Cyber Resiliency of Energy Systems:Designing for Tomorrow
while Taking Action Today Moreno Carullo
IEC TC 57 WG15 memberCo-founder and CTO, Nozomi Networks
March 12th 2019, Vienna Security Week
About IEC TC57 WG15 About Nozomi Networks
2
LONG-TERM CONTRIBUTION TO WG15June 2015
FOUNDED IN SWITZERLANDOctober 2013
GROUNDED IN RESEARCHFounders conducted PhD research on SCADA
Security/Malware and Artificial Intelligence
CREATED TO ADDRESS MARKET NEEDFounder worked in a large oil & gas company that
lacked visibility and control over its ICS/OT environment, needed a solution
Formed in early 2000s by an ad hoc groupworking to address cyber security issues inside TC57
121 members from 21 countries3 face-to-face meetings per year
MISSION & DUTIESUndertake the development of standards and/or
technical reports on end-to-end security issues of TC57 systems
Energy Infrastructure: Cyberattacks Are Increasing
3
The Ukraine’s Power Outage Was a Cyber Attack 18 Jan. 2017A power blackout in Kiev was caused by a cyber attack, investigators try to trace other potentially infected computers.
Hackers halt plant operations in watershed cyberattack15 Dec. 2017 Schneider confirmed that an incident occurred and that it issued a security alert to users of Triconex, which cyber experts said is widely used in the energy industry, including nuclear facilities, and oil and gas plants.
GreyEnergy: One of The Most Dangerous Threat Actors17 Oct. 2018ESET research identifies malware successor to BlackEnergy, being used to target energy and other critical infrastructure.
The Global Risk Report 2019Jan. 2019Cyberattacks to critical infrastructure are a top five global risk.
Energy Infrastructure: Cyber Security is Challenging
4
Technical Challenges
• More and more connectivity with other systems
• Large geographic areas
• High number of physical assets
• Communications are complex
• Systems are not secure by design
o Lack of authentication, encryption, robustness...
People and Process Challenges
• Shortage of cyber security skills
• Immature cyber security processes
• Intelligent Electronic Devices (IED) - Programmable Logic Controllers (PLC) or Remote Terminal Units (RTU) are low computational computers built for control physical components as valves, pumps, motors, etc.
• They use unsecure communication protocols that suffer from:
• This is part of an insecure ecosystem
Energy Infrastructure: Insecure by Design?
5
o Lack of authenticationo Lack of encryptiono Backdoors
o Buffer overflow
o Stemming from airgap of OTo Different priorities (e.g availability vs confidentiality)
What Do We Need to Protect?
6
Bulk GeneratingStation
Step-Up Transformer
DistributionSubstation
TransmissionSubstation
DistributionSubstation
DistributionSubstation
Commercial
Industrial Commercial
Gas Turbine
RecipEngine
Cogeneration
RecipEngine
Fuel cell
Micro-turbine
Flywheel
Residential
Photovoltaics
Batteries
Residential EMS
Control Center
Data network Users
2. Information Infrastructure
1.Power Infrastructure
… but how can we do security today,if we can’t see what’s happening on
energy system networks?
Today: Insecure Systems Can Be Secured and Monitored
8
Architecture and SegregationThe IEC 62443 family of standards help secure
today’s systems.
Awareness and TrainingOrganizations can improve their cyber security
culture and processes.
Technology exists now to address• Visibility: What do I have in my information
Infrastructure?
• Monitoring: How are my infrastructure assets
behaving?
• Vulnerability Assessment: Are my assets up-to-
date and free of vulnerabilities?
Tomorrow: End-to-End Security-by-Design
9
The goal of the IEC 62351 family of standards is to provide a secure-by-design system.
Operator Station IEDs
• Authentication of the systems, devices, and applications that are sending and receiving data
• Authorization for interactions such as viewing, reading, writing, controlling, creating, deleting
• Data integrity of all interactions and information within the systems
END TO END SECURITY GOALS
• Accountability ensures that an entity cannot deny having received or acted upon a message
• Availability of the interactions can range from milliseconds to hours or days
• Confidentiality is usually required for financial, market, corporate, or private data
Tomorrow: End-to-End Security-by-Design (continued)
10
Tomorrow: How We Enact Cyber Security Will Change
11
Everything we do today will
remain tomorrow. But we need
to change our focus.
Shift from just “looking for the
bad guys” to “let’s ensure
that security-by-design is
working well.”
Bulk GeneratingStation
Step-Up Transformer
DistributionSubstation
TransmissionSubstation
DistributionSubstation
DistributionSubstation
Commercial
Industrial Commercial
Gas Turbine
RecipEngine
Cogeneration
RecipEngine
Fuel cell
Micro-turbine
Flywheel
Residential
Photovoltaics
Batteries
Residential EMS
Control Center
Data network Users
2. Information Infrastructure
1.Power Infrastructure
12
Moreno has a Ph.D. in Artificial Intelligence and is an expert in
industrial cyber security. He is adept at managing technical teams
with a focus on quality and flexibility to deliver innovative
products.
Moreno is also a member of Electrosuisse, the Swiss National
IEC committee, and is an active TC57 WG15 group member.MORENO CARULLO
CTO and Co-FounderNozomi Networks [email protected]
About Moreno Carullo
Operational VisibilitySuperior Asset Discovery and Real-time Network
Monitoring
ICS Cyber SecurityThe Best ICS Threat Detection
Multinational Deployments Most Distributed Global Installations
One Solution Delivers
Thank Youwww.nozominetworks.com