Addressing Cyber Threats in Power Generation and Distribution

Similar documents
Securing Industrial Control Systems

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

IEC A cybersecurity standard approaching the Rail IoT

ANATOMY OF AN ATTACK!

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Innovation policy for Industry 4.0

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Digital Substation Unrestricted Siemens AG 2017 siemens.com/digital-substation

T22 - Industrial Control System Security

Cyber security for digital substations. IEC Europe Conference 2017

AUTHORITY FOR ELECTRICITY REGULATION

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

IEC in Digital Substation and Cyber security

SECURING THE SUPPLY CHAIN

Cyber security - why and how

Digital Wind Cyber Security from GE Renewable Energy

Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant

Detection and Response Services in the ICS Environment

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

NW NATURAL CYBER SECURITY 2016.JUNE.16

European Union Agency for Network and Information Security

Firewalls (IDS and IPS) MIS 5214 Week 6

The Information Age has brought enormous

Lifecycle Performance Care Services. Bulletin 43D02A00-04EN

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security for Process Control Systems ABB's view

The NIS Directive and Cybersecurity in

IE156: ICS410: ICS/SCADA Security Essentials

Just How Vulnerable is Your Safety System?

Intelligent Building and Cybersecurity 2016

Cyber Security of Industrial Control Systems (ICSs)

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

ENISA EU Threat Landscape

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Combating Cyber Risk in the Supply Chain

Cyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Heavy Vehicle Cyber Security Bulletin

Changing face of endpoint security

NEN The Education Network

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Protecting productivity with Industrial Security Services

Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

You knew the job was dangerous when you took it! Defending against CS malware

Back to the Future Cyber Security

CTI Capability Maturity Model Marco Lourenco

CCISO Blueprint v1. EC-Council

Manchester Metropolitan University Information Security Strategy

Cisco Secure Ops Solution

Substation automation products. MicroSCADA Pro for substation automation

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Industrial control systems

Industry Best Practices for Securing Critical Infrastructure

Securing the Grid and Your Critical Utility Functions. April 24, 2017

Bird of a Feather Automated Responses

IC32E - Pre-Instructional Survey

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Control System Security for Social Infrastructure

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Expanding Cyber Security Management for Critical Infrastructure

Practical SCADA Cyber Security Lifecycle Steps

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Low Impact Generation CIP Compliance. Ryan Walter

Risk Assessments, Continuous Monitoring & Intrusion Detection, Incident Response

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

ICS Security Innovation Asia Pacific ICS Security Summit. Singapore 2013

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Cybersecurity Overview

Continuous protection to reduce risk and maintain production availability

Sage Data Security Services Directory

Guide to cyber security/cip specifications and requirements for suppliers. September 2016

ISA99 - Industrial Automation and Controls Systems Security

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

AT&T Endpoint Security

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Gujarat Forensic Sciences University

CONE 2019 Project Proposal on Cybersecurity

ABB Ability Cyber Security Services Protection against cyber threats takes ability

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Cyber Resilience. Think18. Felicity March IBM Corporation

SANS SCADA and Process Control Europe Rome 2011

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

TABLE OF CONTENTS. Section Description Page

Internet of Things Toolkit for Small and Medium Businesses

A Disciplined Approach to Cyber Security Transformation

Gerhard Brndt, ABB AG, BU Power Generation Cyber Security and Compliance in Increasingly Distributed and Aging Power Generation Infrastructures

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Transcription:

Addressing Cyber Threats in Power Generation and Distribution

VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems o 16 years in several positions in local teleoperator s IT management o Development Manager, Cyber Security at VEO Oy

Cyber security In general In the energy sector

Cyber security trends o Cyber threats are evolving and becoming more difficult to prevent and detect o Attack surface increases: Amount of systems is increasing, and they are getting more complex and interconnected Probability to get breached increases

Impacts of cyber attacks o Companies, consumers and society are more and more dependent on different types of network-connected systems and services Impact of acts in cyber space is increasing

EU and national legislation o EU NIS directive Network and systems security requirements for EU member states Directive concerns: EU member states information security cooperation with EU and member states Key services providers from different industry sectors including electric power generation and distribution o Finnish act on electricity market, add-on 29 a Derived from the EU NIS directive Electricity grid operator has obligation: To have risk management in place for its systems and communication networks To inform energy authorities about information securityrelated incidents

Cyber security standards o Several standards address cyber security Most known and widest adopted are standard series of IEC 27000 and 62443, where IEC 27000 is mainly targeted to company s internal information security, and IEC 62443 to industrial production and it s supply chain. o Investments and efforts in cyber security development should be suitably scaled to the protected asset.

Cyber security in Finland s critical infrastructure o Finland has a geopolitically strategic location Key players have most likely already mapped Finland s strategic targets in critical infrastructure, and cyber warfare methods against them o Finland s national emergency supply agency has ordered from VTT a group of cyber security development projects VEO will participate in a pilot project focusing on energy sector s cyber threats

Cyber security in the energy sector o General cyber threats also have an impact on industrial control systems used in the energy sector o Power plants and electricity grids form the most important part of society s critical infrastructure The energy sector s supply chain is an attractive target to cyber attacks

ICS Cyber Security Attack process Defending From the big picture to the details What VEO can offer

ICS Cyber Kill Chain o Kill Chain is a warfare method meaning the process that attackers takes to achieve their final goals o Cyber Kill Chain was originally developed by Lockheed Martin o SANS Institute added stage 2 on top of the original concept o Stage 1 and 2 forms together the ICS Cyber Kill Chain

*) Graphics from SANS Institute s document, The Industrial Control System Cyber Kill Chain

Malware targeted at the energy sector o In the past there have been industrial control system-targeted malware, like Stuxnet and BlackEnergy o In the end of 2016, Ukraine faced large blackouts in Kiova electrical grids, caused by cyber attack It turned out that it was specifically energy sector-targeted malware (Industroyer/ Crashoverride), which abused automation protocols IEC 101, 104, 61850 and OPC DA to open breakers and disconnectors in substations

Cyber security management Asset owner s value chain Asset owner: Competitive buyer Delivery Supplier assessments, demands => contracts Maintenance Maintenance service provider assessments, demands => contracts, lifecycle management: preserving cyber security level Supplier, service provider Supplier: Capabilities, responsibilities, policies, processes Service provider: Capabilities, responsibilities, policies, processes, change management Systems, architecture Pre-planning, vendor choices, implementation method Preserving cyber security level Vendor: Device, application Device and application choices, configuration Security patching, cyber security related device or application replacements/upgrades

ICS, defense in depth architecture Level 0 Instrumentation Level 1 Distributed IO Safety systems Level 2 Automation Level 3 Control room DMZ Level 4-5 Enterprise PLC 1 Enterprise network HMI Firewall PLC 2 Firewall Industrial firewall PLC 3

ICS cyber defenses, key elements Defense in depth / zones: instrumentation, safety, PLC, HMI, DMZ (broker), enterprise, internet Air gap to internet: Both inbound and outbound traffic to internet blocked ICS production and management separated at network level: PLCs, safety relays, safety logic, RTUs Only necessary automation protocol traffic enabled Remote maintenance connections default off Strong authentication in remote connections Physical methods against cyber acts, like local/remote switches Application whitelisting on HMIs Malware screening on transient media

ICS cyber defenses, notes In the end, it s all about details! Don t forget continuity management, like HMI disaster recovery backups and restore tests Put focus on the 1 st line of defense: Educate personnel against initial intrusion attempts Windows and Linux PCs are hot spots, embedded devices also! Internet-facing devices are hot spots Detection is as important as prevention is Take care of those USB sticks! You have to know normal, to better detect abnormal Network traffic visibility at application layer In the edge, traditional firewall is not enough anymore

VEO s cyber security services o Cyber security assessments for existing power plants o Named cyber security officer o Cyber security taken into account in delivery projects Different types of power plants Substations Industry New installations and refurbishing projects

VEO is ready to help with cyber security o We can help your company in cyber security-related matters and development o We offer cyber security services especially to power plants and substations, and also to other industrial environments We want to utilize our expertise by participating in our customers cyber security development processes!

Ready for new challenges!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback