Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
| 1
Assuring the Trustworthiness of the Smarter Electric Grid
Bill Sanders University of Illinois at Urbana-‐Champaign
www.tcipg.org [email protected]
ICPE 2012
Building Interdisciplinary Excellence with Societal Impact
Coordinated Science Laboratory
• Excellence in: - Computing and Networks - Circuits, Electronics & Surface
Science - Communications & Signal
Processing - Decision & Control - Remote Sensing
• Affiliated Institutes: - ITI: Information Trust Institute - ADSC: Advanced Digital Sciences
Center (Singapore) - PCI: Parallel Computing Institute
• Major Centers: - Illinois Center for Wireless Systems - NSF National Center for Professional
and Research Ethics - NSF Science of Information Science
and Technology Center - DOE/DHS Trustworthy Cyber
Infrastructure for the Power Grid (TCIPG) Center
- Boeing Trusted Software Center - HHS SHARPS Health Care IT Security
Center - NSA Science of Security Center - Illinois Center for a Smarter Electric
Grid
• Initiatives: - Computer Vision - SRC Focus Center Research Program - Neuroengineering IGERT - Human-Machine Adversarial Network MURI
• Statistics: - 60 years as a premier national interdisciplinary
research facility - 550 Researchers: 110 professors, 330 graduate
students, 60 undergraduate students, & 50 professionals
- Over $300M in active research projects as of Jan. 2011
| 3
Outline
• A Quick Primer on the Modern Electric Grid • VulnerabiliKes and Threats • Challenges to Achieving Trustworthy OperaKon • TCIPG’s Research Mission and Results
| 4
Outline
• A Quick Primer on the Modern Electric Grid • VulnerabiliKes and Threats • Challenges to Achieving Trustworthy OperaKon • TCIPG’s Research Mission and Results
| 5
Power Grid Trust Dynamics Span Two Interdependent Infrastructures
Electrical (Physical) Infrastructure
Cyber Infrastructure
| 6
The Challenge: Providing Trustworthy Smart Grid OperaKon in Possibly HosKle Environments
• Trustworthy – A system which does what is supposed to do, and nothing else – Availability, Security, Safety, …
• HosKle Environment – Accidental Failures – Design Flaws – Malicious AUacks
• Cyber Physical – Must make the whole system trustworthy, including both physical & cyber components, and their interacKon.
| 7 7
• Need to create secure and reliable computing base
• Multiparty interactions with partial & changing trust requirements • Regulatory limits on information sharing
• Support large # of devices • Timeliness, security, and reliability required of data and control information
Next-Generation Power Grid Cyber Infrastructure Challenges
Control Area
Other Coordinators
Market Operator
Market Par4cipant
Load Following AGC
Day Ahead Market
Coordinator Cross Cutting Issues • Large-scale, rapid propagation of effects • Need for adaptive operation • Need to have confidence in trustworthiness of resulting approach
| 8
Infrastructure must provide control at mulKple levels
² Mul4-‐layer Control Loops ² Mul9-‐domain Control Loops
² Demand Response ² Wide-‐area Real-‐Kme control ² Distributed Electric Storage ² Distributed GeneraKon
² Intra-‐domain Control Loops ² Home controls for smart heaKng, cooling, appliances ² Home controls for distributed generaKon ² UKlity distribuKon AutomaKon
² Resilient and Secure Control ² Secure and real-‐9me communica9on substrate ² Integrity, authenKcaKon, confidenKality ² Trust and key management ² End-‐to-‐end Quality of Service ² Automated a@ack response systems ² Risk and security assessment ² Model-‐based, quanKtaKve validaKon tools
Distribution and Generation
Transmission and Distribution
Generation and Transmission
Resilient and Secure Control Loops
Note: the underlying Smart Grid Architecture has been developed by EPRI/NIST.
| 9 9
The Power Grid of Tomorrow: Smart Control of Electrical Equipment and an Open Grid
Consumer Portal: • Security issues are huge
– Privacy, Billing integrity, Mischief, vandalism, intrusion, Consumer manipulaKon of system
• Customer educaKon – Understanding impact of
choices, Home user technical abiliKes, Home user security knowledge Who is responsible for security?
• Consumer? UKlity? – Who would accept responsibility?
• Will be decided by regulators – PoliKcal decision, but may be influenced by technology
| 10 10
Power Grid of Tomorrow: North American SynchroPhasor IniKaKve
• IniKaKve, funded by DOE and industry, to invesKgate pu_ng Phasor Measurement Units (PMUs) throughout physical power infrastructure
• Need significant changes in power cyber infrastructure to support PMUs.
• “Class A” service requires low latency, data integrity & availability (“no gaps”)
| 11
Trustworthiness through Cyber-‐Physical Resiliency
• Physical infrastructure has been engineered for resiliency (“n-‐1”), but
• Cyber infrastructure must also be made resilient: – Protect the best you can (using classical cyber security methods opKmized for grid characterisKcs), but
– Detect and Respond when intrusions succeed • Resiliency of overall infrastructure dependent on both cyber
and physical components • Approaches must be developed that make use of sound
mathemaKcal techniques whose quality can be proven (need a science of cyber-‐physical resilience)
| 12
Outline
• A Quick Primer on the Modern Electric Grid • VulnerabiliKes and Threats • Challenges to Achieving Trustworthy OperaKon • TCIPG’s Research Mission and Results
| 13
VulnerabiliKes in Current Power Systems
• Systems are designed to be robust in the face of single failures but are at risk for certain kinds of multiple failures – While secure against single points of
failure, analysis may reveal combinations of faults that would have severe consequences
• The tools to find such combinations are not difficult to construct
• In a couple hours, using a commercially available Power simulator, and publicly available power flow data, TCIP researchers found a small set of breakers who’s tripping would lead to a blackout almost the scale of the August 2003 blackout
Golf Mill
River
Westville
Idle
Junction
Plano
Mole
Island
109 MW
Niles
Evanston
71%
Devon
Skokie
Ford CitySawyer
Northridge
HigginsDes Plaines
77%
78%Franklin Park
Oak Park
Ridgeland
D799
Galewood
76%
74%
76%
74%
Y450
Congress
Rockwell
Clint
Dekov
Fisk
Crawford
Alt GE
Natoma
Alsip
Oakbrook
Downers Groove
Woodridge
W604
W603
Bolingbrook
Sugar Grove
N Aurora
Elgin
Hanover
Spaulding
Bartlett
S. Schaumberg
Tonne
Landm
Busse
Howard
Berkeley
Bellwood
La Grange
Church
Addison
Nordi
Glendale
Glen Ellyn
Butte
York CenterD775
Bedford Park
Clearning
Sayre
Bridgeview
Roberts
Palos
Romeo
Willow
Burr Ridge
South Elgin Cedarburg
West Chicago
Aurora
Warrenville
Montgomery
Oswego
Wolf Creek
Frontenac
W600 (Naperville)
W601
J307
Will Co.
Orlan
-0.40 deg
2.35 deg
-7.10 deg -7.36 deg
McCook
4.49 deg
Grafton
UIUC
70%
Golf Mill
River
Westville
Idle
Junction
Plano
Mole
Island
109 MW
Niles
Evanston
Devon
Skokie
Ford CitySawyer
Northridge
HigginsDes Plaines
71%
Franklin Park
Oak Park
Ridgeland
D799
Galewood
Y450
Congress
Rockwell
84%
80% 84%
80%
Clint
Dekov
Fisk
Crawford
Alt GE
Natoma
Alsip
Oakbrook
Downers Groove
Woodridge
W604
W603
Bolingbrook
Sugar Grove
N Aurora
Elgin
75%
Hanover
Spaulding
Bartlett
S. Schaumberg
Tonne
Landm
Busse
Howard
Berkeley
Bellwood
La Grange
Church
Addison
Nordi
Glendale
Glen Ellyn
Butte
York CenterD775
81%
72%
79%
Bedford Park
Clearning
Sayre
Bridgeview
Roberts
Palos
Romeo
Willow
Burr Ridge
72%
South Elgin Cedarburg
West Chicago
Aurora
Warrenville
Montgomery
Oswego
Wolf Creek
Frontenac
W600 (Naperville)
74%
W601
J307
Will Co.
Orlan
-0.40 deg
2.35 deg
-7.10 deg -7.36 deg
McCook
4.49 deg
Grafton
UIUC
88%
110%
119%
113%106%
113%
106%
93%100% 111%
88%
99% 93%
93%
86%
89%
98%
168%177%
170%179%
179%175%
225%220%
82%
71%
74%
Golf Mill
River
Westville
Idle
Junction
Plano
Mole
Island
109 MW
Niles
72%
Devon
Skokie
79%
76%
82%
Ford CitySawyer
Northridge
76%
HigginsDes Plaines
71%Franklin Park
Oak Park
Ridgeland
D799
Galewood
Y450
Congress
Rockwell
75%
77%
Clint
Dekov
Fisk
Crawford
Alt GE
Natoma
Alsip
Oakbrook
Downers Groove
Woodridge
W604
W603
Bolingbrook
Sugar Grove
N Aurora
78%
Elgin
78% 72%
Hanover
Spaulding
Bartlett
S. Schaumberg
Tonne
Landm
Busse
Howard
Berkeley
Bellwood
La Grange
Church
Addison
Nordi
Glendale
Glen Ellyn
Butte
York CenterD775
Bedford Park
Clearning
Sayre
Bridgeview
Roberts
Palos
Romeo
Willow
Burr Ridge
South Elgin
71%
71%
Cedarburg
West Chicago
Aurora
Warrenville
Montgomery
Oswego
Wolf Creek
Frontenac
W600 (Naperville)
74%
W601
J307
Will Co.
Orlan
-0.40 deg
2.35 deg
-7.10 deg -7.36 deg
McCook
4.49 deg
Grafton
UIUC
108%
133%
114%
91% 89%
101%
92%
131%139%
118%126%
119%128%
90%
85%
94%
109%
122%
89%
146%
144%
154%146%
153%
145%
| 14
Classical (Physical) AUack Approaches
• Physical attacks on lines, buses and other equipment can also be effective: – “low tech” attacks may be easy, and are also difficult to
defend against – Requires physical proximity of attacker – Particularly effective if multiple facilities are attacked in
a coordinated manner • But coordination may be much easier in a cyber attack
J.D. Konopka (a.k.a. Dr. Chaos) Alleged to have caused $800K in damage in disrupting power in 13 Wisconsin counties, directing teenaged accomplices to throw barbed wire into power stations. (From Milwaukee Journal Sentinel) http://www.jsonline.com/news/Metro/may02/41693.asp
| 15 15
Intelligent Electronic Devices
• Intelligent Electronic Devices (IEDs) monitor and control devices, relays, and breakers
• IEDs may be subject to cyber tampering given access to the substaKon network and knowledge of a password. – Publicly accessible informaKon contains the default passwords for some IEDs
• AUacks on mulKple grid locaKons, whether physical or cyber, would need to be well synchronized to be effecKve (<10 minutes)
PASSWORD Shows or sets passwords. Command pulses ALARM contacts closed momentarily aier password entry. PAS 1 OTTER sets Level 1 password to OTTER. PAS 2 TAIL sets Level 2 password to TAIL.
| 16 16
PotenKal Cyber AUack Strategies
• Tripping Breakers • Changing Values Breaker Settings
– Lower settings can destabilize a system by inducing a large number of false trips
– Lowering trip settings can cause extraneous other breakers, causing overloading of other transmission lines and/or loss of system stability
• Fuzzing of Power System Components • Life Cycle Attacks • Insider Threats
| 17
Combined Cyber-‐Physical AUack
• The physical element could be aimed at destabilizing the system and inflicting some lasting damage
• The cyber element could: – Focus on blinding the operator to the true nature of the problem, inhibiting defensive responses, and spreading the extent of an outage
– Be the cause of the physical damage • INL Generator Demonstration • Stuxnet computer worm
| 18 18
PotenKal for Long-‐Term (Physical) Damage
• Unclear how likely it could be achieved in pracKce, but researchers at Idaho NaKonal Labs have shown physical damage by cyber means
| 19
Outline
• A Quick Primer on the Modern Electric Grid • VulnerabiliKes and Threats • Challenges to Achieving Trustworthy OperaKon • TCIPG’s Research Mission and Research Results
| 20
• Published in January 2006/updated 2011 • Energy Sector’s synthesis of criKcal control system security challenges, R&D needs, and implementaKon milestones
• Provides strategic framework to
– align acKviKes to sector needs – coordinate public and private programs
– sKmulate investments in control systems security
Roadmap – A Framework for Public-‐Private CollaboraKon
Roadmap Vision By 2020, resilient energy delivery systems are designed, installed,
operated, and maintained to survive a cyber incident while sustaining criKcal funcKons.
| 21
American Recovery and Reinvestment Act of 2009
• DOE-‐OE ($4.5B) – Smart Grid Investment Grants ($3400M) – Smart Grid DemonstraKons ($615M) – State Electricity Regulators Assistance ($46M) – Enhancing State Government Energy Assurance CapabiliKes and Planning for Smart Grid Resiliency ($39.5M)
– Local Energy Assurance Planning IniKaKve ($10.5M) – Resource Assessment and InterconnecKon-‐Level Transmission Analysis and Planning ($60 M)
– Workforce Training for the Electric Power Sector ($100M)
| 22
Summary of Smart Grid Investment Grant Awards
Topic Area Number of ApplicaKons
Selected/ Conforming
Federal Funding ($)
Applicant Funding ($)
Applicant Cost Share (%)
Equipment Manufacturing
2/14 25,786,501 25,807,502 50.02
Customer Systems 5/27 32,402,210 34,933,413 51.88
Advanced Metering
Infrastructure
31/138 818,245,749 1,194,272,137 59.34
Electric DistribuKon
13/39 254,260,753 254,738,977 50.05
Electric Transmission
10/28 147,990,985 150,454,793 50.41
Integrated and Crosscu_ng
39/143 2,150,505,323 3,082,366,420 59.09
Total 100/389 3,429,191,521 4,742,573,246 58.04
| 23
Challenge 1: Trustworthy technologies for wide-‐area monitoring and control
• Smart Grid vision for the wide area (primarily transmission) is:
– Vastly more sensing at high, synchronous rates (example: PMUs)
– New applicaKons that use these data to improve
• Reliability • Efficiency • Ability to integrate renewables
• Achieving the vision requires secure and reliable communicaKons between sensors, control devices, and monitoring and control applicaKons all owned and operated by the many enKKes that make up the grid
| 24
Challenge 1 Problem Areas
• Smart grid technologies bring new vulnerabiliKes along with benefits – Need improvements in security of wide-‐area communicaKon technologies
– Need ways to understand and miKgate the impacts of vulnerabiliKes
• What data delivery infrastructure design will provide the integrity, confiden9ality, availability, and real-‐9me performance needed for wide-‐area smart grid operaKons?
Rockford
36298/36027 XF
36299/36026 XF
Nort h Chi cago
Abbot t Labs ParkU. S. N Trai ni ng
O l d El m
Deerf i el d
Nort hbrook
Lakehurst
Waukegan
Zi on
G urnee
Ant i och
Pl easant
Round Lake
Zi on (138 kV)
Lake Zuri ch
Lest hon
Apt aki si c
Buf f al o G roove
Wheel i ng
Prospect Hei ght sPal at i ne
Arl i ngt on
M ount Prospect
Prospect
G ol f M i l l
Des Pl ai nes
El mhurst
I t asca
Garf i el d
Tollway
W407 ( Fermi )
Wi l son
Barr i ngt on
D undee
Si l ver Lake
Cherry Val l ey
Wempl eton
N el son
H -471 (N W Steel )
Paddock
Braidwood
State Li ne
Shefi el d
Chi ave
Munster
St. John
Electric Junction
Pl ano
La Sal l e
Lombard
Li sl e
Col l i ns
D resden
Lockport
East Frankfort
Goodi ngs Grove
Li bert yvi l l e345 kV
Li bert yvi l l e138 kV
Lake George
D unacr
Green Acres
Schahfer
Tower Rd
Babcock
Hei ght s
Prai ri e
Raci ne
Mi chi gan Ci ty
El wood
90 MW 104 MW
85 MW 92 MW
218 MW
East Mol i ne
Sub 91
D avenport
Rock Crk.
Sal em
MIN O N K T
O GLESBY
1556A TPO TTAWA T
O GLSBY M
O GLES; T
H EN N EPIN
ESK TAP
LTV TP NLTV TP E
H EN N E; T
LTV STL
PRIN C TP
PRIN CTN
RICH LAN D
KEWAN IP
S ST TAP
GALESBRG
N O RMA; BN O RMA; R
R FAL; R
MO N MO UTH
GALESBR5
KEWAN ;
SPN G BAY
SB 18 5
E MO LIN E
SB 43 5
SB 112 5
SB 85 5
SB 31T 5
SB 28 5
SB 17 5
SB 49 5
SB 53 5
SB 47 5SB 48 5
SB A 5
SB 70 5
SB 79 5
SB 88 5
SB 71 5
BVR CH 65 BVR CH 5 ALBAN Y 5
YO RK 5
SAVAN N A5
GALEN A 5
8TH ST. 5
LO RE 5
SO . GVW. 5
SALEM N 5
ALBAN Y 6
GARD E;
H 71 ;BTH 71 ; B
H 71 ; R
R FAL; B
N ELSO ; R
N ELSO ;RT
STERL; B
D IXO N ;BT
MECCO RD 3
CO RD O ;
Q uad Ci ti es
LEECO ;BP
Byron
MARYL; B
MEN D O ; T
STILL;RT
B427 ;1T
LAN CA; R
PECAT; B
FREEP;
ELERO ;BT ELERO ;RT
LEN A ; RLEN A ; B
H 440 ;RT
H 440 ; R
STEWA; B
H 445 ;3B
Roscoe
Pi erpont
S PEC; R
FO RD A; R
H arl em
Sand Park
N WT 138
BLK 138
RO R 138
JAN 138
ALB 138
N O M 138
D AR 138
H LM 138
PO T 138 MRE 138
CO R 138 D IK 138
BCH 138
Sabrooke
Bl awkhawk
Al pi ne
E. Rockford
Charl es
Bel vi dere
B465
Marengo
WIB 138
WBT 138ELK 138
N LG 138
N LK GV T
SGR CK5
BRLGTN 1
BRLGTN 2
SGR CK4
UN IVRSTY
UN IV N EU
WH TWTR5
WH TWTR4
WH TWTR3
SUN 138
LBT 138
TICH IGN PARIS WE
ALBERS-2
C434
El mw ood
Ni l es
Evanst on
Devon
Rose Hi l l
Skoki e
Nort hw est
Dri ver
Ford Ci ty
H ayford
Sawyer
Nort hri dge
Hi ggi nsDes Pl ai nes
Frankl i n Park
O ak Park
Ri dgel and
D799
G al ew ood
Y450
Congress
Rockw el lCl ybourn
Q uarry
Lasal l e
State
Crosby
Ki ngsbury
Jefferson
O hi o
Tayl or
Cl i nt
D ekov
Fi sk
Crawford
Uni versi ty
Ri ver
Z-494
Washi ngton Park
H arbor
Cal umet
H egewi sch
Z-715
South H ol l and
Evergreen
D amen
Wal l ace
Beverl y
G3851
Z-524G3852
Wi l dwood
H arvey
Green Lake
Sand Ri dge
Chi cago H ei ghts
Burnham
Lansi ng
F-575
F-503Gl enwood
Bl oomPark ForestMatteson
Country Cl ub H i l l s
Al t G E
Nat oma
Woodhi l lU. Park
Moken
M cHenry
Cryst al Lake
Al gonqui n
Hunt l ey
P Val
Woodstock
Bl ue Isl and
G394
Al si p
Crestwood
K-319 # 1
K-319 # 2
Bradl ey
Kankakee
D avi s Creek
Wi l mi ngton
Wi l ton Center
Frankfort
N Len
Bri gg
O akbrook
D owners Groove
Woodri dge
W604
W603
Bol i ngbrook
Sugar Grove
W. De Kal b G l i dden
N Aurora
El gi n
Hanover
Spaul di ngBart l et t
Hof f man Est at es
S. Schaumberg
Tonne
LandmBusse
Schaumberg
How ard
Berkel ey
Bel l w ood
La G range
Church
Addi son
NordiG l endal e
G l en El l yn
But t e
York Cent er
D775
Bedford Park
Cl earni ng
Sayre
Bri dgevi ew
Ti nl ey Park
Roberts
Pal os
Romeo
Wi l l ow
Burr Ri dge
Jo456
J322
Sout h El gi n Wayne
West Chi cago
Aurora
Warrenvi l l e
W507
Montgomery
O swego
Wol f Creek
Frontenac
W600 ( Napervi l l e)
W602
W601 J307
Sandwi ch
Wat erman
J323
Mason
J-371
J-375
J-339
Streator
Marsei l l esLasal l e
N LASAL
Mendota
J370
Shore
Goose Lake
J-305
J-390
J-326
Pl ai nf i el d
J-332
Archer
Bel l Road
Will Co.
H i l l crest Rockdal e
Joliet
Kendra
Crete
Upnor
LAKEVIEW
BAIN 4
Kenosha
SO MERS
ST RITA
MUKWO N GO
N ED 138
N ED 161
LAN 138
EEN 138
CASVILL5
TRK RIV5
ASBURY 5
CN TRGRV5
JULIAN 5
MQ O KETA5
E CALMS5
GR MN D 5
D EWITT 5
SBH YC5
SUB 77 5
SB 74 5SB 90 5
SB 78 5
D AVN PRT5
SB 76 5
SB 58 5
SB 52 5
TRIPP
Z-100O rl an
Kenda
2. 79 deg
4. 26 deg
-11. 5 deg -13. 0 deg
McCook
1. 7 deg
5. 9 deg
4. 1 deg
| 25
Challenge Area 1 Problem Areas, cont’d
• What is the relaKonship between security (or lack of security) of communicaKons for wide-‐area monitoring and control and the power-‐system’s behavior?
• What kinds of hardware and soiware components will provide a beUer foundaKon on which to build the wide-‐area monitoring and control infrastructure?
| 26
Specific Area 1 Research Challenges
• Secure wide-‐area data and communicaKon networks for PMU-‐based power system applicaKons – Hierarchical gateway-‐based architecture
• CooperaKve congesKon avoidance and end-‐to-‐end real-‐Kme scheduling to achieve real Kme informaKon delivery
• Real-‐Kme, secure, and converged power grid cyber-‐physical networks
• Algorithm-‐based intrusion-‐tolerant energy applicaKons
| 27
Challenge 2: Trustworthy technologies for local area management, monitoring, and control
• Electric grid can be divided into three groups: the generaKon, the wires (T&D), and the demand. This challenge focuses on the demand and the nearby distribuKon – GeneraKon must track load
• For a grid with more renewable, but less controllable generaKon (e.g., wind and solar PV), more load control will be needed – Distributed generaKon may be embedded in “demand” – New loads (electric vehicles) could drasKcally change demand profile
| 28
MoKvaKon: PV Output VariaKon with Clouds
Image Source: Secretary Chu, “InvesKng in our Energy Future” GridWeek PresentaKon, Sept. 21, 2009
| 29
Challenge 2 Problem Areas
• This challenge focuses on making the demand more known and/or controllable
• Must address many of the Smart Grid core issues – Great advances over years in generaKon and T&D, but end user has been mostly lei out
– Customers require targeted informaKon to help them opKmize their electricity usage
– Making a smarter distribuKon system and more “acKve” load could greatly enhance system operaKons and control, but adds cyber issues
| 30
Specific Area 2 Research Challenges
• Cyber-‐Enabled management of distribuKon (physical) infrastructure – Smart-‐grid-‐enabled distributed voltage support – Agent technologies for acKve control applicaKons in the grid
• Trustworthy integraKon of new distribuKon side technologies, e.g., vehicle-‐to-‐grid (V2G)
• Non-‐intrusive, privacy-‐preserving, pracKcal demand-‐response management
| 31
Challenge 3: Responding to and managing cyber events
• Combined cyber and physical aUack detecKon, response to detected aUacks, and recovery from aUack consequences is essenKal to providing resilience
• ExisKng detecKon and response methods are ad hoc, at best, and rely on assumpKons that may not hold
• Aim to detect and respond to cyber and physical events, providing resilience to parKally successful aUacks that may occur: – Making use of cyber and physical state informaKon to detect aUacks
– Determine appropriate response acKons in order to maintain conKnuous operaKon
– Minimize recovery Kme when disrupKons do occur
| 32
Challenge 3 Scope
• Sensors – Monitor both physical and cyber state – Make use of applicaKon characterisKcs improve sensing
• Actuators – Not just in generaKon, transmission, and distribuKon, but in every outlet, car, parking garage, DER
• Response algorithms and engines that are: – Have provable bounds on the quality of decisions that they recommend
– Cannot cause harm in the hands of an adversary – Are scalable (and almost surely) hierarchical – Are wide in their end-‐to-‐end scope
| 33
Challenge 3 Problem Areas
Create complete detecKon, response, and recovery environment, at all necessary levels of abstracKon: • Physical level
– Taking into account noise and malicious manipulaKon of values
• Hardware level – RespecKng embedded and cost sensiKve
nature of power system components • OS / Plaworm level
– Dealing with lack of source code other observability limitaKons
• Computer network level – AccommodaKng observability
limitaKons due to encrypKon and protocols
| 34
Challenge 4: Trust and Risk Assessment
• Define appropriate security metrics – Integrated at mulKple levels – Applied throughout system lifecycle – Be both “process” and “product” oriented
• Determine methods for esKmaKng metrics – To choose appropriate architectural configuraKon – To test implementaKon flaws, e.g., fuzzing, firewall rule analysis
– Can be applied in cost effecKve manner before an audit • Which link technical and business concerns
| 35
Example Challenge 4 Research Topics
• Provide methods and tools that use simulaKon, modeling and experimentaKon to – Characterize system resiliency in presence of malicious aUacks and accidental errors
– Measure and quanKfy the system security/reliability – Evaluate effecKveness and performance of novel mechanisms for conKnuous monitoring and defense against potenKal intruders and failures
– Analyze and assess interplay between economics, renewable energy sources and demand response
| 36
Outline
• A Quick Primer of the Modern Electric Grid • VulnerabiliKes and Threats • Challenges to Achieving Trustworthy OperaKon • TCIPG’s Research Mission and Results
| 37
TCIPG Vision & Research Focus
Vision: Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power, which operates through attacks
Research focus: Resilient and Secure Smart Grid Systems – Protecting the cyber infrastructure – Making use of cyber and physical state information to detect, respond, and recover from attacks
– Supporting greatly increased throughput and timeliness requirements for next generation energy applications
– Quantifying security and resilience
| 38
TCIPG StaKsKcs
• Builds upon $7.5M NSF TCIP CyberTrust Center 2005-‐2010 • $18.8M over 5 years, starKng Oct 1, 2009 (including 20% cost
share from partner schools) • Funded by Department of Energy, Office of Electricity and
Department of Homeland Security • 5 UniversiKes
– University of Illinois at Urbana-‐Champaign – Washington State University – University of California at Davis – Dartmouth College – Cornell University
• 20 Faculty, 20 Senior Technical Staff, 37 Graduate Students, 5 Undergraduate Students, and 1 Admin
| 41
TCIPG Impacts all aspects of the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity
Build a Culture of Security
Conduct summer schools for industry
Develop K-‐12 power/cyber curriculum
Develop public energy literacy
Directly interact with industry
Educate next-‐genera4on cyber-‐power aware workforce
Assess and Monitor Risk
Analyze security of protocols (e.g. DNP3, Zigbee, ICCP, C12.22)
Create tools for assessing security of devices, systems, &
use cases
Create integrated scalable cyber/
physical modeling infrastructure
Distribute NetAPT for use by u4li4es
and auditors
Create fuzzing tools for SCADA
protocols
Protec4ve Measures/Risk Reduc4on
Build secure, real-‐4me, & flexible communica4on mechanisms for
WAMS
Design secure informa4on layer
for V2G
Provide malicious power system data
detec4on and protec4on
Par4cipate in industry-‐led CEDS
projects
Manage Incidents
Build game-‐theore4c Response
and recovery engine
Develop forensic data analysis to support response
Create effec4ve Intrusion detec4on approach for AMI
Sustain Security Improvements
Offer Testbed and Exper4se as a
Service to Industry
An4cipate/address issues of scale: PKI, data avalanche,
PMU data compression
Act as repository for cyber-‐security-‐related power system data
TCIPG Eff
orts
| 42
Selected TCIPG AcKviKes: PracKcal Vulnerability Assessment Tools for Industry
• NetAPT – In evaluaKon by SERC as an
audit tool – Used in pilot assessments by
uKliKes • LZ-‐Fuzz has been used in a
power environment to test ICCP connecKons
• Api-‐DO ZigBee Self-‐assessment framework – More than 50% of KillerBee
code base is now contributed by TCIPG Dartmouth team
| 43
Selected TCIPG AcKviKes: Embedded System and AMI Security
• Autoscopy Jr.: Lightweight kernel-‐based intrusion detecKon system – Ongoing Discussions with
SE • SpecificaKon-‐based IDS for
AMI – Discussions with Itron,
Fujitsu, EPRI • Hardware-‐based IDS for
meters – Signal-‐level IDS detects
meter tampering • Security specificaKon
development and review for industry
| 44
Selected TCIPG AcKviKes: Efforts to Secure Wide-‐Area Measurement Infrastructures
• GridStat Secure Middleware CommunicaKon Framework – Used in test with INL
• CONES: Converged Networks for SCADA – Algorithms formed basis of
DOE-‐funded SIEGate (System InformaKon Gateway) appliance
• Analysis of GPS spoofing aUacks against PMU synchronizaKon – Demonstrated, using MatLab
simulaKon, spoofing aUack on GPS
| 45
To Learn More
• www.tcipg.org • Bill Sanders
• Request to be on our mailing list
• AUend Monthly Public Webinars
• AUend our Industry/Govt. workshop Oct. 30-‐31, 2012