Smart Grid vs. The NERC CIP Tobias Whitney, MBA GE Smart Grid Center of Excellence 1
First The Bottom Line Security & Privacy are paramount Smart Grid concerns of regulators and the public Currently every ARRA approved Smart Grid project requires security, but what are utilities actually doing? The NERC CIP standard does apply to Smart Grid Deployments Smart Grid concepts and technologies have advanced faster than standards and security practices
Market Snap Shot Smart Grid Security IP based interoperable systems will create security challenges for disparate and proprietary vendors products 3 rd party vendors will play a significant role in providing network services. Security ownership is unclear. New standards and regulations will require that many Smart Grid components will address security. Every Smart Grid program will have dollars ear-marked for Security. Security and compliance mandates are unclear.
Do NERC CIP Standards Apply? And we will discuss other standards to be considered.
Cyber Security Risks Smart Grid Systems Level Risks: DA/SA Risks manages Self-healing, microgrid and operational components Meter Risks manages Smart Meter based functions such as reads, AMI network and Head-end functionality Premise Risks manages the interface between the home/business and the utility such as HANs, IHDs and PCTs Operations Risks manages interfaces between traditional SCADA control center apps and other environments Vendor Risks 3 rd party connections managed securely to interface with Utlity based applications (e.g. AMI Head-end and SAS offerings) Back Office Risks manages interfaces with systems such as financial ERPs, MDMS, GIS to Smart Grid related environments
Architecture 1 Meter & Premise Risks Smart Meters have the ability to access and control downstream resources such as IHDs and PCTs within home area network (HAN) environments. The hand shake between the exchange between the Smart Meter and the HAN is critical for the integrity of the AMI network, but also presents a threat to the utility because of the connectivity between HAN systems and the utility s AMI Network. Recommendations: Publish a policy that states that the Home Area Network is the sole responsibility of the end user Alarm tampers for physical access to Smart Meters Utilize industry standard public key infrastructure to authenticate meter control signals and data such as 256 Bit Elliptic Curve Cryptography. Relevant Standards: NERC CIP Standards (for AMI Headend) NISTIR 7628 AMI-SEC Smart Grid Security Guidelines
Architecture 2 DA/SA and Operations Risks Each end-point device on the Automation Network represents a point of access to the Utility network. Two-way communication presents the risk of escalation and customer data compromise and isolated system outages. Recommendations: Encryption of all end-point device communication on Automation network. Consider the following technologies to secure the storage and transmission of meter data: 128 bit AES Encryption 256 EC Encryption Digital Signatures The physical location of gatekeeper or collector devices should be within a physically secured perimeter within a utility control location such as a substation. All devices should possess physical tamper detection and alarm when local access is obtained or when the device has been taken off-line. Each device should possess intrusion detection/protection security system to identify if malicious activity is taking place within the local area of the device. Gateway devices should be able to perform traffic filtering to limit non-essential communication. Relevant Standards: NERC CIP 002-009 NIST Special Publication (SP) 800-53, NIST SP 800-82 NISTIR 7628 AMI-SEC Smart Grid Security Guidelines
Architecture 3 Vendor and Back Office Risks EMS/DMS applications perform large scale control and monitoring functions for Distribution system assets. AMI and Distribution Automation data will integrate with NERC CIP related systems and facilities. Recommendations: Security management consoles should be utilized at head-end equipment to manage the security of meters, collector/gateways and HAN devices. The console should provide a full suite of services to manage: Authentication/Authorization Meter and HAN Registration Intrusion Detection Data Network encryption Data encryption Digital Certificates Network traffic filtering User Administration Auditing and Security Reporting Key Management Firewall and intrusion detection systems should be implemented to manage and monitor AMI network interface. All head-end (AMI network interface) equipment will be deemed critical and will be managed to comply with the NERC Critical Infrastructure Protection Standards. Relevant Standards: NERC CIP 002-009 NIST Special Publication (SP) 800-53, NIST SP 800-82 NISTIR 7628 AMI-SEC Smart Grid Security Guidelines SAR-BOX Privacy & Red Flag
Do NERC CIP Standards Apply?
Yes The NERC Standards Apply Ask the following questions to your Smart Grid Team: 1. Do you have more than 300MW load managed by Smart Meters and AMI. 2. Do you operate a Meter Head-End System? Is the vendor compliant to your standards? 3. Do you perform Direct Load Control? Remote Disconnect? 4. Can multiple DA substations communicate to each other without network filtering? 5. Have we determined each Smart Grid interface to our electronic security perimeter?
Questions?