Application of Monitoring Standards for enhancing Energy System Security

Similar documents
Security in Power System Automation Status and Application of IEC Steffen Fries, Siemens Corporate Technology, June 13 th, 2017

Program. 5 Day IEC Seminar and Training. XXXX Automation & Information Systems XXXX

INTERNATIONAL ELECTROTECHNICAL COMMISSION. IEC TC57 WG15 Data and Communication Security Status & Roadmap. May, Frances Cleveland.

IEC TC57 WG15 - Cybersecurity Status & Roadmap

Connectivity 101 for Remote Monitoring Systems

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018

TABLE OF CONTENTS. Section Description Page

Smart grid control based on heterogeneous communications and adaptive layers

IP in MV/LV: Expanding IP services to the medium and low voltage layers of the power distribution grid

Lecture #11 Power system communication

Realizing the Smart Grid - A Solutions Provider's Perspective David G. Hart July Elster. All rights reserved.

Peter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, Secure and reliable Redundant communication network and cyber security

IEEE Standards Activities in the Smart Grid Space (ICT Focus) Overview

?? U44, U120 automation, and building automation.

Communication Networks

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

Resilient Smart Grids

Smart Grid Labs. Overview

TCP/IP Communication Aspects in Monitoring of a Remote Wind Turbine

Security in grid control centers: Spectrum Power TM Cyber Security

SDG&E EPIC Program Overview

This document is a preview generated by EVS

TCP with dynamic FEC For High Delay and Lossy Networks. Simone Ferlin and Ozgu Alay Simula Research Laboratory, Norway

SEEDS Industry Engagement Event

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Smart Grid Communications and Networking

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

IEC Overview. Grant Gilchrist. Principal Consultant, Smart Grid Engineering November 2009

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

IEC Vaasa Seminar 21st October Contents

IC32E - Pre-Instructional Survey

Ethernet Network Redundancy in SCADA and real-time Automation Platforms.

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

COMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM

Monitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

IEC and DER Successfully implementing IEC as the standard communication protocol for distributed energy resources

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

ETSF10 Internet Protocols Transport Layer Protocols

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

RID IETF Draft Update

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated August 22, 2018

An Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies

Identity-Based Cyber Defense. March 2017

ICT standards for smart grids: IEC 61850, CIM and their implementation in the ERIGrid project

CSC Network Security

INESC TEC. Centre for Telecomunications and Multimedia. 21 March Manuel Ricardo. CTM Coordinator

November 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer

Cyber Security of Power Grids

Anca Cioraca, Ilia Voloh, Mark Adamiak GE Grid Automation

On Network Performance Evaluation toward the Smart Grid: A Case Study of DNP3 over TCP/IP

What Protection Engineers Need to Know About Networking. ANCA CIORACA, ILIA VOLOH, MARK ADAMIAK Markham, ON, CA King of Prussia, PA GE Digital Energy

Integrated Smart Grid Performance Testing: NIST Research and SG Testbed

Entergy Development and Deployment of IEC Protection and Control Including Process Bus

Overview and Application

Availability Study of the Italian Electricity SCADA System in the Cloud

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

RID IETF Draft Update

PIE in the Sky : Online Passive Interference Estimation for Enterprise WLANs

This is a preview - click here to buy the full publication

Configuring Cisco IOS IP SLAs Operations

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

Substation to substation (ss2ss) GOOSE exchange for critical relay operations

Privacy and Security in Smart Grids

Chapter 2 Communication for Control in Heterogeneous Power Supply

Deterministic Communications for Protection Applications Over Packet-Based Wide-Area Networks

Advanced Network Design

CompTIA Mobility+ Certification

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Industrial Defender ASM. for Automation Systems Management

Cyber Security Standards Developments

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

October 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer

An Interdisciplinary Collaboration Platform for Smart Grid Research

Smart utility connectivity

Legacy-Compliant Data Authentication for Industrial Control System Traffic

Endesa s approach to IEC61850

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Firewalls for Secure Unified Communications

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Automation Services and Solutions

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Presentation to the TEXAS RENEWABLE ENERGY INDUSTRIES ASSOCIATION November 7, 2010

DISCERN SGAM Visio Template User Guide

Security for smart Electricity GRIDs

Configuring Cisco IOS IP SLAs Operations

CCNA Boot Camp. Course Description

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Configuring Cisco IOS IP SLA Operations

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids

COMMUNICATION NETWORKS. FOX615/612 TEGO1 IEC GOOSE Proxy Gateway interface module.

IEC in Digital Substation and Cyber security

System Wide Awareness Training. your cyber vulnerabilities. your critical control systems

ASM Educational Center (ASM) Est Cisco CCNA Routing and Switching Certification

Merge physical security and cybersecurity for field operations.

Transcription:

Application of Monitoring Standards for enhancing Energy System Security G. DONDOSSOLA*, R. TERRUGGIA*, P. WYLACH*, G. PUGNI**, F. BELLIO*** RSE SpA*, Enel SpA**, Enel Produzione SpA*** Italy

About RSE Applied research on the electro-energetic sector, experimental activities including Cyber Security experimental assessment

Cigré Session 2016 Paper D2_204_2016 Security communication assessment over heterogeneous networks Laboratory testbed of Medium Voltage control cyber infrastructure for distribution grids connecting Distributed Energy Resources (DER) Field testbed of a real cyber-physical Hydro Power Plant (HPP) telecontrol infrastructure Ethernet, Mobile technologies (2G,3G,4G) 0.5/6.77/40 Mbps Dedicated Frame Relay-CDN lines with a speed of 32/64 Kbps IEC 61850/MMS IEC 60870-5-104 IEC 62351-4 IEC 62351-5 3

Outline Technical context Motivation and goal Methodology IEC 62351 Smart Energy Systems functions and architectures Distribution Grids connecting DER Medium Voltage (MV) Control Infrastructure

Outline IEC 62351 performance assessment MV Control: IEC 61850-8-1 communications secured with IEC 62351-4/3 communication performance assessment using cellular networks Security Monitoring Overview of IEC 62351-7 Security Monitoring Framework in the MV Control setup Wrap-up and Key lessons

Motivation and goal Smart energy systems deploy open ICT infrastructures exposed to a dynamic cyber threat environment Need to address cyber security requirements of power generation, distribution and DER domains by combining preventive measures with defensive actions Twofold focus security of communication protocols monitoring of information flows in system operation The complementary role of preventive measures and continuous monitoring is shown through the performance assessment of secure communications during attack scenarios

Methodology A common assessment methodology is used to evaluate the application of IEC 62351 security standards for protecting IEC 61850 and IEC 60870-5-104 communications of renewable DER and Hydro Power Plants over heterogeneous technologies Communication integrity and confidentiality are provided by authentication mechanisms and encryption algorithms at application and transport layers Ongoing anomalies and cyber attacks to energy systems are detected by a monitoring infrastructure supporting fast reactions and continuous defense enforcement

Methodology The distinguishing aspect of the assessment methodology is the definition of performance measures specific for the energy applications and communication/security protocols An analysis tool calculates the measures of interest from network traces, performs the statistical analysis of data collected during security/technology/attack tests, feeds in the agent data of the SNMP monitoring infrastructure The energy system monitoring collects data objects from IEDs and RTUs according to IEC 62351-7, and combine them with IETF data objects available in commercial network devices

IEC 62351 - overview Security means defined for Authentication and authorization (RBAC) Secure IP- based and serial communications Secure application level exchanges Key management Security monitoring and event logging Conformance test cases Guidelines for applying specific security measures by utilizing or profiling existing standards and recommendations 9

IEC TC57 Power System Communication Standards IEC 62351 - Secure Control protocols IEC 62351-1: Introduction IEC 60870-6 TASE.2 (ICCP) IEC 60870-5-104 & DNP3 IEC 60870-5-101 & Serial DNP3 IEC 61850-8-1 MMS IEC 61850-8-1 GOOSE and SV IEC 61850-8-2 MMS over XMPP IEC 61970 & IEC 61968 CIM IEC 62351-3: Profiles including TCP/IP IEC 62351-4: Profiles including MMS and similar Payloads IEC 62351-5: IEC 60870-5 and Derivates IEC 62351-6: IEC 61850 Profiles IEC 62351-11: Security for XML Files IEC 62351-2: Glossary IEC 62351-7: Objects for Network Management IEC 62351-8: Role based Access Control IEC 62351-9:Key Management IEC 62351-14: Cyber Security Event Logging IEC 62351-4 for securing MMS based applications (e.g. IEC 61850-8-1, IEC 60870-6) IEC 62351-100 Conformance Testing application profiles IEC 62351-100-1: IEC 60870-5-7 (Part 3/5) transport profiles (use of TLS, specified by Part 3) IEC 62351-90-1: RBAC Guidelines IEC 62351-90-2: Deep Packet Inspection IEC 62351-10: Security architecture guidelines for TC 57 systems IEC 62351-5 for securing IEC 60870-5 (Transmission protocols in Telecontrol equipment and systems), DNP3 and serial verisons IEC 62351-12: Resilience and Security Recommendations for Power Systems with DER IEC 62351-6 for securing application s using GOOSE and IEC 61850-9-2, requiring 4 ms response times IEC 62351-13: What Security Topics Should Be Covered in Standards and Specifications 10

IEC 62351 MV Control Security means defined for Authentication and authorization (RBAC) Secure IP- based and serial communications Secure application level exchanges Key management Security monitoring and event logging Conformance test cases Guidelines for applying specific security measures by utilizing or profiling existing standards and recommendations 11

IEC 62351 HPP Security means defined for Authentication and authorization (RBAC) Secure IP- based and serial communications Secure application level exchanges Key management Security monitoring and event logging Conformance test cases Guidelines for applying specific security measures by utilizing or profiling existing standards and recommendations 12

IEC 62351-4 Profiles including MMS IEC 62351 Part 4 (TS 2007) specifies procedures, protocol enhancements and algorithms targeting MMS security MMS Security Profiles A-Profile Application Layer Security T-Profile Transport Layer Security-> Part 3 Mandatory and recommended TLS options 13

IEC 62351-4 (2) A-Profile Application Layer Security T-Profile Transport Layer Security 14

IEC 62351-3: Communication network and system security Profile including TCP/IP IEC 62351 Part 3 (IS 2014) specifies how provide security for TCP/IP-based SCADA and telecontrol protocols Constraints on Transport Layer Security (TLS) for end to end security TLS Version Deprecated cyber suites, interoperability Bi-directional certificate exchange and validation is mandatory (mutual authentication) Session key update Session renegotiation time Session resumption time Certificate management 15

IEC 62351-7: Network and System Management (NSM) data object models IEC 62351 Part 7 (IS 2017) specifies data object models to monitor the health and the condition of the power system components/communications Monitoring for security purpose, enabling anomaly detection and recovery functions Monitoring network and IED devices and correlation of information from IEC 62351-7 data objects (OT devices) IETF data objects (OT/IT devises) 16

IEC 62351-7 (2) Information Infrastructure Power System Infrastructure Monitoring objects 17

IEC 62351-7 (3) Environment IED Application Protocol Interfaces Clock 18

Integrated monitoring Analysis Cloc k Enviromen t IED Applicati on Protocol Interfac es 19

IEC 62351-7 (4) IEC 62351-7 IS Abstract UML Model SNMP protocol MIB implementation 20

PCS ResTest activity Grid and ICT Control Centres Substation Control DER Control

QoS Assessment Technology Tests Security Tests Test Traces SG QoS Analyser QoS Measures SG QoS Analyser 22

Tests Cases Technology Tests Impact analysis of cellular technologies on IEC 61850/MMS control flows Ethernet as baseline (Switched Eth VLAN) Mobile access networks: 4G, 3G and 2G Security Tests Impact analysis of security technologies on IEC 61850/MMS control flows Plain Security (IP tunneling and ACL) Standard Security (TLS as add-on to Plain Security)

QoS Indicators TCP/TLS Handshake Time Handshake duration for TCP connection/tls session MMS HandshakeTime Time required for the establishment of the MMS session MMS Profile Exchange Time TLS renegotiation/resumption Time RTT (Round Trip Time)-Report RTT-Setpoint TCP connection active time Retransmissions # of TCP/TLS/MMS sessions Session Overhead Rate Report/Setpoint Losses Exchange duration of the MMS profile between client and server Time required for renegotiation/resumption operations Time interval between the output of a report and the reception of the corresponding TCP ack by the MMS server Time interval between the output of a setpoint request and the reception of the corresponding TCP ack by the MMS client A ratio between the TCP connection time available for transmitting control traffic over the total test duration Number of TCP Retransmissions Number of reports/setpoints retransmissions Number of correct establishment of TCP, TLS and MMS sessions Number of failed establishment of TCP, TLS and MMS sessions Time taken for session setup and restoration. Time not available for power grid control activities over the total time Number (Percentage) of lost reports/setpoints 24

Experimental results 25

Wrap-up Experimental platforms The work presents an experimental framework to assess the performance of security solutions in energy control systems and evaluate new functionality for the timely management of residual risks A common security assessment methodology is used to evaluate the application of IEC 62351 security standards for protecting IEC 61850 and IEC 60870-5-104 communications of renewable DER and hydro power plants over heterogeneous technologies in lab and field testbeds The distinguishing aspect of the assessment methodology is the definition of performance measures specific for the energy applications and communication/ security protocols Heterogeneous communication networks mobile networks wired links

Wrap-up Cyber Security measures End-to-end security conforming to IEC 62351-4/5 Communication integrity and confidentiality are provided by authentication mechanisms and encryption algorithms at application and transport layers Security monitoring conforming to IEC 62351-7 Ongoing anomalies and cyber attacks to energy systems are detected by a monitoring infrastructure supporting fast reactions and continuous defense enforcement The energy system monitoring collects data objects from IEDs according to IEC 62351-7, and combine them with IETF data objects available in commercial network devices

Key lessons Results The IEC 62351 implementation in IEC 60870-5-104 and IEC 61850 protocols results in good performances of end-to-end communications in all the tested technologies provided that the connection is stable The dependency of performance values on the packet size is clearly visible in both wired and wireless technologies The security profile configuration influences the transport handshake times, and the influence is stronger with low speed links Measures from field tests gave useful feedbacks on technological improvements of the HPP telecontrol infrastructure The performance assessment methodology allows specifying Quality of Service requirements that cover security extensions, useful for SLA with telco operators

Key lessons Results Results from monitoring tests contributed to the specification of IEC 62351-7 data objects The implementation of a monitoring infrastructure able to correlate the performance indicators from IED and network devices increases the effectiveness of attack detection and mitigation

Thank you! Contact: Giovanna.Dondossola@rse-web.it

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback