1. The Agile Fractal Grid
Chuck Speicher
John Reynolds
Friday, July 11, 2014
2. Security Fabric Alliance
• The Security Fabric Alliance is a working association dedicated
to practical deployment of the power grid and critical
infrastructure complex system solution in the United States:
– Utilities and telecommunications providers
– Systems integrators
– Manufacturers
– Technology partners
– National certification and interoperability entity
• The alliance is intended to give the CEO of a utility the purview
of up-to-the moment knowledge of the options available to
make wise investment decisions regarding infrastructure
deployment for optimal returns.
The variation includes the proper orientation for large, medium, and small entities.
3. The Industrial Internet
• The Industrial Internet Consortium was founded in 2014 to further
development, adoption and wide-spread use of interconnected
machines, intelligent analytics, and people at work.
• Through an independently-run consortium of technology innovators,
industrial companies, academia, and government, the goal of the IIC is to
accelerate the development and availability of intelligent industrial
automation for the public good.
• This goal of the consortium is to:
– Utilize existing and create new industry use cases and test beds for real-world
applications;
– Deliver best practices, reference architectures, case studies, and standards
requirements to ease deployment of connected technologies;
– Influence the global development standards process for internet and industrial
systems;
– Facilitate open forums to share and exchange real-world ideas, practices, lessons,
and insights;
– Build confidence around new and innovative approaches to security.
• The Industrial Internet Consortium (“IIC”) is a trademark of the Object Management
Group®, Inc. (OMG®), a not-for-profit 501(c)(6) tax-exempt organization.
4. The OMG process is more about establishing markets
as opposed to just setting standards.
SFA Reference
Builds
Certification of
Conformance &
Interoperability
The OMG is planning to standardize
the Security Fabric
for all critical infrastructure.
5. We are planning to support the 940 rural co-ops in the U.S. with
hybrid cloud/device services protected by the Security Fabric.
The FCC recently has emphasized that the best course of action
for rural broadband in the United States would be to use the rural electric utilities…
… the UTC and APPA expansions would triple the size of the coverage …
6. The Vision
“The Agile Fractal Grid”
Achieving
Grid Security, Reliability, and Resiliency
through Advanced Analytics and Control
What is needed:
1. A hybrid cloud for operations
and analytics
2. Substation of the future
3. Security Fabric end-to-end
7. Each level operates in
somewhat of a selfish fashion…
but recommendations for the
best trend for the flock
come from management
guidance from above.
Primary Data Flow
Patterns in
Laminar Control for
Power Grids
8. Electric power distribution and broadband communications
are like Siamese twins!
(They can’t go anywhere without each other.)
Digital control is needed
at each junction point.
Like electricity,
broadband can be used
for multiple things.
The Circulatory System The Nervous System
NRECA
UTC
9. As envisioned, Internet2 would eventually provide a
sequestered core network for the Industrial Internet.
Note the quadruple redundancy
10. Separation of the Industrial Internet
from the Generic Internet
The Core Network
Generic Internet
Carrier Ethernet
With Routing
DWDM Isolation
Cooperative Control Centers
Core City
Node
Enterprise Systems
Industrial Devices
Substation Nodes
Router+
Substation
Controller Router+
Carrier Ethernet
Isolation
NAN Nodes
HAN Nodes
Wireless LTE
700 MHz?
Wireless LTE
2.5 GHz?
PicoCell
Gateway
Sensor
Transverter
We will eventually use
a combination of DWDM separation
plus Carrier Ethernet separation.
11. Our communications has redundancy
built into the control protocols.
LTE
Macrocell
and
Distribution
Fiber
NAN
LTE
Picocell
Mobile
HAN
LTE
Home
Gateway
This is the only capability available
that allows handoff between terrestrial
LTE services and satellite services.
This system can simultaneously support
the public safety 700 MHz frequencies
as well as commercial usage.
15Mbps downloading and
5Mbps when uploading.
100 MB Access Services!
Internet2*
Cell Broadcast
12. The Security Fabric follows the guidelines required by the
NIST 7628 for the Department of Energy.
xSystem &
Network
Management
Controller
Device
Device The
Security
Fabric
The Security Fabric is an implementation of the
Tailored Trustworthy Space.
14. Separation of Protection and Security
• The major hardware approach for security or protection is the
use of hierarchical protection domains. Prominent example
of this approach is a ring architecture with "supervisor mode"
and "user mode“.
• This approach adopts
capabilities provided
by a lower level:
(hardware/firmware/kernel).
The Multics Style of Ring Structure
15. The cybersecurity threat sharing needs to be performed
between multiple communities to be effective.
Subscriber
Subscriber
Subscriber
Subscriber
Subscriber
Context
Top Secret
Secret
Unclassified
F
F
Threat
Connect
STIX
Custom
Community
Community
Community
1300
Communities
1200
Subscribers
On-Premises Cloud
UI
API
Private Cloud
Threat Connect
Cloud Platform
Amazon EC2
Broker
Sources
Free, $, other
The data arrangements can be hierarchical
to facilitate multi agency awareness.
IODEF
16. The “Concierge” Service
• Attention! Some of the co-ops have very tiny IT staffs. (Like
one person)
• The coming cyber attacks will be very sophisticated.
• Even the central staff will sometimes be challenged to deal
with the complexities associated with cyber defense.
• Thus, even with collaboration and data sharing, from time to
time, a co-op technician would like to have an “OnStar”
button to push to get instant help on demand from a
specialist.
This Concierge service from ThreatConnect may be very desirable.
Saturn sees the bigger picture.