Presentation given at the 2018 Energy, Utilities, and Environment Conference, San Diego, CA 90230

1. ADVANCING THE POWER OF ENERGY
The Art of Securing Microgrid
Control Systems
Presented at the Energy, Utility, and Environment
Conference, March 6, 2018, San Diego, CA
Jim Dodenhoff, Regional Director of Business Development
Intelligent Power & Energy Research Corporation (IPERC)

2. 50
Utility security professionals
that have reported at least
one security breach
70%
of total 2016 ICS-CERT ICS
cyber incidents targeted
the Energy sector
20%
Cyber Attacks Go Beyond International Cyberwarfare and they Go Beyond Data Breaches

3. 3
Microgrids: A System of Systems

4. 4
Overly Complex Security Protocols Result in Fragile Systems
COMPLEXITY ≠ RESILIENCY
Augmentation of cybersecurity solutions adds
devices and applications that can malfunction and
cause system degradation or cascading failures.
KNOW YOUR SYSTEM’S NEEDS
Understand the components and interfaces
of your system and assess the risks at hand
before selecting security measures.
≠
→

5. 5
The Art of Securing a Microgrid Control System
Initial Threat
Analysis
Security Measure
Identification
Prioritized Security
Implementation
01 02 03

6. 6Proprietary
Initial Threat Analysis: Develop System Configuration Baseline
LEGACY EQUIPMENT
INTERCONNECTIONS
Review all interconnections including ports,
protocols, services, and end-device connections
Consider the impact of legacy assets and
potential bandwidth constraints
SECURITY POLICIES
Examine which security procedures are
applicable and reduce the most risk
COMPONENT INVENTORY
Detailed system inventory with an overarching
layered, port-level diagram

7. 7Proprietary
Initial Threat Analysis: Examine Potential Attack Vectors & High Risk Points
PHYSICAL SECURITY
FRAGILITY
Identify where there could be single points of
failure and threats to missions
Ensure locked enclosures and controlled
access points
CRITICAL SECURITY
Review security checklists for critical open
items such as ICS standards, and DoD and
vendor checklists
CONNECTIONS
Examine connections to external networks, pivot
points, and remote access
!

8. 8Proprietary
Security Measure Identification: Network Based Measures
MONITORING
ENTERPRISE CONSIDERATIONS
Identify where there could be single points of
failure and threats to mission dependencies
Enable monitoring and alert tools to notify
system operators
SIMPLIFICATION
Reduce system fragility by selecting the
right security measures for your microgrid
SEGMENTATION
Physically and logically separate computer
networks to isolate network threats

9. 9Proprietary
Security Measure Identification: End Devices
AUTHORIZED CONFIGURATION
ACCESS CONTROL
Selectively restrict physical and logical access to end
devices based on needs
Each component should have a known,
good configuration.
CHANGE DETECTION
Monitor end device activity for any changes
that occur
INVENTORY
Develop and maintain a comprehensive listing of all
system end devices

10. 10Proprietary
Security Measure Identification: Control System
FLOW CONTROL
WHITELISTING
A strong form of access control denies access by
default unless on the “whitelist.”
Manage data flow between system devices
at an efficient pace
SECURITY HARDENING
Build control system software and
hardware security from the ground up
ACCESS CONTROL
Restrict system access to only authorized operators
and devices

11. 11Proprietary
Prioritized Security Implementation
05 HOST BASED PROTECTIONS
04 RAPID RECOVERY03 RISK-BASED PRIORITIZATION
06 MONITOR & TEST
02 TECHNICAL SECURITY
01 PLAN OF ACTION
!

12. 12
Not all security postures are created equal
Legacy Security Paradigm
Intrusion
Detection
Whitelisting Authentication Encryption Soft/Hardware
Hardening
Defense in Depth Security Paradigm
Firewall

13.  Jim.Dodenhoff@iperc.com
 M310-936-9456
www.IPERC.com
IPERC Contact: Jim Dodenhoff
Regional Business Development
Director