Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Similar documents
Cyber Security of Power Grids

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

IEC in Digital Substation and Cyber security

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Summary of Cyber Security Issues in the Electric Power Sector

Cyber Resilience. Think18. Felicity March IBM Corporation

The Path to a Secure and Resilient Power Grid Infrastructure

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids

Cyber security for digital substations. IEC Europe Conference 2017

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG

PIPELINE SECURITY An Overview of TSA Programs

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Bridging The Gap Between Industry And Academia

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

New Zealand National Cyber Security Centre Incident Summary

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

align security instill confidence

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl

Heavy Vehicle Cyber Security Bulletin

Cybersecurity for the Electric Grid

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

Cyber Attacks & Breaches It s not if, it s When

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

Statement for the Record

Gujarat Forensic Sciences University

Bradford J. Willke. 19 September 2007

Cyber Security of Industrial Control Systems (ICSs)

Medical Device Vulnerability Management

ipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

T&D Challenges and Opportunities

Designing Secure Remote Access Solutions for Substations

Addressing Cyber Threats in Power Generation and Distribution

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Digital Substation Unrestricted Siemens AG 2017 siemens.com/digital-substation

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Electric Sector Security & Privacy Plans for 2011

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS

Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory

Chapter X Security Performance Metrics

External Supplier Control Obligations. Cyber Security

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber Security Technologies

Physical Security Reliability Standard Implementation

Cybersecurity Auditing in an Unsecure World

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

CYBER SECURITY POLICY REVISION: 12

Cybersecurity Framework Manufacturing Profile

Cybersecurity and Data Protection Developments

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

JULIO OLIVEIRA, ABB POWER GRIDS GRID AUTOMATION, DECEMBER 01 ST ABB Ability - Digital Substations. FISE 7a Edición

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Integrated Smart Grid Performance Testing: NIST Research and SG Testbed

Toward All-Hazards Security and Resilience for the Power Grid

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Chapter X Security Performance Metrics

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Time Synchronization and Standards for the Smart Grid

Passive Real-time Asset Inventory Tracking and Security Monitoring of Grid-edge Devices

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Ensuring System Protection throughout the Operational Lifecycle

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

Information Security Policy

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Acalvio Deception and the NIST Cybersecurity Framework 1.1

Medical Device Cybersecurity: FDA Perspective

The U.S. Cybersecurity Information Sharing Act of 2015: Joel Benge Risk Evangelist Emergent Network Defense

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Local Area Monitoring System (LAMS) for Microgrid

Implementing Executive Order and Presidential Policy Directive 21

SEEDS Industry Engagement Event

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

RSA NetWitness Suite Respond in Minutes, Not Months

Cybersecurity Overview

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

BILL SANDERS CYBERSECURITY & PRIVACY FOR THE SMART GRID: CHALLENGES AND OPPORTUNITIES FEBRUARY 10, 2015

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Transcription:

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the Grid

Cyber Security A major concern The cost of cyber crime for the global economy has been estimated at $445 billion annually Unknown actors successfully compromised the product supply chains of at least three [industrial control system] vendors so that customers downloaded malicious software designed to facilitate exploitation directly from the vendors websites along with legitimate software updates. Simplicity, WinCC, and WebAccess. US industrial control systems attacked 295 times in 12 months Month DD, Year Slide 2

ICS- CERT 2015 Report 295 cyber attacks on ICS reported by asset owners and industry Reported Vulnerabilities Incident Response Metrics Source: National Cybersecurity and Communications Integration Center/ Industrial Control Systems Cyber Emergency Response Team Year in Review, 2015 Month DD, Year Slide 3

Substations are vulnerable Loss of a substation could have adverse impact Control centers rely on substations and communications to make decisions Substations are a critical infrastructure in the power grid (IEDs, PMUs) Remote access to substation, user interface or IEDs for maintenance purposes Unsecured standard protocols (like DNP3.0, 60870-5), remote controllable IED and unauthorized remote access Some IED and user-interface have available web servers and it may provide a remote access for configuration and control Well coordinated cyber attacks can compromise more than one substation it may become a multiple, cascaded sequence of events Month DD, Year Slide 4

Potential Threats in a Substation Network Station Level Bay Level Compromise userinterface Gain access to bay level devices User-interface Modify GOOSE message GPS Change device settings IED IED PMU Modify R- GOOSE message Process Level Actuator Circuit Breaker Merging Unit Fabricate digital sampled values Month DD, Year Slide 5 CT and VT

US Energy Sector s Roadmap Achieve Energy Delivery Systems Cybersecurity by 2020 Roadmap Vision By 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions. For more information go to: www.controlsystemsroadmap.net Month DD, Year Slide 6 DHS DOE CEDS Cyber Security for Energy Delivery Systems

DOE Roadmap Milestones Addressed by CODEF Major contributions on Milestone 3.3 Roadmap Strategy Milestone Description Tools for real-time security state monitoring and risk assessment of all energy delivery system architecture levels and across cyberphysical domains commercially 2.3 available 2 Next-generation, interoperable, and upgradeable solutions for secure serial and routable communications between devices at all levels of energy delivery system 3.3 networks implemented 3 Assess and Monitor Risk Develop and Implement New Protective Measures to Reduce Risk 4.4 4.7 Real time forensics capabilities commercially available 4 Manage Incidents Capabilities for automated response to cyber incidents, including best practices for implementing these capabilities available 4 Manage Incidents Month DD, Year Slide 7

Collaborative Defense of Transmission and Distribution Protection and Control Devices Against Cyber Attacks Objective To advance the state of the art for cyber defense methods for transmission and distribution grid protection and control devices by developing and demonstrating a distributed security domain layer that enables transmission and protection devices to collaboratively defend against cyber attacks. Insert Image Schedule 10/2013 09/2016 Distributed Security Enhancement Layer Design July 14, 2014 Distributed Security Enhancement Layer Implementation April 11, 2015 Utility Demonstrator May 12, 2016 Capability to the energy sector: Inter-device level solution for smart detection of cyber attacks using power system domain knowledge, IEC 61850 and other standard security extensions Funding: DOE, Cyber Security for Energy Delivery Systems Program (CEDS) Performer: ABB Partners: BPA, Ameren-Illinois, University of Illinois at Urbana-Champaign

CODEF Security Features Distributed, collaborative, cyber and physics-based Distributed intelligence between substation intelligent electronic devices (IEDs) Cyber-Attack CODEF Digital Substation IEC 61850 IEDs Collaborative mechanism for detecting cyber attacks Domain based cyber security layer for electrical substations and intelligent electronic devices (IEDs) IT Perimeter Defense Additional cyber-layer for enhanced security Month DD, Year Slide 9

CODEF Project Key Result Demonstrable functions implemented in IEC61850 digital substation simulator with ABB hardware and software Technical Challenge Speed cyber security solutions must not delay protection actions CODEF, transient pick method Applications focused on cyber security of electrical substations CODEF, overcurrent Line Protection Fault confirmation faster than existing object protection Month DD, Year Slide 10

Technical Approach Use physics to block malicious cyber attacks Measurement Are measurements Consistent Y Measurement Syntactically correct with the physical state? N Reject Measurement Substation Protection and Control Applications Command Is command Operationally feasible? Y Control Command N Month DD, Year Slide 11 Reject Command

Kirchhoff s Laws must be satisfied Violation could constitute a cyber attack on the measurements 0 0 Month DD, Year Slide 12

Technical Approach Cyber Layer Security Filter Bump-in-a-wire device Designed according to draft IEC 62351-6 Ed. 2 Galois Message Authentication Code (GMAC)128 bit Key distribution handled according to draft IEC 62351-9 Ed. 2 (GDOI) Modes of operation: Filtering block all compromised packets Supervisory thresholds to block packets Secured Communication Bus Secured against unauthenticated messages Advisory mode alarm only Security Filter Security Filter Security Filter Interoperable / compatible interface IED IED IED Transparent to Existing IEDs

Cyber Physical Test Beds & Demonstration Platforms Hardware in the loop testing is key to evaluating speed of solutions Development and testing platforms ABB Raleigh University of Illinois Demonstration Platforms Month DD, Year Slide 14 BPA BPA CODEF DEMONSTRATION MAY 12, 2016 Ameren-Illinois AMEREN CODEF DEMONSTRATION held on MARCH 30, 2016

CODEF Conclusions Class of power system-aware cyber security functions that are distributed, collaborative, and domain-based. Designed to reinforce existing IT based solutions and also to provide another security layer in case of breach of IT security layer Detects and blocks malicious attempts to control circuit breakers and malicious device configuration settings CODEF functions were validated in an IEC 61850 digital substation simulator and in the utility environment Month DD, Year Slide 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback