NAVY SmartShore Pilot

Transcription

1 Track 4 Session 5 NAVY SmartShore Pilot Jeff Johnson Naval District Washington August Rhode Island Convention Center Providence, Rhode Island

2 Session Agenda US Navy, Initial Energy Strategy NDW Goals The new cyber threat landscape hacker trends, techniques and technologies Common critical network vulnerabilities NDW approach to cyber security System Capabilities Summary and conclusions 2

3 Naval District Washington NDW Footprint* Joint Base Anacostia Bolling (DC) NAS Patuxent River (MD) NSA Annapolis (MD) NSA Bethesda (MD) NSA South Potomac (VA) NSA Washington (DC) Total Plant Replacement Value (PRV): $14B Operations & Maintenance Budget: $500M/yr Reimbursable Budget: $15M/yr 25,652 acres 3,129 buildings 2,822 non building structures 1,029 utilities locations 10 runways 6 hangers 44 piers wharfs 3 small arms training 21 small boats Geographically located in multiple states to address interstate utility regulatory issues 3

4 Navy Smart Energy Strategy

5 What is the Shore Baseline? Aging infrastructure with deferred and declining investments for facilities sustainment & emergency management operations Deferred maintenance of buildings and building systems Lack of resources to collect and maintain authoritative data Reduced funding for programs and projects Increased risk from: Commercial grid and perimeter vulnerabilities Threats of cyber attacks (internal and external) Growing incidence of natural and manmade disasters Increased pressure to reduce Cuts to national defense budget Aggressive Federal and DoD mandates Increased Risk Pressure to reduce costs Aging Infrastructure Compelling Need for Change How will shore installation management be maintained & funded over their lifecycle to achieve intended benefits?

6 NDW Operational Goals Establishing a secure critical infrastructure environment for efficient shore operations REQUIREMENTS Compliance with DoD and Federal mandates Efficiency savings through automation Optimization of operations and processes Safe & Reliable operations Share information between stakeholders Connect equipment over an IP network Utilize Standards Based (and Legacy) protocols Enhance Public Safety operations Protect Critical infrastructure CONCERNS Unauthorized external access to networks and systems Loss of command & control or data integrity Loss or degradation of system availability Malware infection manipulating operations Cyber attack causing physical impact Reputation loss due to publicized vulnerabilities or attacks Intentional misuse of systems or control causing physical impacts Cyber security attacks impacting normal operations 6

7 NDW Technology Insertion Dahlgren Ops Investments ATFP Program AMI Program OPNAV NDW Smart Grid Pilot Program CNIC Energy Program ESTCP* Program NDW Utilities Ops Investments Availability of Data for Facility and Utility Mgmt Establish basewide DDC system Command and Control (C2) Virtual Perimeter Monitoring System (VPMS) RDC Gates PSNet Measure Energy Consumption (2200 of 3129 bldgs in NDW) Business Process Reengineering: People, Processes, Technology Accredited Architecture Benchmark MAXIMO Pilot 40 FY12 esrm projects including: Connect locations with existing DDC/SCADA Re-commissioning Building Envelope HVAC, etc. Cognitive Energy Mgmt System Steam Trap Monitoring Chiller Optimization Adv. Demand Response First Fuels Plant Consolidation (Networking) FY14 DDC & SCADA Projects FY13&14 Steam Decentralization MILCON Reduced FTE and improved customer service; trend analysis and maintenance mitigations Initial architecture established for secure command and control enabling mission assurance. Ability to reduce FTE and utilize data-based decisions Smart meters allow multiple commodity consumption data at 15 min intervals; power factor and wave capture data allows improved quality Capability templates & roadmap; Industry products meeting DoD technology gaps; Cyber security & mission assurance; Lessons learned for enterprise solutions Cyber compliance; Integrated systems deployment for optimal C2 and active facility and utility mgmt NDW Pilot has been identified as ideal testbed for private industry partnerships due foundational approach leading to data availability Currently benchmarked at serveral sites; projects allow region wide deployment with proven ROI 7

8 What are the Threat Vectors? WHAT S NEXT? Kemuri Water Company Ukraine Utilities Left 225,000 customers in the dark. 1st successful cyber attack to knock a power grid offline.. Unnamed Steel Mill, Germany INSIDER ATTACK New York Dam Google HQ, Wharf PLC ATTACK Hack accessed hundreds of PLCs used to manipulate control applications altering chemicals. SCADA ATTACK Hackers disrupted networks to access automation equipment resulted in massive damage. BACKDOOR ATTACK Iranian hackers tried to open flood gates. Was this a dress rehearsal for something bigger? MISS-CONFIGURE SHODAN discovered over 21,000 miss-configured building automation systems. Target Retail Stores Saudi Aramco & RasGas Project Basecamp Unnamed Steel Mill Natanz Nuclear Facility 2010 BACKDOOR ATTACK The attackers backed their way into network by compromising a 3 rd -party vendor to steal data. ENTERPRISE ATTACK Networks infected with the Shamoon virus erased information causing enterprise network outages. PLC ATTACK A team used a penetration test on PLCs to realize how badly vulnerable their SCADA/ICS were. ENTERPRISE INFECTION The Conficker worm infected the control network causing an instability in the communications. SCADA MALWARE Stuxnet infected the air-gapped control network bypassing causing damage to centrifuge.. Maroochy Water System INSIDER ATTACK Disgruntled ex-employee hacks into the water system and floods the community of sewage.

9 Who are the Actors? A World Full of Hackers Nation states Criminals Activists Employees Children! Admiral Michael Rogers, Director NSA & US Cyber Command Various Motivations Money Political protest Environmental activism Espionage Retaliation Job security Fun China along with one or two other countries have the capability to successfully launch a cyber attack that could shut down the electric grid in parts of the United States. NSA Director testimony to Congress, Nov Unintentional Disasters An attacker/ user doesn t even know what they are doing to cause a huge impact 9

10 NDW Technical Approach I.T. vs. O.T. Approaches to Cyber Security Boundary Protections Firewalls Network Intrusion Detection DMZ/Proxy Servers Endpoint Protections Host intrusion detection/prevention (anti virus/firewall/application white listing) Policy enforcement Configuration management Device connection management Data transfer management External alerting & reporting Pre Stuxnet Protection Firewalls DMZ/Proxy Servers Air Gaps Post Stuxnet Protections: Anti virus on PCs & Servers Firewalls / data diodes Configuration/patch management Secure Middleware Panels (Energyguard and NAE(S) Protocol monitoring capability for ICS systems via endpoint protection for legacy devices

11 ICS Solution Overview An enterprise grade industrial control system Integrates disparate multi vendor systems into a local, regional and national system Provides a secure enclave for ICS management while ensuring no access to legacy unsecure PLC devices Improved base operations Remote monitoring and control of HVAC, lighting, building access, water, waste water, steam and power systems Consolidated regional energy performance data for analysis and demand response Enhanced critical infrastructure protection Virtual Monitoring System A virtual fence that detects and alerts when intruders enter restricted areas Enhanced monitoring providing real time access to deployed sensors for command & control / assessment Secure wireless network for mobile and fixed sites Solutions validated by Independent Agencies NAVY Utility Management Control System (NUMCS ) Maintain the Pilot Edge based security capabilities while migrating from SSSPN NAVFAC SMARTGRID RFP will provide Advanced Analytics Capabilities 11

12 Shore Operations Center (ShOC) Shore Operations Center Shore Integrator Alarms / Alerts on Emergencies Regional Dispatch Center (RDC) Shore Facilities Engineering Command Alarms / Alerts on Building & Utility Operations Public Works Department (PWD) Quality Assurance on Shore Operations: Contract Execution, Maintenance Support; Event Close-out, etc. Public Works Department, Regional Dispatch Center Trouble Calls and Service Requests from Installation personnel to the Regional Desk Public Works Department 12

13 Facilities and Energy Operations Center (FEOC) Active Facility Management Workflow Trouble Call Reported QA/QC for Ticket Closeout Coordinates with Operator If HVAC related Maximo Ticket Created System Requires Service ICS Alarm on Building System 13

14 Sensor Management and Emergency Dispatch Emergency Management Workflow Emergency Call or Fire Alarm Received in Regional Dispatch Center (RDC) Notify Regional Operation Center (ROC) and Installation Emergency Operations Center (EOC) per CONOPS Dispatch First Responders or Create Remedy Ticket Sensor Management Suite (SMS Team) Virtual Perimeter Monitoring System 14

15 NDW Technology Insertion Sustainment Improvement Example Air Handler Unit #1 Service Area: West Side Floors 1,2,&3 Unit: 12k CFM 7.5 HP Supply 15 HP Return Occupancy Mode Static Pressure Supply Fan Speed Zone Temp Re-Programming Date 24 Dec 2014 Re-tuning via controls programming reduced AHU Run Time by 12 hours on weekdays and 16 hours on weekends Re-tuning Building extends lifecycle of building equipment 15

16 Energy Analysis Example Building Electrical Meter Data Daily Meter Data (kwh) 2,500 Daily Average 1,975 2,000 1,500 1, New Daily Average 1, kwh Average Daily 0 Meter Data (kwh) Average Weekends_Holidays Re-tuning Buildings saves Energy 16

17 Lessons Learned Projects Execution for Cyber and Operations is Easier than continuous monitoring of deployed systems Loss of funding for Public Works funds impacts the ability to repair systems (ROI is predicated on fixing systems) Cyber Security and Continuous Monitoring provides a opportunity for additional continuous monitoring and operations of Facility and Utility Infrastructure NAVFAC FEOC CONOPS development is an move towards active facility management Network and System continuous monitoring helps with system reliability and reduces Operational and Cyber Risk NAVFAC RFP addresses the big data advanced analytics gap and provides additional tools for system operation and energy savings.

18 Present and Future Smart Shore 1.0 Systems consolidated onto the same platform Smart Shore X.0 Advanced applications and operating procedures leveraging integrated system data Wired/ Wireless Infrastucture Network Assets Video Cameras Direct Digital Controls Alarm Systems ELMR Quick Reaction Force Security Sensor Based Enclaving Demand response every 15 minutes based Market Conditions Condition Based Recurring Maintenance Dynamic Equipment/Fire Response Integration Instantaneous Access Restrictions Integrated Systems and CONOPS for the SHORE 18 18