Cyber Security and The Smart Grid Ontario Smart Grid Forum November 11, 2008

advertisement
Ontario Smart Grid Forum
Cyber Security and
The Smart Grid
November 11, 2008
Cyber Security for the Smart Grid TM
Discussion Topics
•
•
•
•
Objectives of Presentation
About N-Dimension Solutions
Cyber Security and the Smart Grid
Solutions and Recommendations
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
-2Cyber Security for the Smart Grid TM
Objectives of Presentation
Engage in two-way discussion on a critical
Smart Grid topic
and
provide useful context and
recommendations for the Ontario Smart
Grid Forum participants
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
-3Cyber Security for the Smart Grid TM
N-Dimension Solutions Inc.
• Cyber Security Solutions Provider laser focused on the Power & Energy
market
• Headquartered in Richmond Hill Ontario with office in Austin Texas
• Member of:
• NERC
• NERC’s new Demand-Side Management Task Force
• IESO’s Reliability Standards Standing Committee
• Cyber Security Technical Working Groups (IEEE P1711, AMI-SEC)
• Advisory Committee for University of Illinois Trusted Cyber Security
Computing Infrastructure for Power
• Developed comprehensive AMI cyber security analysis and report for
the Ontario Utilities Smart Metering (OUSM) working group
• Published thought leader on cyber security for the emerging Smart Grid
• Active across North America and globally in delivering Smart Grid cyber
security solutions in conjunction with our business partners
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
-4Cyber Security for the Smart Grid TM
Overview of
The Smart Grid
Cyber Security
and
The Smart Grid
The Ontario
Smart Grid
Forum
Cyber Security for the Smart Grid
November 2008
TM
The Current Electric Grid – Islands of Technology
Generation
Transmission
Distribution
GEN1 - Operational Information
TOP1 – Operational Information
DIST1 - Operational Information
GENx - Operational Information
TOPx – Operational Information
DISTx – Operational Information
November 2008
Customers
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
-6Cyber Security for the Smart Grid TM
Convergence of Enterprise & Operations IT
Information Technology
Smart Grid Technology
Operations Technology
Enterprise Systems
Control Systems
Web Applications
AMI
DSM
OMS
GIS
Protection Systems
Cyber Secure
Integration counters key security principals of isolation and segregation
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
-7Cyber Security for the Smart Grid TM
The Smart Grid – Connectivity with Security
End-to-End Communications, Intelligence, and Defense-in-Depth Security
Transmission
Generation
Distribution
Customers
AMI
November 2008
System
Conservation
Operators
Authorities
DSM
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
-8Cyber Security for the Smart Grid TM
Smart Grid
Cyber Security
Cyber Security
and
The Smart Grid
The Ontario
Smart Grid
Forum
Cyber Security for the Smart Grid
November 2008
TM
The Smart Grid – Characteristics
1.
2.
3.
4.
5.
6.
7.
Self-healing
Empowers and incorporates the consumer
Resilient to physical and cyber attacks
Provides power quality needed by 21st century users
Accommodates a wide variety of generation options
Fully enables maturing electricity markets
Optimizes assets
Source: The US National Energy Technology Laboratory
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 10 Cyber Security for the Smart Grid TM
Smart Grid Technology
• Sensors
–
Monitoring and detecting the data
• Communications
–
Moving the data through the build of networks
• First-level integration
–
Collecting the data
• Centralized control
–
Using the data for visualization and control
• Security
–
Protecting the data with Security Services & Solutions
• Full integration
–
Integrating the data with the rest of the business
• Services and Applications
–
Using the data in new ways
Source: The Emerging Smart Grid, Global Environment Fund - Centre for Smart Energy
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 11 Cyber Security for the Smart Grid TM
Smart Grid Attack Threats
“Energy control systems are subject to targeted cyber attacks.
Potential adversaries have pursued progressively devious means to exploit flaws
in system components, telecommunication methods, and common operating systems
found in modern energy systems with the intent to infiltrate and sabotage
vulnerable control systems. Sophisticated cyber attack tools require little technical
knowledge to use and can be found on the Internet, as can manufacturers’
technical specifications for popular control system equipment.”
Source: Roadmap to Secure Control Systems in the Energy Sector,
The Department of Homeland Security and US Department of Energy
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 12 Cyber Security for the Smart Grid TM
Smart Grid Cyber Security Drivers
Increasing
Interconnection
and Integration
Increasing Use of
COTS Hardware
and Software
New 2-Way
Systems
(e.g. AMI, DSM)
New Customer
Touch Points into
Utilities
Increasing Number
Of Systems and
Size of Code Base
Control Systems
Not Designed with
Security in Mind
Increased Attack Surface
Increased Risk to Operations
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 13 Cyber Security for the Smart Grid TM
Overview of Cyber Security – Threats
Admin
Admin
Perform
SQL
ARP
EXEC
Scan
Operator
Opens Email
with Malware
Send e-mail
with malware
Internet
Acct
4. 1.Hacker
performs
ARPwith
(Address
Hacker
sends anan
e-mail
malware
Resolution Protocol) Scan
Master
DB
2.
E-mail recipient opens the e-mail and the
malware
gets installed
quietly
5. Once
the Slave
Database
is found, hacker
anthe
SQL
EXEC command
3.sends
Using
information
that malware gets,
hacker is able to take control of the e-mail
6. Performs another ARP Scan
recipient’s PC!
Operator
Slave Database
RTU
7. Takes control of RTU
Example from 2006 SANS SCADA Security Summit, INL
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 14 Cyber Security for the Smart Grid TM
Overview of Cyber Security – Threats
Cyber
Penetration
Attacker
Attacker
Controls
Performs
the
Head
Remote
End
AMCC
Disconnect
(Advanced
Metering
Communications
Network
(WAN)
Communications
Network
(WAN)
Control Computer)
AMI WAN
AMI WAN
Retailers
3rd Parties
AMI WAN
Data Management
Systems
(MDM/R)
UNIVERSITY
Example from AMRA
Webinar, Nov ’06
“The Active Attacker”
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 15 Cyber Security for the Smart Grid TM
Cyber Security Challenges
• The challenge is complex and continuously
changing
• Legacy systems need to be protected
• Number and geographic location of end points
• Relationship to physical security
• Systems are 7x24 and critical
• The human element / social engineering
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 16 Cyber Security for the Smart Grid TM
Cyber Solutions
Unlike the beer industry,
there is no silver bullet !
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 17 Cyber Security for the Smart Grid TM
Cyber Solutions - Defense in Depth
• Perimeter Protection
–
–
–
–
Firewall, IPS, VPN, AV
Host IDS, Host AV
DMZ
Physical Security
• Interior Security
–
–
–
–
–
Firewall, IDS, VPN, AV
Host IDS, Host AV
IEEE P1711 (Serial Connections)
NAC
IDS
Intrusion Detection System
Scanning
IPS
Intrusion Prevention System
• Monitoring
• Management
• Processes
November 2008
DMZ
VPN
AV
NAC
DeMilitarized Zone
Virtual Private Network (encrypted)
Anti-Virus (anti-malware)
Network Admission Control
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 18 Cyber Security for the Smart Grid TM
Cyber Solutions – 50,000 Foot View of Control Network
Key Points:
• Defense in Depth
• Access Control
• Secure connections
• Link to Physical
• Security Management
• Apply same approach
to other Smart Grid
elements
Internet
Enterprise Network
VPN
FW
Proxy AV
IPS
Host IPS Host AV
IDS
Control Network
NAC
Host IDS Host AV
FW
VPN
IDS
FW
Field Site
November 2008
AV
NAC
IPS
FW
Scan
Partner
Site
P1711
Field Site Scan
Field Site
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 19 Cyber Security for the Smart Grid TM
The N-Dimension Viewpoint
• Cyber security is an absolute requirement for the Smart
Grid
• Smart Grid deployments will fail without proper cyber
security
• A strong security posture can be established so that the
benefits can be realized from Smart Grid deployments
• Ontario can establish a leadership position:
–
–
–
–
November 2008
Standards
Trials
Information exchange
Learning
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 20 Cyber Security for the Smart Grid TM
Recommendations
• View cyber security as a critical element of your Smart Grid
deployment
• Apply the defense in depth concept isolating and segregating
systems and applications, then allow selected connectivity
– Best accomplished at the foundational / design level
• Establish a security management system
– “you can’t manage what you can’t measure”
• Involve your vendors and interconnected partners
• Embed into your corporate governance systems
• Develop and track business case:
– Project by project basis
– Integrated system
• Look to others for learning and suggestions
– such as the Ontario Smart Grid Forum !
November 2008
Cyber Security and The Smart Grid - Ontario Smart Grid Forum
- 21 Cyber Security for the Smart Grid TM
Thank You !
Peter Vickery
Executive Vice-President
N-Dimension Solutions Inc.
Office: 905-707-8884 ext 223
Mobile: 416-951-8811
peter.vickery@n-dimension.com
Cyber Security
and
The Smart Grid
The Ontario
Smart Grid
Forum
Doug Westlund
CEO
N-Dimension Solutions Inc.
Office: 905-707-8884 ext 227
Mobile: 416-997-8833
doug.westlund@n-dimension.com
Cyber Security for the Smart Grid
November 2008
TM
Download