cyber security of power grid
TRANSCRIPT
CYBER SECURITY of POWER GRID
P.K.Agarwal, Addtional General Manager,
Power System Operation Corporation
22-Feb-2012 2
SCADA Hacking News
Convergence of Information Technology and
Operation Technology.
22-Feb-2012 3
Enterprise Systems
Web Applications
Control Systems
Protection Systems
Information Technology Operations Technology
AMI
DSM
OMS
GIS
Smart Grid Technology
Concerns of Cyber Security
-: Need of Data Sharing :-
-: Increased use of digital information :-
-: Two way flow of information for Power Grid :-
22-Feb-2012 4
Markets
Generation Transmission Distribution Customer
Service
Providers
Flow of Electricity
Flow of Information
Concerns with regard to security of power grid
solutions.
Existing standards for system security under a
smart grid environment for System Operator.
Challenges of integrating new technologies
with legacy systems.
Roadmap for technology adoption required for
network security in smart grid environment.
22-Feb-2012 5
Agenda
Concerns with regard to security of
power grid solutions.
22-Feb-2012 6
Cyber Security in Power Grid
22-Feb-2012 7
ThreatsRequirements
Confidentiality
Integrity
Availability
Non-
Repudiation
Unauthorised
access to
Infomation
Unauthorised
Modification or Theft
of Infomation
Denial of Service or
Prevention of
Authorised Access
Accountability: Denial of Action
That took place, or claim of
Action that did not take place
Concerns
• Current power grid depends on complex network of computers, software and communication technologies.
• If compromised, have the potential to cause great damages.
• A cyber attack has the unique in nature that it can be launched through
– public network
– from a remote location
– Form any where in the world.
– Coordinated to attack many locations
22-Feb-2012 8
More Concerns
• The legacy communication method used for grid
operations also provide potential cyber attack
paths.
• Many cyber vulnerabilities in Supervisory Control
and Data Acquisition (SCADA) System have been
surfaced.
• Level of automation in substations is increasing,
which can lead more cyber security issues.
• Recent study have shown that the deployed
components have significant cyber vulnerabilities.22-Feb-2012 9
Still More Concerns
• Efforts of energy sector to
uncover system vulnerabilities
develop effective countermeasures
have prevented serious damages to electric supply
chain.
• Some of these vulnerabilities are in the process of
being mitigated.
• However, attack on energy control systems have
been successful in many cases.
22-Feb-2012 10
Existing standards for system security
under a smart grid environment for
system operators.
22-Feb-2012 11
Standards and Framework
• ISO/IEC 27001- Information Security
Management System.
• NERC-CIP Standards - Critical
Infrastructure Protection
Standard.
• NIST IR 7628 – Guidelines for Smart
Grid Cyber Security.
• IEC 62351 Series Security Standards Standards
22-Feb-2012 12
ISO/IEC 27001 - ISMS
• Information Security Management System
Standard.
• Published by International Organization for
Standards and International Electro technical
Commission.
• Information technology -- Security techniques --
Information security management systems --
Requirements.
• Formally specifies a management system that is
intended to bring information security under explicit
management control.22-Feb-2012 13
NERC – CIP Standards
• Critical infrastructure protection (CIP) is a
concept by North American Reliability Corporation
(NERC).
• Efforts to improve physical and cyber security for
the bulk power system of North America.
• include standards development, compliance
enforcement, assessments of risk and
preparedness
• provide a cyber security framework for the
identification and protection of Critical Cyber
Assets to support reliable operation of the Bulk
Electric System.
22-Feb-2012 14
CIP-001 Sabotage Reporting
CIP-002 Critical Cyber Asset Identification
CIP-003 Security Management Controls
CIP-004 Personnel & Training
CIP-005 Electronic Security Perimeter(s)
CIP-006 Physical Security of Critical Cyber Assets
CIP-007 Systems Security Management
CIP-008 Incident Reporting and Response Planning
CIP-009 Recovery Plans for Critical Cyber Assets
22-Feb-2012 15
NERC – CIP Standards Series
NIST IR-7628 Guidelines for Smart Grid
Cyber Security.
• Advisory guidelines – neither prescriptive
nor mandatory
• Intended to facilitate efforts to develop:-
– A cyber Security Strategy
– Effectively focused on
• Prevention
• Detection
• Response and
• Recovery
22-Feb-2012 16
NIST IR-7628 Guideline
The three-volume reports of Guidelines for Smart
Grid Cyber Security are:-
• Volume 1 - Smart Grid Cyber Security Strategy,
Architecture, and High-Level
Requirements
• Volume 2 - Privacy and the Smart Grid
• Volume 3 - Supportive Analyses and References
Freely available at http://csrc.nist.gov/publications/nistir
22-Feb-2012 17
IEC-62351 Standards
• Communication protocols are one of the most
critical parts of power system operations.
• Communication protocols developed by TR 57
are:-
– IEC 60870-5 – 101, 102, 103, 104
– IEC 60870-6 – TASE.2
– IEC 61850
• These were very specialized, rely on “Security by
Obscenity” – now no longer valid.
22-Feb-2012 18
IEC-62351 Standards Series
• Series provides provides a frame work for security of existing power system protocols:-
– IEC 62351-1 : Introduction and overview
– IEC 62351-2 : Glossary of Terms
– IEC 62351-3 : Profiles including TCP/IP
– IEC 62351-4 : Profiles including MMS
– IEC 62351-5 : Security for IEC 60870-5 & derivatives
– IEC 62351-6 : Security for 61850 Profiles
– IEC 62351-7 : Management Information Base Requirements for End-to-End Network Management
22-Feb-2012 19
Correlation between IEC 62351 and Power
System Protocols
22-Feb-2012 20
IEC 62351-1 : Introduction
IEC 62351-2 : Glossary
IEC 62351-3 : Profiles Including TCP/IP
IEC 62351-4 : Profiles Including MMS
IEC 62351-5 : IEC 60870-5 &
Derivatives
IEC 62351-6 : IEC 61850
IEC 60870-6 TASE.2
IEC
62
351
-7 : M
IB fo
r
Netw
ork
and S
yste
m
Manag
em
ent
IEC 61850-8-1 MMS
Profiles
IEC 60870-5-104 TCP/IP
IEC 60870-5-101, 102 and 103
IEC 61850-8-1 GOOSE
Profiles
IEC 61850-9-2 Profiles
Source – IEC 62351-
1
IEC 60870-6 TASE.2
Challenges of integrating new
technologies with legacy systems.
22-Feb-2012 21
Legacy System – Silos of Information
22-Feb-2012 22
TOP1 – Operational Information DIST1 - Operational Information
DISTx – Operational Information
GEN1 - Operational Information
GENx - Operational Information TOPx – Operational Information
Smart System – Sharing of Information
22-Feb-2012 23
Transmission Distribution CustomersGeneration
AMI DSM
System
Operations
System
Operations
Challenges in Integrating
22-Feb-2012 24
Increasing Number
Of Systems and
Size of Code Base
Control Systems
Not Designed with
Security in Mind
Increasing Use of
COTS Hardware
and Software
New Customer
Touch Points into
Utilities
New 2-Way
Systems
(e.g. AMI, DSM)
Increasing
Interconnection
and Integration
Increased Attack Surface
Increased Risk to Operations
Some Solutions
• Air gap between legacy and new system.
– Sharing of information through batch transfer.
– Not possible in real tim emode.
• Publish/Subscribe technology between legacy
system and new system.
– Information can only be shared if the source system
publishes it.
• Use of Data-diode technolgy.
22-Feb-2012 25
Challenges of integrating new
technologies with legacy systems.
22-Feb-2012 26
Barriers
• Cyber threats are unpredictable and evolve faster
than the sector’s ability to develop and deploy
countermeasures
• Security upgrades to legacy systems are limited by
inherent limitations of the equipment and
architectures
• Threat, vulnerability, incident, and mitigation
information sharing is insufficient among
government and industry
• Weak business case for cyber security investment
by industry
• Regulatory uncertainty in energy sector cyber 22-Feb-2012 27
Strategies
• Build a culture of security.
• Access and Monitor Risks.
• Develop and Implement New Protective Measures
to reduce Risks.
• Manage Incidence.
• Sustain Security Improvements.
22-Feb-2012 28
Road Map for Security of Smart Grid
• Information Security Management System have
been adopted by each regional load dispatch
center.
• Each RLDC has been certified by International
Certifying Body (BSI) for ISO 27001:2005.
• SCADA system up gradation is being done with:-
– Adoption of IEC 62351 security standards.
– Secure connection between SCADA network and
Enterprise network for cyber security.
– Access control for physical security.22-Feb-2012 29
22-Feb-2012 30