S2ERC Industry Outreach Workshop Cyber Physical System Security Manimaran Govindarasu Dept. of Electrical and Computer Engineering Iowa State University gmani@iastate.edu
Outline Background CPS Security Research CPS Security Testbed Conclusion 2
Smart Grid: A Cyber-Physical System Source: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0, February 2012 3
SCADA Control Network 4
Cyber Threats Critical Infrastructures Cyber-Based Attacks Protocol Attacks Network Infr. Attacks Intrusions Malware Denial of Service (DoS) Insider Threats [General Accounting Office, CIP Reports, 2004 to 2010]; [NSA Perfect Citizen, 2010]: Recognizes that critical infrastructures are vulnerable to cyber attacks from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and other malicious intruders. 5
Stuxnet malware (July 2010) Possible Attack Path Initial Delivery (via USB) Corporate LAN infected Reporting to attack control server Connect to substations Deliver attack payload to PLC Affect Uranium enrichment Target Industrial control systems Modifies code on PLCs in Uranium enrichment facilities Alters the speed of centrifuges used for Uranium enrichment Lessons Learned Took 1 year to discover > 100,000 machines infected Professionally written code Infected PLCs appear to function normally Future Requirements Active network monitoring Behavior and reputation based access control lists Anomaly detection Insider threat mitigation 6
Cyber Vulnerabilities (trend) In fiscal year 2012, 198 cyber incidents reported. Energy sector attacks 41% of the total incidents. Source: http://www.ics-cert.us-cert.gov/pdf/ics-cert_monthly_monitor_oct-dec2012.pdf 7
Attacks-Cyber-Control-Physical 8
Smart Grid Security = Info + Infra + Appln. Security Information Security Infrastructure Security Applications Security N E E D S Information Protection Confidentiality Integrity Availability Authentication Non-repudiation Infrastructure protection Routers DNS servers Links Internet protocols Service availability Generation Control Transmission Control Distribution Automation Sys. Monitoring & Protection Real-Time Energy Markets Energy Management System M E A N S Encryption/Decryption Digital signature Message Auth.Codes Public Key Infrastructure Firewalls IDS/IPS Authentication Protocols Secure Protocols Secure Servers IPSEC, DNSSEC Attack-Resilient WAMPAC Model-based Algorithms - Anomaly detection - Intrusion Tolerance Risk modeling and mitigation Secure EMS and automations Transform: Fault-Resilient Grid of today TO Attack-Resilient of Grid of future 9
Risk modeling and mitigation Mitigation of Coordinated Attacks Offline: Risk Modeling and Mitigation Online: Alert Correlation and Mitigation Approach 1: Risk Modeling and Mitigation Cyber System Definition (Topology, Security) Attack Template Power System Definition (Control, Protection) Cyber System Modeling (Petri Nets) Power System Modeling (DIgSILENT, PSSE) Attack Probability risk Impact if risk > threshold E.g. - Modify settings, Add security Offline Mitigation E.g. - Increase transmission capacity 10
Risk = Threat x Vulnerability x Impacts Attacker can control: Space: where to attack? Time: when to attack? Evaluating g Impact Estimation Coordinated Attack Groups- Gen + Gen Gen + Trans Trans + Trans Optimal power flow simulation g = load shedding for OPF solution Results g = 363 MW g = 163 MW g = 110 MW NSF Project: M. Govindarasu (ISU) & C.C. Liu (WSU) 11
WAMPAC A high level view Power system Plant PMU Sensors Relays Protection elements Actuators VAR control elements (SVC,FACTS) Wide Area Network Cyber attack points Delay WAMPAC Control Center EMS applications (SE, AGC), Protection Schemes, Alarms Controller 12
Cyber-Physical Control in Power Grid S. Sridhar, A. Hahn, and M. Govindarasu, CPS Security for Power Grid, Proc. IEEE, Jan. 2012 13
Control Systems Attack Model Generic Control System Model Types of Attacks Control Center Data integrity Analyses & Computation Replay Denial of service Remote/Local Control u i (t) y i (t) Data Acquisition De-synchronization and timing-based Actuators Machine/ Device Sensors Physical System Yu-Hu. Huang, Alvaro A. Cardenas, S. Amin, S-Z. Lin, H-Y. Tsai, and S. Sastry, Understanding the Physical and Economic Consequences of Attacks on Control Systems, International Journal of Critical Infrastructure Protection, 2(3):72-83, October 2009. 14
Automatic Generation Control (AGC) AGC Features Maintains frequency at 60 Hz Supply = Demand Maintain power exchange at scheduled value Ensures economic generation Figure from NERC Technical Document: Balancing and Frequency Control, Jan 2011 15
Balancing Authorities in the U.S. Source: NERC 16
Why need CPS Security Testbed 1 2 3 4 5 6 7 8 9 Vulnerability Research Impact Analysis Mitigation Research Cyber-Physical Metrics Data and Model Development Security Validation Interoperability Cyber Forensics Operator Training 17
PowerCyber CPS SecurityTestbed EMS, SAS, RTUs, IEDs Routing infrastructure, Network protocols, Routers, Firewalls Defenses Information/Control Layer Communication Layer Cyber attacks Power System Simulators (RTDS, Power factory) Physical Layer Aditya Ashok, Adam Hahn, and Manimaran Govindarasu, A cyber-physical security testbed for smart grid: system architecture and studies, Proceedings of the Cyber Security and Information Intelligence Research (CSIIRW '11). 18
ISU PowerCyber Testbed - Configuration 19
ISU PowerCyber Testbed: Panoramic view 20
Vulnerability Assessment results 21
CPS Testbed Federation Architecture USC/ISI DETER Testbed ISU PowerCyber Testbed Visualization 22
Cyber Attack-Defense Visualization 23
Research Challenges/Opportunities 1 2 3 1 2 3 Security and Resiliency Fundamental paradigm to transform fault-resilient grid of today into an attack-resilient grid of the future taking into account both natural and man-made extreme events. Pragmatic risk modeling and mitigation framework accounting evolving, uncertain nature of threats (APTs and HILFs), cyber-physical interdependencies, and cascading failures. Security architectures and algorithms to achieve security, privacy, and resiliency in wide-area monitoring, protection, and control of the power grid. Federated CPS Infrastructures & Testbeds Development of a national-scale high-fidelity, federated CPS testbed with remote and open access to accelerate the pace of innovation, R&D, education, and workforce development CPS Cloud architecture, algorithms, and services for resource allocation and control of federated resources to support large-scale, high-fidelity CPS experimentations A open and shared experimental infrastructure for cross cutting CPS sectors (e.g., power system, oil and natural gas, transportation) 24
CONCLUSIONS Cyber security of critical infrastructures is important for national security and economic well-being CPS Security = Info Sec + Infra Sec + Application Security Defense against HILF events (e.g., stealth coordinated cyber attack) Risk Assessment and Mitigation should be a continuous process Attack-Resiliency needs to be built into CPS systems Tesbed-baseds are important for security R&D&E Transform: Fault-Resilient CPS systems Attack-Resilient CPS systems Industry-University Collaboration & International Collaboration needed 25
THANK YOU Acknowledgements Funding: U.S. National Science Foundation (NSF) U.S. NSF IU/CRC Power Engr. Research Center (PSERC) Iowa State Univ., Electric Power Research Center (EPRC) Researchers: Collaborators: Prof. Chen-Ching Liu, Washington State University (WSU) Prof. Doug Jacobson & Venkat Ajjarapu, Iowa State University (ISU) Terry Benzel, USC/ISI Dr. Adam Hahn, MITRE; Dr. C. W. Ten, Michigan Tech. Students: S. Sridhar, Aditya Ashok (ISU) Junho Hong (WSU), Alexandru Ștefanov (UC Dublin) Professional: IEEE PES - PSACE CAMS Cyber Security Task Force 26