Académique Documents
Professionnel Documents
Culture Documents
3
NOT FOR PUBLIC DISTRIBUTION
Objectives of this tutorial
Answer the three questions (security story):
1. What is the right time to begin anything?
2. Who are the right people to listen to?
3. What is the most important thing to be doing at any given
time?
Provide an introductory perspective for interested
personnel in joining the battle.
Learn who and how should be working on finding a
solution.
4
NOT FOR PUBLIC DISTRIBUTION
Smart Grid Related Definitions
Architecture: The organizational structure of a system or component,
relationships, and the principles and guidelines governing the design and
evolution over time.
Reference model: A collection of concepts and their relationships that cover a
subject, facilitate the partitioning of the relationships into topics relevant to the
overall subject, and can be expressed by a common means of description.
Energy Management System (EMS): A system of tools used to monitor,
control, and optimize the generation, delivery, and/or consumption of energy.
Data flow: Application-level communications from a producer of data to a
consumer of data.
Interoperability: The capability of two or more networks, systems, devices,
applications, or components to externally exchange and readily use information
securely and effectively (Vendor-independent).
Smart Grid Cyber-Security: A combination of processes to be accomplished to
achieve a secure system. The goal is to make it harder to the attacker to
succeed in attacking the system.
5
NOT FOR PUBLIC DISTRIBUTION
Extra Definitions
Smart Grid Cyber-Security Engineer: A team of
Power Systems Engineers
Control Systems Engineers
Computer Scientists
Cyber-Security Engineers
Industrial Controls Specialists
Penetrations Testers
OR
Interdisciplinary approach with knowledge of the previous disciplines.
6
NOT FOR PUBLIC DISTRIBUTION
When to start? 2016 Incidents Reported
at least US$243bn – 1%
Chemical
US$1trn in economic 1%
Commercial
damage and US$21bn to Critical
Manufacturing
Facilities
2%
IT
US$71bn in insurance
22%
2% Nuclear
Reactors,
claims. Unknown
5%
Meterials,
and Waste
2%
Transportation
5% Healthcare
4%
Source: Lloyds, 2015: Business Blackout: The insurance implications of a
cyber attack on the US power grid
7
NOT FOR PUBLIC DISTRIBUTION
Moving from philosophy
8
NOT FOR PUBLIC DISTRIBUTION
IEEE 2030-2011
9
NOT FOR PUBLIC DISTRIBUTION
First Resort: NERC CIP
NERC-CIP Description
10
NOT FOR PUBLIC DISTRIBUTION
Juggling variables
???
11
NOT FOR PUBLIC DISTRIBUTION
Impacted sub-systems
Legacy:
– Modbus (no security).
– DNP3 (security
considered).
Next Generation
IEC 61850 (defined
security)
12
NOT FOR PUBLIC DISTRIBUTION
The Big ‘O’
Get to know
your system.
Big ‘O’ stands
for Operation.
Source: Foundational Support Systems of the Smart Grid: State of the art and Future Trends
http://www.ijsmartgrid.org/index.php/ijSmartGrid/article/view/30
13
NOT FOR PUBLIC DISTRIBUTION
Securing Control Systems
14
NOT FOR PUBLIC DISTRIBUTION
Securing Control Systems
Air-Gapping?
Information Operation
Technology Technology
15
NOT FOR PUBLIC DISTRIBUTION
Air-gapped systems: Primary
Defense Solution?
Theoretically secure “air-gapped” utility networks.
Some vendors still may not be aware that their systems
have been compromised.
Future plan? What if the system is planned to connect
to remote systems?
Attackers starting point: Wherever you think you’re
safe.
No connectivity? What’s the point!
16
NOT FOR PUBLIC DISTRIBUTION
Who should I talk to first?
Utility folks?
Vendors? Software or Hardware?
Academic Institutions?
Mr. White Hat
17
NOT FOR PUBLIC DISTRIBUTION
Security Process
• Risk assessment: An assessment is used to determine the
value of the information assets of an organization, the
threats they are exposed to and vulnerabilities they offer,
and the importance of the overall risk to the organization.
The assessment is accomplished by following the risk
management approach.
• Policy: Policy defines how security should be implemented.
Policy defines the proper mechanisms to use to protect
information and systems as well as physical security.
It includes several aspects such as technical capabilities, best practices, preventative
measures, employees, incident response, administration, and management.
• Deployment: Security policies, standards, and measures to be effective should be
implemented by an organization practicing due care and due diligence.
• Training: Awareness training is the mechanism to provide necessary information to
employees and system operators.
• Audit: This function improves the probability that controls are configured and monitored
correctly with regard to policy. Functions include policy adherence audits, periodic and
new assessments, and penetration testing.
18
NOT FOR PUBLIC DISTRIBUTION
Security Design Algorithm
Physical
System
19
NOT FOR PUBLIC DISTRIBUTION
Cyber Security Design Approach
Define data flow,
intrusion detection
mechanisms
Systems connected to
corporate networks are
more vulnerable
Employee Awareness
Network Hardening
Remark: No Solution Fits All. Intrusion detection systems may refer to the
Distributed control devices may IT and ICT perspective. OT is a given.
be an inverter, communication Available pen-testing tools are not satisfactory.
module, controller, .. etc.) Should involve the big “O”.
20
NOT FOR PUBLIC DISTRIBUTION
Resources (Learning)
IEEE Smart Grid resource center
http://resourcecenter.smartgrid.ieee.org/
Cybersecurity for the Smart Grid: Challenges and R&D Directions
IEEE Standards Enable a Reliable, Secure, Interoperable Smart Grid
The Role of Control Systems Research in Smart Grids
Cyber-Physical Security Analysis for Transactive Energy Systems
Ethical Hacking in the Electric Grid
21
NOT FOR PUBLIC DISTRIBUTION
Resources (Learning)
Industrial Control Systems Cyber Emergency Response
https://ics-cert.us-cert.gov/
Virtual Learning Portal:
• Operational Security (OPSEC) for Control Systems (100W) - 1 hour
• Differences in Deployments of ICS (210W-1) – 1.5 hours
• Influence of Common IT Components on ICS (210W-2) – 1.5 hours
• Common ICS Components (210W-3) – 1.5 hours
• Cybersecurity within IT & ICS Domains (210W-4) – 1.5 hours
• Cybersecurity Risk (210W-5) – 1.5 hours
• Current Trends (Threat) (210W-6) – 1.5 hours
• Current Trends (Vulnerabilities) (210W-7) – 1.5 hours
• Determining the Impacts of a Cybersecurity Incident (210W-8) – 1.5 hours
• Attack Methodologies in IT & ICS (210W-9) – 1.5 hours
• Mapping IT Defense-in-Depth Security Solutions to ICS (210W-10) – 1.5 hours
22
NOT FOR PUBLIC DISTRIBUTION
Resources
IEEE Smart Grid Whitepapers:
IEEE Smart Grid Survey Structure of Emerging Technologies
Building Code For Power System Software Security
The Role of Control Systems Research in Smart Grids
23
NOT FOR PUBLIC DISTRIBUTION
Cyber Resilient SG
Problem: What if my system got attacked, successfully!
Dilemma: Do not assume a secure system, no safety is
guaranteed.
Solution: Resilient system.
24
NOT FOR PUBLIC DISTRIBUTION
Conclusions
Cyber-security concerns are not a new campfire story to
scare everyone, and not old enough to feel safe.
There is no “one size fits all” in smart grid cyber-
security solutions.
Interoperability are a bottle neck, and a security
temporary relief.
The big “O” is essential in security system design.
Note: If you have an interest in specific sub-topic.
Please let us know.
Thanks!
25
NOT FOR PUBLIC DISTRIBUTION
IEEE Smart Grid Resources
IEEE Smart Grid Portal – provides access to
the latest eNewsletter, interviews,
announcements for webinars and tutorials
– https://smartgrid.ieee.org/
Resource Center – On-Demand Content,
including education credits
– resourcecenter.smartgrid.ieee.org
Join the IEEE Smart Grid community:
– https://www.ieee.org/membership-
catalog/productdetail/showProductDetailPag
e.html?product=CMYSG735
26
NOT FOR PUBLIC DISTRIBUTION
QUESTIONS?
Today’s tutorial will be
available on the
IEEE Smart Grid
Resource Center along
with the CEU
resourcecenter.smartgrid.
ieee.org
27
LIKE: facebook.com/IEEESmartGrid
JOIN: https://www.linkedin.com/groups/3188262
FOLLOW: twitter.com/ieeesmartgrid
COLLABORATE:
ieee-collabratec.ieee.org/app/community/88/activities
EXPLORE: flip.it/Tk5PH
CHANNEL: t.me/IEEESmartGrid