Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security and smart grid what you need to know john chowdhury 2012 final


Published on

The presentation outlines the current regulations, threats and issues with Smart Grid security and how to mitigate the risk.

Published in: Technology, Business
  • Be the first to comment

Security and smart grid what you need to know john chowdhury 2012 final

  1. 1. introducing Utility of the Future SeriesSmart Grid Security &Reliability What You Need to Know – February, 2012 John Chowdhury
  2. 2. About the AuthorJohn Chowdhury:• has been working in the Utility Industry for the last 23 years• His clients includes CenterPoint, San Diego Gas & Electric, APS, Southern California Edison, Vectren, TXU, NIPSCO to name a few Objectives of• Create a Federated Knowledge Repository to take  advantage of knowledge, regardless of where it is housed• Support multiple channels from a single knowledge  repository (Country‐State‐City‐Utility‐Regulator‐Partner ‐Vendor‐etc.)• Knowledge repository is based on the context and intent• To Leverage Subject Matter Experts to improve your success  factors• Adaptive Knowledge architecture that will support all your needs with a single repository and remain flexible to change as needed• Use the Adaptive Knowledge architecture to support Transparency of knowledge, Cloud computing, Mobile presentation, and Social use of knowledge with  no additional changesIt’s about Success, and Knowledge Sharing © 2012 | Not to be reproduced without permission Page: 2
  3. 3. Why you should consider this report • Understand current security issues • Understand the reliability standards • How to develop a sustainable security and  reliability process • Approach to governance • Tips beyond planning System vulnerabilities and threats are constantly changing 2/22/2012 © 2012 | Not to be reproduced without permission Page: 3
  4. 4. Objective of This Research Ultimate objectives of Smart Grid is to have  interconnected critical power generation and  distribution systems (intelligent supply and  demand)  Defining, designing, implementing and  managing Security should consider the  overall objectives of Smart Grid  A good framework can be start  © 2012 | Not to be reproduced without permission Page: 4
  5. 5. Security Concerns for Smart GridThe security concerns of smart grid are numerous. For this presentation, we are assuming the SG/AMI encompasses Generation to Meter capabilities (or a subset of this process).  Thus SG/AMI represents an extremely large network that touches many private networks and is designed for command and control in order to support FLISR, Volt/Var, Intelligence Switch, Remote Disconnect, Demand Response, Billing, and other features. Combined with a lack of industry‐accepted security standards, the smart grid represents significant risk to connected systems that are not adequately isolated.  Specific security concerns include the following: 1. Smart meters are highly accessible and therefore require board‐ and chip‐level security  in addition to network security 2. Smart grid protocols vary widely in their inherent security and vulnerabilities 3. Neighborhood, home, and business LANs can be used both as an ingress to the AMI,  and as a target from the AMI 4. Smart grids are ultimately interconnected with critical power generation and  distribution systems  (main focus of this presentation) 5. Smart grids represent a target to private hackers (for financial gain or service theft) as  well as to more sophisticated and serious attackers (for sociopolitical gain or cyber  warfare) 2/22/2012 © 2012 | Not to be reproduced without permission Page: 5
  6. 6. Challenges Faced by OrganizationsWith rapid development and deployment of AMI and Smart Grid, security issues with ever increasing threat profiles, organizations faced with these challenges, organizations ask themselves: – What are the potential security threats and vulnerabilities?  – Are our Smart Grid security initiatives aligned with our business needs? – Are our Smart Grid vendors security implementation within their products  compliant with Federal Requirements and compatible with ours?  – Are our Smart Grid security practices providing adequate assurance to meet  regulation or compliance agreements? – Are we perceived as a responsive and proactive organization meeting the  needs of our stakeholders, our customers, and trading partners? – Do our Smart Grid security controls align with industry‐related and  internationally accepted practices, standards and guidelines? – Are we aware of our security risks and are they being effectively managed? – Are we measuring the effectiveness of our Smart Grid security Investments? Bottom Line…..Are We Secure? 2/22/2012 © 2012 | Not to be reproduced without permission Page: 6
  7. 7. Security and Sustainability ‐ New School Solutions Old School New School  Develops Reliability,   Develops comprehensive,  Cyber, Control System, IT  sustainable, capable, and  in separate silos transforming processes  Cling to safe, existing   Recognizes opportunities to  processes even when  experimentally change  they are inadequate processes and seeks to adapt  Rely on  past solution to  solve today’s issues 2/22/2012 © 2012 | Not to be reproduced without permission Page: 7
  8. 8. Security and Reliability: Standards and Regulations NERC /  NIST CIP (DOE/DHS) (under FERC) SECURITY ISO‐ ISA‐99 THREATS 27002 NISPI Emerging Technologies in Smart Grid, introducing new  opportunities for security breach  2/22/2012 © 2012 | Not to be reproduced without permission Page: 8
  9. 9. NERC CIP ExplainedNERC CIPThe NERC CIP reliability standard identifies security measures for protecting critical infrastructure with the goal of ensuring the reliability of the bulk power system. Compliance is mandatory for any power generation facility, and fines for noncompliance can be steep. The CIP reliability standards consist of nine sections, each with its own requirements and measures. They are CIP‐001‐4—Sabotage Reporting. Requires that all disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.CIP‐002‐4—Critical Cyber Asset Identification. Requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be identified through the application of a risk‐based assessment.CIP‐003‐4—Security Management Controls. Requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets.CIP‐004‐4—Personnel and Training. Requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment, training, and security awareness.CIP‐005‐4—Electronic Security Perimeter(s). Requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter.CIP‐006‐4—Physical Security of Critical Cyber Assets. Ensures the implementation of a physical security program for the protection of Critical Cyber Assets.CIP‐007‐4—Systems Security Management. Requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (noncritical) Cyber Assets within the Electronic Security Perimeter(s).8CIP‐008‐4—Incident Reporting and Response Planning. Ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets.9CIP‐009‐4—Recovery Plans for Critical Cyber Assets. Ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices 2/22/2012 © 2012 | Not to be reproduced without permission Page: 9
  10. 10. ISO 27002 ExplainedISO 27002 is a set of security recommendations published by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC), and may be referred to as ISO/IEC 27002 or ISO/IEC 27002:2005. ISO 27002 defines “Information technology—Security techniques—Code of practice for information security management,” and is not specific to industrial network security. ISO standards are widely used internationally and can be easily mapped to the recommendations of NIST, NRC, NERC, and others, as they consist of functional guidelines for: 1. Risk assessment  2. Security policy and management  3. Governance 4. Asset management  5. Personnel security  6. Physical and environmental security  7. Communications and operations management  8. Access control 9. Asset acquisition, development, and maintenance  10. Incident management  11. Business continuity management  12. Compliance 2/22/2012 © 2012 | Not to be reproduced without permission Page: 10
  11. 11. ISA‐99 ExplainedISA standard 99 (ISA‐99) is an industrial control security standard created by the International Society of Automation (ISA) to protect SCADA and process control systems. ISA‐99 offers varying security recommendations based on the physical and logical location of the systems being protected as well as their importance to the reliable operation of the system. In orderto accomplish this, ISA‐99 first attempts to classify functional areas of an industrial system into specific security levels andthen provides recommendations for separating these areas into “zones.” ISA‐99 also defines the interconnectedness of zones as well as how to enforce security. For utilities, the most public systems such as Internet or Internet‐facing systems within the business LAN would continue level 5, while the rest of the business LAN may map to level 4. Supervisory networks (i.e., the SCADA DMZ network) would represent level 3, and so on, with the actual “control system” (the SCADA networks, HMI systems, field devices, instrumentation and sensors) at level 0. ISA‐99 organizes security recommendations into seven foundational requirements and each foundational requirement consists of multiple system requirements (SRs). SR 1.1—IACS user identification and authentication SR 1.2—Account managementFR1—Access Control (AC) SR 3.1—Communication integrity SR 3.2—Malicious code protectionFR2—Use Control (UC) SR 3.3—Security functionality verificationFR3—Data Integrity (DI) SR 3.4—Software and information integrityFR4—Data Confidentiality (DC) SR 4.3—Cryptographic key establishment and management SR 5.1—Information flow enforcementFR5—Restrict Data Flow (RDF) SR 5.2—Application partitioningFR6—Timely Response to an Event (TRE) SR 5.4—Boundary protection SR 7.1—Denial of service protectionFR7—Resource Availability (RA) SR 7.2—Management of network resources SR 7.6—Network and security configuration settings 2/22/2012 © 2012 | Not to be reproduced without permission Page: 11
  12. 12. NERC Compliance Monitoring Methods Initiated by NERC and Regional Entities (Audits)  Initiated by Entities (Continuing Compliance)  Self‐certification of compliance 1. Periodic compliance audits  1. Periodic reporting of compliance data and 2. Post‐event investigations  statistics 3. Random spot‐checking or audits  2. Exception reporting of compliance data and statistics (post‐event)  3. Self‐reporting of non‐compliance 4. Technical Feasibility Exceptions (TFEs) NERC Approach 1. Completeness 8. Looked at NIST and other frameworks for  2. Clarity suggestions and guidance 3. Practicality 9. Preserved some existing components of CIP‐ 002 through CIP‐009 4. Commensurate with BES impact 10. Requirements adapted from the DHS  5. Reduce Administrative Overhead Catalog of Control Systems Security (subset of  6. Minimize the Need for TFEs NIST SP 800‐53) 7. Leverage Investment in Current Standard 11. Includes directives from FERC Order 706 2/22/2012 © 2012 | Not to be reproduced without permission Page: 12
  13. 13. NERC Proposed Changes NERC Approach:  1. Looked at NIST and other frameworks for suggestions and guidance 2. Preserved some existing components of CIP‐002 through CIP‐009 3. Requirements adapted from the DHS Catalog of Control Systems Security (subset of NIST SP 800‐53) 4. Includes directives from FERC Order 706 BES Cyber  • A discrete set of one  System  • A group of one or more  or more  BES Facilities (i.e.,  programmable  Generation Subsystem,  electronic devices  • A Cyber System which if  Transmission  organized for the  rendered unavailable,  Subsystem, and Control  collection, storage,  degraded, or  Center) used to  processing,  compromised has the  generate energy,  maintenance, use,  potential to adversely  transport energy or  sharing,  impact functions critical to  ensure the ability to  communication,  the reliable operation of  generate or transport  disposition, or display  the Bulk Electric System. energy. of data. Bulk Electric System  Cyber System Subsystem (BES Subsystem)  2/22/2012 © 2012 | Not to be reproduced without permission Page: 13
  14. 14. Proposed CIP‐010‐1 and CIP‐011‐1 • Reliability Functions identified in the  Leverage Current  Potential Impacts standard Investments • Responsible Entity (Owner) identifies  BES Cyber Systems performing  • Redesign of the  • CA and CCA  Reliability Functions ESP Lists • BES Cyber Systems are categorized  • Redesign of the  • Restructure ESP (High / Medium / Low ) based on BES  PSP Impact Criteria identified in the  • Restructure PSP standard • Additional  • Security requirements (controls) are  Network  applied based on BES Cyber System  Security Devices impact categorization • Access Controls • All assets will be categorized • Monitoring and  • Retiring Terms: CA, CCAs, ESP, PSP Logging Major Differences 2/22/2012 © 2012 | Not to be reproduced without permission 14 Page: 14
  15. 15. NIST Interoperability and Cyber Security StandardsNIST Framework and Roadmap for Smart Grid Interoperability Standards v1 (NIST SP‐1108)Smart Grid interoperability standards should be open meaning the standards should be developed and maintained through a collaborative, consensus‐driven process  Phase III Other Issues to AddressPhase IISmart Grid Interoperability  Smart Grid Conformity Testing  1. Electromagnetic Disturbances Framework  2. Electromagnetic interferencePanel (SGIP) is a public‐private partnership providing  3. Privacy Issues in the Smart Grida permanent organizational  4. Safetystructure to support the continuing evolution of the framework. 2/22/2012 © 2012 | Not to be reproduced without permission Page: 15
  16. 16. NISTIR 7628 Guidelines for Smart Grid Cyber SecurityVolume I Volume II Volume IIISmart Grid Cyber Security  Privacy and the Smart Grid Supportive Analyses and Strategy, Architecture, and  ReferencesHigh‐Level Requirements Chp 5 – Privacy and the Smart  Grid Chp 6 – Vulnerability Classes Chp 1 – Cyber Security  Four Dimensions: Chp 7 – Bottom‐Up Security Strategy C, I, A, NR Analysis of the Smart Grid Chp 2 – Logical Architecture  1. Privacy of personal  information Chp 8 – Research and Seven Domains 22 Interface  Development CS in the SG Categories 2. Privacy of the person Chp 9 – Overview of the Chp 3 – High Level Security  3. Privacy of personal  Standards Review Requirements  behavior Chp 10 – Key Power System Chp 4 – Cryptography and Key  4. Privacy of personal  Use Cases for Security Management  communications Requirements 2/22/2012 © 2012 | Not to be reproduced without permission Page: 16
  17. 17. Regional Reliability Standards – Major Bodies • ERCOT: Electric Reliability Council of  Texas, Inc. • FRCC: Florida Reliability Coordinating  Council • MRO: Midwest Reliability Organization • NPCC: Northeast Power Coordinating  Council • RFC: Reliability First Corporation • SERC: SERC Reliability Corporation • SPP: Southwest Power Pool, Inc. • WECC: Western Electricity Coordinating  Council  Emerging Technologies in Smart Grid, introducing new  opportunities for security breach  2/22/2012 © 2012 | Not to be reproduced without permission Page: 17
  18. 18. Reliability Considerations• Coordination of controls and protection systems• Cyber security in planning, design, and operations• Ability to maintain voltage and frequency control• Disturbance ride‐through (& intelligent reconnection)• System inertia – maintaining system stability• Modeling harmonics, frequency response, controls• Device interconnection standards• Increased reliance on distribution‐level assets to meet  bulk system reliability requirements 2/22/2012 © 2012 | Not to be reproduced without permission Page: 18
  19. 19. Reliability Functional Model 2/22/2012 © 2012 | Not to be reproduced without permission Page: 19
  20. 20. Reliability Standard Categories Resource and Demand Modeling, Data, andBAL Balancing MOD Analysis Critical InfrastructureCIP Protection ORG Organization Certification Personnel Performance, Training, andCOM Communications PER Qualifications Emergency PreparednessEOP and Operations PRC Protection and Control Facilities Design, Connections andFAC Maintenance TOP Transmission Operations Interchange SchedulingINT and Coordination TPL Transmission Planning Interconnection Reliability Operations andIRO Coordination VAR Voltage and Reactive 2/22/2012 © 2012 | Not to be reproduced without permission Page: 20
  21. 21. Functional Entity/Reliability Standard Relation BAL CIP COM EOP FAC INT IRO MOD ORG PER PRC TOP TPL VAR Standards Developer Compliance Monitor Reliability Coordinator X X X X X X X X X Regional Reliability Org X X X X X X X X Planning Coordinator X X X Interchange Authority X X Balancing Authority X X X X X X X X Transmission Service Provider X X X X X Transmission Operator X X X X X X X X X X Generator Operator X X X X X X X X Transmission Owner X X X X X Generator Owner X X X X X X X Transmission Planner X X X Resource Provider X Load Serving Entity X X X X X X X X Purchasing- Selling Entity X X X Distribution Provider X X X 2/22/2012 © 2012 | Not to be reproduced without permission Page: 21
  22. 22. Smart Grid Components Devices Applications Measurement Communications •Synchrophasors and PMU •State Estimator and /Data •Precision time protocols Concentrators Contingency Analysis •Voltage and current angle • Information  Management •Wholesale and customer •Wide‐area situational differences protocols smart meters awareness •Voltage and current •Wide‐area networks and • Intelligent end devices •Event detection phasors and DLR communications (IEDs) •Disturbance location • Frequency • Field area networks and •Switched/controllable •Dynamic Ratings • Three‐phase AC voltage communications capacitor banks •Pattern recognition and/or current waveforms •Premises networks and •Digital fault recorders •Protection systems •Power system modeling communications • Plug‐in electric vehicles •Remedial action data and real‐time data •Wireless communications •Power quality meters •Demand Response from DLR •Substation LANs •Direct control load •Automatic meter Reading •Meter data common •Global Positioning System management •Voltage/reactive control profiles •Encryption •DLR for operations •Operator training  •Dynamic Line Ratings •Phasor Management • Tension and Sag simulator Networks Measurement •Data storage and retrieval 2/22/2012 © 2012 | Not to be reproduced without permission Page: 22
  23. 23. Smart Grid Conceptual Architecture Generation  Transmission  Substation  Distribution  Advanced  DER Automation Automation Automation Automation Metering DR/EV EE (DG/DS) Smart City Theft detection EV Management Meter data  Operator Simulation Pricing management Renewable load  Microgrid/  Street light monitor  Wide area monitoring Asset monitoring Grid/Asset monitoring & mapping Load disaggregation & targeting Islanding  following & control Remedial action  Load control &  Recommendation  DG/DS dispatch  Parking meter  Market management scheme Fault detection & management Outage detection shaping optimization monitor engine Automatic generation  Load management Volt‐VAR  Consumer portal Public EV  control optimization Management Municipal services  SCADA SCADA Meter management M&V apps Network Management SW (including device monitoring and APIs to support the SW components) Intra‐SS comms (Enet,  Neighborhood Area  RF Mesh WiMAX PLC 3G/GPRS RF Tower fiber, WiFi, serial) Networks  Home Area Network (2.4 GHz ZigBee, SEP 2.0, PLC, Zwave) Emergency services Dedicated Circuits (fiber, T1) Backhaul (fiber, WiMAX, cellular) Alternative Networks (Broadband, Cellular) Generation Control  Phasor measurement  Load tap changer &  Cap Bank controller &  Electric Meters EVSE Smart Appliances PV/Inverters Street lights Devices unit voltage regulator voltage regulator Recloser/Switch  Generation Digital fault recorder Transformer Monitor Gas Meters Load Switch Batteries Parking meters controllers Circuit breaker FCI/line sensor Water Meters PCT Flywheels Mobile devices Low‐voltage  IHD/Gateway PMU RTUs Public EVSE transformer monitor Generation T&D Consumer Non‐utility 2/22/2012 © 2012 | Not to be reproduced without permission Page: 23
  24. 24. Security compliance must be tested for each Network Gateway Backhaul to Office typically Fiber, PTP or Cellular Network NAN to Concentrator/Substation typically Radio, PLC or Cellular Meter/HAN to Concentrator WAN typically Radio, Mesh, PLC or Cellular LAN NAN HAN Current offerings have better cyber security, increased situational awareness, lower cost  of ownership, and improved data surfacing capabilities. 2/22/2012 © 2012 | Not to be reproduced without permission Page: 24
  25. 25. Network Security – Multiple Layers 2/22/2012 © 2012 | Not to be reproduced without permission Page: 25
  26. 26. A Note About DNP3DNP3 ‐ Security ConcernsWhile much attention is given to the IP network, there is no authentication or encryption inherent within DNP3 (although there is within Secure DNP3). Because of the well‐defined nature of DNP3 function codes and data types, it then becomes relatively easy to manipulate a DNP3 session. Also, while DNP3 does include security measures, the added complexity of the protocol increases the chances of vulnerability.  There are several known vulnerabilities with DNP3 that are reported by ICS‐CERT.Because there are known exploits in the wild and DNP3 is a heavily deployed protocol, proper penetration testing and patching of DNP3 interconnections is recommended. 2/22/2012 © 2012 | Not to be reproduced without permission Page: 26
  27. 27. The risks are enormous… and internal and external pressure continues to mountEffective management of Smart Grid security risks using a framework can drive better business and technology decisions and achieve better results. It can: • Protect electric grid Compliance Escalating Costs • Ensure Smart Grid integrity, availability,  Liability confidentiality • Reduce compliance liability  Unprotected Grid Business • Provide performance, compliance and  and AMI Network Risks Liability reliability • Enhance productivity and quality • Protect company assets Reduced Publicity Effectiveness Nightmare • Align Smart Grid programs with business  objectives • Improve customer service and  responsiveness • Leverage risk to support competitive  opportunities • Protect the Company reputation • Reduce cost by enhancing efficiency 2/22/2012 © 2012 | Not to be reproduced without permission Page: 27
  28. 28. Managing the risks to Smart Grid requires a management lifecycle Smart Grid Risk Management Elements Standards &  Architectures and Standards – Management Processes  Architecture Standards‐based, business driven security  – Business management processes are  architecture is used to develop and  refined and calibrated to efficiently  implement an enterprise‐level security  integrate security standards and expertise  program, operating model – core security  throughout the system development  program and architecture established lifecycle and day‐to‐day operations – evolutionary integration of security across  the enterprise including AMI and Smart  Grid Management   Processes Processes  & Methods Roles & Responsibilities Tools / Enablers Training & Awareness Solution  Compliance  Implementati Monitoring Compliance / Monitoring  on – Monitoring solutions are established to  Solution Implementation  allow mid‐level and senior management  – Security for Smart Grid Applications  to monitor and report security  and Architectures is defined, developed  performance effectiveness by measuring  and deployed consistent with the  key performance indicators – is  organization’s desired risk profile  – end‐ everything ok? to‐end transaction integrity achieved 2/22/2012 © 2012 | Not to be reproduced without permission Page: 28
  29. 29. Qualitative Risk AssessmentRisk Assessment: activities that are carried out to discover, analyze, and describe risks.Risk assessments may be qualitative, quantitative, or a combination of these.Internal audit is related to risk assessment; Qualitative Risk Assessment: A qualitative risk assessment occurs with a pre‐definedscope of assets or activities. Assets can, for example, consist of software applications, information systems,  CIP equipment, or physical security. Activities may consist of activities carried out by an individual, group, or department.A qualitative risk assessment will typically identify a number of characteristics about anasset or activity, including: • Vulnerabilities. These are weaknesses in design, configuration, documentation, procedure, or implementation. • Threats. These are potential activities that would, if they occurred, exploit specific vulnerabilities. • Threat probability. An expression of the likelihood that a specific threat will be carried out, usually expressed in a Low‐Medium‐High or simple numeric (1–5 or 1–10) scale. • Countermeasures. These are actual or proposed measures that reduce the risk associated with vulnerabilities or threats. 2/22/2012 © 2012 | Not to be reproduced without permission Page: 29
  30. 30. Risk Assessment MethodologiesThere are several different approaches and methodologies exist, among these approaches are:• OCTAVE: (Operationally Critical Threat, Asset, and Vulnerability Evaluation): Developed by Carnegie Mellon University’s Software Engineering Institute (SEI), OCTAVE is an approach where analysts identify assets and their criticality, identify vulnerabilities and threats, evaluate risks, and create a protection strategy to reduce risk.• FRAP: (Facilitated Risk Analysis Process). This is a qualitative risk analysismethodology that can be used to pre‐screen a subject of analysis as a means todetermine whether a full blown quantitative risk analysis is needed.• Spanning Tree Analysis: This can be thought of as a visual method for identifyingcategories of risks, as well as specific risks, using the metaphor for a tree and itsbranches. This approach would be similar to a Mind Map for identifying categoriesand specific threats and/or vulnerabilities.• NIST 800‐30:  Risk Management Guide for Information Technology Systems. Thisdocument describes a formal approach to risk assessment that includes threat andvulnerability identification, control analysis, impact analysis, and a matrix depiction ofrisk determination and control recommendations. 2/22/2012 © 2012 | Not to be reproduced without permission Page: 30
  31. 31. Steps in Creating Smart Grid Security Governance Process   Security and  Reliability Mission Smart Grid Security  Smart Grid  Vision  & Mission Security Strategy Smart Grid  Security Principles Motivation Smart Grid Security  Risk Tolerance Implication Architecture Smart Grid Security  Legislation and  Motivation Architecture Design  Regulatory Compliance Principles Smart Grid Security  Corporate  Conceptual Architecture Policies Smart Grid Security  Smart Grid Security  Policy Framework Functional Architecture Smart Grid Security  Smart Grid Security  Policies Physical Architecture Smart Grid Security  Smart Grid Security  Standards Operational Processes Smart Grid Security  Smart Grid Security  Management  Controls Processes 2/22/2012 © 2012 | Not to be reproduced without permission Page: 31
  32. 32. Security & Reliability Framework Security & Reliability Framework Smart Grid Security Drivers Reliability,  Risk Tolerance ,  Legislation  &  Regulations Security and Reliability Management Strategy Requirements  &  Planning Security & Reliability Governance Risk Management Principles Policies Smart Grid  Standards Security  Guidelines Architecture Procedures Operations Awareness  &  Audit Training Monitoring  &  Enforcement Management Measurement  &  Assessment 2/22/2012 © 2012 | Not to be reproduced without permission Page: 32
  33. 33. Security & Reliability Architecture …. provides a mechanism to deliver a consistent approach to Smart Grid security decisions  and solutions Conceptual  (Models ) ‐ Security & Reliability Principles Security & Reliability  ‐ Security & Reliability Policies User Communities Operation Trust Model Security Zones ‐ Security & Reliability Design Objectives Business Partners Administration, Availability Information Flow Control Stakeholders Monitoring & Compliance ‐ / Threat Risk Profile ‐ Security & Reliability Architecture Principles  Functional  ( Components ) Confidentiality ‐ Security & Reliability Standards  Identity Business Continuity  Intrusion Detection Logging  & Monitoring Authentication Backup  & Recovery Network Access Control Incident Management ‐ Security & Reliability Design Decisions Non‐repudiation Authorization Network Segmentation Reporting ‐ Security & Reliability Design Patterns  ) (  Credential Management Trusted Time Data Management Security Operation Centre ‐ Security & Reliability Component  Role Based Access Control Secure Storage  &  DMZ Vulnerability & Configuration  Definition Destruction Management Physical Security Physical  (Nodes ) Encryption Firewalls /VPNs ‐ Technical Operating Standards Credentials Private Keys  &  Switches / Routers SIM  & SEM ‐ Product Standards Profiles  Certificates IPS , NIDS  & HIDS KPIs  & Dashboard ‐ Security & Reliability Design Patterns  Authorization Rules Message Digest FIPS 140‐2 Vulnerability Assessment Credential Repository Digital Signature Anti‐Virus Security Baseline ‐ Process Documents URL Filter NTP ‐ Configuration Guidebooks ‐ Security & Reliability Node Definitions Access  AMI Network  &  Security & Reliability  Management Trust  &  Assurance SG Infrastructure Management 2/22/2012 © 2012 | Not to be reproduced without permission Page: 33
  34. 34. Smart Grid Security AssessmentInformation Gathering  Review environment  Types of systems  Timing requirements  Locations  Security & Reliability requirementsNetwork Analysis  Gain understanding of network architecture and systems in place  Identify Security & Reliability issues related to the network architecture  Identify Security & Reliability issues based on observed network components and network traffic  Identify interconnections with other networks - Intranets, wireless, dialupNetwork Vulnerability  Identify vulnerabilities in devicesAnalysis  Identify vulnerabilities in applicationsSystem Vulnerability  Identify vulnerabilities in devicesAnalysis  Identify system configuration and procedural vulnerabilities such as weak passwords, virus protection, patch management, system logging, etc.Application  Identify vulnerabilities in Smart Grid application componentsVulnerability AnalysisVulnerability  Review all data from automated tools and, where possible, check systemsIdentification/Validation to verify identified vulnerabilities 2/22/2012 © 2012 | Not to be reproduced without permission Page: 34
  35. 35. How does the Smart Grid security program operate? – Define the links, start with ISO and ELSSI ISO 27002 Information Security Management System INFORMATION TECHNOLOGY & SECURITY OPERATING MODEL Strategic Planning STANDARDIZATION RESILIENCE Information Security Program Normalized Normalized Enterprise Enterprise Approved Approved Approved Compliance Compliance Compliance Backup && Backup& Requirements Requirements Architecture Architecture Asset List Reporting Restoration Diversification Diversification Architecture Asset List Asset List Reporting Restoration Restoration Exceptions Exceptions Tools && Tools Risk Control Risk Control Risk Risk Network Network Policy Infrastructure Redundancy Redundancy Policy Infrastructure Library Library Library Reporting Reporting Defense Defense GOVERNANCE Architecture Architecture Policy Policy Project/Portfolio Project/Portfolio Third Party Third Party Performance Performance Risk Budget Risk Budget Risk Budget Executive Executive Definition Definition Review Management Metrics && & Definition Definition Review Management Metrics Metrics && Steering Committee Committee Committee Committee Committee Incentives Planning Committee Committee Committee Committee Committee Incentives Planning Planning SECURITY MANAGEMENT ACCESS MANAGEMENT OPERATIONS MANAGEMENT Delivery Risk Office Risk Office Policy Policy Certification && Certification Change Change Vulnerability Vulnerability Customer Customer Identity Identity Data Data Application Application Management Management Management Management Management Accreditation Accreditation Management Management Management Management Support Support Training & & Training Risk Risk Risk Compliance Compliance Configuration Configuration Incident Incident Systems Systems Infrastructure Infrastructure Personnel Personnel Personnel Physical Physical Physical Management Awareness Awareness Awareness Management Management Management Management Management Management Management Management Management Management Management 2/22/2012 © 2012 | Not to be reproduced without permission Page: 35
  36. 36. A sound Smart Grid security strategy should have proper balance and integration with the security governance, architecture and operations A security strategy is supported by Strategy three critical Strategy links security initiatives with business and technology components … objectives Architecture provides technology standards, models and technologies to be leveraged by the business Architecture 2/22/2012 © 2012 | Not to be reproduced without permission Page: 36
  37. 37. Smart Grid Security Process Integration Functional- Organization Technical Definition and Architecture Planning Definition Unit And Integration Solution Application Testing Requirements Design Process Build Rollout And Definition And Package Design and Deployment Selection Configuration Communications And Training Detailed Infrastructure Application Build And Monitor and Design Configuration Continuous Improvement Develop Security Related Training,Determine Business Communications, and ProceduresRisks And Security Security Functional-Requirements Technical Pre-Deployment Security Architecture And Testing Application Security Design High Level Security Design Security Processes Design Establish Users And Design Security Roles And Permissions Operational Support Requirements Rollout Security Architecture Build Application And Infrastructure Deploy Processes, Procedures, Security Components And Ensure And Organization Secure Configurations 2/22/2012 © 2012 | Not to be reproduced without permission Page: 37
  38. 38. Suggested Approach • Develop a prudent and compliant cyber security program • Identify systems considered business critical • Identify systems considered critical per NERC standards • Perform risk assessment for each category to determine the  financial impact of cyber security for each category • Develop documentation that meets needs for business critical  systems and documentation to meet NERC requirements – Be compliant with the NERC standards – Also, be prudent in the application of cyber security programs across  business and support systems, in addition to operational systems – Strive for compliant and prudent cyber security practices 2/22/2012 © 2012 | Not to be reproduced without permission Page: 38
  39. 39. Cyber Security is On‐going• System vulnerabilities and threats are constantly changing – Any modification, integration, upgrade, or test can impact a system’s  cyber vulnerability – Vulnerability assessments are only a snap‐shot in time• There is NO silver bullet – No single technology is sufficient to protect control systems – Relevant control system security policies and procedures are the best  solutions that we have without new technology developments  – Without appropriate policies, any technology can be defeated 2/22/2012 © 2012 | Not to be reproduced without permission Page: 39
  40. 40. Tips beyond Planning1. Do a gap analysis between requirements and what is provided by the vendors2. Get your vendors to comply with all security requirements3. Follow‐up and make sure your vendors are complying with all security  requirements4. Select a system based on SIEM to help manage and do compliance5. Using multiple layers of defense 6. Using alternate threat detection mechanisms 7. Use the full capability of security monitoring and analysis tool8. Look for either intentionally as an act of sabotage or in innocence and ignorance9. Only a properly trained and motivated staff can ultimately ensure that the  established technical controls will operate successfully 10. Secure all wireless network11. Misconfigurations – most vulnerabilities comes form configuration weaknesses 2/22/2012 © 2012 | Not to be reproduced without permission Page: 40
  41. 41. How to Choose a SIEM Tool What is SIEM? SIEM is the combination of two different types of products, SIM (Security Information  Management) that gathers and creates reports from security logs and SEM (Security  Event Manager) that uses event correlation and alerting to help with the analysis of  security events.  What to look for in a SIEM solution? Now that we know what a SIEM is and the resource commitments it requires, we can  take a look at various features and characteristics that you should pay attention to when  choosing a product: Licensing and scalability: Different SIEM vendors license their products differently. Some  of the most common licensing modes are: 1. Number of monitored computers/devices 2. Number of events per day/hour/minute and log volume size (in MB). If you have a  baseline of the logs you wish to monitor, you should already know most (if not all) of  this information beforehand. 2/22/2012 © 2012 | Not to be reproduced without permission Page: 41
  42. 42. If you have any questions… Please email or call me: John Chowdhury Phone: 214‐213‐6226 Upload, embed, and share away!© 2012 | Not to be reproduced without permission Page: 42
  43. 43. introducing Utility of the Future SeriesSmart Grid Security &Reliability What You Need to Know – February, 2012 John Chowdhury