Cyber Security and The Smart Grid Ontario Smart Grid Forum November 11, 2008
advertisement
Ontario Smart Grid Forum Cyber Security and The Smart Grid November 11, 2008 Cyber Security for the Smart Grid TM Discussion Topics • • • • Objectives of Presentation About N-Dimension Solutions Cyber Security and the Smart Grid Solutions and Recommendations November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum -2Cyber Security for the Smart Grid TM Objectives of Presentation Engage in two-way discussion on a critical Smart Grid topic and provide useful context and recommendations for the Ontario Smart Grid Forum participants November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum -3Cyber Security for the Smart Grid TM N-Dimension Solutions Inc. • Cyber Security Solutions Provider laser focused on the Power & Energy market • Headquartered in Richmond Hill Ontario with office in Austin Texas • Member of: • NERC • NERC’s new Demand-Side Management Task Force • IESO’s Reliability Standards Standing Committee • Cyber Security Technical Working Groups (IEEE P1711, AMI-SEC) • Advisory Committee for University of Illinois Trusted Cyber Security Computing Infrastructure for Power • Developed comprehensive AMI cyber security analysis and report for the Ontario Utilities Smart Metering (OUSM) working group • Published thought leader on cyber security for the emerging Smart Grid • Active across North America and globally in delivering Smart Grid cyber security solutions in conjunction with our business partners November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum -4Cyber Security for the Smart Grid TM Overview of The Smart Grid Cyber Security and The Smart Grid The Ontario Smart Grid Forum Cyber Security for the Smart Grid November 2008 TM The Current Electric Grid – Islands of Technology Generation Transmission Distribution GEN1 - Operational Information TOP1 – Operational Information DIST1 - Operational Information GENx - Operational Information TOPx – Operational Information DISTx – Operational Information November 2008 Customers Cyber Security and The Smart Grid - Ontario Smart Grid Forum -6Cyber Security for the Smart Grid TM Convergence of Enterprise & Operations IT Information Technology Smart Grid Technology Operations Technology Enterprise Systems Control Systems Web Applications AMI DSM OMS GIS Protection Systems Cyber Secure Integration counters key security principals of isolation and segregation November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum -7Cyber Security for the Smart Grid TM The Smart Grid – Connectivity with Security End-to-End Communications, Intelligence, and Defense-in-Depth Security Transmission Generation Distribution Customers AMI November 2008 System Conservation Operators Authorities DSM Cyber Security and The Smart Grid - Ontario Smart Grid Forum -8Cyber Security for the Smart Grid TM Smart Grid Cyber Security Cyber Security and The Smart Grid The Ontario Smart Grid Forum Cyber Security for the Smart Grid November 2008 TM The Smart Grid – Characteristics 1. 2. 3. 4. 5. 6. 7. Self-healing Empowers and incorporates the consumer Resilient to physical and cyber attacks Provides power quality needed by 21st century users Accommodates a wide variety of generation options Fully enables maturing electricity markets Optimizes assets Source: The US National Energy Technology Laboratory November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 10 Cyber Security for the Smart Grid TM Smart Grid Technology • Sensors – Monitoring and detecting the data • Communications – Moving the data through the build of networks • First-level integration – Collecting the data • Centralized control – Using the data for visualization and control • Security – Protecting the data with Security Services & Solutions • Full integration – Integrating the data with the rest of the business • Services and Applications – Using the data in new ways Source: The Emerging Smart Grid, Global Environment Fund - Centre for Smart Energy November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 11 Cyber Security for the Smart Grid TM Smart Grid Attack Threats “Energy control systems are subject to targeted cyber attacks. Potential adversaries have pursued progressively devious means to exploit flaws in system components, telecommunication methods, and common operating systems found in modern energy systems with the intent to infiltrate and sabotage vulnerable control systems. Sophisticated cyber attack tools require little technical knowledge to use and can be found on the Internet, as can manufacturers’ technical specifications for popular control system equipment.” Source: Roadmap to Secure Control Systems in the Energy Sector, The Department of Homeland Security and US Department of Energy November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 12 Cyber Security for the Smart Grid TM Smart Grid Cyber Security Drivers Increasing Interconnection and Integration Increasing Use of COTS Hardware and Software New 2-Way Systems (e.g. AMI, DSM) New Customer Touch Points into Utilities Increasing Number Of Systems and Size of Code Base Control Systems Not Designed with Security in Mind Increased Attack Surface Increased Risk to Operations November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 13 Cyber Security for the Smart Grid TM Overview of Cyber Security – Threats Admin Admin Perform SQL ARP EXEC Scan Operator Opens Email with Malware Send e-mail with malware Internet Acct 4. 1.Hacker performs ARPwith (Address Hacker sends anan e-mail malware Resolution Protocol) Scan Master DB 2. E-mail recipient opens the e-mail and the malware gets installed quietly 5. Once the Slave Database is found, hacker anthe SQL EXEC command 3.sends Using information that malware gets, hacker is able to take control of the e-mail 6. Performs another ARP Scan recipient’s PC! Operator Slave Database RTU 7. Takes control of RTU Example from 2006 SANS SCADA Security Summit, INL November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 14 Cyber Security for the Smart Grid TM Overview of Cyber Security – Threats Cyber Penetration Attacker Attacker Controls Performs the Head Remote End AMCC Disconnect (Advanced Metering Communications Network (WAN) Communications Network (WAN) Control Computer) AMI WAN AMI WAN Retailers 3rd Parties AMI WAN Data Management Systems (MDM/R) UNIVERSITY Example from AMRA Webinar, Nov ’06 “The Active Attacker” November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 15 Cyber Security for the Smart Grid TM Cyber Security Challenges • The challenge is complex and continuously changing • Legacy systems need to be protected • Number and geographic location of end points • Relationship to physical security • Systems are 7x24 and critical • The human element / social engineering November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 16 Cyber Security for the Smart Grid TM Cyber Solutions Unlike the beer industry, there is no silver bullet ! November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 17 Cyber Security for the Smart Grid TM Cyber Solutions - Defense in Depth • Perimeter Protection – – – – Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Physical Security • Interior Security – – – – – Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711 (Serial Connections) NAC IDS Intrusion Detection System Scanning IPS Intrusion Prevention System • Monitoring • Management • Processes November 2008 DMZ VPN AV NAC DeMilitarized Zone Virtual Private Network (encrypted) Anti-Virus (anti-malware) Network Admission Control Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 18 Cyber Security for the Smart Grid TM Cyber Solutions – 50,000 Foot View of Control Network Key Points: • Defense in Depth • Access Control • Secure connections • Link to Physical • Security Management • Apply same approach to other Smart Grid elements Internet Enterprise Network VPN FW Proxy AV IPS Host IPS Host AV IDS Control Network NAC Host IDS Host AV FW VPN IDS FW Field Site November 2008 AV NAC IPS FW Scan Partner Site P1711 Field Site Scan Field Site Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 19 Cyber Security for the Smart Grid TM The N-Dimension Viewpoint • Cyber security is an absolute requirement for the Smart Grid • Smart Grid deployments will fail without proper cyber security • A strong security posture can be established so that the benefits can be realized from Smart Grid deployments • Ontario can establish a leadership position: – – – – November 2008 Standards Trials Information exchange Learning Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 20 Cyber Security for the Smart Grid TM Recommendations • View cyber security as a critical element of your Smart Grid deployment • Apply the defense in depth concept isolating and segregating systems and applications, then allow selected connectivity – Best accomplished at the foundational / design level • Establish a security management system – “you can’t manage what you can’t measure” • Involve your vendors and interconnected partners • Embed into your corporate governance systems • Develop and track business case: – Project by project basis – Integrated system • Look to others for learning and suggestions – such as the Ontario Smart Grid Forum ! November 2008 Cyber Security and The Smart Grid - Ontario Smart Grid Forum - 21 Cyber Security for the Smart Grid TM Thank You ! Peter Vickery Executive Vice-President N-Dimension Solutions Inc. Office: 905-707-8884 ext 223 Mobile: 416-951-8811 peter.vickery@n-dimension.com Cyber Security and The Smart Grid The Ontario Smart Grid Forum Doug Westlund CEO N-Dimension Solutions Inc. Office: 905-707-8884 ext 227 Mobile: 416-997-8833 doug.westlund@n-dimension.com Cyber Security for the Smart Grid November 2008 TM
