Security of the Bulk Power System. Terry Boston President and CEO PJM Interconnection NERC Grid Security Conference October 15, 2013

Transcription

1 Security of the Bulk Power System Terry Boston President and CEO PJM Interconnection NERC Grid Security Conference October 15, 2013

2 PJM as Part of the Eastern Interconnection KEY STATISTICS Member companies 850+ Millions of people served 61 Peak load in megawatts 165,492 MWs of generating capacity 183,604 Miles of transmission lines 62, GWh of annual energy 793,679 Generation sources 1,376 21% of U.S. GDP produced in PJM Square miles of territory 243,417 States served 13 + DC As of 6/1/2013 2

3 Top Challenges Facing the Industry Electricity Demand World s Largest Fuel Switch Natural Gas Interoperability Integration of Intermittent and Demand Side Resources Man-Made and Natural Disasters Each Challenge is Also an Opportunity Adapted from: EPRI 3

4 Prevention Build security into the design Implement traditional controls Improve security controls Cyber Resiliency with Eyes Wide Open Collaboration Coordinate response plans Develop and maintain government relationships Leverage industry relationships Share best practices Resilience Focus on incident response Enhance scenario planning Plan and drill restoration scenarios 4

5 Resilience Definition 5

6 we must address emerging risks with diligence, commitment, and the understanding that we cannot reroute hurricanes, intercept every cyber attack, or prevent every disruption. Source: National Infrastructure Advisory Council Cyber Security President Obama put it succinctly: To succeed, we must face the world as it is. 6

7 Previous Architecture Data Bridges All Roads Lead to Market Settlements SAP GENOUT ecapacity GADS/ GORP Data Warehousin g eftr EES/TMS emtr emkt edata ORG Market Settlements ATC OASIS CAM UDS edart DMT (Constraint Logger) EMS eschedules Doc #148562_v4 7

8 Cybersecurity Built In, Not Bolted On NATION STATES Phishing, Malware, APT, Network Scans CRIMINALS Phishing, Malware, Drive-by Attacks edata DMZ PJM Corporate Network INSIDERS Cooperation with outside actors, policy abuse, disgruntled DMZ HACTIVISTS Distributed Denial of Service, Defacement TERRORISTS Denial of Service, electronic jihad 8

9 Dual Control Centers Dual primary centers interoperating and controlling. Either can assume full and immediate control of PJM s operations, markets and customer web applications. Valley Forge Milford 9

10 What is the Golden Image? Golden Image is a set of air-gapped redundant computer hardware and clean software To be activated in the event of a cyber incident that compromises all production environments. Able to run the core EMS applications (Operations) Data ICCP Data Core EMS in a Box 10

11 Examples of Cyber Security Partnerships DHS industrial control systems intelligence and services Collaboration with ISO/RTO security leaders Honeynet research project Sponsor of national laboratories, grants, and university projects Smart grid demonstration grant Cyber Risk Information Sharing Program (CRISP) 11

12 Cyber Risk Information Sharing Program CRISP Industry Participants 12

13 Boeing Demonstration Grant Project Matching grant provided by DOE Comprehensive risk assessment of critical systems Enhancements of existing PJM security tools & processes Demonstration of defense-grade technologies Leadership in cyber security technologies through the application of defense-grade systems 13

14 Lockheed Martin Defense Grade Round the Clock PJM Security Monitoring Level 1 Level 2: Business Hours Escalation Escalation Level 2: On-Call After Hours Level 1 14

15 Spear Phishing Campaigns Baseline 20% Results 4% 15

16 Case Study: Phishing Attempt Highly legitimate looking Sent to over 50 PJM personnel PJM identified it before antivirus and SPAM vendors Web content filtering blocked malicious link PJM shared details with ES- ISAC and AEP CSOC Details forwarded to industry for blocking and monitoring 16

17 Mitigation Overview Denial of Service Attack PJM Traffic is Cleansed Vendor PJM Normal Traffic Passes Through 17

18 Physical Security 18

19 AC 2 Construction Original Blast Doors 19

20 PG&E Metcalf Substation 500 kv and 230 kv Do not copy. 20

21 Timeline Do not copy Hours- gunfire begins at the substation 0141 hours first call to 911 received the caller estimated three dozen shots had been fired at that point hours second 911 call- the caller estimated shots fired. 21

22 Equipment with Gunshot Damage Do not copy. 22

23 Three Attacks on Power Grid in Lonoke County, Arkansas Do not copy. 23

24 PJM Gates and Guards 24

25 Register at Grid2020.pjm.com Keynote speaker is Tom Ridge, former secretary of the Department of Homeland Security and governor of Pennsylvania.