| 1

Assuring  the  Trustworthiness  of  the  Smarter  Electric  Grid  

Bill  Sanders  University  of  Illinois  at  Urbana-­‐Champaign  

www.tcipg.org  whs@illinois.edu  

 ICPE  2012  

Building Interdisciplinary Excellence with Societal Impact

Coordinated Science Laboratory

•  Excellence in: -  Computing and Networks -  Circuits, Electronics & Surface

Science -  Communications & Signal

Processing -  Decision & Control -  Remote Sensing

•  Affiliated Institutes: -  ITI: Information Trust Institute -  ADSC: Advanced Digital Sciences

Center (Singapore) -  PCI: Parallel Computing Institute

•  Major Centers: -  Illinois Center for Wireless Systems -  NSF National Center for Professional

and Research Ethics -  NSF Science of Information Science

and Technology Center -  DOE/DHS Trustworthy Cyber

Infrastructure for the Power Grid (TCIPG) Center

-  Boeing Trusted Software Center -  HHS SHARPS Health Care IT Security

Center -  NSA Science of Security Center -  Illinois Center for a Smarter Electric

Grid

•  Initiatives: -  Computer Vision -  SRC Focus Center Research Program -  Neuroengineering IGERT -  Human-Machine Adversarial Network MURI

•  Statistics: -  60 years as a premier national interdisciplinary

research facility -  550 Researchers: 110 professors, 330 graduate

students, 60 undergraduate students, & 50 professionals

-  Over $300M in active research projects as of Jan. 2011

| 3

Outline  

•  A  Quick  Primer  on  the  Modern  Electric  Grid  •  VulnerabiliKes  and  Threats  •  Challenges  to  Achieving  Trustworthy  OperaKon  •  TCIPG’s  Research  Mission  and  Results    

| 4

Outline  

•  A  Quick  Primer  on  the  Modern  Electric  Grid  •  VulnerabiliKes  and  Threats  •  Challenges  to  Achieving  Trustworthy  OperaKon  •  TCIPG’s  Research  Mission  and  Results    

| 5

Power  Grid  Trust  Dynamics    Span  Two  Interdependent  Infrastructures  

Electrical (Physical) Infrastructure

Cyber Infrastructure

| 6

The  Challenge:  Providing  Trustworthy  Smart  Grid  OperaKon  in  Possibly  HosKle  Environments  

•  Trustworthy  –  A  system  which  does  what  is  supposed  to  do,  and  nothing  else  –  Availability,  Security,  Safety,  …  

•  HosKle  Environment  –  Accidental  Failures  –  Design  Flaws  –  Malicious  AUacks  

•  Cyber  Physical  –  Must  make  the  whole  system  trustworthy,  including  both  physical  &  cyber  components,  and  their  interacKon.  

| 7 7

•  Need to create secure and reliable computing base

•  Multiparty interactions with partial & changing trust requirements •  Regulatory limits on information sharing

•  Support large # of devices •  Timeliness, security, and reliability required of data and control information

Next-Generation Power Grid Cyber Infrastructure Challenges

Control  Area  

Other  Coordinators  

Market  Operator  

Market  Par4cipant  

Load Following AGC

Day Ahead Market

Coordinator  Cross Cutting Issues •  Large-scale, rapid propagation of effects •  Need for adaptive operation •  Need to have confidence in trustworthiness of resulting approach

| 8

Infrastructure  must  provide  control  at  mulKple  levels  

² Mul4-­‐layer  Control  Loops  ² Mul9-­‐domain  Control  Loops  

²   Demand  Response  ²   Wide-­‐area  Real-­‐Kme  control  ²   Distributed  Electric  Storage  ²   Distributed  GeneraKon  

²   Intra-­‐domain  Control  Loops  ²   Home  controls  for  smart  heaKng,  cooling,  appliances  ²   Home  controls  for  distributed  generaKon  ²   UKlity  distribuKon  AutomaKon  

²   Resilient  and  Secure  Control  ²   Secure  and  real-­‐9me  communica9on  substrate  ²   Integrity,  authenKcaKon,  confidenKality  ²   Trust  and  key  management  ²   End-­‐to-­‐end  Quality  of  Service  ²   Automated  a@ack  response  systems  ²   Risk  and  security  assessment  ²   Model-­‐based,  quanKtaKve  validaKon  tools      

Distribution and Generation

Transmission and Distribution

Generation and Transmission

Resilient and Secure Control Loops

Note: the underlying Smart Grid Architecture has been developed by EPRI/NIST.

| 9 9

The  Power  Grid  of  Tomorrow:  Smart  Control  of  Electrical  Equipment  and  an  Open  Grid    

Consumer  Portal:  •  Security  issues  are  huge  

–  Privacy,  Billing  integrity,  Mischief,  vandalism,  intrusion,  Consumer  manipulaKon  of  system  

•  Customer  educaKon  –  Understanding  impact  of  

choices,  Home  user  technical  abiliKes,  Home  user  security  knowledge  Who  is  responsible  for  security?  

•  Consumer?  UKlity?  –  Who  would  accept  responsibility?  

•  Will  be  decided  by  regulators  –  PoliKcal  decision,  but  may  be  influenced  by  technology  

| 10 10

Power  Grid  of  Tomorrow:  North  American  SynchroPhasor  IniKaKve    

•  IniKaKve,  funded  by  DOE  and  industry,  to  invesKgate  pu_ng  Phasor  Measurement  Units  (PMUs)  throughout  physical  power  infrastructure  

•  Need  significant  changes  in  power  cyber  infrastructure  to  support  PMUs.  

•  “Class  A”  service  requires  low  latency,  data  integrity  &  availability  (“no  gaps”)    

| 11

Trustworthiness  through  Cyber-­‐Physical  Resiliency  

•  Physical  infrastructure  has  been  engineered  for  resiliency  (“n-­‐1”),  but  

•  Cyber  infrastructure  must  also  be  made  resilient:  –  Protect  the  best  you  can  (using  classical  cyber  security  methods  opKmized  for  grid  characterisKcs),  but  

–  Detect  and  Respond  when  intrusions  succeed  •  Resiliency  of  overall  infrastructure  dependent  on  both  cyber  

and  physical  components  •  Approaches  must  be  developed  that  make  use  of  sound  

mathemaKcal  techniques  whose  quality  can  be  proven  (need  a  science  of  cyber-­‐physical  resilience)  

| 12

Outline  

•  A  Quick  Primer  on  the  Modern  Electric  Grid  •  VulnerabiliKes  and  Threats  •  Challenges  to  Achieving  Trustworthy  OperaKon  •  TCIPG’s  Research  Mission  and  Results    

| 13

VulnerabiliKes  in  Current  Power  Systems  

•  Systems  are  designed  to  be  robust  in  the  face  of  single  failures  but  are  at  risk  for  certain  kinds  of  multiple  failures    –  While  secure  against  single  points  of  

failure,  analysis  may  reveal  combinations  of  faults  that  would  have  severe  consequences  

•  The  tools  to  find  such  combinations  are  not  difficult  to  construct      

•  In  a  couple  hours,  using  a  commercially  available  Power  simulator,    and  publicly  available  power  flow  data,  TCIP  researchers  found  a  small  set  of  breakers  who’s  tripping  would  lead  to  a  blackout  almost  the  scale  of  the  August  2003  blackout  

Golf Mill

River

Westville

Idle

Junction

Plano

Mole

Island

109 MW

Niles

Evanston

71%

Devon

Skokie

Ford CitySawyer

Northridge

HigginsDes Plaines

77%

78%Franklin Park

Oak Park

Ridgeland

D799

Galewood

76%

74%

76%

74%

Y450

Congress

Rockwell

Clint

Dekov

Fisk

Crawford

Alt GE

Natoma

Alsip

Oakbrook

Downers Groove

Woodridge

W604

W603

Bolingbrook

Sugar Grove

N Aurora

Elgin

Hanover

Spaulding

Bartlett

S. Schaumberg

Tonne

Landm

Busse

Howard

Berkeley

Bellwood

La Grange

Church

Addison

Nordi

Glendale

Glen Ellyn

Butte

York CenterD775

Bedford Park

Clearning

Sayre

Bridgeview

Roberts

Palos

Romeo

Willow

Burr Ridge

South Elgin Cedarburg

West Chicago

Aurora

Warrenville

Montgomery

Oswego

Wolf Creek

Frontenac

W600 (Naperville)

W601

J307

Will Co.

Orlan

-0.40 deg

2.35 deg

-7.10 deg -7.36 deg

McCook

4.49 deg

Grafton

UIUC

70%

Golf Mill

River

Westville

Idle

Junction

Plano

Mole

Island

109 MW

Niles

Evanston

Devon

Skokie

Ford CitySawyer

Northridge

HigginsDes Plaines

71%

Franklin Park

Oak Park

Ridgeland

D799

Galewood

Y450

Congress

Rockwell

84%

80% 84%

80%

Clint

Dekov

Fisk

Crawford

Alt GE

Natoma

Alsip

Oakbrook

Downers Groove

Woodridge

W604

W603

Bolingbrook

Sugar Grove

N Aurora

Elgin

75%

Hanover

Spaulding

Bartlett

S. Schaumberg

Tonne

Landm

Busse

Howard

Berkeley

Bellwood

La Grange

Church

Addison

Nordi

Glendale

Glen Ellyn

Butte

York CenterD775

81%

72%

79%

Bedford Park

Clearning

Sayre

Bridgeview

Roberts

Palos

Romeo

Willow

Burr Ridge

72%

South Elgin Cedarburg

West Chicago

Aurora

Warrenville

Montgomery

Oswego

Wolf Creek

Frontenac

W600 (Naperville)

74%

W601

J307

Will Co.

Orlan

-0.40 deg

2.35 deg

-7.10 deg -7.36 deg

McCook

4.49 deg

Grafton

UIUC

88%

110%

119%

113%106%

113%

106%

93%100% 111%

88%

99% 93%

93%

86%

89%

98%

168%177%

170%179%

179%175%

225%220%

82%

71%

74%

Golf Mill

River

Westville

Idle

Junction

Plano

Mole

Island

109 MW

Niles

72%

Devon

Skokie

79%

76%

82%

Ford CitySawyer

Northridge

76%

HigginsDes Plaines

71%Franklin Park

Oak Park

Ridgeland

D799

Galewood

Y450

Congress

Rockwell

75%

77%

Clint

Dekov

Fisk

Crawford

Alt GE

Natoma

Alsip

Oakbrook

Downers Groove

Woodridge

W604

W603

Bolingbrook

Sugar Grove

N Aurora

78%

Elgin

78% 72%

Hanover

Spaulding

Bartlett

S. Schaumberg

Tonne

Landm

Busse

Howard

Berkeley

Bellwood

La Grange

Church

Addison

Nordi

Glendale

Glen Ellyn

Butte

York CenterD775

Bedford Park

Clearning

Sayre

Bridgeview

Roberts

Palos

Romeo

Willow

Burr Ridge

South Elgin

71%

71%

Cedarburg

West Chicago

Aurora

Warrenville

Montgomery

Oswego

Wolf Creek

Frontenac

W600 (Naperville)

74%

W601

J307

Will Co.

Orlan

-0.40 deg

2.35 deg

-7.10 deg -7.36 deg

McCook

4.49 deg

Grafton

UIUC

108%

133%

114%

91% 89%

101%

92%

131%139%

118%126%

119%128%

90%

85%

94%

109%

122%

89%

146%

144%

154%146%

153%

145%

| 14

Classical  (Physical)  AUack  Approaches  

•  Physical attacks on lines, buses and other equipment can also be effective: –  “low tech” attacks may be easy, and are also difficult to

defend against –  Requires physical proximity of attacker –  Particularly effective if multiple facilities are attacked in

a coordinated manner •  But coordination may be much easier in a cyber attack

J.D. Konopka (a.k.a. Dr. Chaos) Alleged to have caused $800K in damage in disrupting power in 13 Wisconsin counties, directing teenaged accomplices to throw barbed wire into power stations. (From Milwaukee Journal Sentinel) http://www.jsonline.com/news/Metro/may02/41693.asp

| 15 15

Intelligent  Electronic  Devices  

•  Intelligent  Electronic  Devices  (IEDs)  monitor  and  control  devices,  relays,  and  breakers  

•  IEDs  may  be  subject  to  cyber  tampering  given  access  to  the  substaKon  network  and  knowledge  of  a  password.      –  Publicly  accessible  informaKon  contains  the  default  passwords  for  some  IEDs      

•  AUacks  on  mulKple  grid  locaKons,  whether  physical  or  cyber,  would  need  to  be  well  synchronized  to  be  effecKve  (<10  minutes)  

PASSWORD  Shows  or  sets  passwords.  Command  pulses  ALARM  contacts  closed  momentarily  aier  password  entry.  PAS  1  OTTER  sets  Level  1  password  to  OTTER.  PAS  2  TAIL  sets  Level  2  password  to  TAIL.  

| 16 16

PotenKal  Cyber  AUack  Strategies  

•  Tripping  Breakers  •  Changing  Values  Breaker  Settings  

–  Lower  settings  can  destabilize  a  system  by  inducing  a  large  number  of  false  trips  

–  Lowering  trip  settings  can  cause  extraneous  other  breakers,  causing  overloading  of  other  transmission  lines  and/or  loss  of  system  stability  

•  Fuzzing  of  Power  System  Components  •  Life  Cycle  Attacks  •  Insider  Threats  

| 17

Combined  Cyber-­‐Physical  AUack  

•  The  physical  element  could  be  aimed  at  destabilizing  the  system  and  inflicting  some  lasting  damage  

•  The  cyber  element  could:  –  Focus  on  blinding  the  operator  to  the  true  nature  of  the  problem,  inhibiting  defensive  responses,  and  spreading  the  extent  of  an  outage  

–  Be  the  cause  of  the  physical  damage  •  INL  Generator  Demonstration  •  Stuxnet  computer  worm  

| 18 18

PotenKal  for  Long-­‐Term  (Physical)  Damage  

•  Unclear  how  likely  it  could  be  achieved  in  pracKce,  but  researchers  at  Idaho  NaKonal  Labs  have  shown  physical  damage  by  cyber  means  

| 19

Outline  

•  A  Quick  Primer  on  the  Modern  Electric  Grid  •  VulnerabiliKes  and  Threats  •  Challenges  to  Achieving  Trustworthy  OperaKon  •  TCIPG’s  Research  Mission  and  Research  Results    

| 20

•  Published  in  January  2006/updated  2011  •  Energy  Sector’s  synthesis  of  criKcal  control  system  security  challenges,  R&D  needs,  and  implementaKon  milestones  

•  Provides  strategic  framework  to  

–  align  acKviKes  to  sector  needs  –  coordinate  public  and  private  programs  

–  sKmulate  investments  in  control  systems  security  

Roadmap  –  A  Framework  for  Public-­‐Private  CollaboraKon  

Roadmap  Vision  By  2020,  resilient  energy  delivery  systems  are  designed,  installed,  

operated,  and  maintained    to  survive  a  cyber  incident  while  sustaining  criKcal  funcKons.  

| 21

American  Recovery  and  Reinvestment  Act  of  2009  

•  DOE-­‐OE  ($4.5B)  –  Smart  Grid  Investment  Grants  ($3400M)  –  Smart  Grid  DemonstraKons  ($615M)  –  State  Electricity  Regulators  Assistance  ($46M)  –  Enhancing  State  Government  Energy  Assurance  CapabiliKes  and  Planning  for  Smart  Grid  Resiliency  ($39.5M)  

–  Local  Energy  Assurance  Planning  IniKaKve  ($10.5M)  –  Resource  Assessment  and  InterconnecKon-­‐Level  Transmission  Analysis  and  Planning  ($60  M)  

–  Workforce  Training  for  the  Electric  Power  Sector  ($100M)  

| 22

Summary  of  Smart  Grid  Investment  Grant  Awards  

Topic  Area   Number  of  ApplicaKons  

Selected/  Conforming  

Federal  Funding  ($)  

Applicant  Funding  ($)  

Applicant  Cost  Share  (%)  

Equipment  Manufacturing  

2/14   25,786,501   25,807,502   50.02  

Customer  Systems   5/27   32,402,210   34,933,413   51.88  

Advanced  Metering  

Infrastructure  

31/138   818,245,749   1,194,272,137   59.34  

Electric  DistribuKon  

13/39   254,260,753   254,738,977   50.05  

Electric  Transmission  

10/28   147,990,985   150,454,793   50.41  

Integrated  and  Crosscu_ng  

39/143   2,150,505,323   3,082,366,420   59.09  

Total   100/389   3,429,191,521   4,742,573,246   58.04  

| 23

Challenge  1:  Trustworthy  technologies  for  wide-­‐area    monitoring  and  control  

 •  Smart Grid vision for the wide area (primarily transmission) is:

–  Vastly  more  sensing  at  high,    synchronous  rates  (example:  PMUs)  

–  New  applicaKons  that  use  these    data  to  improve  

•  Reliability  •  Efficiency  •  Ability  to  integrate  renewables  

•  Achieving  the  vision  requires  secure  and  reliable  communicaKons  between  sensors,  control  devices,  and  monitoring  and  control  applicaKons  all  owned  and  operated  by  the  many  enKKes  that  make  up  the  grid  

| 24

Challenge  1  Problem  Areas  

•  Smart  grid  technologies  bring  new  vulnerabiliKes  along  with  benefits  –  Need  improvements  in    security  of  wide-­‐area    communicaKon  technologies  

–  Need  ways  to  understand  and    miKgate  the  impacts  of    vulnerabiliKes    

•  What  data  delivery  infrastructure  design  will  provide  the  integrity,  confiden9ality,  availability,  and  real-­‐9me  performance  needed  for  wide-­‐area  smart  grid  operaKons?  

Rockford

36298/36027 XF

36299/36026 XF

Nort h Chi cago

Abbot t Labs ParkU. S. N Trai ni ng

O l d El m

Deerf i el d

Nort hbrook

Lakehurst

Waukegan

Zi on

G urnee

Ant i och

Pl easant

Round Lake

Zi on (138 kV)

Lake Zuri ch

Lest hon

Apt aki si c

Buf f al o G roove

Wheel i ng

Prospect Hei ght sPal at i ne

Arl i ngt on

M ount Prospect

Prospect

G ol f M i l l

Des Pl ai nes

El mhurst

I t asca

Garf i el d

Tollway

W407 ( Fermi )

Wi l son

Barr i ngt on

D undee

Si l ver Lake

Cherry Val l ey

Wempl eton

N el son

H -471 (N W Steel )

Paddock

Braidwood

State Li ne

Shefi el d

Chi ave

Munster

St. John

Electric Junction

Pl ano

La Sal l e

Lombard

Li sl e

Col l i ns

D resden

Lockport

East Frankfort

Goodi ngs Grove

Li bert yvi l l e345 kV

Li bert yvi l l e138 kV

Lake George

D unacr

Green Acres

Schahfer

Tower Rd

Babcock

Hei ght s

Prai ri e

Raci ne

Mi chi gan Ci ty

El wood

90 MW 104 MW

85 MW 92 MW

218 MW

East Mol i ne

Sub 91

D avenport

Rock Crk.

Sal em

MIN O N K T

O GLESBY

1556A TPO TTAWA T

O GLSBY M

O GLES; T

H EN N EPIN

ESK TAP

LTV TP NLTV TP E

H EN N E; T

LTV STL

PRIN C TP

PRIN CTN

RICH LAN D

KEWAN IP

S ST TAP

GALESBRG

N O RMA; BN O RMA; R

R FAL; R

MO N MO UTH

GALESBR5

KEWAN ;

SPN G BAY

SB 18 5

E MO LIN E

SB 43 5

SB 112 5

SB 85 5

SB 31T 5

SB 28 5

SB 17 5

SB 49 5

SB 53 5

SB 47 5SB 48 5

SB A 5

SB 70 5

SB 79 5

SB 88 5

SB 71 5

BVR CH 65 BVR CH 5 ALBAN Y 5

YO RK 5

SAVAN N A5

GALEN A 5

8TH ST. 5

LO RE 5

SO . GVW. 5

SALEM N 5

ALBAN Y 6

GARD E;

H 71 ;BTH 71 ; B

H 71 ; R

R FAL; B

N ELSO ; R

N ELSO ;RT

STERL; B

D IXO N ;BT

MECCO RD 3

CO RD O ;

Q uad Ci ti es

LEECO ;BP

Byron

MARYL; B

MEN D O ; T

STILL;RT

B427 ;1T

LAN CA; R

PECAT; B

FREEP;

ELERO ;BT ELERO ;RT

LEN A ; RLEN A ; B

H 440 ;RT

H 440 ; R

STEWA; B

H 445 ;3B

Roscoe

Pi erpont

S PEC; R

FO RD A; R

H arl em

Sand Park

N WT 138

BLK 138

RO R 138

JAN 138

ALB 138

N O M 138

D AR 138

H LM 138

PO T 138 MRE 138

CO R 138 D IK 138

BCH 138

Sabrooke

Bl awkhawk

Al pi ne

E. Rockford

Charl es

Bel vi dere

B465

Marengo

WIB 138

WBT 138ELK 138

N LG 138

N LK GV T

SGR CK5

BRLGTN 1

BRLGTN 2

SGR CK4

UN IVRSTY

UN IV N EU

WH TWTR5

WH TWTR4

WH TWTR3

SUN 138

LBT 138

TICH IGN PARIS WE

ALBERS-2

C434

El mw ood

Ni l es

Evanst on

Devon

Rose Hi l l

Skoki e

Nort hw est

Dri ver

Ford Ci ty

H ayford

Sawyer

Nort hri dge

Hi ggi nsDes Pl ai nes

Frankl i n Park

O ak Park

Ri dgel and

D799

G al ew ood

Y450

Congress

Rockw el lCl ybourn

Q uarry

Lasal l e

State

Crosby

Ki ngsbury

Jefferson

O hi o

Tayl or

Cl i nt

D ekov

Fi sk

Crawford

Uni versi ty

Ri ver

Z-494

Washi ngton Park

H arbor

Cal umet

H egewi sch

Z-715

South H ol l and

Evergreen

D amen

Wal l ace

Beverl y

G3851

Z-524G3852

Wi l dwood

H arvey

Green Lake

Sand Ri dge

Chi cago H ei ghts

Burnham

Lansi ng

F-575

F-503Gl enwood

Bl oomPark ForestMatteson

Country Cl ub H i l l s

Al t G E

Nat oma

Woodhi l lU. Park

Moken

M cHenry

Cryst al Lake

Al gonqui n

Hunt l ey

P Val

Woodstock

Bl ue Isl and

G394

Al si p

Crestwood

K-319 # 1

K-319 # 2

Bradl ey

Kankakee

D avi s Creek

Wi l mi ngton

Wi l ton Center

Frankfort

N Len

Bri gg

O akbrook

D owners Groove

Woodri dge

W604

W603

Bol i ngbrook

Sugar Grove

W. De Kal b G l i dden

N Aurora

El gi n

Hanover

Spaul di ngBart l et t

Hof f man Est at es

S. Schaumberg

Tonne

LandmBusse

Schaumberg

How ard

Berkel ey

Bel l w ood

La G range

Church

Addi son

NordiG l endal e

G l en El l yn

But t e

York Cent er

D775

Bedford Park

Cl earni ng

Sayre

Bri dgevi ew

Ti nl ey Park

Roberts

Pal os

Romeo

Wi l l ow

Burr Ri dge

Jo456

J322

Sout h El gi n Wayne

West Chi cago

Aurora

Warrenvi l l e

W507

Montgomery

O swego

Wol f Creek

Frontenac

W600 ( Napervi l l e)

W602

W601 J307

Sandwi ch

Wat erman

J323

Mason

J-371

J-375

J-339

Streator

Marsei l l esLasal l e

N LASAL

Mendota

J370

Shore

Goose Lake

J-305

J-390

J-326

Pl ai nf i el d

J-332

Archer

Bel l Road

Will Co.

H i l l crest Rockdal e

Joliet

Kendra

Crete

Upnor

LAKEVIEW

BAIN 4

Kenosha

SO MERS

ST RITA

MUKWO N GO

N ED 138

N ED 161

LAN 138

EEN 138

CASVILL5

TRK RIV5

ASBURY 5

CN TRGRV5

JULIAN 5

MQ O KETA5

E CALMS5

GR MN D 5

D EWITT 5

SBH YC5

SUB 77 5

SB 74 5SB 90 5

SB 78 5

D AVN PRT5

SB 76 5

SB 58 5

SB 52 5

TRIPP

Z-100O rl an

Kenda

2. 79 deg

4. 26 deg

-11. 5 deg -13. 0 deg

McCook

1. 7 deg

5. 9 deg

4. 1 deg

| 25

Challenge  Area  1  Problem  Areas,  cont’d  

•  What  is  the  relaKonship  between  security  (or  lack  of  security)  of  communicaKons  for  wide-­‐area  monitoring  and  control  and  the  power-­‐system’s  behavior?  

•  What    kinds  of  hardware  and  soiware  components  will  provide  a  beUer  foundaKon  on  which  to  build  the  wide-­‐area  monitoring  and  control  infrastructure?  

| 26

Specific  Area  1  Research  Challenges  

•  Secure  wide-­‐area  data  and  communicaKon  networks  for  PMU-­‐based  power  system  applicaKons  – Hierarchical  gateway-­‐based  architecture  

•  CooperaKve  congesKon  avoidance  and  end-­‐to-­‐end  real-­‐Kme  scheduling  to  achieve  real  Kme  informaKon  delivery    

•  Real-­‐Kme,  secure,  and  converged  power  grid  cyber-­‐physical  networks    

•  Algorithm-­‐based  intrusion-­‐tolerant  energy  applicaKons  

| 27

Challenge  2:  Trustworthy  technologies  for  local  area  management,  monitoring,  and  control  

•  Electric  grid  can  be  divided  into  three  groups:  the  generaKon,  the  wires  (T&D),  and  the  demand.    This  challenge  focuses  on  the  demand  and  the  nearby  distribuKon  –  GeneraKon  must  track  load  

•  For  a  grid  with  more  renewable,      but  less  controllable    generaKon    (e.g.,  wind  and  solar  PV),  more    load  control  will  be  needed    –  Distributed  generaKon  may  be  embedded  in  “demand”  –  New  loads  (electric  vehicles)  could  drasKcally  change  demand  profile  

| 28

MoKvaKon:  PV  Output  VariaKon  with  Clouds  

Image  Source:  Secretary  Chu,  “InvesKng  in  our  Energy  Future”  GridWeek  PresentaKon,  Sept.  21,  2009      

| 29

Challenge  2  Problem  Areas  

•  This  challenge  focuses  on  making  the  demand  more  known  and/or  controllable      

•  Must  address  many  of  the    Smart  Grid  core  issues  –  Great  advances  over  years  in    generaKon  and  T&D,  but  end    user  has  been  mostly  lei  out  

–  Customers  require  targeted  informaKon  to  help  them  opKmize  their  electricity  usage  

– Making  a  smarter  distribuKon  system    and  more  “acKve”  load  could  greatly    enhance  system  operaKons  and  control,      but  adds  cyber  issues  

| 30

Specific Area 2 Research Challenges

•  Cyber-­‐Enabled  management  of  distribuKon  (physical)  infrastructure  –  Smart-­‐grid-­‐enabled  distributed  voltage  support  – Agent  technologies  for  acKve  control  applicaKons  in  the  grid  

•  Trustworthy  integraKon  of  new  distribuKon  side  technologies,  e.g.,  vehicle-­‐to-­‐grid  (V2G)  

•  Non-­‐intrusive,  privacy-­‐preserving,    pracKcal  demand-­‐response  management  

 

| 31

Challenge  3:  Responding  to  and  managing  cyber  events  

•  Combined  cyber  and  physical  aUack  detecKon,  response  to  detected  aUacks,  and  recovery  from  aUack  consequences  is  essenKal  to  providing  resilience  

•  ExisKng  detecKon  and  response  methods  are  ad  hoc,  at  best,  and  rely  on  assumpKons  that  may  not  hold  

•  Aim  to  detect  and  respond  to  cyber  and  physical  events,  providing  resilience  to  parKally  successful  aUacks  that  may  occur:  – Making  use  of  cyber  and  physical  state  informaKon  to  detect  aUacks  

–  Determine  appropriate  response  acKons  in  order  to  maintain  conKnuous  operaKon  

– Minimize  recovery  Kme  when  disrupKons  do  occur  

| 32

Challenge  3  Scope

•  Sensors  – Monitor  both  physical  and  cyber  state  – Make  use  of  applicaKon  characterisKcs  improve  sensing  

•  Actuators  –  Not  just  in  generaKon,  transmission,  and  distribuKon,  but  in  every  outlet,  car,  parking  garage,  DER  

•   Response  algorithms  and  engines  that  are:  –  Have  provable  bounds  on  the  quality  of  decisions  that  they  recommend  

–  Cannot  cause  harm  in  the  hands  of  an  adversary  –  Are  scalable  (and  almost  surely)  hierarchical  –  Are  wide  in  their  end-­‐to-­‐end  scope  

| 33

Challenge  3  Problem  Areas  

Create  complete  detecKon,  response,  and  recovery  environment,  at  all  necessary  levels  of  abstracKon:  •  Physical  level    

–  Taking  into  account  noise  and  malicious  manipulaKon  of  values  

•  Hardware  level  –  RespecKng  embedded  and  cost  sensiKve  

nature  of  power  system  components  •  OS  /  Plaworm  level  

–  Dealing  with  lack  of  source  code    other  observability  limitaKons  

•  Computer  network  level  –  AccommodaKng    observability    

limitaKons  due  to  encrypKon  and  protocols  

| 34

Challenge  4:  Trust  and  Risk  Assessment  

•  Define  appropriate  security  metrics  –  Integrated  at  mulKple  levels  –  Applied  throughout  system  lifecycle  –  Be  both  “process”  and  “product”  oriented  

•  Determine  methods  for  esKmaKng  metrics  –  To  choose  appropriate  architectural  configuraKon  –  To  test  implementaKon  flaws,  e.g.,  fuzzing,  firewall  rule  analysis  

–  Can  be  applied  in  cost  effecKve  manner  before  an  audit  •  Which  link  technical  and  business  concerns  

| 35

Example  Challenge  4  Research  Topics  

•  Provide  methods  and  tools  that  use  simulaKon,  modeling  and  experimentaKon  to  –  Characterize  system  resiliency  in  presence  of  malicious  aUacks  and  accidental  errors  

–  Measure  and  quanKfy  the  system  security/reliability  –  Evaluate  effecKveness  and  performance      of  novel  mechanisms  for  conKnuous    monitoring  and  defense  against    potenKal  intruders  and  failures  

–  Analyze  and  assess  interplay  between    economics,    renewable  energy  sources    and  demand  response  

| 36

Outline  

•  A  Quick  Primer  of  the  Modern  Electric  Grid  •  VulnerabiliKes  and  Threats  •  Challenges  to  Achieving  Trustworthy  OperaKon  •  TCIPG’s  Research  Mission  and  Results    

| 37

TCIPG  Vision  &  Research  Focus  

Vision:  Drive  the  design  of  an  adaptive,  resilient,  and  trustworthy  cyber  infrastructure  for  transmission  &  distribution  of  electric  power,  which  operates  through  attacks  

Research  focus:  Resilient  and  Secure  Smart  Grid  Systems  –  Protecting  the  cyber  infrastructure  – Making  use  of  cyber  and  physical  state  information  to  detect,  respond,  and  recover  from  attacks  

–  Supporting  greatly  increased  throughput  and  timeliness  requirements  for  next  generation  energy  applications  

– Quantifying  security  and  resilience  

| 38

TCIPG    StaKsKcs  

•  Builds  upon  $7.5M  NSF  TCIP  CyberTrust  Center  2005-­‐2010  •  $18.8M  over  5  years,  starKng  Oct  1,  2009  (including  20%  cost  

share  from  partner  schools)  •  Funded  by  Department  of  Energy,  Office  of  Electricity  and  

Department  of  Homeland  Security  •  5  UniversiKes  

–  University  of  Illinois  at  Urbana-­‐Champaign  –  Washington  State  University  –  University  of  California  at  Davis  –  Dartmouth  College  –  Cornell  University  

•  20  Faculty,  20  Senior  Technical  Staff,  37  Graduate  Students,  5  Undergraduate  Students,  and  1  Admin  

| 39

Industry  InteracKon:  Vendors  and  UKliKes  that  have  parKcipated  in  TCIPG  Events  

| 40

Industry  InteracKon:  Other  organizaKons  that  have  parKcipated  in  TCIPG  Events  

| 41

TCIPG  Impacts  all  aspects  of  the  2011  Roadmap  to  Achieve  Energy  Delivery  Systems  Cybersecurity  

Build  a  Culture  of  Security  

Conduct  summer  schools  for  industry  

Develop  K-­‐12  power/cyber  curriculum  

Develop  public  energy  literacy  

Directly  interact  with  industry  

Educate  next-­‐genera4on  cyber-­‐power  aware  workforce  

Assess  and  Monitor  Risk  

Analyze  security  of  protocols  (e.g.  DNP3,  Zigbee,  ICCP,  C12.22)  

Create  tools  for  assessing  security  of  devices,  systems,  &  

use  cases  

Create  integrated  scalable  cyber/

physical  modeling  infrastructure    

Distribute  NetAPT  for  use  by  u4li4es  

and  auditors  

Create  fuzzing  tools  for  SCADA  

protocols  

Protec4ve  Measures/Risk  Reduc4on  

Build  secure,  real-­‐4me,  &  flexible  communica4on  mechanisms  for  

WAMS  

Design  secure  informa4on  layer  

for  V2G  

Provide  malicious  power  system  data  

detec4on  and  protec4on  

Par4cipate  in  industry-­‐led  CEDS  

projects  

Manage  Incidents  

Build  game-­‐theore4c  Response  

and  recovery  engine  

Develop  forensic  data  analysis  to  support  response  

Create  effec4ve  Intrusion  detec4on  approach  for  AMI  

Sustain  Security  Improvements  

Offer  Testbed  and  Exper4se  as  a  

Service  to  Industry  

An4cipate/address  issues  of  scale:  PKI,  data  avalanche,  

PMU  data  compression  

Act  as  repository  for  cyber-­‐security-­‐related  power  system  data  

TCIPG  Eff

orts  

| 42

Selected  TCIPG  AcKviKes:  PracKcal  Vulnerability  Assessment  Tools  for  Industry  

•  NetAPT    –  In  evaluaKon  by  SERC  as  an  

audit  tool  –  Used  in  pilot  assessments  by  

uKliKes  •  LZ-­‐Fuzz  has  been  used  in  a  

power  environment  to  test  ICCP  connecKons  

•  Api-­‐DO  ZigBee  Self-­‐assessment  framework  –  More  than  50%  of  KillerBee  

code  base  is  now  contributed  by  TCIPG  Dartmouth  team  

| 43

Selected  TCIPG  AcKviKes:  Embedded  System  and  AMI  Security  

•  Autoscopy  Jr.:    Lightweight  kernel-­‐based  intrusion  detecKon  system  –  Ongoing  Discussions  with  

SE  •  SpecificaKon-­‐based  IDS  for  

AMI  –  Discussions  with  Itron,  

Fujitsu,  EPRI  •  Hardware-­‐based  IDS  for  

meters  –  Signal-­‐level  IDS  detects  

meter  tampering  •  Security  specificaKon  

development  and  review  for  industry  

| 44

Selected  TCIPG  AcKviKes:  Efforts    to  Secure  Wide-­‐Area  Measurement  Infrastructures  

•  GridStat  Secure  Middleware  CommunicaKon  Framework  –  Used  in  test  with  INL  

•  CONES:  Converged  Networks  for  SCADA  –  Algorithms  formed  basis  of  

DOE-­‐funded  SIEGate  (System  InformaKon  Gateway)  appliance  

•  Analysis  of  GPS  spoofing  aUacks  against  PMU  synchronizaKon  –  Demonstrated,  using  MatLab  

simulaKon,  spoofing  aUack  on  GPS    

| 45

To  Learn  More  

•  www.tcipg.org  •  Bill  Sanders  

whs@illinois.edu  

•  Request  to  be  on  our  mailing  list  

•  AUend  Monthly  Public  Webinars  

•  AUend  our  Industry/Govt.  workshop  Oct.  30-­‐31,  2012