Security should be addressed across all sections. This section will address general security requirements, e.g. SDLC requirements, algorithm requirements etc.

IEC 62443

Threat Model

The GEISA Execution Environment inputs:

HAN Interface
- Gateways
- Smart Inverters
LAN Interface
Environmental Sensors
- Temperature
- Humidity
- Accelerometer
- Location (GPS)
Meter Register
Metrology Sensor
Provisioning Interfaces
- Bluetooth
- Thread

GEISA Execution Environment outputs:

HAN Interface
LAN Interface
Local Storage
Disconnect Switch(es)

Potential Threats and Causes

Malicious Firmware
- Supply Chain Attack
- Unpatched Components
- Compromised Vendor
- Compromised Employee Workstation
- Compromised Management System
Vulnerable Network Interface
- Poor Programming Practices
- Inadequate Testing
- Unpatched Components
- Supply Chain Attack
Broken Firmware
- Poor Programming Practices
- Incorrect Logic
- Inadequate Testing
- Unpatched Components
Side Channel Attacks
Malicious Inputs
- Forged data from Smart Inverters
- Forged data from EVSE
- Attack on the Provisioning Interface
Privilege Escalation
Isolation Escape
- Attacker is able to escape isolation mechanism and access core environment
Direct Hardware Attack
- Decap Chip
- Access to programming interfaces
  - Replace Firmware
  - Retrieve and decompile firmware
- Swap out the chip
Resource Exhaustion
- CPU
- Memory
- Storage
- HAN Communications
- LAN Communications
Denial of Service
- HAN Communications
- LAN Communications
Peer-to-Peer Attacks

Potential Attacker Objectives

Access to the Utility Internal Network
Controlling the Remote Service Switch (or other actuator)
Attacking devices within the Home
Coordinated attacks across Homes
- Note: there are papers which demonstrate that coordinated attacks on as little as 1% of the load can cause grid instability.
Manipulating readings (typically for theft)
Steal data (privacy, spying on customers etc.)