SlideShare a Scribd company logo

Cyber security in power sector

Download as PPTX, PDF
P K Agarwal
P K Agarwal

This document discusses cyber security in the power sector. It begins with an overview of industrial control systems used for power systems and how they are susceptible to cyber attacks. It then discusses various cyber threats to power systems, how attackers could compromise systems, and strategies to effectively defend industrial control systems for power. These strategies include using industry best practices, secure design principles like zone and conduit architecture, secure interfaces with dual firewall DMZs, secure governance policies and compliance, and increasing security awareness. The document emphasizes that complete security is impossible and an optimized, cost-effective approach is needed.

Technology
1 of 17
Cyber Security in Power Sector P.K.Agarwal, Director and CISO Power System Operation Corporation Ltd., pkagarwal@ieee.org Date - 23-11-2018 1
Overview Industrial Control Systems (ICS): Essential for Power System, but susceptible to cyber attack. 01 Cyber Threats: How power systems can be compromised by cyber-attacks 02 Strategies to effectively defend Industrial Control System i.e. Power System 03 Best Practices and other suggested methods to ensure power system cyber security. 04 Date - 23-11-2018 2
Power System Energy Surety and Sustainability - key drivers ICS uses more and more IT Modern power system ICS can not be kept isolated All power systems have Industrial Control Systems (ICS) ICS are more venerable to cyber attack But, are power system ICS Secure? Date - 23-11-2018 3
Power System – Industrial Control System Distributed Control System (DCS) and Process Control Systems (PCS): A group of computers and/or smart field devices networked together to monitor and control industrial processes with direct feedback control. Control systems operate in near real time and is used in critical sectors such as Power Generation, Oil & Gas Refining, Water Treatment, Chemical, etc. May consist of BMI, PLC’s, stand alone power electronics controllers, microgrid controllers, Substation Automation systems, Supervisory Control and Data Acquisition (SCADA) system: Normally applied to a systems connected to devices over a larger area including multiple buildings or even many miles away. Operative word is Supervisory used in critical sectors such as Electrical Transmission & Distribution, Oil & Gas Pipelines, Water/Sewer, and Transportation. Date - 23-11-2018 4
Critical Power System Infrastructure Date - 23-11-2018 5
Power System - ICS Footprint Generator Control Systems SmartGrid Control and Automation Systems Utility Monitoring and Control Systems Supervisory Control and Data Acquisition (SCADA) Systems Transmission and Distribution Fuel management Systems Power Quality and UPS Systems Renewable Energy Control Systems And More……. Date - 23-11-2018 6
Cyber Threats - Sources National Governments Terrorists Industrial Spies and Organized Crime Groups Hacktivists Hackers Note - We no longer have days after infection to respond, current trends are minutes after infection to propagate! Date - 23-11-2018 7
Cyber Threat Actors • Insiders • Disgruntled employees • Disgruntled contractor • Active agencies • Competitors • Organized crime • Others Threats Date - 23-11-2018 8
Increasing and innovative attacks on Power Date - 23-11-2018 • First attack on Ukraine Power System in 2014-15. • Entry from IT system through an email attachment. • Switched off many feeder sub stations. • Made recovery difficult by corrupting SCADA, overloading customer services. • Now first malware specially made for electricity system is made. • Probably made by same attacker group responsible for Ukraine. • It CRASHOVERIDE. Hacks multiple p 9
Seven Strategies to Effectively Defend Industrial Control Systems Date - 23-11-2018 10
Use Industry Best Practices Network security: Firewalls, DMZ implementations, whitelisted connections, whitelisting applications, etc Secure Internet services Using systems that have gone through third part audits, such as the INL process Upgrading legacy ICS systems Upgrading Operating systems and developing systems that can be patched Packet inspection (where possible) Secure ICS Planning and design services Third Party audits Date - 23-11-2018 11
Secure by Design – Zone and Conduit Architecture Date - 23-11-2018 12
Secure Interface – Dual Firewall DMZ Date - 23-11-2018 13
Secure by multiple control - Date - 23-11-2018 14
Secure by Governance – Policies and Compliance Cyber Security Policy Chief Information Security Officer • Independent • Directly reporting to Head • Preferably board member Certification – Regular audit and compliance VAPT and compliance Adoption of standard framework Security Control Center Date - 23-11-2018 15
Secure by Awareness – Points to Ponder Date - 23-11-2018 16 There is nothing like absolute security Every requirement is unique and every solution is unique. Security comes at a cost – need optimization. Secure real-time information is a key factor to reliable delivery of power to the end-users. Human element is the strongest link in cyber security but may be the weakest due to lake of awareness Security is every one responsibility rather than of CISO. Develop a organizational cultural of being and keeping secure
Date - 23-11-2018 17

Recommended

Cyber Security in Power Systems
Cyber Security in Power SystemsCyber Security in Power Systems
Cyber Security in Power SystemsPower System Operation
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids Jishnu Pradeep
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Cyber security for smart grid
Cyber security for smart grid Cyber security for smart grid
Cyber security for smart grid Krithika Muthusubramanian
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 

Recommended

Cyber Security in Power Systems
Cyber Security in Power SystemsCyber Security in Power Systems
Cyber Security in Power SystemsPower System Operation
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids Jishnu Pradeep
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsCommunity Protection Forum
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Cyber security for smart grid
Cyber security for smart grid Cyber security for smart grid
Cyber security for smart grid Krithika Muthusubramanian
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityLeonardo ENERGY
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscapeJisc
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 

More Related Content

What's hot

Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityLeonardo ENERGY
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscapeJisc
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 

What's hot (20)

Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 

Similar to Cyber security in power sector

Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...TI Safe
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Power System Operation
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power gridP K Agarwal
 
Cybersecurity of powergrid
Cybersecurity of powergrid Cybersecurity of powergrid
Cybersecurity of powergrid Rajesh Sawale
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
Evaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdfEvaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdfBhekumuzi Xaba
 
Cyber security in Smart grid system
Cyber security in Smart grid systemCyber security in Smart grid system
Cyber security in Smart grid systemamaljose949563
 
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSTHE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSiQHub
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 

Similar to Cyber security in power sector (20)

Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
 
Smart grid security
Smart grid securitySmart grid security
Smart grid security
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power grid
 
Cybersecurity of powergrid
Cybersecurity of powergrid Cybersecurity of powergrid
Cybersecurity of powergrid
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart grids
 
Evaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdfEvaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdf
 
Cyber security in Smart grid system
Cyber security in Smart grid systemCyber security in Smart grid system
Cyber security in Smart grid system
 
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSTHE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
 
Scada slide
Scada slideScada slide
Scada slide
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 

More from P K Agarwal

Cybersecurityinpowersector 181124194055
Cybersecurityinpowersector 181124194055Cybersecurityinpowersector 181124194055
Cybersecurityinpowersector 181124194055P K Agarwal
 
Operational Aspects of Real Time Market in India
Operational Aspects of Real Time Market in IndiaOperational Aspects of Real Time Market in India
Operational Aspects of Real Time Market in IndiaP K Agarwal
 
Managing Power System
Managing Power SystemManaging Power System
Managing Power SystemP K Agarwal
 
Security challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructuresSecurity challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructuresP K Agarwal
 
Electric energy scientific development, main source and consumers
Electric energy scientific development, main source and consumersElectric energy scientific development, main source and consumers
Electric energy scientific development, main source and consumersP K Agarwal
 
Transforming Managers A learning Agenda
Transforming Managers A learning AgendaTransforming Managers A learning Agenda
Transforming Managers A learning AgendaP K Agarwal
 
Paradigm Shift In Power System Scada
Paradigm Shift In Power System ScadaParadigm Shift In Power System Scada
Paradigm Shift In Power System ScadaP K Agarwal
 

More from P K Agarwal (8)

Cybersecurityinpowersector 181124194055
Cybersecurityinpowersector 181124194055Cybersecurityinpowersector 181124194055
Cybersecurityinpowersector 181124194055
 
Operational Aspects of Real Time Market in India
Operational Aspects of Real Time Market in IndiaOperational Aspects of Real Time Market in India
Operational Aspects of Real Time Market in India
 
Managing Power System
Managing Power SystemManaging Power System
Managing Power System
 
Security challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructuresSecurity challenges to power grid and smart grid infrastructures
Security challenges to power grid and smart grid infrastructures
 
Electric energy scientific development, main source and consumers
Electric energy scientific development, main source and consumersElectric energy scientific development, main source and consumers
Electric energy scientific development, main source and consumers
 
Transforming Managers A learning Agenda
Transforming Managers A learning AgendaTransforming Managers A learning Agenda
Transforming Managers A learning Agenda
 
Paradigm Shift In Power System Scada
Paradigm Shift In Power System ScadaParadigm Shift In Power System Scada
Paradigm Shift In Power System Scada
 
Power Quality
Power QualityPower Quality
Power Quality
 

Recently uploaded

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Recently uploaded (20)

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Cyber security in power sector

  • 1. Cyber Security in Power Sector P.K.Agarwal, Director and CISO Power System Operation Corporation Ltd., pkagarwal@ieee.org Date - 23-11-2018 1
  • 2. Overview Industrial Control Systems (ICS): Essential for Power System, but susceptible to cyber attack. 01 Cyber Threats: How power systems can be compromised by cyber-attacks 02 Strategies to effectively defend Industrial Control System i.e. Power System 03 Best Practices and other suggested methods to ensure power system cyber security. 04 Date - 23-11-2018 2
  • 3. Power System Energy Surety and Sustainability - key drivers ICS uses more and more IT Modern power system ICS can not be kept isolated All power systems have Industrial Control Systems (ICS) ICS are more venerable to cyber attack But, are power system ICS Secure? Date - 23-11-2018 3
  • 4. Power System – Industrial Control System Distributed Control System (DCS) and Process Control Systems (PCS): A group of computers and/or smart field devices networked together to monitor and control industrial processes with direct feedback control. Control systems operate in near real time and is used in critical sectors such as Power Generation, Oil & Gas Refining, Water Treatment, Chemical, etc. May consist of BMI, PLC’s, stand alone power electronics controllers, microgrid controllers, Substation Automation systems, Supervisory Control and Data Acquisition (SCADA) system: Normally applied to a systems connected to devices over a larger area including multiple buildings or even many miles away. Operative word is Supervisory used in critical sectors such as Electrical Transmission & Distribution, Oil & Gas Pipelines, Water/Sewer, and Transportation. Date - 23-11-2018 4
  • 5. Critical Power System Infrastructure Date - 23-11-2018 5
  • 6. Power System - ICS Footprint Generator Control Systems SmartGrid Control and Automation Systems Utility Monitoring and Control Systems Supervisory Control and Data Acquisition (SCADA) Systems Transmission and Distribution Fuel management Systems Power Quality and UPS Systems Renewable Energy Control Systems And More……. Date - 23-11-2018 6
  • 7. Cyber Threats - Sources National Governments Terrorists Industrial Spies and Organized Crime Groups Hacktivists Hackers Note - We no longer have days after infection to respond, current trends are minutes after infection to propagate! Date - 23-11-2018 7
  • 8. Cyber Threat Actors • Insiders • Disgruntled employees • Disgruntled contractor • Active agencies • Competitors • Organized crime • Others Threats Date - 23-11-2018 8
  • 9. Increasing and innovative attacks on Power Date - 23-11-2018 • First attack on Ukraine Power System in 2014-15. • Entry from IT system through an email attachment. • Switched off many feeder sub stations. • Made recovery difficult by corrupting SCADA, overloading customer services. • Now first malware specially made for electricity system is made. • Probably made by same attacker group responsible for Ukraine. • It CRASHOVERIDE. Hacks multiple p 9
  • 10. Seven Strategies to Effectively Defend Industrial Control Systems Date - 23-11-2018 10
  • 11. Use Industry Best Practices Network security: Firewalls, DMZ implementations, whitelisted connections, whitelisting applications, etc Secure Internet services Using systems that have gone through third part audits, such as the INL process Upgrading legacy ICS systems Upgrading Operating systems and developing systems that can be patched Packet inspection (where possible) Secure ICS Planning and design services Third Party audits Date - 23-11-2018 11
  • 12. Secure by Design – Zone and Conduit Architecture Date - 23-11-2018 12
  • 15. Secure by Governance – Policies and Compliance Cyber Security Policy Chief Information Security Officer • Independent • Directly reporting to Head • Preferably board member Certification – Regular audit and compliance VAPT and compliance Adoption of standard framework Security Control Center Date - 23-11-2018 15
  • 16. Secure by Awareness – Points to Ponder Date - 23-11-2018 16 There is nothing like absolute security Every requirement is unique and every solution is unique. Security comes at a cost – need optimization. Secure real-time information is a key factor to reliable delivery of power to the end-users. Human element is the strongest link in cyber security but may be the weakest due to lake of awareness Security is every one responsibility rather than of CISO. Develop a organizational cultural of being and keeping secure