smart substation security kris hallaert

Smart Substation Security

SmartSec Europe 2014

Amsterdam 29/01/2014

Agenda

Context Elia Introduction to the substation environment in Elia Security design and measures in the substation Near and far future

29/01/2014 SmartSec Europe 2014 2


• Among the five largest transmission system operators in Europe

• Frontrunner in grid integration of renewables since incorporation in 2001

• Listed on Stock Exchange since 2005

• 1,950 employees

• 380 kV and 220kV (down to 30kV in Be)

• 870 substations

• Fully unbundled

• World experience in RES integration

About the Elia GroupIntroduction

About Elia Belgium


• Customers: • 130 direct customers (connected to ELIA’s net) • Over 25 Distribution System Operators…

• 1.250 employees

• 11 sites in Belgium

• 800 HV Substations

• Network : Mostly owned or leased Cu, Fo Some Leased Lines (local telecom provider) Tests with satellite communication

General Concept : Defence in Depth

29/01/2014 5

“Defense in depth“ principle: Security threats are not mitigated by a single counter measure only but by implementing several complementary security techniques at multiple levels


What has changed the world (of the substations)?

Point to point connections Old Access network technology with TDM, SDH Low bandwidth needs No online access needs to information Only telephony needed Assets maintained locally and limited information about their state

A lot of interaction between devices Need for IP and more mainstream technologies (MPLS) High bandwidth needs Technicians on the field need online access to office space online access to information Assets maintained remotely from a normal PC

29/01/2014 6

Security Business


Example : Old situation RTU

29/01/2014 7SmartSec Europe 2014

Today : connections based on IEC104 (IP)

29/01/2014 8

MPLS


Example : Asset Control Center

929/01/2014 SmartSec Europe 2014

Steps in the design exercise with impact on security


Step 1• inventory of data flows and protocols and their criticality

Step 2• Architectural design of network and channels (VPN/VLAN)

Step 3• cyber risk identification and mitigation

(acceptance or compensating controls)

NEEDSGENERALITY – DATA FLOWS

11

Remote-reading & data management : Metering, power quality files

Remote-monitoring :equipment status (alarms, events, …)

Remote-maintenance : action on equipment (parameterization, …)

Remote-control : action on HV substation (RTU)

Others : telephony, cameras, …

SmartSec Europe 201429/01/2014

Some results of this excercise

12SmartSec Europe 201429/01/2014

LAN and WAN high

level designHub and

spoke model

Jumpserver(gateway

functionality)

Network authentication

and port security in the

substation

LAN and WAN high level design

SAS LAN based on 2 physical independent LANs

GLAN for “general applications” of HV substation SLAN for “protection, control and automation” => IEC61850 (> 2018)

Why ? High cyber-security level protection = segregation General applications require medium and low level

performances and are not critical for protection & control of HV Substation Protection, control and automation applications require

high level performances and are critical for protection & control of HV substation


SASLAN

SLANGLAN


14

GLAN

SBUSLAN

Router WAN

Switch LAN

Switch LAN Router WAN

SCADA

FirewallVPN tunnels

Office network

VLAN

VLANVLAN

VLAN

VLANVLAN

IP/MPLS WAN

Network Management SBUS-LAN and G-LAN Telephony Data ELIA/Wifi and guest wifi Data Elia wired Videosurveillance, access control SBUS-LAN Electricity Management (RTU, …) G-LAN Electricity Management (Perturbo, Counter, Qwave, …)


15


• IP address plan reflecting functional communication planes

• Allows easy configuration of firewalls based on L3 IP address

• Configuration based on L2 MAC addresses is not manageable

•Prioritisation of traffic / QOS / Classification


Hub and spoke model

Substation

16

Substation 1

WAN IP/MPLS

Central firewall

substation 2

X

+ Manageability+ “Easy“ to change technology+ Logging- Agree to possibly lose a complete substation- Single point of failure ?


Jumpserver : Access to devices in the substation

Substation

17

GLAN

SBUSLAN

WAN

Substationgateway/Jumpserver

Router Router

switch

switch

Office LAN


access to applications based on Active Directory groups

Network authentication and port security

• First choice : network authentication 802.1x (mostly GLAN)

• Second choice : port security (based on MAC)

BUT : Difficult to find IED’s that support proper network authentication


Specific constraints in TSO world

Long lifetime of “electricity” assetsWe don’t trust the embedded security features for the moment and choose to bolt on security where possible

Harsh environment (ruggedized equipment)mainstream security equipment is not always suited

Long decision process with European Tender for frame agreementsNot easy to make quick choices (long time between writing a tender and decision)

Availability is still number 1 priority for some devicesstopping a false positive can do more damage than letting through a potential attack


What’s still on our roadmap?

20

shortterm

• “blackbox” implementations based on common mainstream technology : (e.g. windows embedded no antivirus, no patching, local admin, no lockdown)

• Blackout mitigation out of design scenario : Emergency preparedness exercise “Cyberattack on realtime environment“

• Regular contact with vendors, SPOC for security, security roadmaps

Midterm• Establishment of 24/7 Security Operation Center• Next-gen industrial firewalls in monitoring mode

longer

• Next gen industrial firewalls in blocking mode based on business transaction monitoring?

• Embedded security in devices?, IEC 62351?


Questions?

[email protected]

21SmartSec Europe 201429/01/2014

smart substation security kris hallaert

Documents