The Challenges of Risk Assessment for Smart Grid

Similar documents
Cybersecurity Risk Assessment in Smart Grids

The SPARKS Project Motivation, Objectives and Results

Resilient Smart Grids

Enhancing the cyber security &

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

1.What are critical infrastructures in Switzerland? CIP concept in Switzerland

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Securing Europe s IoT Devices and Services

Summary of Cyber Security Issues in the Electric Power Sector

Cyber Security in Europe

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

IoT & SCADA Cyber Security Services

Why Security Fails in Federated Systems

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

External Supplier Control Obligations. Cyber Security

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

European Union Agency for Network and Information Security

FORTIKA - Cyber Security Accelerator for trusted SMEs IT Ecosystems THE PROJECT

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Cyber, An Evolving Ecosystem: Creating The Road For Tomorrows Smart Cities

Preemptive PREventivE Methodology and Tools to protect utilities

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Scope Cyber Attack Task Force (CATF)

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG2016)

Discussion on MS contribution to the WP2018

The NIST Cybersecurity Framework

RISK MANAGEMENT IBERDROLA S CASE

How a global industry player addresses the Cybersecurity challenges of Air Transport

S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING. Competitiveness of Industry by means of Cross Fertilisation

EU policy and the way forward for smart meters and smart grids

Call for expression of interest in leadership roles for the Supergen Energy Networks Hub

Security Considerations in M2M Communications

ENISA Cooperation in the EU / NIS Directive

NIS Standardisation ENISA view

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Technologies with the potential to enhance resilience - An overview on the activities of ENISA

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Smart Grid Security: Current and Future Issues

Improving SCADA System Security

Protecting Critical Energy Infrastructure International Multistakeholder Conference, Training & Exhibition

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

The Australian Government s Approach to Critical Infrastructure Resilience

Chapter 1. Chapter 2. Chapter 3

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

OPEN Networks - Future Worlds Consultation

Security Challenges in Smart Distribution

CompTIA Security+ Study Guide (SY0-501)

Cybersecurity & Digital Privacy in the Energy sector

Future and Emerging Threats in ICT

Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security

Cyber Attack Information System CAIS. DI Thomas Bleier, MSc, CISSP, CEH

Smart Grid Security: Build in Now or Blackout Later

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Assessments Audits CERTIFICATION

Safety Systems are the New Target Design Security Using Safety Methods

ICB Industry Consultation Body

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

Cybersecurity Lessons learned from the energy sector. Reach a safe harbour. Obtaining knowledge. Summary. Challenges and opportunities

Bradford J. Willke. 19 September 2007

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Cybersecurity & Privacy Enhancements

Implementing Executive Order and Presidential Policy Directive 21

The Telecommunication infrastructure for the smart grid

Secure Product Design Lifecycle for Connected Vehicles

Organizational Readiness for Digital Transformation

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Grid Security & NERC

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG

Thomas Bleier, Zhendong Ma, Christian Wagner AIT Austrian Insitute of Technology

Cybersecurity for Department of Defense Microgrids: An Army Perspective

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

Security for smart Electricity GRIDs

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

The NIS Directive and Cybersecurity in

Cyber Resilience. Think18. Felicity March IBM Corporation

Electricity Security Assessment Framework

Digitalisation of the energy system. Marc VAN STIPHOUT, UNIT C2 European Commission DG ENERGY

United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS

NIS-Directive and Smart Grids

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

GPS Vulnerability and DHS Mitigation Efforts. David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

GDPR Update and ENISA guidelines

Securing Buildings & Facilities From Emerging Cyber Threats

Package of initiatives on Cybersecurity

Version 1/2018. GDPR Processor Security Controls

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Grid Modernization Challenges for the Integrated Grid

Fortum SGEM Program Presentation of ongoing research activities

Toward All-Hazards Security and Resilience for the Power Grid

Transcription:

The Challenges of Risk Assessment for Smart Grid Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September, 2014

Risk Assessment: The Basics Risk assessment is concerned with understanding the probability of a cyber-attack and its impact risk = probability x impact Based on an understanding of threats and vulnerabilities For example, financial loss, damage to equipment, loss of power, The basis for prioritising how to mitigate threats and apply resources for cybersecurity 2

Breakout Session Split into groups of three people and appoint a spokesperson For ten minutes discuss the challenges of risk assessment for smart grid in your group Write these down on post-it notes and stick on the wall Spokesperson presents to the workshop and discuss 3

The Challenges We See We have identified five key challenges with carrying out a risk assessment for smart grid: 1. Managing safety and security risks 2. Analysing cyber-physical risks 3. Understanding risks to legacy systems 4. Complex organizational dependencies 5. Understanding cascading effects These are not unique to smart grid, but all exist, making risk assessment particularly challenging 4

Managing Safety and Security Risks Safety analysis methods are widely used in the energy domain Examples include HAZOP, fault-tree analysis, event-tree analysis, FMEA, STAMP/STPA, There are parallels in the security domain, e.g., attack trees Benefits can be had by performing security and safety co-analysis Reuse of results across analyses Ability to consistently prioritise different types of threats, i.e., attacks versus faults 5

Analysing Cyber-physical Risks The smart grid is a cyber-physical system Power system and ICT infrastructure is tightly coupled through SCADA and control systems Traditional IT security provides necessary tools but not sufficient to secure cyber-physical systems Need for tools and strategies to understand and mitigate attacks: Which threats should we care about? What impact can we expect from attacks? Which resources should we protect (more)? 6

Understanding Risks to Legacy Systems The smart grid will consist of legacy systems and new ICT components that implement advanced measurement and control functions It is often not clear what impact new components will have on legacy systems, and vice versa Legacy industrial control systems are known to be fragile to active security testing techniques A risk assessment method should account for these characteristics of the smart grid 7

Complex Organisational Boundaries In a liberalised European energy market there are many actors Energy producers, Transmission and Distribution System Operators (TSOs and DSOs), and Energy Suppliers Others from the ICT sector are emerging as being important E.g., telecommunications operators and cloud providers Energy consumers become providers, potentially as part of virtual power providers A diverse and complex supply chain is emerging This complex web of dependencies can make risk assessment challenging 8

Understanding Cascading Effects The smart grid consists of a number of sub-systems that support an underlying grid infrastructure The failure of a sub-system could cascade into another This problem is closely related to cyber-physical impact analysis A pathological case: 1. A cyber-attack causes a failure in the energy grid, resulting in a blackout 2. ICT systems start to run on Uninterruptable Power Supply (UPS) 3. The UPS runs out before the grid has recovered 4. ICT systems fail 9

Conclusion SPARKS is aiming to develop a risk assessment framework that accommodates these challenges Suitable analysis techniques can be plugged into the framework to address the challenges Starting point is to consider the suitability of the SGIS toolbox We have a position paper in the main symposium tomorrow that describes these issues 10

Questions? 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback