bill sanders - department of energy 2 - tcipg.pdf– graduates have started careers in academia,...
TRANSCRIPT
Trustworthy Cyber Infrastructure for the Power Grid (TCIPG)
Bill Sanders TCIPG
Cybersecurity for Energy Delivery Systems Peer Review July 24-26, 2012
• Objectives – Identify and address critical security
and resiliency needs at the cyber-physical junction in the evolving power grid
– Engage Industry (utility, control system vendors, technology providers)
– Research Excellence
– Education
• Technical Approach – Identify and take on important &
hard problems
– Unique balance of long view of grid cyber security, with emphasis on practical solutions
– Work to get solutions adopted
• Schedule: Sept 30, 2009 – May 15, 2015
• Performers: University of Illinois at Urbana-Champaign, Dartmouth College, Cornell University, University of California Davis, Washington State University
• Partners: 9-Member External Advisory Board (EAB) from utility and industry, as well as large Industry Interaction Board
TCIPG Summary
TCIPG Impacts all aspects of the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity
Build a Culture of Security
Conduct summer schools for
industry
Develop K-12 power/cyber
curriculum
Develop public energy literacy
Directly interact with industry
Educate next-generation cyber-
power aware workforce
Assess and Monitor Risk
Analyze security of protocols (e.g. DNP3, Zigbee, ICCP, C12.22)
Create tools for assessing security of devices, systems, &
use cases
Create integrated scalable
cyber/physical modeling
infrastructure
Distribute NetAPT for use by utilities
and auditors
Create fuzzing tools for SCADA
protocols
Protective Measures/Risk
Reduction
Build secure, real-time, & flexible communication mechanisms for
WAMS
Design secure information layer
for V2G
Provide malicious power system data
detection and protection
Participate in industry-led CEDS
projects
Manage Incidents
Build game-theoretic response
and recovery engine
Develop forensic data analysis to
support response
Create effective Intrusion detection approach for AMI
Sustain Security Improvements
Offer testbed and expertise as a
Service to Industry
Anticipate/address issues of scale:
PKI, data avalanche, PMU
data compression
Act as repository for cyber-security-
related power system data
TCIP
G E
ffor
ts
• Approach
– TCIPG is a multi-university R&D center
– Research is organized into four topical Clusters, each of which contain a number of Activities (32 total)
– Cross-cutting efforts address Industry Interaction, Education/Outreach, and Testbed
• Metrics for Success
– Impact in the sector in the form of technology and knowledge transfer
– Collaboration with National Labs; industry; and groups such as IEEE PES, NASPI, GPA, EPRI, and others
– Publications
– Workforce development: Graduates placed in industry and academia
Technical Approach and Feasibility
TCIPG Technical Clusters and Threads
Trustworthy Technologies for Wide Area Monitoring
and Control
Communication and Data Delivery
(5 activities)
Applications
(2 activities)
Component Technologies
(3 activities)
Trustworthy Technologies for Local Area Monitoring, Management, and Control
Active Demand Management
(3 activities)
Distribution Networks
(2 activities)
Responding to and Managing Cyber Events
Design of Semi-automated Intrusion Detection and
Response Techniques
(6 activities)
Trust Assessment
Model-based Assessment
(6 activities)
Experiment-based Assessment
(5 activities)
• Challenges to Success
– Project Coordination
• Addressed by weekly leadership meetings, weekly “all-hands” meetings, annual retreat
– Competing demands on industry and utility experts
• Addressed by EAB mechanism, Industry Workshop
– Achieving technology impact
• Cross-cutting industry interaction activity. Active engagement with utilities. Pilot deployments
Technical Approach and Feasibility
2012 Q1 Progress: IDS for Embedded Systems, Protocols, and AMI
• Embedded device IDS
– Ongoing discussions with SEL on Autoscopy; investigating embedding in SEL product
– Autoscopy Junior featured in “New Scientist”
• Specification-based IDS for AMI
– Collaboration with Fujitsu on threat modeling
– Presented at EPRI Power Delivery and Utilization (PDU)
– Will be used in Utility ARRA project
2012 Q1 Progress: Security of Wide Area Measurements (Including PMUs)
• False data injection analysis and countermeasures
– Abstract accepted for NIST Workshop: Cybersecurity for Cyber-Physical Systems (April 2012) on Security-aware state estimation
• GPS Spoofing and SCADA-based countermeasures
– Showed efficacy of attack via detailed simulation; now building hardware prototype to demonstrate in laboratory
• Security of measurement devices
2012 Q1 Progress: NetAPT
• Further adoption in utility evaluation programs – More than 15 external deployments
– Large investor-owned utility
– Several members of the Association of Illinois Electric Cooperatives (AIEC)
– NERC / SERC Auditors
– Used in multiple NERC Audits
• Feedback has led to tool improvement and new features
– Predefined filters based on NERC guidance
– Now supports new Cisco firewall set features
– Initial support for SonicWall (popular firewall in the utility sector)
• Interface to Sophia (with INL)
• New funding from DHS Science & Technology to foster commercialization
(Sanitized) NetAPT Map of real EMS
2012 Q1 Progress: TCIPG Testbed Highlights
• Functional Itron Smart Meter Testbed being leveraged for active research.
• Further augmentation of PMU capabilities, including RTDS integration cases.
• Increasing engagement with Utilities, Vendors, and other testbeds.
• Accelerating DETER integration and DEFT demonstration capabilities.
2012 Q1 Progress: Education and Engagement
Objectives • Bulleted List
• Charge Up Energy Education Exhibit at Illinois Engineering Open House 2012e
2012 Q1 Achievements
• Link researchers, educators, consumers, and students
• Connect with schools and national curriculum endeavors
• Develop interactive lessons and activities available on the web and for touch tablet devices
• Create interest in STEM disciplines and careers
• Illustrate issues necessary for consumer acceptance and use of smart grid technologies
• Continuing to develop the interactive e-book for iPad and HP Touchpad incorporating suggestions from audience tests
• Partnered with Mahomet Public Library to receive IEEE Science Kits for Libraries grant
• Partnered with Champaign School District #4 to receive an award from the Illinois State Board of Education to provide professional development to teachers
Education and Engagement
FY 11 TCIPG Scholarly Impact (October 2010 – September 2011)
• Degrees
– 3 BS, 7 MS, 6 PhD
– Numerous students at various stages of thesis preparation or defense
– Graduates have started careers in academia, industry (University of Miami, Intel, Microsoft, NSA, PowerWorld, Oracle, SEL, Florida Power & Light, Stanford)
• Publications and Presentations – Over 70 papers published in (or accepted to) journals and
conferences
– Over 100 presentations
• TCIPG actively seeks industry involvement in
– Identifying critical R&D needs
– Providing opportunities for pilot deployment of technology
• Annual Industry Workshop (This year: October 30-31, 2012)
– Industry-led panels
– Posters for TCIPG activities
– Active solicitation of industry input on research direction
• Ongoing contacts (follow-on from Industry Workshop)
– Industry and vendor involvement with AMI security activity
• In addition to industry, TCIPG collaborates with the National Laboratories, NIST, NASPI, EPRI, and others
• Challenge: Bandwidth of industry thought leaders
Collaboration: Plans to gain industry input
TCIPG as Catalyst for Accelerating Industry Innovation
TCIPG
Utilities Vendors/Tech Providers
Sector Needs Pilot Deployment
Data
Access to equipment R&D Collaboration
Solutions Validation and Assessment
Products Incorporating Solutions
• Co-Leads of 3 CEDS Industry Projects
– Honeywell
– GPA
– ACS (Telcordia)
• Multiple projects with EPRI
• Targeted funding from and technology transfer to industry
– Fujitsu, GE, Lockheed Martin, Northrop Grumman, SEL, Honeywell
• Utilities (large as well as rural cooperatives) are now using TCIPG tools such as NetAPT
– Verify network access conforms to desired policy
– Use as a CIPS pre-audit tool
• AMI Security activity has engaged meter manufacturers as well as a major IOU
• SEL Interest in TCIPG technologies (GridStat, ZigBee Self-assessment, Autoscopy JR)
Example Collaboration/Technology Transfer
Additional Recent TCIPG Focused Industry Interaction Examples
• Reviews and Audits
– OpenPDC code audit (for GPA)
– AMI security review of deployments and specifications
– ASAP-SG security profile input and review
– Guidance in realizing NASPInet
• Interaction with investor-owned utilities
– Ameren: NERC CIPS support
• Rural Electric Cooperatives
– Vulnerability assessment for member co-ops of the Association of Illinois Electric Cooperatives
• NERC RCs
– SERC evaluation of NetAPT as CIPS pre-audit tool
• Industry-initiated opportunities in regard to a campus testbed/microgrid
• Approach for the next year or end of project
– Recently started Year 3 of 5
– Periodically review and revise project activities
– Continue and accelerate industry interaction and technology transfer
– TCIPG Retreat planned for August
• Invite industry to identify gaps
• Potentially recalibrate activities accordingly
– Industry Workshop – October 30-31, 2012
• Project results that may form the basis of future control systems security work or link to other programs/organizations
– CONES synergy with SIEGate
– Hardware IDS interaction with Sandia
– PMU Data Quality and other activities are relevant to NASPI
Next Steps
TCIPG Seminar Series on Technologies for a Resilient Power Grid
Monthly TCIPG Seminar Series are presented live and webcast to an academic/government/industry audience
Friday, January 6, 2012 1PM CT, NCSA Auditorium & Webcast Presenter: William H. Sanders, University of Illinois University of Illinois at Urbana-Champaign Title: Making Sound Design Decisions Using Quantitative Security Metrics Friday, February 3, 2012 1PM CT, NCSA Auditorium & Webcast Presenter: Jeff Dagle, Pacific Northwest National Laboratory Title: Power Grid Impacts Resulting From Unintentional Demand Response Friday, March 2, 2012 1PM CT, NCSA Auditorium & Webcast Presenter: Melanie Johnson, U.S. Army Engineer, Engineering Research & Development Center, CERL Title: ERDC-CERL Microgrids at Fixed Installations, Security and Economics Friday, April 6, 2012 1PM CT, NCSA Auditorium & Webcast Presenter: Pete Sauer, Electrical Engineering, University of Illinois at Urbana-Champaign Title: Computation of Margins to Power System Loadability Limits Using Phasor Measurement Unit Data Friday, May 4, 2012 1PM CT, NCSA Auditorium & Webcast Presenter: Michael Assante, President & CEO, and David Tobey, Director of Research, NBISE Title: Ground Truth Competency Assessment for Smart Grid Cyber Security
To Learn More
• www.tcipg.org
• Bill Sanders [email protected]
• Request to be on our mailing list
• Attend Monthly Public Webinars
• Attend our Industry/Govt. workshop Oct. 30-31, 2012