Cyber Physical System Security

Similar documents
Cyber Security of Power Grids

The Path to a Secure and Resilient Power Grid Infrastructure

Cyber Security of Industrial Control Systems (ICSs)

Cybersecurity Test and Evaluation Facilities at Texas A&M

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Cyber-Physical System Security of the Power Grid Chen-Ching Liu American Electric Power Professor Director, Power and Energy Center Virginia Tech

Smart Grid Security Illinois

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

Securing Industrial Control Systems

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Iowa State University

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

Chapter X Security Performance Metrics

PowerCyber: CPS Security Testbed for Power Grid

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

TABLE OF CONTENTS. Section Description Page

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Introducing Cyber Resiliency Concerns Into Engineering Education

Resilient Smart Grids

The NIST Cybersecurity Framework

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

A Virtual Environment for Industrial Control Systems: A Nonlinear Use-Case in Attack Detection, Identification, and Response

Chapter X Security Performance Metrics

Summary of Cyber Security Issues in the Electric Power Sector

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

Cyber Security for Renewable Energy Systems

Why you should adopt the NIST Cybersecurity Framework

Cyber Security and Privacy Issues in Smart Grids

Cyber-Physical System Security of the Power Grid

OpenWay by Itron Security Overview

Challenges and Opportunities in Cyber Physical System Research

A Hybrid Communication Architecture for Internet of Things (IOT) Application in Smart Grid

AMI: Communications and Integration Options

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Improving SCADA System Security

The Virtual Power System Testbed (VPST) and Inter- Testbed Integration

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

CPS security testbed federation: architectural design, implementation and evaluation

Statement for the Record

Chapter X Security Performance Metrics

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Cisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Security+ SY0-501 Study Guide Table of Contents

External Supplier Control Obligations. Cyber Security

Smart Grid Standards and Certification

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Bird of a Feather Automated Responses

Security Standards for Electric Market Participants

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

The GenCyber Program. By Chris Ralph

Smart Grid vs. The NERC CIP

Evolution of Control for the Power Grid

Securing the North American Electric Grid

An Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Comprehensive Cyber Security Features in SIPROTEC & SICAM. SIPROTEC Dag 11. Mei 2017

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

Energy Theft Identification in Smart Grid

Bridging The Gap Between Industry And Academia

You knew the job was dangerous when you took it! Defending against CS malware

OUR VISION To be a global leader of computing research in identified areas that will bring positive impact to the lives of citizens and society.

Electric Sector Security & Privacy Plans for 2011

SIEM: Five Requirements that Solve the Bigger Business Issues

NIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology

Cybersecurity for the Electric Grid

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Designing and Building a Cybersecurity Program

B O N N E V I L L E A D M I N I S T R A T I O N B O N N E V I L L E P O W E R A D M I N I S T R A T I O N

CCNA CCNA Security Official Cert Guide. Course Outline. CCNA Security Official Cert Guide.

CYBER RESILIENCE & INCIDENT RESPONSE

Smart Grid Task Force

NW NATURAL CYBER SECURITY 2016.JUNE.16

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Industry role moving forward

ISAO SO Product Outline

Best Practices in ICS Security for System Operators

On Bounded Rationality in Cyber-Physical Systems Security: Game-Theoretic Analysis with Application to Smart Grid Protection

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Security of cyber-physical systems: an old idea

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Cyber Security and Substation Equipment Overview

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

Cyber Security Technologies

Expanding Cyber Security Management for Critical Infrastructure

Security by Default: Enabling Transformation Through Cyber Resilience

Cybersecurity for Health Care Providers

Annual Industry Workshop March 27-29, Session Abstracts

Multistage Cyber-physical Attack and SCADA Intrusion Detection

Cyber Security. Our part of the journey

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

Industrial Defender ASM. for Automation Systems Management

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Transcription:

S2ERC Industry Outreach Workshop Cyber Physical System Security Manimaran Govindarasu Dept. of Electrical and Computer Engineering Iowa State University gmani@iastate.edu

Outline Background CPS Security Research CPS Security Testbed Conclusion 2

Smart Grid: A Cyber-Physical System Source: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0, February 2012 3

SCADA Control Network 4

Cyber Threats Critical Infrastructures Cyber-Based Attacks Protocol Attacks Network Infr. Attacks Intrusions Malware Denial of Service (DoS) Insider Threats [General Accounting Office, CIP Reports, 2004 to 2010]; [NSA Perfect Citizen, 2010]: Recognizes that critical infrastructures are vulnerable to cyber attacks from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and other malicious intruders. 5

Stuxnet malware (July 2010) Possible Attack Path Initial Delivery (via USB) Corporate LAN infected Reporting to attack control server Connect to substations Deliver attack payload to PLC Affect Uranium enrichment Target Industrial control systems Modifies code on PLCs in Uranium enrichment facilities Alters the speed of centrifuges used for Uranium enrichment Lessons Learned Took 1 year to discover > 100,000 machines infected Professionally written code Infected PLCs appear to function normally Future Requirements Active network monitoring Behavior and reputation based access control lists Anomaly detection Insider threat mitigation 6

Cyber Vulnerabilities (trend) In fiscal year 2012, 198 cyber incidents reported. Energy sector attacks 41% of the total incidents. Source: http://www.ics-cert.us-cert.gov/pdf/ics-cert_monthly_monitor_oct-dec2012.pdf 7

Attacks-Cyber-Control-Physical 8

Smart Grid Security = Info + Infra + Appln. Security Information Security Infrastructure Security Applications Security N E E D S Information Protection Confidentiality Integrity Availability Authentication Non-repudiation Infrastructure protection Routers DNS servers Links Internet protocols Service availability Generation Control Transmission Control Distribution Automation Sys. Monitoring & Protection Real-Time Energy Markets Energy Management System M E A N S Encryption/Decryption Digital signature Message Auth.Codes Public Key Infrastructure Firewalls IDS/IPS Authentication Protocols Secure Protocols Secure Servers IPSEC, DNSSEC Attack-Resilient WAMPAC Model-based Algorithms - Anomaly detection - Intrusion Tolerance Risk modeling and mitigation Secure EMS and automations Transform: Fault-Resilient Grid of today TO Attack-Resilient of Grid of future 9

Risk modeling and mitigation Mitigation of Coordinated Attacks Offline: Risk Modeling and Mitigation Online: Alert Correlation and Mitigation Approach 1: Risk Modeling and Mitigation Cyber System Definition (Topology, Security) Attack Template Power System Definition (Control, Protection) Cyber System Modeling (Petri Nets) Power System Modeling (DIgSILENT, PSSE) Attack Probability risk Impact if risk > threshold E.g. - Modify settings, Add security Offline Mitigation E.g. - Increase transmission capacity 10

Risk = Threat x Vulnerability x Impacts Attacker can control: Space: where to attack? Time: when to attack? Evaluating g Impact Estimation Coordinated Attack Groups- Gen + Gen Gen + Trans Trans + Trans Optimal power flow simulation g = load shedding for OPF solution Results g = 363 MW g = 163 MW g = 110 MW NSF Project: M. Govindarasu (ISU) & C.C. Liu (WSU) 11

WAMPAC A high level view Power system Plant PMU Sensors Relays Protection elements Actuators VAR control elements (SVC,FACTS) Wide Area Network Cyber attack points Delay WAMPAC Control Center EMS applications (SE, AGC), Protection Schemes, Alarms Controller 12

Cyber-Physical Control in Power Grid S. Sridhar, A. Hahn, and M. Govindarasu, CPS Security for Power Grid, Proc. IEEE, Jan. 2012 13

Control Systems Attack Model Generic Control System Model Types of Attacks Control Center Data integrity Analyses & Computation Replay Denial of service Remote/Local Control u i (t) y i (t) Data Acquisition De-synchronization and timing-based Actuators Machine/ Device Sensors Physical System Yu-Hu. Huang, Alvaro A. Cardenas, S. Amin, S-Z. Lin, H-Y. Tsai, and S. Sastry, Understanding the Physical and Economic Consequences of Attacks on Control Systems, International Journal of Critical Infrastructure Protection, 2(3):72-83, October 2009. 14

Automatic Generation Control (AGC) AGC Features Maintains frequency at 60 Hz Supply = Demand Maintain power exchange at scheduled value Ensures economic generation Figure from NERC Technical Document: Balancing and Frequency Control, Jan 2011 15

Balancing Authorities in the U.S. Source: NERC 16

Why need CPS Security Testbed 1 2 3 4 5 6 7 8 9 Vulnerability Research Impact Analysis Mitigation Research Cyber-Physical Metrics Data and Model Development Security Validation Interoperability Cyber Forensics Operator Training 17

PowerCyber CPS SecurityTestbed EMS, SAS, RTUs, IEDs Routing infrastructure, Network protocols, Routers, Firewalls Defenses Information/Control Layer Communication Layer Cyber attacks Power System Simulators (RTDS, Power factory) Physical Layer Aditya Ashok, Adam Hahn, and Manimaran Govindarasu, A cyber-physical security testbed for smart grid: system architecture and studies, Proceedings of the Cyber Security and Information Intelligence Research (CSIIRW '11). 18

ISU PowerCyber Testbed - Configuration 19

ISU PowerCyber Testbed: Panoramic view 20

Vulnerability Assessment results 21

CPS Testbed Federation Architecture USC/ISI DETER Testbed ISU PowerCyber Testbed Visualization 22

Cyber Attack-Defense Visualization 23

Research Challenges/Opportunities 1 2 3 1 2 3 Security and Resiliency Fundamental paradigm to transform fault-resilient grid of today into an attack-resilient grid of the future taking into account both natural and man-made extreme events. Pragmatic risk modeling and mitigation framework accounting evolving, uncertain nature of threats (APTs and HILFs), cyber-physical interdependencies, and cascading failures. Security architectures and algorithms to achieve security, privacy, and resiliency in wide-area monitoring, protection, and control of the power grid. Federated CPS Infrastructures & Testbeds Development of a national-scale high-fidelity, federated CPS testbed with remote and open access to accelerate the pace of innovation, R&D, education, and workforce development CPS Cloud architecture, algorithms, and services for resource allocation and control of federated resources to support large-scale, high-fidelity CPS experimentations A open and shared experimental infrastructure for cross cutting CPS sectors (e.g., power system, oil and natural gas, transportation) 24

CONCLUSIONS Cyber security of critical infrastructures is important for national security and economic well-being CPS Security = Info Sec + Infra Sec + Application Security Defense against HILF events (e.g., stealth coordinated cyber attack) Risk Assessment and Mitigation should be a continuous process Attack-Resiliency needs to be built into CPS systems Tesbed-baseds are important for security R&D&E Transform: Fault-Resilient CPS systems Attack-Resilient CPS systems Industry-University Collaboration & International Collaboration needed 25

THANK YOU Acknowledgements Funding: U.S. National Science Foundation (NSF) U.S. NSF IU/CRC Power Engr. Research Center (PSERC) Iowa State Univ., Electric Power Research Center (EPRC) Researchers: Collaborators: Prof. Chen-Ching Liu, Washington State University (WSU) Prof. Doug Jacobson & Venkat Ajjarapu, Iowa State University (ISU) Terry Benzel, USC/ISI Dr. Adam Hahn, MITRE; Dr. C. W. Ten, Michigan Tech. Students: S. Sridhar, Aditya Ashok (ISU) Junho Hong (WSU), Alexandru Ștefanov (UC Dublin) Professional: IEEE PES - PSACE CAMS Cyber Security Task Force 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback