10 fn s32


Published on

  • Be the first to comment

  • Be the first to like this

10 fn s32

  1. 1. RSA Approach to Securing the Smart Grid Sam Curry (curry_sam@emc.com) Chief Technology Officer RSA, The Security Division of EMC EMC CONFIDENTIAL—INTERNAL USE ONLY 1
  2. 2. Introduction – what I am hearing…  ―Nothing Strategic Please! I have fines to avoid!‖ Customer in Pacific Northwest, 2009  ―All I hear is FUD!‖ and ―Hear comes the FUD!‖ Customer in US Southeast, 2010  ―Have others been through this?‖ Customer in Australia, mid-2009  ―I don’t have to protect it because it’s not Critical Infrastructure‖ Details withheld to protect the innocent (and not so innocent)  ―We have to roll these out…or we don’t get the money!‖ Smart customer who wants grant money…of course no one expected it to be taxable!  ―My biggest competitor…definitely Google!‖ Smarter customer who was looking ahead! EMC CONFIDENTIAL—INTERNAL USE ONLY 2
  3. 3. Business First Principles  Rule #1: Business is ultimately about Risk v. Reward  Rule #2: IT should be a service to the business – Transparent and easy to use – Flexible – Ubiquitous • ―GRC‖…a little out of order – G: tell the IT infrastructure what to do and be sure it can do it – C: have the IT infrastructure tell you what is happening – R: manage the business priority and reduce risk EMC CONFIDENTIAL—INTERNAL USE ONLY 3
  4. 4. Our Utilities Customers Tell Us They Are Under Tremendous Pressure… Industry Drivers and Trends  Smart Grid technologies require infrastructure to support more Exponential data than ever before Data Growth  Rising concerns on data security, protections and management  Significant need for new capacity Supply-Side  Carbon legislation in various stages worldwide Constraints  Cost convergence of traditional and renewable generation sources Aging  Knowledge retention issues will rise with ~30% of the workforce Exploding Information retiring in the next five years Workforce Assets ―The penetration of  Most equipment is already past its current life expectancy Antiquated  Outages and disruptions occurring more frequently now than smart metering will Infrastructure ever before increase dramatically from around 6% of Public Safety  Grid vulnerable to acts of terrorism and natural disasters households in Europe and Security  Increased urgency to ―protect the grid‖ and North America today, to 41% in Europe  Increasingly stringent federal and state regulations mandate new Regulatory and 89% in North levels of data retention, data security—both electronic and Concerns America by 2012‖ physical—and energy efficiency — Datamonitor Source:McKinsey, Gartner EMC CONFIDENTIAL—INTERNAL USE ONLY 4
  5. 5. …And Today’s Antiquated Energy Grids Are Not Helping One way power flow from traditional sources, simple interactions, limited visibility or communication Power Co. Generator Substation Transformer Step Up Step Down Drum Step Transformer Transformer Down Data Center Generation Transmission & Distribution Meter & Home  Limited focus  Dominated by  Poor power quality  Labor-intensive meter on efficient data central generation  Focus on outages not efficiency reading still prolific management  Few generation or resiliency  Limited options for  Information options  Antiquated equipment past consumers infrastructure  Poorly integrated expected life on average  Households typically not a priority wholesale markets uninformed and non-participative EMC CONFIDENTIAL—INTERNAL USE ONLY 5
  6. 6. Smart Grid 1.0: Advanced Metering Infrastructure (AMI) By adding a communications layer and sensors across the grid, AMI enables more efficient use of electricity by consumers and improved problem detection and systems operations by utilities Communications Layer: Monitoring and Control Fixed or Wireless Sensors Power Co. Smart Meters Data Center Generation Transmission & Distribution Meter & Home  Meter data more  Smarter customers  Improved problem detection  Better understanding of accessible start to reduce and outage management energy usage via portals – Sophisticated billing strains on energy – Customer portals  Real-time pricing generation becomes available – Service limiting  Data storage and  Simplified demand compliance capable management EMC CONFIDENTIAL—INTERNAL USE ONLY 6
  7. 7. The Smart Grid Fully automated and integrated power delivery network, ensuring a two-way flow of electricity and information between the power plant and the appliance to save energy, reduce cost and increase reliability Communications Layer: Monitoring and Control IP-based Renewables Surveillance Integration Fixed or Wireless Electric Vehicle Energy Sensors Integration Power Co. Storage Smart Meters Data Center Generation Transmission & Distribution Meter & Home  Automated billing  Fully integrated  Real-time outage notification  Demand response  Innovative pricing energy sources  Resilient and self-healing management including  Smart appliances  Customer portal renewables,  Secure and protected  Cross- and up- biomass, etc.  GIS for efficient crew dispatch  Remote energy selling management and  Load balancing  Mini-generation within grid control opportunities  Electric vehicle support EMC CONFIDENTIAL—INTERNAL USE ONLY 7
  8. 8. AMI and Early Smart Grid Best Practices Are Forming Across the Globe Deployments underway Investments planned Planning/pilot stage No significant activity Examples in the United States Examples in the European Union  Smart Grid pilots underway across the country, e.g.,  EU electricity directive foresees 80% smart meter penetration – Xcel’s ~$100 million Smart Grid city in Boulder, CO, by 2020 – NationalGrid’s $57 million Smart Grid pilot around Worcester, MA  Smart Grid seen as a key element to achieve the 20/20/20 vision (cut greenhouse gas emissions by 20% from 1990 levels,  Federal government has allocated $4.5 billion in stimulus increase renewable energy usage by 20%, and cut energy bill to boost Smart Grid consumption through improved energy efficiency by 20%) Source: Morgan Stanley, McKinsey, Capgemini EMC CONFIDENTIAL—INTERNAL USE ONLY 8
  9. 9. The Potential Challenges  Availability – Redundancy, Root failure analysis, Self-healing, Incident Management  Integrity – Digital signatures, Compliance management  Confidentiality – Authentication, Authorization, Encryption  Visibility – Logging, Reporting, Alerting EMC CONFIDENTIAL—INTERNAL USE ONLY 9
  10. 10. The Potential Challenges  Denial of Service – Overloading devices, segments – Disconnect  Theft of Service – Data diddling – Redirection – Enrollment  Using the Grid to perpetrate other crimes – Identity theft – Burglary – Terrorism – Vandalism – Other – e.g. HAN devices  The future… EMC CONFIDENTIAL—INTERNAL USE ONLY 10
  11. 11. EMC Brings IT Leadership and Expertise to Utilities as IT and Grid Operations Converge IT and Data Center  CIO office and IT operations  CSO and security operations  Customer and marketing services  Information asset and resource management Grid Operations  Power delivery  Transmission services  Meter management  Engineering and system performance  Grid asset management EMC CONFIDENTIAL—INTERNAL USE ONLY 11
  12. 12. Information Risk Management Business / Regulatory Drivers 1 Define Policy Classification & Control Policy 2 Discover/Detect High Value Inadequate Information, Entities Information Infrastructure controls Information Credentials or Risk or process Assets 3 Implement & Enforce 4 Monitor & Report EMC CONFIDENTIAL—INTERNAL USE ONLY 12
  13. 13. Secure Information Infrastructure Ensure the right entities have access to the right information over a trusted infrastructure Entities Infrastructure Information Smart meters MDM infrastructure Networks Enable Block Applications Public Sensitive Authorized Harmful Databases and files Marketing Control devices applications data Storage Earnings Partners Criminals IP/ PII Employees Spies Topology in a system/process that is easy and efficient to manage EMC CONFIDENTIAL—INTERNAL USE ONLY 13
  14. 14. Our Customers Typically Define AMI Across a Number of Layers CIS OMS Billing Other Business Applications Mission-critical applications that leverage data from the MDMS for processes like billing and outage management Middleware (Enterprise Service Bus) IT and Data Compute and Meter Data Management System (MDMS) Center Central data repository that collects and analyzes meter Storage MDMS DW data from the HES, posts billing determinants and delivers the information to business applications. Increasingly data warehouses are also being deployed for business BI Storage intelligence (BI) applications Communications Network/Head End System (HES) Head End System The head end system aggregates the stream of data Grid Operations flowing back to the utility from thousands to millions of meters through the AMI network. This can be over a variety Cell of protocols, with IP emerging. DCU Relay Smart Meters Meter able to collect and store electricity interval data and Smart Smart Smart Smart also to initiate and respond to two-way communications meter meter meter meter with the utility Customer Portals Customer Portals End-user tools for real-time energy usage and pricing and a means to improve the end-user experience EMC CONFIDENTIAL—INTERNAL USE ONLY 14
  15. 15. RSA in Gridstream Architecture Embedded Crypto Mesh Network (Routers, Meters, etc.) Key Proxy Meter Collector Meter Data Head-end Key Manager Servers 15 EMC CONFIDENTIAL—INTERNAL USE ONLY 15
  16. 16. RSA, The Security Division of EMC RSA can provide a suite of data protection, Business Applications Network and IT Management encryption, authentication, and log management Compute and Meter Data Management Consulting Security solutions for end-to-end security and compliance of Communications Network/HES the Smart Grid. Smart Meters Customer Portals  Protecting data at rest and data in flight, while balancing BSAFE Encryption encryption overhead with limited meter compute, storage and bandwidth capabilities Key &  Enterprise key management to reduce cost and complexity RSA Key Manager Certificate Management of securing the different layers of the AMI stack Certificate Manager User Access &  Ensuring appropriate access and control to critical SecurID Authentication systems and integrating those controls with existing Adaptive Authentication security infrastructure Security Information &  Collecting, analyzing and reporting on security and compliance information (e.g. control messages, usage data enVision Event Management and user data) Data Privacy &  Discovering all sources of sensitive information across the DLP (Data Loss Protection Smart Grid infrastructure to ensure proper governance and Prevention) FERC/NERC compliance  Manage the lifecycle of a security incident from alert Archer Incident Management through investigation to ultimate close EMC CONFIDENTIAL—INTERNAL USE ONLY 16
  17. 17. The RSA Approach Products Designed to Work as a System Business Process Automation Archer: Policy, Risk, Threat, Vulnerability, Incident Management Entities Infrastructure Information Access / Fraud Firewall / Anti- Configuration, Data Loss Authentication Encryption Rights Mgmt. Provision Prevention IPS Malware Patch, Vulnerability Prevention Centralized Policy Management Datacenter Automation Authentication Provisioning Fraud DLP Key Mgmt and Compliance Policy Decision & Enforcement Access Fraud DLP SecurID KM App Manager Action Ionix Ionix Endpoint Datacenter Service Mgmt DLP BSAFE Adaptive Federated Transaction Network Auth Identity Mgr Monitoring Ionix Ionix DLP Service SAN Switch IT Operations Datacenter Identity Digital eFraud Discovery Verification Certificates Network Email Tape/Disk Encryption BSAFE Microsoft Database RMS enVision EMC CONFIDENTIAL—INTERNAL USE ONLY Policy Monitor | Audit | Report 17
  18. 18. EMC Can Provide or Support Critical Components of AMI at Every Level of the Stack AMI Stack RSA, The Security Division of EMC Business Applications EMC Physical Security Network and IT Management EMC Ionix Compute and Meter EMC Information Infrastructure Data Management Security Consulting EMC Consulting Communications - Business Network/HES - Application - Infrastructure Smart Meters Content Management Virtualization (VMware) & the Cloud Customer Portals EMC CONFIDENTIAL—INTERNAL USE ONLY 18
  19. 19. RSA Approach to Securing the Smart Grid Thank you! EMC CONFIDENTIAL—INTERNAL USE ONLY 19
  20. 20. Archer Out-of-the-Box Solutions The Foundation for a Best-in-Class GRC Program Audit Management Policy Management Centrally manage the planning, Centrally manage policies, map them to prioritization, staffing, procedures objectives and guidelines, and promote and reporting of audits to increase awareness to support a culture of collaboration and efficiency. corporate governance. Business Continuity Management Risk Management Automate your approach to business Identify risks to your business, evaluate continuity and disaster recovery them through online assessments and planning, and enable rapid, effective metrics, and respond with remediation crisis management in one solution. or acceptance. Threat Management Compliance Management Track threats through a Document your control framework, centralized early warning system assess design and operational to help prevent attacks before effectiveness, and respond to policy they affect your enterprise. and regulatory compliance issues. Vendor Management Enterprise Management Centralize vendor data, manage Manage relationships and relationships, assess vendor risk, and dependencies within your enterprise ensure compliance with your policies hierarchy and infrastructure to and controls. support GRC initiatives. Incident Management Report incidents and ethics violations, manage their escalation, track investigations and analyze resolutions. EMC CONFIDENTIAL—INTERNAL USE ONLY 20
  21. 21. How do regulations change? IV MATURITY III II I First Get Tough Dictate Catalysis Mature TIME Attention Evolutionary Primordial Simple Complex Vertebrates iLife now Equivalency soup Celled Life Organisms possible Regulation ―Please!‖ ―Well, it’s ―Now I’m ―Now we’re ―Looks like Tone for your going to all adults – you’re a step own good‖ show you that’s more ahead of how!‖ like it‖ me!‖ EMC CONFIDENTIAL—INTERNAL USE ONLY 21
  22. 22. Smart Grid Will Functionally Evolve Over the Next 15 Years Beginning with Smart Metering Evolution of Smart Grid The Smart Grid Grid Grid Automation & Transformation CUMULATIVE BENEFITS Home Networking Smart Metering  Plug-in hybrid electric vehicles integration  Transmission and distribution automation e.g., fault  Distributed storage (including Advanced Metering prediction vehicle-to-grid) Infrastructure (AMI)  Seamless integration of  Supply/demand balancing renewables  Remote home energy – Intermittent and distributed monitoring and control  15 min. interval meter reads generation  Usage aware appliances  Outage monitoring and  Smart appliances management  Self-healing grid – Usage monitoring  Demand side management  Large scale energy storage – Remote management (DSM): customer tools, visibility, and portals  Service limiting and prepay 1-3 years 3-7 years 7-15 years TIME Uncertainty of Requirements/Importance of Standards Lower Higher EMC CONFIDENTIAL—INTERNAL USE ONLY 22