ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers
Frederic Buchi, Energy Management Division, Siemens AG Cyber Security in Energy Networks siemens.com/answers
Digital Substations are vulnerable to Cyber Attacks Control Center Level Connectivity increases the exposure to Cyber Threats Unauthorized Access Malware HMI Internet-based Attacks Substation Level Field Level Page 3
Cyber Security in Energy Management Our Offerings Secure Products: Example SIPROTEC 5 Protection Devices Encryption of the communication line between DIGSI 5 and the SIPROTEC 5 device Secure development Patch management Antivirus compatibility Connection password according to NERC-CIP and BDEW White Paper Recording of access attempts in a non-volatile security log and IEC 61850 messaging Confirmation codes for safety-critical operations Page 4 Independent testing Secure development Digitally signed firmware Internal firewall Separation of process and management communication Crypto-chip for secure information storage
Cyber Security over the lifecycle of a system Project Management From Product Security to Operational Security Offer Threat and Risk Analysis Secure System Architecture User Authentication Planning Secure Coding Access Control Access & Account Control and Management Account Management Secure Communication Protocols Security Logging / Monitoring Backup and Restore Implementation (FAT) Installation (SAT) System Hardening and Secure Network Configuration System Hardening Backup & Restore Test Manuals Vulnerability Management & Malware protection Malware Protection Secure Remote Access Page 5
Cyber Security need a Holistic Approach A holistic approach is crucial People Awareness and understanding of cyber security. Products Support of CIA criteria (Confidentiality, Integrity, Availability) Complying with industry standards Processes Covering the whole product life-cycle Fostering solution and operational requirements. Page 6
Vendor Categorization of Security Standards / Guidelines Guideline Requirement BDEW Whitepaper Ausführungshinweise NIST SP800-82 Guide to Industrial Control - Systems (ICS) Security NISTIR 7628 Guidelines for SmartGrid Cyber Security BDEW Whitepaper DIN SPEC 27009 - Annex B WIB Report M2784-X-10 IEC 62443-2-4 Req. for IACS Suppliers (and integrators) IEC 62443-3-3 System Sec. Req. + Security Assurance Levels IEC 62443-4-1 Embedded Devices IEC 62443-4-2 Host Devices IEC 62351 Data and communication security Realization Standard(s) Matter(s) Operator Integrator NERC-CIP ISO/IEC 27019 IEC 62443-2-1 Establish IACS Sec. Program IEC 62443-2-2 Operating IACS Sec. Program Page 7
Cyber Security from Operator Perspective Business targets Achieve Are you prepared? Power System Operator Organization Processes Infrastructure Mitigate Comply Cyber risks Cyber Regulations & Standards Page 8
Siemens Solution Migration concept to secure electrical substations An approach for making existing substations more secure Asset Inventory Network Topology Assessment Concept / Offer Page 9
Field Level Station Level Control Center Level Siemens Solution Secure Substation Blueprint Defining a standardized architecture Remote Access Zone Example Siemens Secure Substation Blueprint Substation Control Zone I Service PC Substation Control Zone II Page 10
Siemens Solution Categories of Cyber Security Controls Implementing security controls, always a mix of: Processes and Policies Organizational Preparedness Secure System Architecture Security Patching Secure Development System Hardening Malware Protection Secure Integration and Service Access Control and Account Management Backup and Restore Vulnerability and Incident Handling Security Logging /Monitoring Secure Remote Access Security Technologies Data Protection and Integrity Privacy Page 11
Siemens Solution Categories of Cyber Security Controls Zoom In Security Patching Implementing security controls, always a mix of: Processes and Policies Organizational Preparedness Secure System Architecture Security Patching Secure Development System Hardening Malware Protection Secure Integration and Service Access Control and Account Management Backup and Restore Vulnerability and Incident Handling Security Logging/Monitorin g Secure Remote Access Security Technologies Data Protection and Integrity Privacy Page 12
Security Patching Keeping the Substation Secure & Up-to-date VENDOR-SIDE SECURITY PATCH MANAGEMENT OPERATOR-SIDE SECURITY PATCH MANAGEMENT register notify Patch Information Patch from Vendor 2 Patch from Vendor 1 Patch from Vendor n Patches to apply in the substation Regulation: Challenges: Keep the security patch status of DSAS up-to-date High availability and reliability of operation have priority Patch Management must be scalable, secure and costefficient Page 13 CERT: Computer Emergency Response Team
Cyber Security in Energy Management Our Offerings Consulting Security Assessments for existing infrastructure, e.g. Hardening BDEW white paper or NERC CIP compliance audit Consultancy for secure integration of Siemens products and systems Holistic Security Consultancy via Smart Grid Compass Siemens Offerings Today Penetration Tests Products & Solutions Network penetration tests at customer infrastructure (simulating external and internal cyber attacks) Centralized Access Control and Password Management Secure Substation, e.g. migration to a secure substation BDEW white paper compliance modules and products Services Cyber Security Training Security Patch Management Page 14
Thank You Frederic Buchi Cyber Security Promoter Siemens Energy Management E-mail: frederic.buchi@siemens.com siemens.com/answers Page 15