Smart Grid Cyber Security


Published on

Discusses the security vulnerabilities associated with Smart Power Grid

Published in: Technology, Business
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Smart Grid Cyber Security

  1. 1. CYBER SECURITY OF SMART GRID JAZEEL K T 7821 E 7 Free Powerpoint Templates
  2. 2. CONTENTS <ul><li>Introduction </li></ul><ul><li>What is a smart grid? </li></ul><ul><li>Power grid automation </li></ul><ul><li>Classification of cyber attacks </li></ul><ul><li>Consequences of cyber attacks </li></ul><ul><li>Security requirements of a Smart Grid </li></ul><ul><li>Integrated Security Framework </li></ul><ul><li>Conclusion </li></ul>
  3. 3. Introduction <ul><li>Nations across the world face the challenge of increasing power production while reducing the carbon footprint.They need to minimize power loss and downtime, harness alternative power sources, and so on. </li></ul><ul><li>The numerous challenges facing them have one solution – smart grids. </li></ul><ul><li>While smart grids bring improvements in cost and performance, the security of the power grids becomes more complex and risky, calling for a comprehensive and integrated solution </li></ul>
  4. 4. Current electric grid Transmission Generation Customers Distribution
  5. 5. What is a smart grid? <ul><li>A digital upgrade to the existing electric grid technology that has been quite the same for over 100 years. </li></ul><ul><li>Integration of electrical infrastructure with information infrastructure. </li></ul><ul><li>Identified as a bigger opportunity than the internet itself. </li></ul><ul><li>Various points of power generation communicate with each other and use the shared information to make intelligent decisions. </li></ul>
  6. 6. Smart Grid: An overview Enterprise Systems Web Applications Control Systems Protection Systems Information Infrastructure Electrical Infrastructure AMI DSM OMS GIS Smart Grid Technology Cyber Secure
  7. 7. Smart Grid: An overview
  8. 8. Communication Switch / Communication Processor Transmission/Distribution Applications Operator training simulator Information Model Manager Communication front end ICCP Server User interface Historical HMI Dashboard Meters Wired I/Os Protective Relays Wired I/Os IEDs RTU/PLC/Protocol Gateway HMI Log Server I/Os SCADA/EMS CONTROL CENTRE Field Devices Other control centers Other control centers Other substations Planning Accounting Asset management Engineering CORPORATE SUBSTATION Power Grid Automation POWER GRID AUTOMATION SYSTEM
  9. 9. Cyber Security of Smart Grid <ul><li>Traditionally, power grid automation systems have been physically isolated from the corporate network. </li></ul><ul><li>This has been changing, perhaps due to the cost effectiveness of utilizing public networks. </li></ul><ul><li>Using public networks considerably increases the vulnerability of power grids to cyber attacks by increasing the exposure surface of these networks. </li></ul>
  10. 10. Classification of cyber attacks
  11. 11. Component-wise attack Internet <ul><li>Hacker sends an e-mail with malware </li></ul><ul><li>E-mail recipient opens the e-mail and the malware gets installed quietly </li></ul><ul><li>Using the information that malware gets, hacker is able to take control of the e-mail recipient’s PC! </li></ul><ul><li>Hacker performs an ARP (Address Resolution Protocol) Scan </li></ul><ul><li>Once the Slave Database is found, hacker sends an SQL EXEC command </li></ul><ul><li>Performs another ARP Scan </li></ul><ul><li>Takes control of RTU </li></ul>Perform ARP Scan SQL EXEC Perform ARP Scan Takes Control of RTU Send e-mail with malware Admin Acct Slave Database Operator Operator Master DB RTU Opens Email with Malware Admin
  12. 12. Consequences of cyber attacks
  13. 13. Consequences of cyber attacks
  14. 14. Consequences of cyber attacks
  15. 15. Security Requirements <ul><li>Many cyber security solutions exist to protect IT networks and to reduce their vulnerability to attacks. </li></ul><ul><li>These IT-based cyber security solutions come short of providing the same level of security at the control and automation levels. </li></ul><ul><li>Power automation systems and applications were not originally designed for the general IT environment. </li></ul>
  16. 16. IT Networks and Smart Grid A comparison of security requirements
  17. 17. Security Objective <ul><li>IT Networks </li></ul><ul><li>Main security objective is data, in terms of; </li></ul><ul><ul><li>Data integrity </li></ul></ul><ul><ul><li>Data confidentiality </li></ul></ul><ul><ul><li>Data availability </li></ul></ul><ul><li>Smart Grid </li></ul><ul><li>First priority is always human safety </li></ul><ul><li>Second priority is to ensure that the system runs under normal operating conditions. </li></ul><ul><li>Third priority is the protection of equipment and power lines. </li></ul>
  18. 18. Security Architecture <ul><li>IT Networks </li></ul><ul><li>Data server resides at the centre and access points, used by the end users, at the edge. </li></ul><ul><li>Data server requires more protection than the edge nodes </li></ul><ul><li>Smart Grid </li></ul><ul><li>EMS/SCADA at the centre, RTU/PLCs at the edge. </li></ul><ul><li>Usually only devices controlled by RTU/PLCs can do direct damage to humans, equipments and power lines. </li></ul><ul><li>Edge nodes need the same level of protection as the central devices. </li></ul>
  19. 19. Technology Base <ul><li>IT Networks </li></ul><ul><li>Use common OS (Windows, Linux, Unix) and common networks (Ethernet). </li></ul><ul><li>Communication protocols common, IP-based. </li></ul><ul><li>Common security solutions can be designed based on these common architectures. </li></ul><ul><li>Smart Grid </li></ul><ul><li>Different system vendors use proprietary OS and network protocols. </li></ul><ul><li>Communication protocols different. </li></ul><ul><li>Difficult to develop common host-based or network-based security solutions. </li></ul>
  20. 20. Quality of Service Requirements <ul><li>IT Networks </li></ul><ul><li>Tolerances for delay of data exchange, and occasional failures are not as strict as power grid automation network. </li></ul><ul><li>Simply rebooting a computer or application is a common solution in the case of failures. </li></ul><ul><li>Smart Grid </li></ul><ul><li>Rebooting is not acceptable in many control applications in power grid systems. </li></ul>
  21. 21. Integrated Security Framework A novel framework of security solution for smart grid
  22. 22. Design Principles <ul><li>Three layers: </li></ul><ul><ul><li>Power </li></ul></ul><ul><ul><li>Automation & Control </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><li>Provides clear demarcation of control and security functionalities. </li></ul><ul><li>Scalability: security performance remain unabated with increase in load and system volume. </li></ul><ul><li>Extendibility: able to handle any future state of power grid. </li></ul><ul><li>Can be integrated into the existing, legacy systems in a non-intrusive fashion. </li></ul>
  23. 23. Components <ul><li>SECURITY AGENTS </li></ul><ul><li>Bring security to the edges of the system. </li></ul><ul><li>Firmware or software </li></ul><ul><li>Less intelligent at lower levels, more at higher levels </li></ul><ul><li>Functions: </li></ul><ul><ul><li>To translate between different protocols. </li></ul></ul><ul><ul><li>To acquire and run the latest vulnerability patches from its security manager. </li></ul></ul><ul><ul><li>To collect data traffic pattern, system log data and report to the security manager. </li></ul></ul><ul><ul><li>To analyze traffic and access patterns with varying complexity depending on the hierarchical layer. </li></ul></ul>
  24. 24. Components <ul><ul><li>To run host-based intrusion detection. </li></ul></ul><ul><ul><li>To detect and send alarm messages to the security manager and designated devices, such as HMI. </li></ul></ul><ul><ul><li>To acquire access control policies from the security manager and enforce them. </li></ul></ul><ul><ul><li>To encrypt and decrypt exchanged data </li></ul></ul><ul><li>MANAGED SECURITY SWITCH </li></ul><ul><li>To protect bandwidth and prioritize data. </li></ul><ul><li>Work as network devices and connect controllers, RTUs, HMIs, and servers in the substation and control center. </li></ul>
  25. 25. Components <ul><li>Functions of Managed Security Switch </li></ul><ul><ul><li>To separate external and internal networks, hide the internal networks. </li></ul></ul><ul><ul><li>To run as a DHCP (Dynamic Host Configuration Protocol) server. </li></ul></ul><ul><ul><li>To acquire bandwidth allocation pattern and data prioritization pattern from the security manager. </li></ul></ul><ul><ul><li>To separate data according to prioritization pattern, such as operation data, log data, trace data and engineering data. </li></ul></ul><ul><ul><li>To provide QoS for important data flow, such as operation data, guaranteeing its bandwidth, delay. </li></ul></ul><ul><ul><li>To manage multiple VLANs (Virtual Local Area Network). </li></ul></ul><ul><ul><li>To run simple network-based intrusion detection </li></ul></ul>
  26. 26. Components <ul><li>SECURITY MANAGER </li></ul><ul><li>Connect directly or indirectly to managed security switches. </li></ul><ul><li>Functions: </li></ul><ul><ul><li>To collect security agent information. </li></ul></ul><ul><ul><li>To acquire vulnerability patches from a vendor’s server and download them to the corresponding agents. </li></ul></ul><ul><ul><li>To manage keys for VPN. </li></ul></ul><ul><ul><li>To work as an AAA (Authentication, Authorization and Accounting) server, validating user identifications and passwords, authorizing user access right (monitor, modify data), and recoding what a user has done to controllers. </li></ul></ul>
  27. 27. Components <ul><ul><li>To collect data traffic pattern and performance matrix from agents and switches. </li></ul></ul><ul><ul><li>To collect and manage alarms/events from agents, switches. </li></ul></ul><ul><ul><li>To generate access control policies based on collected data and download to agents. </li></ul></ul><ul><ul><li>To run complex intrusion detection algorithms at automation network levels. </li></ul></ul><ul><ul><li>To generate bandwidth allocation pattern and data prioritization pattern and download them to managed switches. </li></ul></ul><ul><li>Security manager sits in the center of the power grid automation network, managing what and how security functions are performed by security agents and QoS functions performed by the managed security switch. </li></ul>
  28. 28. Intrusion Detection System <ul><li>Anomaly based Intrusion Detection System (IDS) is used. </li></ul><ul><li>Sound alarms when observed behavior is outside baseline parameters. </li></ul><ul><li>Performed at three levels: </li></ul><ul><ul><li>Security agent performs intrusion detection based on the CPU and memory utilization of the protected device (such as RTU/PLC), scan time, protocol pattern, communication partners, etc. </li></ul></ul><ul><ul><li>Managed security switch performs intrusion detection function based on the delay of data packet, the allocated bandwidth profile, protocol pattern, etc. </li></ul></ul><ul><ul><li>Security manager performs intrusion detection at the highest level, by monitoring power grid system and its automation system state. </li></ul></ul>
  29. 29. Conclusion <ul><li>It is misleading to suggest that IT people take the full responsibility for power grid network security including automation and control networks. </li></ul><ul><li>Compared with regular IT systems, power automation systems have definite different goals, objectives and assumptions concerning what needs to be protected. </li></ul><ul><li>It is necessary to embrace and use existing IT security solutions where they fit, such as communication within a control center, and develop unique solutions to fill the gaps where IT solutions do not work or apply. </li></ul>
  30. 30. References <ul><li>Dong Wei; Yan Lu; Jafari, M.; Skare, P.; Rohde, K.; , &quot;An integrated security system of protecting Smart Grid against cyber attacks,&quot; Innovative Smart Grid Technologies (ISGT), 2010 , vol., no., pp.1-7, 19-21 Jan. 2010. </li></ul><ul><li>Ericsson, G.N., &quot;On requirements specifications for a power system communications system,&quot; Power Delivery, IEEE Transactions on,vol.20, no.2, pp. 1357-1362, April 2005. </li></ul><ul><li>Anthony R. Metke and Randy L. Ekl, “Security Technology for Smart Grid Networks”, Smart Grid, IEEE Transactions on, vol. 1, no. 1, June 2010 </li></ul><ul><li>Amin, M., &quot;Energy Infrastructure Defense Systems,&quot; Proceedings of the IEEE, vol.93, no.5, pp.861-875, May 2005. </li></ul><ul><li> </li></ul>
  31. 31. THANK YOU Free Powerpoint Templates
  32. 32. Questions