Cyber security
advertisement
CIGRE SC D2 Tutorials & Colloquium on SMART GRID Mysore, 13 – 15 November 2013 Vijayan SR Cyber Security in Implementing Modern Grid Automation Systems Agenda © ABB Group April 13, 2015 | Slide 2 Introduction Why Cyber Security ? Cyber Security Architectures, Features and Solutions An Overview of Cyber Security Standards Key Take Away/Summary Agenda © ABB Group April 13, 2015 | Slide 3 Introduction Why Cyber Security ? Cyber Security Architectures, Features and Solutions An Overview of Cyber Security Standards Key Take Away/Summary TRADITIONAL GRID Introduction Hierarchical Top to bottom approach INTER-CONNECTED GRID Inter-Connected Injections at various points (DERs) Customer inclusive © ABB Group April 13, 2015 | Slide 4 Enhanced Automation Phasor Measurement and Wide Area Monitoring Stability Analysis IP based communications: - IEC 61850 based SA systems - IEC 104 based communication to control systems Demand Side Management and Demand Response Asset Management/Asset Health Monitoring Management Tools Integration of different systems (OT – IT integration) – SCADA, OMS, GIS, Asset Mgmt etc. © ABB Group April 13, 2015 | Slide 5 Evolution of Substation Automation Systems © ABB Group April 13, 2015 | Slide 6 Conventional v/s Modern SCADA systems Conventional SCADA Systems Modern SCADA Systems High Sophisticated System (Touch Me Not !!!) Every utility feels the necessity (No more a Luxury) No Remote Operations Possibilities for Remote operations Closed network Remote Monitoring, including corporate and external networks Minimal / No external integrations Increasing integration between various systems within and outside the organization Communications based on Serial Interfaces IP based communications including the field sub-devices Hierarchical communication between control center, field devices Data / Information exchanges at different levels Hierarchical Grid Connectivity to Inter Connected Grid © ABB Group April 13, 2015 | Slide 7 Agenda © ABB Group April 13, 2015 | Slide 8 Introduction Why Cyber Security ? Cyber Security Architectures, Features and Solutions An Overview of Cyber Security Standards Key Take Away/Summary Why is Cyber Security an issue? Cyber security has become an issue by introducing Ethernet (TCP/IP) based communication protocols to industrial automation and control systems. e.g. IEC60870-5-104, DNP 3.0 via TCP/IP or IEC61850 Connections to and from external networks (e.g. office intranet) to industrial automation and control systems have opened systems and can be misused for cyber attacks……. ……..the interface sometimes is not in utilities control Implementing Smart Grid Technologies to improve operational efficiencies Cyber attacks on industrial automation and control systems are real and increasing, leading to large financial losses © ABB Group April 13, 2015 | Slide 9 Why is Cyber Security an issue? Threats & Vulnerabilities Operation Sabotages Data Security (Database & Communication) Communication Interference Grid Security © ABB Group April 13, 2015 | Slide 10 Cyber Security - Main Objectives Confidentiality Preventing the unauthorized access to information Cyber Security Accountability Preventing the denial of an action that took place or the claim of an action that did not take place Integrity Preventing the unauthorized modification or theft of information Availability Preventing the denial of service © ABB Group April 13, 2015 | Slide 11 Agenda © ABB Group April 13, 2015 | Slide 12 Introduction Why Cyber Security ? Cyber Security Architectures, Features and Solutions An Overview of Cyber Security Standards Key Take Away/Summary Cyber Security – Solution Overview People and Identity © ABB Group April 13, 2015 | Slide 13 Data and Information Application and Process Network, Server and End-Point Physical Infrastructure Cyber Security – Solution Overview © ABB Group April 13, 2015 | Slide 14 Cyber Security – Mitigation Techniques Hardening Insure all hosts run at a minimum level. Only mission critical software, services, ports and devices are allowed. Access Control Strong authentication and Role Based Access Control (RBAC) is a natural requirement in any security architecture, but is never stronger than the implementation. Intrusion Detection/Prevention Deploy sensors or agents on all hosts, perform log management of all devices, and use security information and event management (SIEM) to detect and possibly respond to anomalies in the system. Patch Management Processes and technology to insure that all available security updates that are verified not to interfere with system operation are installed in all hosts. © ABB Group April 13, 2015 | Slide 15 Cyber Security – Mitigation Techniques (Cont’d) Anti-Virus Employs blacklist, heuristic, and behavioral detection and prevention of malware. Application Whitelisting Only allows pre-approved software to execute. Less intrusive than Anti-Virus. Traffic Whitelisting Only accepts pre-approved traffic through stateful and deep packet inspection. © ABB Group April 13, 2015 | Slide 16 Cyber Security – Mitigation Techniques Network Partitioning Example Network Partitioning: Insure cyber assets are isolated, categorized by criticality, external interfaces and physical location. © ABB Group April 13, 2015 | Slide 17 Agenda © ABB Group April 13, 2015 | Slide 18 Introduction Why Cyber Security ? Cyber Security Architectures, Features and Solutions An Overview of Cyber Security Standards Key Take Away/Summary Cyber Security for Substation Automation Key Cyber-Security initiatives Standard Main Focus Status NIST SGIP-CSWG Smart Grid Interoperability Panel – Cyber Security Working Group On-going * NERC CIP NERC CIP Cyber Security regulation for North American power utilities Released, On-going * IEC 62351 Data and Communications Security Partly released, On-going * IEEE PSRC/H13 & SUB/C10 Cyber Security Requirements for Substation Automation, Protection and Control Systems On-going* IEEE 1686 IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities Finalized ISA S99 Industrial Automation and Control System Security Partly released, On-going * © ABB Group April 13, 2015 | Slide 19 Cyber Security for Substation Automation Standards and their scope © ABB Group April 13, 2015 | Slide 20 Graphical representation of scope and completeness of selected standards *) source DTS IEC 62351-10 10: Security architecture guidelines Cyber Security for Substation Automation Relevant standards – NERC-CIP The North American Electric Reliability Corporation (NERC), provides for critical infrastructure protection (NERC CIP). CIP 002 - Critical Cyber Asset Identification CIP 003 - Security Management Controls CIP 004 - Personnel and Training CIP 005 - Electronic Security Perimeter(s) CIP 006 - Physical Security of Critical Cyber Assets CIP 007 - Systems Security Management CIP 008 - Incident Reporting and Response Planning CIP 009 - Recovery Plans for Critical Cyber Asset © ABB Group April 13, 2015 | Slide 21 Cyber Security for Substation Automation Relevant standards – IEC62351 Explanation Information security for power system control operations. Security standards for IEC TC 57 defined protocols, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series. Status Recommendation © ABB Group April 13, 2015 | Slide 22 Some part approved as Ed1 but not compatible with new draft of Ed2 Wait until standard is fully approved Cyber Security for Substation Automation Relevant standards – IEEE1686 Explanation IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities The standard defines the functions and features to be provided in substation intelligent electronic devices (IEDs) to accommodate critical infrastructure protection (CIP) programs. The standard addresses security regarding the access, operation, configuration, firmware revision, and data retrieval from an IED. Status © ABB Group April 13, 2015 | Slide 23 Approved since 2008 Agenda © ABB Group April 13, 2015 | Slide 24 Introduction Why Cyber Security ? Cyber Security Architectures, Features and Solutions An Overview of Cyber Security Standards Key Take Away/Summary Key Take Away Protect, Detect and Respond The implementation should be able to minimize the attack surface, detect possible attacks and respond in an appropriate manner to minimize the impacts Defense in Depth No single security measure itself is foolproof as vulnerabilities and weaknesses could be identified at any time. In order to reduce these risks, implementing multiple protections in series avoids single point of failure. Technical, Procedural and Managerial measures Technology is insufficient on its own to provide robust protection. Cyber security policies and processes must be implemented in the organization to best be able to assess and mitigate the risks and respond to incidents. Implementing solutions around cyber security has to be a continuous process. It’s not only important to protect a system from the current vulnerabilities, but is also equally important to have mechanisms (technical and process) in place to quickly detect and effectively react to any incidents and isolate security breaches. © ABB Group April 13, 2015 | Slide 25 Inter-Connected Systems Executive Dashboard T&D Operations EMS DMS SCADA Ops .Planning T&D Planning & Engineering System Planning Maint. Mgmt. Asset Mgmt. DSM Dist. Mgmt. GIS Power Procurement & Market Ops. Planning & Forecasting Resource Dispatch Bidding & Scheduling Settlements Trading & Contracts Enterprise Application and Data Integration OMS Customer Services MDMS CIS Billing Communication Infrastructure Substation Automation © ABB Group April 13, 2015 | Slide 27 Feeder Automation Advanced Metering Infrastructure Call Center Smart Grid Systems © ABB Group April 13, 2015 | Slide 28
