The document discusses security concerns for smart grids and outlines IBM's approach to addressing these concerns. It notes that smart grids require security at multiple points due to their use of IP protocols and open standards. It then lists IBM's portfolio of cybersecurity solutions for smart grids, which take a full lifecycle approach from defining security strategies to conducting security testing. The solutions are designed to help utilities meet NERC-CIP and other grid security standards.

1. IBM End-to-End Security for Smart Grids Più energia alla Sicurezza 1 Dicembre, 2010

2. What is involved in a smarter energy infrastructure? Electric Meters In-Home displays Personal Computers Load Control Devices Smart Appliances Handheld Data Devices Gas Meters Water Meters Electric Vehicles Outlets Solar Panels Reclosers Condition Sensors Voltage Controllers Switches Substation & Grid Devices Smart Meters In-home Devices Ruggedised Laptops Mobile Devices Distributed Resources Cell Phones Wind Turbines Home Area Network Neighborhood Network Access Network Backhaul Network Extranet Office Network 1. Smart, Connected Devices 2. Integrated Communication Networks 3. System Integration Platform 4. Applications & Analytics Servers EMS System and Network Management DMS MDMS Meter Data Collection Load Control GIS Network Analytics OMS Asset Management CIS Call Management Storage and Backup Business Process Management Computing Infrastructure Application Integration WMS CHP Systems Management Security Management Messaging & Web Services Instrumented Interconnected Intelligent 5. Presentation Employee Portal/Dashboard Field Employee Mobile Devices Display Device Interface Customer Mobile Devices Customer Web Paper Bills Energy Storage

3. A smart grid needs security enforcement at multiple points IP addressability and use of open standard protocols for the control grid necessitates it to be securely protected at multiple points Pike Research forecasts smart grid cyber security sector will increase from $1.2 billion in 2009 to $3.7 billion by 2015

4. Security Concerns in a Smart Grid Metering Data Access Control Privacy of Customer PII data Audit/Compliance of policy changes Data Integrity Multi-tenant access to gas/ water data Third party service provider access to data for energy management Log user activity and operations Compliance Reporting Control Network Segregation Communications Security Integrity of command-n-control between MTU-RTU, MTU-PLC and HMI applications. Cryptographic Key management Adequate authentication strength Hardened platforms in control room Secure Provisioning for embedded systems Access Control Policy Identity management for SCADA HMI Physical security linked with Cyber Security NERC-CIP Compliance Managing trust across domains Managing username / passwords/ certification for third party service providers, contract workers NERC-CIP * compliance NERC = North American Electric Reliability Council CIP= Critical Infrastructure Protection or equivalents like CPNI, ENISA ENISA European Network and Information Security Agency Meter Data Integrity Secure Meter Provisioning Meter Tampering Secure Home Area Network

5. Information Sharing Components in a Smart Grid Source: NIST Smart Grid Framework 1.0 NIST = National Institute of Standard & Technology Colored lines denote domain changes

6. Utilities have lots of legacy and new software to secure

7. Some widespread vulnerability types in software Buffer overflows Format string vulnerabilities Race conditions Resource leaks Input/ Output validation and encoding errors SQL injection Cross-site scripting Cross-site request forgery OS injection Error handling and logging vulnerabilities Insecure error handling Insecure or inadequate logging Native code loading Data storage vulnerability Insecure Components Malicious Code Unsafe native methods Unsupported methods Custom Cookies/ hidden fields Cryptography Network communication Application configuration Access control Database and file system use Dynamic code Access control and authentication errors Coding Mistakes Configuration, Policy and Design Flaws

8. Many factors shape the degree and nature of the risk; there are multiple scenarios to plan for External Threat Insider Threat Inadvertent Deliberate Malware Denial of service Sophisticated, organized attacks Natural disasters Economic upheaval Unpatched systems Code vulnerability Lack of change control Human errors Developer-created back door Information theft Insider fraud Stuxnet Wikileaks

9. Technical knowledge required for cyber attacks Source: PlantData Technologies

10. Potential Impact of a Breach to Power Control Systems Could Be Severe Personal injury Serious disruption to national critical infrastructure Loss of system availability Process interruption Equipment damage Asset mis-configuration Data Loss Penalties resulting from regulatory violations Loss of public trust

11. Dependency matrix of critical infrastructures (source Terna)

12. Evolution of Electric Utility Risks PAST HARD-WIRED CONTROL PRESENT SCADA / RF ENABLED NEAR FUTURE SMART GRID / RF PERVASIVE Financial pressure to reduce staffing; Computerization and RF control become common Project excellence not always followed by outstanding security operations SCADA hacking can cause damage to neighborhoods and equipment Uncertain regulatory, audit, and liability landscape Control inside-the-home of all appliances Wide use of 802.x, ZigBee, X10 methodologies Uncertain Software Provenance, Packages Increased organized crime / terrorist focus Potential for damage to, and “net” theft by everyone Revenue/Risk asymmetry for each customer RF transition to IP and Windows “Monoculture” Increased public and regulatory scrutiny Most controls are “hard wired” AND require manual intervention Lesser public availability of RF devices Little capability for damage to or financial benefit from RF attacks Cost-plus charging – “If we need it, we’ll do it! If we can’t do it, we’ll buy it!” Clear regulatory and financial landscape

13. Our Lessons Learned from the Cyber Security Front Focus points Perimeter defense alone is probably not enough RF devices require additional security consideration It is not just keeping the ‘bad guys’ out, it is making the internal systems less vulnerable Points of View Security is risk management- thus it is a business problem, not just a technical problem Security overlaps reliability Security is part of the phase one design Projects have schedules and budgets – hackers have no such constraints – thus periodic testing is required Do not overlook physical security and think only of cyber Technology Implications Some IP enabled devices can benefit from IT systems methods Correlating suspicious activity from all inputs is part of the detection methodology Chain rule – security is only as strong as its weakest link Aspects of security involve privacy issues If it has a computer in it, then the security of it must be evaluated Platforms must be secure too, not just components If we know we can't practically defend against Stuxnet or its spawn, what is our approach? Giving up is not an option. " Roll with the punch " may end up being a viable strategy. How could we design control systems, or other IT environments for that matter, to be resilient enough to take a potential knock out punch and yet be able to come back up swinging? In the end, can we optimize our investment by planning to take the punch rather than futilely hiding from it ?

14. Gartner research: “ Evolving Cybersecurity Issues in the Utility Industry” 20/08/2010 “ Utilities need to assess the risks and make good decisions over which controls are reasonable and appropriate for their situation”

15. Enterprise IT systems are increasingly becoming integrated with a broader set of operational technologies (OT). IT and OT will continue to become more entwined in terms of both technology and management Source: Gartner Market Insight: Utilities Industry Primer, 2010 19 August 2010

16. IBM Research for Smarter Energy leverages three approaches to add value to our clients. Solution-driven strategy Smart grid enablement Intelligent buildings and green data centers Photovoltaics (PV) Battery storage for electric vehicle (EV) Chip and server systems power management Joint research and pilots Regional demonstrations National labs Universities Industry and client partners, technology consortia Smart grids, batteries, plug-In vehicles Committees and standards Department of Energy GridWise Architecture Council National Institute of Standards and Technology (NIST) smart grid working groups International Organization ISO1, IEC2, IEEE3

17. IBM is driving industry transformation through its active leadership in key industry organizations. Chair, GridWise Alliance Chair, GridWise Architecture Council Chair-Elect, Architecture Committee for NIST 1 Smart Grid Interoperability Panel Member, US DOE 2 Electricity Advisory Committee Sub-committee Chair, Smart Grid, Electricity Advisory Committee Member, IEC 3 Technical Committee 8 on System Issues in Electric Grid Member, ISO 4 /IEC JTC 5 1/SC 25 Working Group Member, IEC 57 Working Group 8 on Distribution Management Chair-Elect, IEC 61968 Part 6 Standards Stream Vice Chairman, World Energy Council Interconnectivity Working Group Member, UCA 6 International Users Group including OpenHAN, OpenAMI, Common Information Model and IEC61850 Member, OASIS 7 Energy Management Information Exchange and Energy Interoperation Technical Committees NIST 8 GridWise Architecture Council GridWise Electricity Advisory Committee UCA International Users Group ISO IEC World Energy Council Interconnectivity Working Group OASIS 9 IEEE 11 UTC 10

18. What E&U Companies need for Smart Grid Security - a check list Products and processes that address NERC-CIP requirements * Standards based Industry Framework approach NERC-CIP compliance report generation tools * Consulting tailored for E&U industry Policy management at the business, architectural and operational levels * Trusted platforms and networks Secure operating environments for Embedded Systems & Intelligent Devices High performance hardware cryptographic modules Intrusion detection & protection systems for preemptive threat mitigation * Network, Application & Data security SW products * supported by research meet independent certifications Application Security Vulnerability Testing tools * Periodic Penetration Testing Identity & Access Management Managed Security services to help monitor and remedy networks Research teams that study and publish emerging threats and exploits Command centers for event management and control * Critical Cyber Asset identification and management tools * Security Incident & Problem Management process automation * N etwork, Server, and End Point P hysical Infrastructure P eople and Identity D ata and Information A pplication and Process * Items that help meet NERC-CIP requirements Worldwide standards equivalent to NERC-CIP UK : The Center for Protection of National Infrastructure: http:// www.cpni.gov.uk / EU : European Network and Information Security Agency: http:// www.enisa.europa.eu/pages/About_ENISA.htm

19. IBM has extensive experience in Smart Grid security issues and solutions Application of procedures and practices involving system design, testing, deployment, operations and decommissioning; full life-cycle Cyber security risks identified at each stage of the system deployment lifecycle (engineering life-cycle) Cyber security criteria used for vendor and device selection Cyber security control strategies How components (hardware and software) and the installed system will be tested Test the effectiveness of cyber security measures Descriptions of residual cyber security risks Methodology(ies) used to identify cyber security risks and the outputs from those assessments Relevant cyber security standards and best practices Descriptions of how relevant cyber security standards will be utilized at both the technology level and the management Descriptions of how the project will support/adopt/implement emerging smart grid security standards Descriptions of the capabilities of the component and/or system to be updated to meet future security requirements

20. IBM’s portfolio consists of a multi-phase approach for a full Smart Grid life-cycle cyber security solution that includes design and implementation services Define the Smart Grid Security Strategy and Roadmap Define the Smart Grid Security Architecture Framework Conduct Smart Grid Risk Assessment Create the Identity Management Solution Design Create the Access Management Solution Design Create the Governance, Risk, and Compliance (GRC) Management Solution Design Create the Message Digests Solution Design Create the Security Policy Management Solution Design Create the User Registry Solution Design for SOA Create Smart Grid Security Penetration and Vulnerability Test Plan Conduct Smart Grid Penetration Testing

21. IBM Support for NERC-CIP standard