cyber physical system security - iowa state...

Cyber Physical System Security

Manimaran Govindarasu

Dept. of Electrical and Computer Engineering

Iowa State University

[email protected]

S2ERC Industry Outreach Workshop

Outline

• Background

• CPS Security Research

• CPS Security Testbed

• Conclusion

Cyber Physical System Security 7/10/14 2

Smart Grid: A Cyber-Physical System


Source: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0, February 2012

7/10/14 3

SCADA Control Network


Cyber Threats Critical Infrastructures


Cyber-Based Attacks

Protocol Attacks

Intrusions Malware Network Infr. Attacks

Denial of Service (DoS)

[General Accounting Office, CIP Reports, 2004 to 2010]; [NSA “Perfect Citizen”, 2010]: Recognizes that critical infrastructures are vulnerable to cyber attacks from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and other malicious intruders.

Insider Threats

7/10/14 5

Stuxnet malware (July 2010)


Initial Delivery (via USB)

Corporate LAN infected

Reporting to attack control server

Connect to substations

Deliver attack payload to PLC

Affect Uranium enrichment

Possible Attack Path

Lessons Learned

• Took 1 year to discover

• > 100,000 machines infected

• Professionally written code

• Infected PLCs appear to function normally

Future Requirements

• Active network monitoring

• Behavior and reputation based access

control lists

• Anomaly detection

• Insider threat mitigation

• Target – Industrial control systems

• Modifies code on PLCs in Uranium enrichment facilities

• Alters the speed of centrifuges used for Uranium enrichment

7/10/14 6

Cyber Vulnerabilities (trend)

In fiscal year 2012, 198 cyber incidents reported. Energy sector attacks 41% of the total incidents.

Source: http://www.ics-cert.us-cert.gov/pdf/ICS-CERT_Monthly_Monitor_Oct-Dec2012.pdf

7/10/14 7 Cyber Physical System Security

Attacks-Cyber-Control-Physical


Smart Grid Security = Info + Infra + Appln. Security

Information Security Infrastructure Security Applications Security

N

E

E

D

S

Information Protection

Confidentiality

Integrity

Availability

Authentication

Non-repudiation

Infrastructure protection

Routers

DNS servers

Links

Internet protocols

Service availability

Generation Control

Transmission Control

Distribution Automation

Sys. Monitoring & Protection

Real-Time Energy Markets

Energy Management System

M

E

A

N

S

Encryption/Decryption

Digital signature

Message Auth.Codes

Public Key Infrastructure

Firewalls

IDS/IPS

Authentication Protocols

Secure Protocols

Secure Servers

IPSEC, DNSSEC

Attack-Resilient WAMPAC

Model-based Algorithms

- Anomaly detection

- Intrusion Tolerance

Risk modeling and mitigation

Secure EMS and automations


Transform: Fault-Resilient Grid of today TO Attack-Resilient of Grid of future

7/10/14 9

Risk modeling and mitigation

Mitigation of Coordinated Attacks

Offline: Risk Modeling and Mitigation

Online: Alert Correlation and Mitigation

Cyber System Definition (Topology, Security)

Power System Definition (Control, Protection)

Cyber System Modeling (Petri Nets)

Power System Modeling (DIgSILENT, PSSE)

Attack Probability Impact

Offline Mitigation

Attack Template

if risk > threshold

E.g. - Modify settings, Add security

E.g. - Increase transmission capacity

risk

Approach 1: Risk Modeling and Mitigation


Risk = Threat x Vulnerability x Impacts

Evaluating – Impact Estimation

g

•Coordinated Attack Groups-

Gen + Gen

Gen + Trans

Trans + Trans

• Optimal power flow simulation

• = load shedding for OPF solution

g

Results

g = 363 MW

g = 163 MW

g = 110 MW

Attacker can control: Space: where to attack? Time: when to attack?


NSF Project: M. Govindarasu (ISU) & C.C. Liu (WSU)

WAMPAC – A high level view

Power system

PMU Relays Protection elements

VAR control elements

(SVC,FACTS)

WAMPAC Control Center EMS applications (SE, AGC), Protection Schemes, Alarms

Wide Area Network

Plant

Sensors Actuators

Delay

Controller

Cyber attack points


Cyber-Physical Control in Power Grid


S. Sridhar, A. Hahn, and M. Govindarasu, “CPS Security for Power Grid”, Proc. IEEE, Jan. 2012

Control Systems Attack Model


Yu-Hu. Huang, Alvaro A. Cardenas, S. Amin, S-Z. Lin, H-Y. Tsai, and S. Sastry, “Understanding the Physical and Economic Consequences of Attacks on Control Systems,” International Journal of Critical Infrastructure Protection, 2(3):72-83, October 2009.

• Data integrity

• Replay

• Denial of service

• De-synchronization and timing-based

Machine/ Device

Actuators

Analyses & Computation

Control Center

Sensors

Physical System

Data Acquisition

Remote/Local Control

ui(t) yi(t)

Types of Attacks Generic Control System Model

7/10/14 14

Automatic Generation Control (AGC)


AGC Features

• Maintains frequency at 60 Hz

• Supply = Demand

• Maintain power exchange at scheduled value

• Ensures economic generation

Figure from NERC Technical Document: Balancing and Frequency Control, Jan 2011

7/10/14 15

Balancing Authorities in the U.S.


Source: NERC

7/10/14 16

Why need CPS Security Testbed


1 • Vulnerability Research

2 • Impact Analysis

3 • Mitigation Research

4 • Cyber-Physical Metrics

5 • Data and Model Development

6 • Security Validation

7 • Interoperability

8 • Cyber Forensics

9 • Operator Training

7/10/14 17

PowerCyber CPS SecurityTestbed


Information/Control

Layer

Physical Layer

Communication Layer Cyber

attacks

EMS, SAS, RTUs, IEDs

Routing infrastructure, Network protocols, Routers, Firewalls

Power System Simulators (RTDS, Power factory)

Defenses

Aditya Ashok, Adam Hahn, and Manimaran Govindarasu, “A cyber-physical security testbed for smart grid: system architecture and studies”, Proceedings of the Cyber Security and Information Intelligence Research (CSIIRW '11).

7/10/14 18

ISU PowerCyber Testbed - Configuration


ISU PowerCyber Testbed: Panoramic view


Vulnerability Assessment results


Visualization

USC/ISI DETER Testbed

ISU PowerCyber Testbed

CPS Testbed Federation Architecture

7/10/14 Cyber Physical System Security 22

Cyber Attack-Defense Visualization


Research Challenges/Opportunities


1

•Fundamental paradigm to transform “fault-resilient grid of today into an attack-resilient grid of the future” taking into account both natural and man-made extreme events.

2

•Pragmatic risk modeling and mitigation framework accounting evolving, uncertain nature of threats (APTs and HILFs), cyber-physical interdependencies, and cascading failures.

3

• Security architectures and algorithms to achieve security, privacy, and resiliency in wide-area monitoring, protection, and control of the power grid.

1

•Development of a national-scale high-fidelity, federated CPS testbed – with remote and open access – to accelerate the pace of innovation, R&D, education, and workforce development

2

• CPS Cloud architecture, algorithms, and services for resource allocation and control of federated resources to support large-scale, high-fidelity CPS experimentations

3

•A open and shared experimental infrastructure for cross cutting CPS sectors (e.g., power system, oil and natural gas, transportation)

Security and Resiliency

Federated CPS Infrastructures & Testbeds

CONCLUSIONS Cyber security of critical infrastructures is important for national security and economic well-being

• CPS Security = Info Sec + Infra Sec + Application Security • Defense against HILF events (e.g., stealth coordinated cyber attack)

• Risk Assessment and Mitigation should be a continuous process

• Attack-Resiliency needs to be built into CPS systems

• Tesbed-baseds are important for security R&D&E

• Transform: Fault-Resilient CPS systems Attack-Resilient CPS systems

• Industry-University Collaboration & International Collaboration needed


THANK YOU … Acknowledgements • Funding:

• U.S. National Science Foundation (NSF) • U.S. NSF IU/CRC Power Engr. Research Center (PSERC) • Iowa State Univ., Electric Power Research Center (EPRC)

• Researchers:

• Collaborators: Prof. Chen-Ching Liu, Washington State University (WSU) Prof. Doug Jacobson & Venkat Ajjarapu, Iowa State University (ISU) Terry Benzel, USC/ISI Dr. Adam Hahn, MITRE; Dr. C. W. Ten, Michigan Tech.

• Students: S. Sridhar, Aditya Ashok (ISU) Junho Hong (WSU), Alexandru Ștefanov (UC Dublin)

• Professional:

• IEEE PES - PSACE CAMS Cyber Security Task Force


cyber physical system security - iowa state...

Documents