, and application predictability, including consideration of simultaneous activity from multiple applications.

Determination of communication needs also includes analyzing the data transfer requirements of the various Smart grid applications, including all necessary security overhead data that can dramatically increase the amount of data as well as the overall number of data exchanges that are required. Many such applications, including communication of identifying information and limited sensor readings or control commands, require the transfer of only a few hundred bytes of data to or from nay single node. Other applications, however, require the transfer of significantly larger amount of data. For instance, a day’s worth of meter interval data can amount to there or five kilobytes if 15-minute intervals are being used and multiple parameters, such as voltage and power quality, are collected. Further, action such as initial association of any device with the network and downloads of software updates to meters or other widely deployed devices may require transfer of significantly more volume of data.

Upon determining the communication needs of its desired Smart Grid applications, a utility can analyze various communication modalities for their ability to meet the utility’s application demands. In determining the communication architecture of a particular Smart Grid system, a utility must account for the total capacity needed to support its near – and long-term Smart grid needs. For instance, contemplation of a wireless mesh network system that provides several dozen kilobits per second of real throughput should include determining the number of nodes in a single collector’s cell in order to evaluate the system’s ability to deliver the necessary performance. Further, the number of nodes that are participating in a given application must be part of the analysis because large number of communicating nodes can adversely affect the system performance.

Table 1 provides an overview of various Smart Grid applications and their basic latency tolerances, data transfer requirements, and the extent to which they can be pre-scheduled. These requirements must drive any analysis of Smart Grid communication needs.

Table 1: Smart Grid applications and their data rates, latencies and scheduling characteristics

Application / Basic description / Upstream data per node / Downstream data per node / Allowable latency / Whether scheduled?
Meter readings-- daily collection / Collection of daily interval readings of individual meters. May include consumption as well as power quality or other parameters. / 2 – 10 KB / 50 -400 bytes / Up to 8 hours / Yes
Meter readings -- on demand / A request of immediate parameters such as consumption or the presence of power. / 100 – 500 bytes / 50 – 100 bytes / Up to 8 hours / Yes
Demand response – broadcast of data / A system-wide broadcast of data to demand response or in-home energy display units. / 40 -100 bytes / 500 – 2000 bytes / 1- 60 seconds / Yes
Demand response – directed control of individual premises / Directed control messages to devices at customer premises. Includes confirmation of delivery. / 40 – 100 bytes / 200 – 500 bytes / 1 – 5 seconds / No
Outage detection / A message indicating loss of electric supply from a given device. / 100 bytes / 0 byte / 1 – 5 seconds / No
Fault detection / A message indicating a fault has occurred and including some basic measurement parameters / 100 – 300 bytes / 0 byte / 1 – 5 seconds / No
Distribution switch control / Control message to switches or other devices in the distribution system (between the substation and the customer premise). / 50 – 300 bytes. / 250 – 1500 bytes / 1 -2 seconds / No
Distributed generation – pre-dispatch reporting / Messages to distributed generation resources (such as solar panels or PLEVs) to prepare for possible generation dispatch. / 500 – 2000 bytes / 1000 – 3000 bytes / 1 – 2 seconds / No
Distributed generation – dispatch / Messages to dispatch distributed generation resources. / 100 – 200 bytes / 100 – 200 bytes / 1 – 2 seconds / No
Distributed generation – status reporting / Reporting of status from distributed generation resources during their operation / 250 – 1000 bytes / 50 – 200 bytes / 1 -2 seconds / No
Software download / Download of new software for devices in the field. / 10 -100 KB / 100kb – 10 MB / < 24 hours / Yes

6Personal information on the smart grid