Peter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, Secure and reliable Redundant communication network and cyber security

Similar documents
Ethernet Network Redundancy in SCADA and real-time Automation Platforms.

Ahead of the challenge, ahead of the change. Beyond classical substation How seamless communication networks can be used in special applications

Building Resilient IEC Communication Networks with Next Generation Redundancy Technologies

What Protection Engineers Need to Know About Networking. ANCA CIORACA, ILIA VOLOH, MARK ADAMIAK Markham, ON, CA King of Prussia, PA GE Digital Energy

Migration Paths for IEC Substation Communication Networks Towards Superb Redundancy Based on Hybrid PRP and HSR Topologies

Smart Grid Communications. WFCS 2016 May 3-6, 2016, Aveiro, Portugal

Anca Cioraca, Ilia Voloh, Mark Adamiak GE Grid Automation

Importance of Interoperability in High Speed Seamless Redundancy (HSR) Communication Networks

Hugo E. Meier, Heidelberg, Germany, June 2014 Integrator Partner Seminar2014 Substation automation trends

MiCOM Pxxx PRP. Pxxx/EN PR/B11. Update Documentation. Version Software Version See Table 2 Hardware Suffix See Table 2

October 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer

November 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer

IEEE 1588v2 Time Synchronization in Energy Automation Applications Case Studies from China

FHT: A Novel Approach for Filtering High-Availability Seamless Redundancy (HSR) Traffic

IEC Vaasa Seminar 21st October Contents

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

TR IEC Deterministic Networking

User Manual. Redundancy Configuration Rail Switch Power Enhanced (HiOS-2S/2A/3S RSPE) UM RedundConfig HiOS-2S/2A/3S RSPE Release 4.

User Manual. Redundancy Configuration Embedded Ethernet Switch (EES) UM RedundConfig EES Release /2013

Cyber Security for Process Control Systems ABB's view

COLLABORATE TO WIN. 03/31/2017 Digital Substation Turning IEC61850 features into benefits. Peter Rietmann, Program Manager Digital Substation NA

COMMUNICATION NETWORKS. FOX615/612 TEGO1 IEC GOOSE Proxy Gateway interface module.

Rugged communications for the digital substation usa.siemens.com/ruggedcom

User Manual. Redundancy Configuration HiOS-2S-2A-3S RSPE (Rail Switch Power Enhanced) UM RedundConfig HiOS-2S-2A-3S RSPE Release 5.

Cyber security for digital substations. IEC Europe Conference 2017

IEEE Frame Replication and Elimination for Reliability. Franz-Josef Goetz, Member of IEEE TSN TG, Siemens AG

Overview and Application

HSR High-availability Seamless Redundancy

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Security in Power System Automation Status and Application of IEC Steffen Fries, Siemens Corporate Technology, June 13 th, 2017

A NOVEL FILTERING TECHNIQUE FOR REDUCING REDUNDANT UNICAST TRAFFIC IN HSR NETWORKS

Software Implementation of Two Seamless Redundant Topologies in a Digital Protection System based on IEC

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Substation automation products. MicroSCADA Pro for substation automation

Providers of a Comprehensive Portfolio of Solutions for Reliable Ethernet and Synchronization in the Energy Market. Industrial

automation network Prof. Dr. Hubert Kirrmann Diana Ilie ABB Research Center, Baden, Switzerland Claudio Honegger

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Network Infrastructure

Brochure 3/2017 usa.siemens.com/ruggedcom

Experience with IEC based Systems

Grid Automation Products. MicroSCADA Pro Substation automation applications.

User Manual. Redundancy Configuration Embedded Ethernet Switch (EES) UM RedundConfig EES Release /2012

Cyber Threats? How to Stop?

Cyber Security of Industrial Control Systems (ICSs)

M242 COMPUTER NETWORS AND SECURITY

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Cybersecurity was nonexistent for most network data exchanges until around 1994.

High Availability Seamless Ring Protocol. Implementation in FPGA

The debut of Relion 2.2 The new IEDs generation A suitable portfolio for your digital substation

MicroSCADA Pro Substation automation applications.

Substation Automation based on IEC Claes Rytoft ABB Power Systems

Relion 630 series. Load-shedding controller PML630 High performing load-shedding solution for industrial and utility power networks

Energy Infrastructure Demands Mission Critical Networking

IEC in Digital Substation and Cyber security

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Brochure 11/2016 siemens.com/ruggedcom

Power Automation Solutions with the IEC standard

Cybersecurity for the Electric Grid

Peter Overgaauw Pascal Stijns 27 Oct 2016 EXPERION PKS CONTROLS ELECTRICAL SYSTEMS TOO!

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Chapter 16: Switched Ethernet in Automation. Wenbo Qiao

System-on-Chip engineering. The SoCe Difference. FPGA based Solutions for Communications in Critical Systems

Siemens AG All rights reserved.

TECHNICAL SPECIFICATION

Implementation Plan for Version 5 CIP Cyber Security Standards

Digital Wind Cyber Security from GE Renewable Energy

Application of Monitoring Standards for enhancing Energy System Security

Applications and Industry Activities

Gerhard Brndt, ABB AG, BU Power Generation Cyber Security and Compliance in Increasingly Distributed and Aging Power Generation Infrastructures

irbx - HSR/PRP Redundancy Switch Module User s Manual

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Time Synchronization and Standards for the Smart Grid

-- Smart Grid Communication --

1756-EN2TP Parallel Redundancy Protocol Module Network Redundancy

ENISA S WORK ON ICS AND SMART GRID SECURITY

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Make your life safer and simpler

Smart Grid Standards and Certification

ISA99 - Industrial Automation and Controls Systems Security

Substation to substation (ss2ss) GOOSE exchange for critical relay operations

A plane can be uniquely determined by three non-collinear points - how many do we really need?

Grid Security & NERC

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Jehanpour Ranjkesh, Integrator Partner Seminar 2012 Station level product news Automation Controller COM600

Local Area Networks. Ethernet LAN

Upgrading From a Successful Emergency Control System to a Complete WAMPAC System for Georgian State Energy System

Highly Available Networks

JULIO OLIVEIRA, ABB POWER GRIDS GRID AUTOMATION, DECEMBER 01 ST ABB Ability - Digital Substations. FISE 7a Edición

Securing Industrial Control Systems

Networking interview questions

NERC-CIP CAN-0024: Securing Critical Cyber Assets with Data Diodes

Industrial Defender ASM. for Automation Systems Management

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Kyland solution for IEEE1588 Precision Time Synchronization in Electric Utilities

ISA99 - Industrial Automation and Controls Systems Security

Industrial Network Trends & Technologies

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

Developing a New HSR Switching Node (SwitchBox) for Improving Traffic Performance in HSR Networks

Smart Grid vs. The NERC CIP

Introduction to Ethernet. Guy Hutchison 8/30/2006

Transcription:

Peter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, 2011-09-20 Secure and reliable Redundant communication network and cyber security

Content Reliable Substation communication networks Introduction of IEC 62439 Redundancy Comparison of different port redundancy methods Experiences Cyber Security for Substation Automation Key Cyber-Security initiatives Cyber Security in the system lifecycle

IEC 61850 Redundancy Status In the current edition of IEC 61850 redundant communication is not defined In the IEC 61850 committee it has been identified that the lack of redundancy definition in the standard is becoming a real concern in respect of interoperability Preparation for defining redundancy in IEC 61850 is in the final stage IEC 61850 Edition 2 covering redundancy will be ready in 2011 Redundancy will be added to station bus (IEC 61850-8-1) and to process bus (IEC 61850-9-2) IEC 61850 will not invent the redundancy but refer to PRP/HSR of the IEC 62439 standard PRP (Parallel Redundancy Protocol ) HSR (High-availability Seamless Redundancy )

Comparing some characteristics Redundancy protocols for SAS IEC 61850 for SAS IEC 61850 Reference: IEC 62439-1

Redundant network Single ring using external switches Advantages and disadvantages Any topology supported: Tree, Star, Ring, mashed Network is autonomous, independent of IEDs Standard Ethernet components, no special devices Flexible network speed (100MBit/s, 1GBit/s) and media Full bandwidth can be used, no double frames www.infoplc.net ~5ms/switch failure recovery time RSTP Failure or power-off of 2 or more IEDs has no impact to the network Moderate costs for switches and network cabling Fully Interoperability any IEC61850 3rd party IED can be connected to the network

Redundant network with IEC 62439-3 PRP Parallel Redundancy Protocol receiver sender Operation principle DANP (Double Attached Node implementing PRP) are attached to 2 independent LANs Source DANP sends same frame over both LANs Destination DANP receives frame from both LANs, consumes 1st frame, discards the duplicated

Redundant network with IEC 62439-3 PRP Advantages and disadvantages Any topology supported: Tree, Star, Ring, mashed Network is autonomous, independent of IEDs Standard Ethernet components, no special devices Flexible network speed (100MBit/s, 1GBit/s) and media Full bandwidth can be used, frames run on separate LANs 0ms failure recovery time No frame loss Failure or power-off of IEDs has no impact to the network High costs for switches and network cabling Connecting single port IEDs directly to one network Fully Interoperability with non redundant IEDs

Redundant network with IEC 62439-3 HSR High-availability Seamless Redundancy A -frame sender DANH B -frame DANH singly attached nodes switch interlink RedBox DANH DANH DANH DANH DANH receiver Operation principle DANH (Double Attached Node implementing HSR) has 2 ports operated in parallel Source DANH sends a frame over each port ( A -frame and B -frame) Destination DANH receives frame from each port, consumes 1st frame, discards the duplicated DANH support bridge functionality and forward frames from one port to the other (not frames that it injected)

Redundant network with IEC 62439-3 HSR Advantages and disadvantages Only ring or ring of ring topologies IEDs are integral part of network No direct connection of single port IEDs possible (only via RedBox) Standard Ethernet components cannot be used Not interoperable with non redundant IEDs Fix network speed (100MBit/s) Bandwidth is half (double messages over one network) singly attached nodes end node end node A B A B A B switch interlink RedBox B A B A B A B A B A end node end node end node end node end node Failure or power-off of more than 2 IEDs has impact to the network Low cost (no switches and few network cables) 0ms failure recovery time No frame loss

Redundant ports on IEDs Summary of different redundancy methods Redundant Network Method IEC61850 8-1/9-2 Ed 2 Frame loss Recovery time Port redundancy Network redundancy PRP IEC 62439-3 yes No 0 ms yes yes Single Network Dual homing No proprietary No 0 ms yes yes Channel Switching No proprietary Yes typ. 10ms yes no IEDs active part of Network HSR IEC 62439-3 yes No 0 ms yes no RSTP no Yes typ. 100ms (ring with 20 nodes) yes no February 17, 2012 Slide 10

Experience CIGRE Session Paris 2010, PRP/HSR Demonstration

Experience with PRP Successful long term in-house verification / pilot project Continues long term in-house test at the ABB system verification center Successfully working since more than a year. All stability and stress tests passed PRP is well proven, uses minimal configuration effort and is interoperable with single attached devices February 17, 2012 Slide 12

Network Partner SSLTA 88SRS485MSRS485MSREDU/M SERVICE RS232 RS485 RS485 1MRSC60029 1MRSC60028 1MRSC60028 1MRSC60028 1MRSC60028 1MRSC60028 1MRSC60028 www.infoplc.net Experience with PRP Various projects under execution Digital Control System LOCAL HMI IEC 60 870-5-101 Control Center Terminal Server Ethernet GPS SNTP PC PC IEC61850 1 SWITCH (4x) SWITCH SWITCH SWITCH (4x) 2 1 1 2 2 1 1 2 2 1 1 2 2 1 1 2 2 1 2 1 2 1 2 REC670 RET670 RET670 RET670 REC670 REC670 REC670 REC670 RET670 RET670 RET670 Medium Voltage Protection and Control Line Transformer February 17, 2012 Slide 13

Conclusion Recommendation if redundant links on IEDs is required PRP for High demanding applications (High-voltage transmission substations, Complex industrial applications, ) Large systems GOOSE is used for time critical applications HSR for Small systems (Distribution applications) GOOSE is used for time critical applications

Cyber Security for Substation Automation

Cyber Security for Substation Automation Why is Cyber Security an issue? Cyber security has become an issue by introducing Ethernet (TCP/IP) based communication protocols to industrial automation and control systems. e.g. IEC60870-5- 104, DNP 3.0 via TCP/IP or IEC61850 Connections to and from external networks (e.g. office intranet) to industrial automation and control systems have opened systems and can be misused for cyber attacks. Cyber attacks on industrial automation and control systems are real and increasing, leading to large financial losses Utilities need to avoid liability due to non-compliance with regulatory directives or industry best practices; February 17, 2012 Slide 16

Cyber Security for Substation Automation Drivers and attackers Main Benefit Reduce risk of damage by cyber attacks Current drivers Currently many initiatives and activities driven by technology, solutions and FUD Cyber security approaches should be based on an understanding of risk Who are the attackers? Accidents / Mistakes Rogue insider The an factor Malware Thieves / Extortionists Enemies / Terrorists Likelihood Bottom line is likelihood is unknown consequences are potentially huge February 17, 2012 Slide 17

Cyber Security for Substation Automation Key Cyber-Security initiatives Standard Main Focus Status NIST SGIP-CSWG NERC CIP Smart Grid Interoperability Panel Cyber Security Working Group NERC CIP Cyber Security regulation for North American power utilities On-going * Released, On-going * IEC 62351 Data and Communications Security Partly released, On-going * IEEE PSRC/H13 & SUB/C10 IEEE 1686 Cyber Security Requirements for Substation Automation, Protection and Control Systems IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities On-going* Finalized ISA S99 Industrial Automation and Control System Security Partly released, On-going * * On-going: major changes will affect the final solution February 17, 2012 Slide 18

IEC 62351 Status Overview Ongoing changes will affect the final version IEC 62351 Power systems management and associated information exchange - Data and communications security Official Status Actual Status Part 1 Communication network and system security Introduction to security issues TS TS Part 2 Glossary of terms TS TS Part 3 Security for profiles including TCP/IP TS New Version Planned (depending on Part 9) Part 4 Profiles including MMS TS New Version Planned (depending on Part 9) Part 5 Security for IEC 60870-5 and derivatives TS New Version Planned (depending on ext. to IEC104) Part 6 Security for IEC 61850 TS Changes in progress Part 7 Network and system management (NSM) data object models TS TS Part 8 Role-Based Access Control ACDV ACDV Part 9 Key Management (Certificate Handling) NWP NWP Part 10 Security Architecture NWP NWP February 17, 2012 Slide 19 NWP New Work Item Proposal ANW Approved New Work ACDV Draft approved for Committee Draft with Vote CDTS Circulated Draft Technical Specification TS Technical Specification

Cyber Security for Substation Automation Back to the basics Accept responsibility Security is about processes Ignore compliance - at least at first There is no such thing as 100% security Security does not come for free February 17, 2012 Slide 20

Cyber Security for Substation Automation Cyber Security in the system lifecycle Development Installation / migration Operations Verify Security testing Security testing Incident handling React Realize Secure design Secure code Secure configuration Security policy Monitoring & audits Detect Prepare Threat modeling Developer security training Plant security architecture Plant security assessment Customer Security training Security architecture maintenance Platform patch management Protect time February 17, 2012 Slide 21

Cyber Security for Substation Automation A pragmatic approach Defense in depth Least-privileges Network separation System Hardening Protected communications Secure remote access All while keeping an eye on reliability, interoperability and performance. February 17, 2012 Slide 22

Cyber Security for Substation Automation Typical substation automation system architecture Secure remote access Hardened systems Network Separation February 17, 2012 Slide 23

Cyber Security for Substation Automation Trends Regulation & Government initiatives Today NERC CIP regulation for securing Bulk Electric System Trend Additional security regulations expected for Smart Grid and will cover all voltage level Application Focus Business aspects Focus on Network Management and DCS Smart Grid stimulus funding tied to sound security approach Avoiding fines associated with non-compliance (end-users) Government organizations increase attention to securing critical infrastructure Focus on end-to-end security Reduction of risks associated with cyber security February 17, 2012 Slide 24

ABB s Cyber Security Activities Summary Security is well established within ABB Today we can deliver products and systems that meet most customer security requirements to a high degree We will continue to adapt our products and system to meet additional requirements from customers and standards February 17, 2012 Slide 25

Redundant network with IEC 62439-3 PRP Parallel Redundancy Protocol upper layers link redundancy entity applications publisher/ transport layer subscriber network layer send receive applications publisher/ transport layer subscriber network layer send receive network interfaces A B A B Tx Rx Tx Rx Tx Rx Tx Rx transceivers LAN A LAN B A B Send on both LANs: the stack sends each frame simultaneously on LAN A and LAN B. Frames over LAN A and B have different transmission delays (or may not arrive at all) Receive from both LANs: the stack receives both frames, the entity between the link and the network layer handles the frames and can filter duplicates. Both lines are treated equal. Each node in PRP has the same MAC address and the same IP address on both network interfaces.

Redundant network with IEC 62439-3 PRP Discarding duplicates: Sequence counter standard Ethernet frame preamble sequence destination source LLC payload size FCS counter line time each frame carries a sequence counter, a line indicator and a size field, inserted after the payload to remain transparent to normal network traffic. the send inserts the same sequence counter in both frames of a pair, and increments it by one for each sending from this node to that other node. the receiver keeps track of the sequence counter for each frame for each source MAC address it receives frames from. Frames with the same source and counter value coming from different lines are ignored. to this purpose, each node keeps a table of all other nodes in the network, based on observation of the network. This allows to detect nodes absence and bus errors at the same time.

Redundant ports on IEDs Overview of different redundancy methods Redundant Network PRP (IEC 62439-3) Dual homing (proprietary) Single Network Channel switching (proprietary) Single Network, IEDs active part of Network HSR (IEC 62439-3) RSTP

Integrated Ethernet Switch with RSTP Principle Switch PC1 Network IED IED IED IED Switch PC2 Switch Logical open connection Operation Mode 2 ports active RSTP protocol for ring redundancy Recovery time typically 100ms (depends on the number of nodes and type of failure) Advantage Low-cost Disadvantage Slow recovery performance Use GOOSE only for not time critical applications Messages can be lost during recovering phase No network redundancy IEDs are active part of the network Disconnecting, power-off IEDs disturbs or interrupts the network Transmission delay by each hop (each IED) Not interoperable with e.g. HSR IED February 17, 2012 Slide 30

Integrated Ethernet Switch with HSR Principle PC1 PC2 Red.Box Red.Box Network IED IED IED IED Operation Mode 2 ports active HSR protocol for ring redundancy Switch over time 0ms Advantage Low-cost No recovery time No messages are lost Standard according IEC 61850-8-1/9-2 Edition 2 Disadvantage No network redundancy IEDs are active part of the network Disconnecting, power-off IEDs disturbs or interrupts the network Transmission delay by each hop (each IED) February 17, 2012 Slide 31

Channel Switching Method Principle Switch PC1 PC2 Network Switch Switch Switch IED IED IED IED Operation Mode 1 Port active 1 Port monitored passive (only link to switch is monitored) Switch over time approx. 10ms Advantage IEDs are not active part of the network Disadvantage Slow switch-over performance Use GOOSE only for not time critical applications Messages can be lost during switch-over No network redundancy, IEDs have to be on the same network Not according IEC 61850-8-1 Not interoperable with e.g. PRP February 17, 2012 Slide 32

Parallel Redundancy Protocol (PRP) Principle Switch PC1 Switch Network A PC2 Switch Network B Switch IED IED IED IED Operation Mode 2 Ports active Messages are sent / received simultaneously on both ports Switch over time 0ms Advantages No recovery time No messages are lost Network redundancy (Network A and B) IEDs are not active part of the network Standard according IEC 61850-8-1/9-2 Edition 2 Disadvantages Higher cost February 17, 2012 Slide 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback