• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Information Security in Electrical Power Distribution
 

Information Security in Electrical Power Distribution

on

  • 603 views

 

Statistics

Views

Total Views
603
Views on SlideShare
603
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Information Security in Electrical Power Distribution Information Security in Electrical Power Distribution Presentation Transcript

    •  Dr. Vivek Chandra, Head IT vivekchandra123@gmail.com Dr. Ashok Kumar Tiwari, EE (RAPDRP)ashokktiwari@gmail.comMPPKVVCL Jabalpur1© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • S.No.Particulars1 East Discom in MP as a typical Indian Power DistributionUtility & prevailing IT systems prior to R-APDRP.2 Launch of R-APDRP & ERP in the Discom.3 Network Architecture Post R-APDRP & ERP4 Vulnerability of the new system and Potential Threats toSecurity.5 Security Measures adopted at various levels.6 Conclusion2© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 3© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  MP East Discom wasformed after theunbundling oferstwhile MP StateElectricity Board inJuly’02.4© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • The major applications deployed included: Consumer Bill Generation System Financial Accounting System Stores Management System Payroll System.5© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 6© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • S.No.Name ofApplicationArchitecture OfficewheredeployedNo. oflocations.1. Billing System (HT) Distributed RAO 6 Nos.2. Billing System (LT) Distributed Circle/Dn 29 Nos.3. StoresManagementSystemDistributed Area Stores 5 Nos.4. FinancialAccounting SystemDistributed RAO 6 Nos.5. Payroll System Distributed RAO 6 Nos.7© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 8© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Power Sector in the country suffers a loss of over 35% onaccount of AT&C losses. To curtail these losses R-APDRP scheme was launched byGoI to reform Distribution Sector during XITHplan. The scheme intends to cover urban areas i.e. towns and citieswith population above 30,000 (10,000 in case of specialcategory states).Projects under the scheme is in Two Parts. Part-A covered IT applications in distribution sector Part-B covered System improvement, strengtheningand augmentation etc.9© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • Establishment of IT Infrastructure for determination ofbaseline data of AT&C losses.Reduction of AT&C lossesFocus on system reliability and customer satisfactionAchieve operational efficiency through IT enablement10© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 11© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Creation of Centralized Consumer Care Centre. Setup of Data Centre at Jabalpur. Setup of a Centralized Control Centre at Jabalpur. Setup of Data Recovery Centre at Bhopal. All offices located in select 27 towns connectedthrough MPLS network .12© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Considering thelimited modulescoverage under R-APDRP the Companydecided to procure thesame through ERP .  It was decided toimplement the solutionacross all offices upthe level ofDistribution Centres. The Project has beenlaunched in 2011.R-APDRP ERP1 Metering, Billing &CollectionProcurement &MaterialManagement2 MaintenanceManagementProject Systems3 AssetManagementHuman ResourceManagement4 Email Solution FinancialAccounting13© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • Particulars R-APDRP ERP1. Extent 27 towns havingpopulation above30,000.All offices up to distribution Centres i.e500+ locations.2. Connectivitythrough MPLSThrough MPLSNetwork only(Primary as well assecondary)Through MPLS Network3. ConnectivityThroughInternetNot provisioned Yes, The VPN Users(Around 500 No.who have been provided the firewallauthentication (VPN username andpassword) shall be able to access theentire MPLS network. Normal Internetusers shall access the applicationthrough Reverse Proxy.14© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 3. Network Architecture Post R-APDRP& ERP15© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 16© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  DMZ stands for "demilitarized zone“. The purpose of a DMZ is to add an additional layer ofsecurity to an organizations local area network (LAN). An external attacker only has access to equipment inthe DMZ, rather than any other part of the network. A DMZ configuration typically provides security fromexternal attacks.17© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  The VPN Users who have been provided thefirewall authentication (VPN username andpassword) can access the entire MPLS network. Normal Internet users shall access the applicationthrough Reverse Proxy. Reverse proxy fetchesthe information from internal network. These usersshall require login and passwords of application.As per requirements only some forms/reports areexposed to internet.18© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 19© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • Proxy: A proxy takes requests from aninternal network and forwards them to theInternet To keep machines behind itanonymous, mainly for Security.Reverse Proxy receives requests fromthe Internet and forwards them to servers inthe internal network. This is for Security ofInternal Network.20© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 21© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 22© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 23© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 24© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 25© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Creation of sizable amount of IT Infrastructure. Built of great amount of data. Convergence of GIS, AMR , SCADA and CCC networks to asingle network. Creation of numerous interface points between heterogeneousnetworks which could prove potential weak links. Creation of a very large Intranet exposed to internet.26© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 27© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Introduction of malicious code such as viruses,Trojan horses, and worms. Interception and tampering of data. Denial of service attacks. Web hacking. SQL Injection. Input Validation attacks.28© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 5. Security Measures adopted atvarious levels.29© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 30PhysicalSecurityFire &SmokeRedundant PowerSupplyData BackupClosed CircuitCamerasSmokeDetectorsRedundant Power Supply SAN StoragePermanent SecurityGuardsFireExtinguishersBackup power consists ofpower from two feeders,battery banks, and dieselgeneratorsTape LibraryUse of IdentityAccess CardsWater LeakageDetectorsTo prevent single points offailure, all elements of theelectrical systems, includingbackup systems, are typicallyfully duplicated.Replication ofData at SAN inData RecoverySite.Use of BiometricDevices like FingerPrint Recognition© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Network virtualization is a method of combining theavailable resources in a network by splitting up theavailable bandwidth into channels. Each resource is independent from the other andeach of which can be assigned (or reassigned) to aparticular server or device in real time. Each channel is independently secured. Every subscriber has shared access to all theresources on the network from a single computer.31© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Identity Access Management Blocking use of CD Drives and Pen Drives Anti-virus software is installed and enabled on allworkstations. Anti-virus definition are updated through Antivirusserver at Data Centre rather than individualmachine getting updated through internet.32© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Role based Access Control. Audit trail and Real time Monitoring Logs. Administrator and operator logs. Communication through Asymmetric/ symmetrickey Cryptography Role Based Access Control Single Sign-on functionality33© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  Internet access is given to users who have legitimateneed. Following kind of access can be provided to usersto restrict misuse of internet: Use of Web Filter for Filtration of undesired web content. Throttling of bandwidth (to restrict the download speed) Use of Spam Filter for blocking of junk mails.34© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 6. Conclusion.35© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    •  As technology advances, so does the associatedthreats and risks. There is no panacea against all potential threats. It is for the utility to identify the treats, prioritizethem and identify the mitigation actions accordingto the risk involved and its affordability.36© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur
    • 37© vivek chandra and ashok kumartiwari MPPKVVCL Jabalpur