Slides - Texas Tech University

advertisement
Cybersecurity of Smart Grid
Systems
Dr. Vittal S. Rao
Electrical and Computer Engineering
Texas Tech University
November 8, 2012
NSF-SFS Workshop on Education Initiatives in Cybersecurity for
Critical Infrastructure
Out Line of Presentation
•
•
•
•
•
•
•
•
•
Smart Grid Systems
TTU’s Unique Capabilities
TTU Real Time Simulator
Security Features of Smart Grid
Wide Area Monitoring Using SCADA and PMU Data
Multidisciplinary approaches for Cybersecurity
Cyber security/ Intrusion Detection Methods
Vulnerability of Smart Grid Communication Protocols
Conclusions
Benefits of the Smart Grid
• Near-zero wide-area blackouts and greatly reduced
local interruptions.
• High-quality power for sensitive electronics and
complex computer applications.
• Plug-and-play integration of renewable sources,
distributed resources and control systems
• Options for consumers to manage their electricity
use and costs, Smart Homes
• Improved resilience to attack, natural disasters, and
operator errors.
Characteristics of Smart Grid
 Enables Active Consumer Participation
 Accommodates all Generation and Storage
Options
 Enables New Products, Services, and Markets
 Provides Power Quality for the Digital Economy
 Optimize Asset Utilization and Operates
Efficiently
 Anticipates and Responds to System
Disturbances (Self-heals)
 Operates Resiliently Against Attack and Natural
Disaster
Smart Grid
Essential Functions
• Integration of ‘Electrical Infrastructure’ with
‘Intelligence Infrastructure’
• Smart Sensors, Protective Relays and Control
Devices
• On-Line Equipment Monitoring
• Communications Infrastructure
• New Operating Models and Algorithms
• Real-Time Simulation and Contingency Analysis
• Improved Operator Visualization Techniques
• Interconnection Codes and Standards
• Cyber Security
Integration of Generation and Storage
Options
• Distributed Generation : small, widely
dispersed plants
• Renewables: Wind, Solar, Biomass, etc
• Maximum Penetration of Renewable Energy
Sources with Grid
• Energy Storage: Giant Batteries and Capacitors
• Demand Response(DR): Response to peak
loads
Smart Grid Systems at Texas Tech
• Multidisciplinary Research Centers (Wind Science and Engineering,
Smart Grid Energy Center)
• Alstom 1.5MW Commercial Grade Wind Turbine on TTU campus
• DOE/Sandia Facilities for Testing Wind Farms/ Energy Storage
Systems
• TTU Real Time Simulator sponsored by the National Science
Foundation (NSF)
• Smart Microgrid Test Bed
• Interdisciplinary research teams for Smart Grid and Cyber Security:
ECE, CSc, ME, IE, Mathematics, Business, and Law
• New BS Degree program in Wind Energy
• Interdisciplinary Curriculum for Cyber Security
Unique Capabilities
• Formation of a Team of applied and academic background researchers
to address the “Technology for Cyber-Physical Systems”.
• Accessibility of industrial partners of CCET and PMU manufacturer,
National Instruments (NI).
• TTU is the leader in Wind Sciences and Engineering in the Nation. TTU
has established an interdisciplinary PhD program in Wind Energy. Texas
Tech in collaboration with Group NIRE has developed a significant
facilities related with Smart Microgrid Systems. This system has
commercial grade Wind Turbines, Large scale battery storage
(proposed) , planning to install 4 or 5 PMUs in Southwest Power Pool
(SPP) Power System.
• TTU has received a major research instrumentation (MRI) and Capacity
Building grant for Cybersecurity from NSF. TTU is working with
Northrop Grumman Corporation, who is the industrial leader for Cyber
Security.
Thematic Research Areas
• Maximum Penetration of Distributed Renewable Energy
Sources to Grid
• Cyber Security of Energy Delivery Systems/ SCADA Control
Systems
• PMU based Wide Area Monitoring and Damping Control
Strategies
• Home Area Networks
• Hybrid Energy Storage Systems
• Dynamic Stability of Power Systems
• Development of Experimental Microgrid Test Bed
• Optimal Energy Management of Smart Micro grids
TTU Real Time Simulator
Phasor Data Concentrator
IEEE
C37.118
IEC
61850
IEEE
C37.118
IEC
61850
D400
Substation
Gateway
Cyber
Security
Visualization Screen
in our lab
Controller
GTNET
PMU
GE N60 &
D90 plus
SEL-421
ABB-REL670
DFIG
Campus Wind
Turbine
Wind
Data
Controll
er
Solar
Inverter
Control
Solar
Data
RTDS
RSCAD
Utility
Grid
Battery
Storage
Interoperability
• Energy Management Systems (EMS) architecture
with products from different companies.
REF: 1. http://zone.ni.com/devzone/cda/pub/p/id/1238
2. www.multilin.com
UTILITY GRID
Wind Energy
Transformer /CB
Laboratory
Building
DFIG
PHEV
Smart Meter
Solar Energy
Micro Grid
DC/AC
Inverter
Natural Gas Engine
Priority Loads
Generator
Fuel Cells
DC/AC
Inverter
Control and Energy
Management
Local Loads
Generator
DC/AC
Inverter
Battery Storage
Distributed Micro
Energy Sources
Generator
Flywheel Storage
DC/AC
Inverter
Ultra Capacitor
Distributed
Storage
Micro Turbine
Cyber Security
• Today’s grid lacks the robustness needed to withstand attacks
by saboteurs or acts of nature. (Supervisory Control and Data
Acquisition (SCADA) systems)
• Today’s grid lacks the information and control capabilities to
rapidly recover from manmade or natural events.
• Advanced cyber security protection systems have to be
integrated utilizing cyber security standards to ensure that
new smart grid technologies are secure and that existing
technologies such as SCADA, protective relaying, and
communication systems are retrofitted with methods that
provide the same level of advanced cyber security.
Cyber Security of Energy Delivery Systems
• Assessment and monitoring of risk
• Development and integration of protective
measures
• Detection of intrusion and implementation of
response strategies
• Enhancement of security methods
Smart Grid Information Networks
Increased Connectivity
Security Features
Integrated Communications
 Interoperability standards that include advanced cyber
security protection
 Transport vehicle that provides the needed operational
and condition data to enable self healing
 Redundant communication paths making interruption of
data flows unlikely
Sensing & Measurement
 Remote monitoring that detects potential events
anywhere in the grid
 Sensors and measuring devices with embedded protection
 Events detected in time to respond
Security Features
 Advanced Components





Tolerant and resilient grid devices
Rapid response to emergent threats
Fewer critical points of failure
Reduced consequences of failure
Distributed, autonomous resources
 Advanced Control Methods
 Islanding to isolate vulnerable areas in response to real or expected
security events
 Automated network “agents” for dynamic reconfiguration and demand
management
 Self-healing with preventive or corrective actions in real time
 Improved Interfaces & Decision Support
 Greatly enhanced situational awareness
 Recommendations for addressing security threats provided to operators in
real time
 Advanced real-time modeling and simulation tools with predictive
capabilities
 Improved operator training and guidance systems aimed at response to
security events
R&D Theme Areas for Cybersecurity
 Device Level
 Cost effective secure architecture for Smart meters
 Cryptography and Key management
 On processors with strict space/computation limits
 System Level
 Built to adapt to changing needs in scale and functionality
 Able to tolerate and survive malicious attacks of the present and future
 Denial of service resiliency
 Infrastructure interdependency issues
 Legacy System Integration
 Compatibility problems
 Emerging Research Topics
 Synchrophasor Security/ NASPI Net
 Anonymization
 Infrastructure interdependency issues
Wide Area Monitoriong
• Analysis of power system performance in different oscillation
modes.
• Intelligent system protection schemes
• Situational awareness
• Monitoring of power system harmonics
• Frequency monitoring
• Data visualization using the geographical coordinates
• Black out monitoring and real time grid control center
application
• Post event analysis
Phasor Measurement Units
A PMU measures bus voltage (phase or sequence) and all 3-phase
line currents on all branches (transmission lines and transformers)
emanating from the substation along with the phasor angles
Integration of PMU data
Wide Area Monitoring Using PMUs and PDCs
Threats against these devices include:

Denial of service (DoS) attacks

Attacks against open ports and services

Attempt to change device settings

Attempt to inject malicious data

Attempt to place a man-in-the-middle(MITM) between devices.
24
Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011”
25
Open PDC
•
C37.118 is the IEEE standard for PDC, current version issued in 2005.
•
Three adapter layer:

Input adapter (C37.118)

Action adapter

Output adapter (32 bit access)
26
Vulnerabilities
1.
C37.118 vulnerabilities : lack of encryption and source verification (MITM)
2.
OpenPDC vulnerabilities: lack of input validation (Malicious Data Injection)

Drop statement injection: destroy all the measurements data for a PMU

Delete statement injection: selectively erase some specific measurements

Alter statement injection:

Can be used to smartly swap the names of measurements tables

Deceive the monitoring operator

Cheat the triangulation used to detect source of dangerous event like blackouts
27
Intrusion Detection
•
There are several reasons that make intrusion detection a necessary part of the entire
defense system.
•
First, many traditional systems and applications were developed without security in
mind. In other cases, systems and applications were developed to work in a different
environment and may become vulnerable when deployed in the current environment.
(For example, a system may be perfectly secure when it is isolated but become
vulnerable when it is connected to the Internet.) Intrusion detection provides a way to
identify and thus allow responses to, attacks against these systems.
•
Second, due to the limitations of information security and software engineering practice,
computer systems and applications may have design flaws or bugs that could be used by
an intruder to attack the systems or applications. As a result, certain preventive
mechanisms (e.g., firewalls) may not be as effective as expected.
28
Intrusion Detection Methods
Intrusion detection systems (IDSs) are usually deployed along with other
preventive security mechanisms, such as access control and authentication, as a
second line of defense that protects information systems.

Anomaly detection: based on normal behavior of a user and any action that
significantly deviate from the normal behavior is considered intrusive.

Misuse detection: catches intrusion in terms of the characteristics of known
attacks and any action that conforms to the pattern of a known attack is
considered intrusive.
29
Functions of IDS
• Monitoring users and system activity
• Auditing system configuration for vulnerabilities and misconfigurations
• Assessing the integrity of critical system and data files
• Recognizing known attack patterns in system activity.
• Identifying abnormal activity through statistical analysis
• Managing audit trails and highlighting user violation of policy or normal
activity
• Correcting system configuration errors
• Installing and operating traps to record information about intruders
30
Intrusion Detection Methods
Anomaly detection:

Statistical models (Discrete Wavelet Transform)

Machine learning and data mining techniques

Specification-based methods

Information-theoretic measures
Misuse detection:

Rule-based language

Abstraction-based intrusion detection

State transition analysis tool kit

Colored Petri automata
31
Statistical Decision Theory in Intrusion
Detection
By Saed Alajlouni
SCADA Systems
• SCADA systems, What are they?
11/07/2012
S. Alajlouni. "Cyber-Security of Critical
Infrastructure"
33
Intro-Efforts for securing SCADA systems
• IT perspective: “Obscurity Principle”.
• Control Engineering perspective:“reliability” .
• Very few researchers have investigated how
malicious attacks affect the estimation and
control algorithms, and ultimately, how
attacks affect the physical world
11/07/2012
S. Alajlouni. "Cyber-Security of Critical
Infrastructure"
34
Interdisciplinary research
Control Theory
Model
Linearization,
Order-Reduction
approximation,
and Estimation
Infrastructural
Systems
Physical Modeling
of Systems
StatisticsStatistical
Inference,
sequential
detection theory
Statistical Decision Theory: Main Idea
• A receiver is reading an input signal that is corrupted by some
additive noise
• Depending on the application, the receiver has to make a
decision whether the received signal is high or low (Binary
applications), or whether the data is malicious or true.
• The decision rule is based on minimizing a risk function
(average cost).
S. Alajlouni. "Cyber-Security of Critical
Infrastructure"
Binary Bayesian hypothesis testing
•
•
•
•
•
•
H0=N~(0,σ2)
H1=m+N~(0,σ2)
P0+P1=1 (Probabilities are given a priori)
Bayes rule example:
P(D1,H0)=P(decide H1 ∣ given H0 is true)xP0
=PFxP0
S. Alajlouni. "Cyber-Security of Critical
Infrastructure"
Decision rule
• Decision Risk= C00P(D0,H0)+ C11P(D1,H1)+ C10P(D1,H0)+
C01P(D0,H1)
• Minimization of the risk function yields the receiver’s optimal
decision rule
11/07/2012
S. Alajlouni. "Cyber-Security of Critical
Infrastructure"
38
Composite Hypothesis Testing
• If the parameters defining probability density functions of the expected
hypothesis are unknown, then the hypothesis testing problem is called
composite.
• In some cases the unknown parameters does not appear in the decision
rule equation, so a decision can still be made.
• If the decision rule depends on the unknown parameters, then the
parameters must be estimated before a decision can be made
• Parameters are usually estimated using maximum likelihood estimation.
11/07/2012
S. Alajlouni. "Cyber-Security of Critical
Infrastructure"
39
Sequential detection
• In a sequence of data samples, one of the following decisions
must be made after each sample:
• Decide H1
• Decide H0
• Not enough information
• If Decisions H0 or H1 are made, the hypothesis testing
procedure stops. Otherwise, an additional sample is taken.
11/07/2012
S. Alajlouni. "Cyber-Security of Critical
Infrastructure"
40
Hardware Cyber Security
• Threats against hardware security:
– Physical tampering
– Side channel attacks
– Data injection
– Man in the middle attacks
• How to protect hardware:
– Secure Startup
– Configuration hopping
– Masking power consumption
41
Secure Startup
• Use of module separate
from normal device
operations
• Module uses hardware ID
and TCM for security
• TCM checks hardware ID
and sends encrypted packet
out, is returned and
checked before system is
allowed to fully operate [1]
[1] A security embedded system base on TCM and FPGA
42
Configuration Hopping
• Several processors in
system assigned to
individual tasks
• At random intervals
processor configuration
changes
• Creates narrower
window for hacking [2]
Data In
Processor
1
Processor
2
Processor
3
Data Out
43
Side Channel Attacks
• Types of SCA:
– Simple Power Analysis
– Differential Power
Analysis
• Masking
– Current Equalizing
– Current Randomization
Current Equalizer States [3]
44
Conclusions
• TTU has significant infrastructural and
research capabilities in Cyber-Physical Systems
• Multidisciplinary approaches to address
cybersecurity of critical infrastructural
systems.
• We are very enthusiastic to develop “ Smart
Micro Grid System” with embedded Cyber
Security capabilities.
Download