Smart Grid Cyber Security

Free Powerpoint TemplatesPage 1

Free Powerpoint Templates

CYBER SECURITY OF SMART GRID

JAZEEL K T7821

E7


CONTENTS

• Introduction• What is a smart grid?• Power grid automation• Classification of cyber attacks• Consequences of cyber attacks• Security requirements of a Smart Grid• Integrated Security Framework• Conclusion


Introduction

Nations across the world face the challenge of increasing power production while reducing the carbon footprint.They need to minimize power loss and downtime, harness alternative power sources, and so on.

The numerous challenges facing them have one solution – smart grids.

While smart grids bring improvements in cost and performance, the security of the power grids becomes more complex and risky, calling for a comprehensive and integrated solution


Current electric grid

TransmissionGeneration CustomersDistribution


What is a smart grid?

A digital upgrade to the existing electric grid technology that has been quite the same for over 100 years.

Integration of electrical infrastructure with information infrastructure.

Identified as a bigger opportunity than the internet itself.

Various points of power generation communicate with each other and use the shared information to make intelligent decisions.


Smart Grid: An overview

Enterprise Systems

Web ApplicationsControl Systems

Protection Systems

Information Infrastructure Electrical Infrastructure

AMIDSMOMSGIS

Smart Grid Technology

Cyber Secure


Smart Grid: An overview


Communication Switch / Communication ProcessorCommunication Switch / Communication Processor

Transmission/Distribution ApplicationsTransmission/Distribution Applications Operator training simulatorOperator training simulator

Information Model ManagerInformation Model ManagerCommunication front endCommunication front end ICCP ServerICCP Server

User interfaceUser interface HistoricalHistorical HMIHMIDashboardDashboard

MetersMeters Wired I/OsWired I/OsProtective Relays

Protective Relays Wired I/OsWired I/Os IEDsIEDs

RTU/PLC/Protocol GatewayRTU/PLC/Protocol Gateway HMIHMILog ServerLog ServerI/OsI/Os

SCADA/EMS CONTROL CENTRE

Field Devices

Other control centers




Other substations

Other substations

PlanningPlanning AccountingAccountingAsset management

Asset management EngineeringEngineering

CORPORATE

SUBSTATION

Power Grid Automation

POWER GRID AUTOMATION SYSTEM


Cyber Security of Smart Grid

Traditionally, power grid automation systems have been physically isolated from the corporate network.

This has been changing, perhaps due to the cost effectiveness of utilizing public networks.

Using public networks considerably increases the vulnerability of power grids to cyber attacks by increasing the exposure surface of these networks.


Classification of cyber attacks


Component-wise attack

Send e-mail with malware

InternetInternet

Admin

Acct

Slave Database

Operator

Operator

MasterDB

RTU

Opens Email with Malware

Admin

1. Hacker sends an e-mail with malware

2. E-mail recipient opens the e-mail and the malware gets installed quietly

3. Using the information that malware gets, hacker is able to take control of the e-mail recipient’s PC!

4. Hacker performs an ARP (Address Resolution Protocol) Scan

5. Once the Slave Database is found, hacker sends an SQL EXEC command

6. Performs another ARP Scan

7. Takes control of RTU

PerformARP Scan

SQLEXEC

PerformARP Scan

Takes C

ontrol o

f RTU


Consequences of cyber attacks






Security Requirements

Many cyber security solutions exist to protect IT networks and to reduce their vulnerability to attacks.

These IT-based cyber security solutions come short of providing the same level of security at the control and automation levels.

Power automation systems and applications were not originally designed for the general IT environment.


IT Networks and Smart Grid

A comparison of security requirements


Security Objective

IT Networks• Main security objective is

data, in terms of;– Data integrity– Data confidentiality– Data availability

Smart Grid• First priority is always

human safety• Second priority is to

ensure that the system runs under normal operating conditions.

• Third priority is the protection of equipment and power lines.


Security Architecture

IT Networks• Data server resides at the

centre and access points, used by the end users, at the edge.

• Data server requires more protection than the edge nodes

Smart Grid• EMS/SCADA at the centre,

RTU/PLCs at the edge.• Usually only devices

controlled by RTU/PLCs can do direct damage to humans, equipments and power lines.

• Edge nodes need the same level of protection as the central devices.


Technology Base

IT Networks• Use common OS

(Windows, Linux, Unix) and common networks (Ethernet).

• Communication protocols common, IP-based.

• Common security solutions can be designed based on these common architectures.

Smart Grid• Different system vendors

use proprietary OS and network protocols.

• Communication protocols different.

• Difficult to develop common host-based or network-based security solutions.


Quality of Service Requirements

IT Networks• Tolerances for delay of

data exchange, and occasional failures are not as strict as power grid automation network.

• Simply rebooting a computer or application is a common solution in the case of failures.

Smart Grid

• Rebooting is not acceptable in many control applications in power grid systems.


Integrated Security Framework

A novel framework of security solution for smart grid


Design Principles

Three layers: Power Automation & Control Security

Provides clear demarcation of control and security functionalities.

Scalability: security performance remain unabated with increase in load and system volume.

Extendibility: able to handle any future state of power grid. Can be integrated into the existing, legacy systems in a

non-intrusive fashion.


Components

SECURITY AGENTS Bring security to the edges of the system. Firmware or software Less intelligent at lower levels, more at higher levels Functions:

• To translate between different protocols.• To acquire and run the latest vulnerability patches from its security

manager.• To collect data traffic pattern, system log data and report to the

security manager.• To analyze traffic and access patterns with varying complexity

depending on the hierarchical layer.


Components

• To run host-based intrusion detection.• To detect and send alarm messages to the security manager and

designated devices, such as HMI.• To acquire access control policies from the security manager and

enforce them.• To encrypt and decrypt exchanged data

MANAGED SECURITY SWITCH To protect bandwidth and prioritize data. Work as network devices and connect controllers, RTUs,

HMIs, and servers in the substation and control center.


Components

Functions of Managed Security Switch• To separate external and internal networks, hide the internal

networks.• To run as a DHCP (Dynamic Host Configuration Protocol) server.• To acquire bandwidth allocation pattern and data prioritization

pattern from the security manager.• To separate data according to prioritization pattern, such as

operation data, log data, trace data and engineering data.• To provide QoS for important data flow, such as operation data,

guaranteeing its bandwidth, delay.• To manage multiple VLANs (Virtual Local Area Network).• To run simple network-based intrusion detection


Components

SECURITY MANAGER Connect directly or indirectly to managed security

switches. Functions:

• To collect security agent information.• To acquire vulnerability patches from a vendor’s server and

download them to the corresponding agents.• To manage keys for VPN.• To work as an AAA (Authentication, Authorization and Accounting)

server, validating user identifications and passwords, authorizing user access right (monitor, modify data), and recoding what a user has done to controllers.


Components

• To collect data traffic pattern and performance matrix from agents and switches.

• To collect and manage alarms/events from agents, switches.• To generate access control policies based on collected data and

download to agents.• To run complex intrusion detection algorithms at automation

network levels.• To generate bandwidth allocation pattern and data prioritization

pattern and download them to managed switches.

Security manager sits in the center of the power grid automation network, managing what and how security functions are performed by security agents and QoS functions performed by the managed security switch.


Intrusion Detection System

Anomaly based Intrusion Detection System (IDS) is used. Sound alarms when observed behavior is outside baseline

parameters. Performed at three levels:

• Security agent performs intrusion detection based on the CPU and memory utilization of the protected device (such as RTU/PLC), scan time, protocol pattern, communication partners, etc.

• Managed security switch performs intrusion detection function based on the delay of data packet, the allocated bandwidth profile, protocol pattern, etc.

• Security manager performs intrusion detection at the highest level, by monitoring power grid system and its automation system state.


Conclusion

It is misleading to suggest that IT people take the full responsibility for power grid network security including automation and control networks.

Compared with regular IT systems, power automation systems have definite different goals, objectives and assumptions concerning what needs to be protected.

It is necessary to embrace and use existing IT security solutions where they fit, such as communication within a control center, and develop unique solutions to fill the gaps where IT solutions do not work or apply.


References

Dong Wei; Yan Lu; Jafari, M.; Skare, P.; Rohde, K.; , "An integrated security system of protecting Smart Grid against cyber attacks," Innovative Smart Grid Technologies (ISGT), 2010 , vol., no., pp.1-7, 19-21 Jan. 2010.

Ericsson, G.N., "On requirements specifications for a power system communications system," Power Delivery, IEEE Transactions on,vol.20, no.2, pp. 1357-1362, April 2005.

Anthony R. Metke and Randy L. Ekl, “Security Technology for Smart Grid Networks”, Smart Grid, IEEE Transactions on, vol. 1, no. 1, June 2010

Amin, M., "Energy Infrastructure Defense Systems," Proceedings of the IEEE, vol.93, no.5, pp.861-875, May 2005.

http://www.net-security.org/secworld.php?id=8830


Free Powerpoint Templates

THANK YOU


Questions