TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG

Similar documents
BILL SANDERS CYBERSECURITY & PRIVACY FOR THE SMART GRID: CHALLENGES AND OPPORTUNITIES FEBRUARY 10, 2015

The Path to a Secure and Resilient Power Grid Infrastructure

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Smart Grid Security Illinois

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

T&D Challenges and Opportunities

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Smart Grid Standards and Certification

Grid Modernization in New York: The Role of New Technologies and Early Lessons Learned

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Toward All-Hazards Security and Resilience for the Power Grid

Modernizing the Grid for a Low-Carbon Future. Dr. Bryan Hannegan Associate Laboratory Director

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Bradford J. Willke. 19 September 2007

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

NVTC Data Center and Cloud Infrastructure Committee

EDUCATION AND ENGAGEMENT JANA SEBESTIK ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 NOVEMBER, 12, 2014

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Physical Security Reliability Standard Implementation

Statement for the Record

Industry role moving forward

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Electric Program Investment Charge Joint IOU Stakeholder Webinar

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Cyber Security for Renewable Energy Systems

Cisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

June 5, 2018 Independence, Ohio

Chapter X Security Performance Metrics

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Cyber Security Incident Report

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

Alternative Fuel Vehicles in State Energy Assurance Planning

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Safe, Resilient, Customer Focused Infrastructure

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration

Future Grid Initiative

Summary of Cyber Security Issues in the Electric Power Sector

Cybersecurity for the Electric Grid

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Demand for sustainable power is growing worldwide. Energy producers are broadening their offerings for a quickly evolving marketplace.

ENISA EU Threat Landscape

CARILEC. An Association of Electric Utilities

Grid Modernization at the Department of Energy

Medical Device Cybersecurity: FDA Perspective

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Implementing Executive Order and Presidential Policy Directive 21

Building Resilience into the Smart Grid

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

Bridging The Gap Between Industry And Academia

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Grid Security & NERC

Smart Grid Update. Christopher J. Eisenbrey. Director, Business Information Edison Electric Institute (EEI)

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Ad Hoc Smart Grid Executive Committee. February 10, 2011 New Orleans, LA

Cyber Attacks on Energy Infrastructure Continue

Integrating Distributed Resources into Distribution Planning and Operations R&D Priorities

Interoperability and Standardization: The NIST Smart Grid Framework

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Regulatory Impacts on Research Topics. Jennifer T. Sterling Director, Exelon NERC Compliance Program

Digital Wind Cyber Security from GE Renewable Energy

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Scope Cyber Attack Task Force (CATF)

TELECOM & ENERGY «Collaborating to Power the Smart Grids for Digital Growth«

FERC Reliability Technical Conference Panel I: 2015 State of Reliability Report Introduction Overview of the State Of Reliability

Government IT Modernization and the Adoption of Hybrid Cloud

CALIFORNIA CYBERSECURITY TASK FORCE

NW NATURAL CYBER SECURITY 2016.JUNE.16

Supporting Strategic Customers Needs

Project Physical Security Directives Mapping Document

Innovation policy for Industry 4.0

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Standard Authorization Request Form

Addressing the elephant in the operating room: a look at medical device security programs

power delivery & utilization sector roadmaps

Smart Grid. Nancy Doon, Smart Grid Consortium Diane Blankenhorn, LIPA. February 26, 2013

OPERATIONS CONTROL CENTER

power delivery & utilization sector roadmaps

UNITED STATES OF AMERICA BEFORE THE U.S. DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

NERC Overview and Compliance Update

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

Tactical Microgrid Standardization Update to the EGSA Government Relations Committee

SANS SCADA Conference 2012 Progress in implementing the Roadmap to Achieve Energy Delivery Systems Cybersecurity

Energy Assurance Plans

Why you should adopt the NIST Cybersecurity Framework

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

European Union Agency for Network and Information Security

Introduction to the NYISO

The NIST Cybersecurity Framework

Cyber Security Strategy

Cybersecurity and Data Protection Developments

Grid Modernization Challenges for the Integrated Grid

FDA & Medical Device Cybersecurity

Proven results Unsurpassed interoperability Fast, secure and adaptable network. Only EnergyAxis brings it all together for the Smart Grid

CYBER RESILIENCE & INCIDENT RESPONSE

Transcription:

FROM SECURITY TO RESILIENCY: OPPORTUNITIES AND CHALLENGES FOR THE SMART GRID S CYBER INFRASTRUCTURE APRIL 20, 2015 BILL SANDERS UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY FUNDING SUPPORT PROVIDED BY DOE-OE AND DHS S&T 1

THE CHALLENGE: PROVIDING TRUSTWORTHY GRID OPERATION IN POSSIBLY HOSTILE ENVIRONMENTS Trustworthy A system which does what it is supposed to do, and nothing else Safety, Availability, Integrity, Confidentiality Hostile Environment Accidental Failures Design Flaws Malicious Attacks Cyber Physical Must make the whole system trustworthy, including both physical & cyber components, and their interaction. 2

BACKGROUND. 3

SOURCE: CAROL HAWK, CEDS OVERVIEW PRESENTATION 4

Multiparty interactions with partial & changing trust requirements Regulatory limits on information sharing Other Coordinators Market Coordinator Operator Cross Cutting Issues Large-scale, rapid propagation of effects Need for adaptive operation Day Ahead Need to have confidence in trustworthiness of resulting approach Market Market Participant Load Following AGC Control Area Need to create secure and reliable computing base Support large # of devices Timeliness, security, and reliability required of data and control information 5

CONCEPTUAL REFERENCE DIAGRAM FOR SMART GRID INFORMATION NETWORKS 6

DISRUPTIVE TRENDS IN THE SMART GRID: TRANSFORMATION OF THE SMART GRID INFRASTRUCTURE Large numbers of intelligent devices in the substation and the field Smart meters deployed as part of AMI Larger-scale wide-area measurement systems Mixed legacy environment with older components that cannot support modern security mechanisms 7

DISRUPTIVE TRENDS IN THE SMART GRID: ENERGY INTERNET OF THINGS AND UTILITY CLOUDS Radical changes coming in the way ICS will be managed, owing to network virtualization and increased connectivity Increased availability of data and analysis Many events will become manageable in the cloud as wide-area system event Virtualization will blue the notion of the control parameter and make security more difficult Increased dependence on computation and communication could increase attack surface 8

DISRUPTIVE TRENDS IN THE SMART GRID: RENEWABLES Wind and solar are both subject to short-term fluctuations that can potentially destabilize a grid Resiliency requires technology that can sense fluctuations quickly and respond to dynamic variation in generation Requirement for high system selfawareness as well as advanced analytics Distributed generation ownership complicates issue 9

DISRUPTIVE TRENDS IN THE SMART GRID: ELECTRIC VEHICLES EV Everywhere will require a new grid infrastructure, with new security and resiliency requirements Control of infrastructure must deal with rapid changes of volume and location of loads Billing is likely to follow vehicle Will result in complex mobile and humanbased cyber-physical system which will create new reliability and security issues 10

HUMBLE CYBER SECURITY BEGININGS, CIRCA 2000. RAPID ADVANCE TO ADOLESCENCE. 11

CLASSICAL (PHYSICAL) ATTACK APPROACHES Physical attacks on lines, buses and other equipment can be locally effective: low tech attacks may be easy, and are also difficult to defend against Requires physical proximity of attacker Particularly effective if multiple facilities are attacked in a coordinated manner But coordination may be much easier in a cyber attack J.D. Konopka (a.k.a. Dr. Chaos) Alleged to have caused $800K in damage in disrupting power in 13 Wisconsin counties, directing teenaged accomplices to throw barbed wire into power stations. (From Milwaukee Journal Sentinel) http://www.jsonline.com/news/metro/may02/41693.asp 12

POTENTIAL TRANSMISSION-SIDE CYBER ATTACK STRATEGIES Tripping breakers Changing values breaker settings Lower settings can destabilize a system by inducing a large number of false trips Lowering trip settings can cause extraneous other breakers, causing overloading of other transmission lines and/or loss of system stability Malicious fuzzing of power system components Life cycle attacks Insider threats Physical damage by cyber means Combined physical and cyber attacks 13

POWER GRID CYBER SECURITY GUIDANCE Roadmap to Achieve Energy Delivery Systems Cybersecurity 2006, 2011 FERC/NERC: Cybersecurity Standards 2008 to present NISTIR 7628: Guidelines for Smart Grid Cybersecurity, 2009 to present Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) 2012 to present 14

INDUSTRY ROADMAP A FRAMEWORK FOR PUBLIC- PRIVATE COLLABORATION Published in January 2006/updated 2011 Energy Sector s synthesis of critical control system security challenges, R&D needs, and implementation milestones Provides strategic framework to align activities to sector needs coordinate public and private programs stimulate investments in control systems security Roadmap Vision By 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions. 15

FERC/NERC CYBER SECURITY STANDARDS FOR THE BULK ELECTRIC POWER GRID Energy Policy Act of 2005 created an Electric Reliability Organization (ERO) to develop and enforce mandatory cybersecurity standards FERC designated NERC as the ERO in 2006 NERC worked with electric power industry experts to develop the NERC Critical Infrastructure Protection (CIP) standards CIP-002 through CIP-009 Standards approved by FERC in 2008, making them mandatory for owners and operators of the bulk electric system NERC standards continue to evolve, as the threat environment evolves, and more is known about critical infrastructure protection 16

REAL FINANCIAL PENALTIES http://www.nerc.com/filez/enforcement/public_finalfiled_nop_noc-1448.pdf 17

TODAY S CYBER RESILENCEY CHALLENGES AND GAPS. 18

CHALLENGES TO GRID RESILIENCY: DEPENDENCY ON CYBER INFRASTRUCTURE RESILIENCE Resiliency may be impacted by the grid s increased dependence on cyber technology Adverse cyber events may arise from cyber attack, or from software/hardware malfunction, or through error in configuration or operation Cyber assets might be compromised with no direct attack on the physical grid system, or a blended attack could impact both cyber and physical assets The event may affect measurement, communications, or control systems 19

CHALLENGES TO GRID RESILIENCY: DEPENDENCY ON OTHER INFRASTRUCTURES Hydroelectric power depends on the correct function of dam controls Smart grid communication depends on the telecommunication infrastructure The grid features multiple interdependencies with transportation for fuel delivery The emerging electric vehicle system will introduce multiple interfaces, including some tightly coupled ones, to transportation Smart grid market mechanisms will necessitate interfaces to the financial infrastructure, particularly in the case of demand response stimulated by rapid real-time price fluctuations 20

GRID RESILIENCY: THE RESILIENCY CHAIN System Analysis Detection of adverse events Identification of affected assets and potential system consequences Automated or semi-automated response Remediation of the effects of the event Hardening of the affected components and modification of design Full system restoration 21

RESEARCH AND TECHNOLOGY GAPS: SUPPORTING AN EMERGING INTECONNECTED SYSTEM Significant expansion of interconnection with third-party systems Security and resiliency for an energy internet of things 22

RESEARCH AND TECHNOLOGY GAPS: ADVANCED SENSING, ANALTYICS, AND CONTROL Advanced analytics to leverage the wide-area measurement systems being deployed in the smart grid Cyber-physical contingency analysis in support of grid resilience Advanced controls for intelligent autonomous or semi-autonomous islanding to achieve resiliency Adaptive cybersecurity and resiliency for ICS and power applications 23

RESEARCH AND TECHNOLOGY GAPS: ADDRESSING NON-TECHNICAL ISSUES Smart grid components being deployed today will be in the field for a decade or more Social, cultural, and human factors 24

TCIPG VISION AND RESEARCH FOCUS (TCIPG.ORG) Vision: Create technologies which improve the design of a resilient and trustworthy cyber infrastructure for today s and tomorrow s power grid, so that it operates through attacks Research focus: Making smart grid systems resilient to malicious attack Protecting the cyber infrastructure Making use of cyber and physical state information to detect, respond, and recover from attacks Supporting greatly increased throughput and timeliness requirements for next generation energy applications and architectures Quantifying security and resilience 25

2015 TCIPG SUMMER SCHOOL Leverage the emerging Smart Grid Cybersecurity Curriculum Will include hands-on training Scheduled for June 15-19, 2015, reception June 14 Venue will be the Q Center near Chicago, IL 2015 Summer School June 15-19, 2015 Reception: June 14 26

www.tcipg.org Bill Sanders whs@illinois.edu Request to be on our mailing list Attend Monthly Public Webinars Attend our TCIPG Summer School June 2015 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback