Cyber security of power grid

CYBER SECURITY of POWER GRID

P.K.Agarwal, Addtional General Manager,

Power System Operation Corporation

22-Feb-2012 2

SCADA Hacking News

Convergence of Information Technology and

Operation Technology.

22-Feb-2012 3

Enterprise Systems

Web Applications

Control Systems

Protection Systems

Information Technology Operations Technology

AMI

DSM

OMS

GIS

Smart Grid Technology

Concerns of Cyber Security

-: Need of Data Sharing :-

-: Increased use of digital information :-

-: Two way flow of information for Power Grid :-

22-Feb-2012 4

Markets

Generation Transmission Distribution Customer

Service

Providers

Flow of Electricity

Flow of Information

Concerns with regard to security of power grid

solutions.

Existing standards for system security under a

smart grid environment for System Operator.

Challenges of integrating new technologies

with legacy systems.

Roadmap for technology adoption required for

network security in smart grid environment.

22-Feb-2012 5

Agenda

Concerns with regard to security of

power grid solutions.

22-Feb-2012 6

Cyber Security in Power Grid

22-Feb-2012 7

ThreatsRequirements

Confidentiality

Integrity

Availability

Non-

Repudiation

Unauthorised

access to

Infomation

Unauthorised

Modification or Theft

of Infomation

Denial of Service or

Prevention of

Authorised Access

Accountability: Denial of Action

That took place, or claim of

Action that did not take place

Concerns

• Current power grid depends on complex network of computers, software and communication technologies.

• If compromised, have the potential to cause great damages.

• A cyber attack has the unique in nature that it can be launched through

– public network

– from a remote location

– Form any where in the world.

– Coordinated to attack many locations

22-Feb-2012 8

More Concerns

• The legacy communication method used for grid

operations also provide potential cyber attack

paths.

• Many cyber vulnerabilities in Supervisory Control

and Data Acquisition (SCADA) System have been

surfaced.

• Level of automation in substations is increasing,

which can lead more cyber security issues.

• Recent study have shown that the deployed

components have significant cyber vulnerabilities.22-Feb-2012 9

Still More Concerns

• Efforts of energy sector to

uncover system vulnerabilities

develop effective countermeasures

have prevented serious damages to electric supply

chain.

• Some of these vulnerabilities are in the process of

being mitigated.

• However, attack on energy control systems have

been successful in many cases.

22-Feb-2012 10

Existing standards for system security

under a smart grid environment for

system operators.

22-Feb-2012 11

Standards and Framework

• ISO/IEC 27001- Information Security

Management System.

• NERC-CIP Standards - Critical

Infrastructure Protection

Standard.

• NIST IR 7628 – Guidelines for Smart

Grid Cyber Security.

• IEC 62351 Series Security Standards Standards

22-Feb-2012 12

ISO/IEC 27001 - ISMS

• Information Security Management System

Standard.

• Published by International Organization for

Standards and International Electro technical

Commission.

• Information technology -- Security techniques --

Information security management systems --

Requirements.

• Formally specifies a management system that is

intended to bring information security under explicit

management control.22-Feb-2012 13

NERC – CIP Standards

• Critical infrastructure protection (CIP) is a

concept by North American Reliability Corporation

(NERC).

• Efforts to improve physical and cyber security for

the bulk power system of North America.

• include standards development, compliance

enforcement, assessments of risk and

preparedness

• provide a cyber security framework for the

identification and protection of Critical Cyber

Assets to support reliable operation of the Bulk

Electric System.

22-Feb-2012 14

CIP-001 Sabotage Reporting

CIP-002 Critical Cyber Asset Identification

CIP-003 Security Management Controls

CIP-004 Personnel & Training

CIP-005 Electronic Security Perimeter(s)

CIP-006 Physical Security of Critical Cyber Assets

CIP-007 Systems Security Management

CIP-008 Incident Reporting and Response Planning

CIP-009 Recovery Plans for Critical Cyber Assets

22-Feb-2012 15

NERC – CIP Standards Series

NIST IR-7628 Guidelines for Smart Grid

Cyber Security.

• Advisory guidelines – neither prescriptive

nor mandatory

• Intended to facilitate efforts to develop:-

– A cyber Security Strategy

– Effectively focused on

• Prevention

• Detection

• Response and

• Recovery

22-Feb-2012 16

NIST IR-7628 Guideline

The three-volume reports of Guidelines for Smart

Grid Cyber Security are:-

• Volume 1 - Smart Grid Cyber Security Strategy,

Architecture, and High-Level

Requirements

• Volume 2 - Privacy and the Smart Grid

• Volume 3 - Supportive Analyses and References

Freely available at http://csrc.nist.gov/publications/nistir

22-Feb-2012 17

IEC-62351 Standards

• Communication protocols are one of the most

critical parts of power system operations.

• Communication protocols developed by TR 57

are:-

– IEC 60870-5 – 101, 102, 103, 104

– IEC 60870-6 – TASE.2

– IEC 61850

• These were very specialized, rely on “Security by

Obscenity” – now no longer valid.

22-Feb-2012 18

IEC-62351 Standards Series

• Series provides provides a frame work for security of existing power system protocols:-

– IEC 62351-1 : Introduction and overview

– IEC 62351-2 : Glossary of Terms

– IEC 62351-3 : Profiles including TCP/IP

– IEC 62351-4 : Profiles including MMS

– IEC 62351-5 : Security for IEC 60870-5 & derivatives

– IEC 62351-6 : Security for 61850 Profiles

– IEC 62351-7 : Management Information Base Requirements for End-to-End Network Management

22-Feb-2012 19

Correlation between IEC 62351 and Power

System Protocols

22-Feb-2012 20

IEC 62351-1 : Introduction

IEC 62351-2 : Glossary

IEC 62351-3 : Profiles Including TCP/IP

IEC 62351-4 : Profiles Including MMS

IEC 62351-5 : IEC 60870-5 &

Derivatives

IEC 62351-6 : IEC 61850

IEC 60870-6 TASE.2

IEC

62

351

-7 : M

IB fo

r

Netw

ork

and S

yste

m

Manag

em

ent

IEC 61850-8-1 MMS

Profiles

IEC 60870-5-104 TCP/IP

IEC 60870-5-101, 102 and 103

IEC 61850-8-1 GOOSE

Profiles

IEC 61850-9-2 Profiles

Source – IEC 62351-

1

IEC 60870-6 TASE.2

Challenges of integrating new

technologies with legacy systems.

22-Feb-2012 21

Legacy System – Silos of Information

22-Feb-2012 22

TOP1 – Operational Information DIST1 - Operational Information

DISTx – Operational Information

GEN1 - Operational Information

GENx - Operational Information TOPx – Operational Information

Smart System – Sharing of Information

22-Feb-2012 23

Transmission Distribution CustomersGeneration

AMI DSM

System

Operations

System

Operations

Challenges in Integrating

22-Feb-2012 24

Increasing Number

Of Systems and

Size of Code Base

Control Systems

Not Designed with

Security in Mind

Increasing Use of

COTS Hardware

and Software

New Customer

Touch Points into

Utilities

New 2-Way

Systems

(e.g. AMI, DSM)

Increasing

Interconnection

and Integration

Increased Attack Surface

Increased Risk to Operations

Some Solutions

• Air gap between legacy and new system.

– Sharing of information through batch transfer.

– Not possible in real tim emode.

• Publish/Subscribe technology between legacy

system and new system.

– Information can only be shared if the source system

publishes it.

• Use of Data-diode technolgy.

22-Feb-2012 25

Challenges of integrating new

technologies with legacy systems.

22-Feb-2012 26

Barriers

• Cyber threats are unpredictable and evolve faster

than the sector’s ability to develop and deploy

countermeasures

• Security upgrades to legacy systems are limited by

inherent limitations of the equipment and

architectures

• Threat, vulnerability, incident, and mitigation

information sharing is insufficient among

government and industry

• Weak business case for cyber security investment

by industry

• Regulatory uncertainty in energy sector cyber 22-Feb-2012 27

Strategies

• Build a culture of security.

• Access and Monitor Risks.

• Develop and Implement New Protective Measures

to reduce Risks.

• Manage Incidence.

• Sustain Security Improvements.

22-Feb-2012 28

Road Map for Security of Smart Grid

• Information Security Management System have

been adopted by each regional load dispatch

center.

• Each RLDC has been certified by International

Certifying Body (BSI) for ISO 27001:2005.

• SCADA system up gradation is being done with:-

– Adoption of IEC 62351 security standards.

– Secure connection between SCADA network and

Enterprise network for cyber security.

– Access control for physical security.22-Feb-2012 29

22-Feb-2012 30