SlideShare a Scribd company logo

Cyber Security in Power Systems

Power System Operation
Power System Operation

Cause: A software defect in a control room. Restoration: Some customers after 6 hours, some after 2 days, some remote places after nearly a week. Consequences (among other): •45M people in 8 US states •10M people in Canada •Healthcare facilities experienced $100M lost revenue •6 hospitals bankrupt one year after

Engineering
1 of 31
Download to read offline
KTH ROYAL INSTITUTE OF TECHNOLOGY Matus Korman Industrial information and control systems, KTH <matusk@ics.kth.se> www.ics.kth.se Image source: zdnet.com Cyber Security in Power Systems
?
Cause: A software defect in a control room. Restoration: Some customers after 6 hours, some after 2 days, some remote places after nearly a week. Consequences (among other): • 45M people in 8 US states • 10M people in Canada • Healthcare facilities experienced $100M lost revenue • 6 hospitals bankrupt one year after Example consequences: US Northeast blackout (2003) Source: Wikipedia
Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
Technology Human & culture Organization, processes & rutines IT security… what it is about (roughly) TO ENSURE: THE REQUIRED STATE OF DATA, IT SERVICES AND OTHER RESOURCES: … DURING … BY APPLYING
Actually more than that… Requirements identification and specification Design and analysis Development and verification (testing) Operation and maintenance (changing, upgrading etc.) Disposal It takes the whole lifecycle … of technical systems … of organizations (socio-technical systems, work systems)
What parts does cyber security relate to? Smart Grid Architecture Model. CEN-CENELEC-ETSI Smart Grid Coordination Group: Smart Grid Information Security … pretty much all these layers, domains and zones: To ensure security of the power delivery – that’s on the business layer and that is dependent on roughly everything else in the picture.
NISTIR 7628 rev. 1: reference model – entities, actors
NISTIR 7628 rev. 1 – entities and data flows
Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
FRAUDSTERS DIFFERENT CRIMINALS [PROFESSIONAL] HACKERS HACKTIVISTS MILITARY & STATE UNITS BOTNETS AND THEIR OPERATORS MALWARE USERS, WE OURSELVES TECHNICAL FAILURES RANSOMWARE Threats of the cyberspace (general)
Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
In information technology… … vulnerabilities are all around • Due to complexity… multiple layers, interdependencies: • From physical signals and processing in hardware (the chips, processors with all their registers and how they work) • Through operating system level (e.g., Windows/Linux/VxWorks/… kernel) • Through numerous levels of libraries/APIs + networking (distributed computing) (e.g., system libraries like libc… all the way up) • To user/application level (e.g., file transfer, bus protection logic, …) • Additional considerations: virtualization, cloud… coming in to ICS, too.
Why ICS are vulnerable Systems are traditionally designed and tested to: – Work in ideal conditions (functionality) – Work even under different expected variation in the process environment (field-robustness – ”rugged”) – To some extent work under cyber-noise (e.g., higher network load, patching of systems, network scanning etc.) However, they increasingly need to: – Resist sophisticated attacks from intelligent and capable threat agents (cyber-security)
Why ICS are vulnerable… cont’d Convergence between ICS and general IT: • General IT-technology is increasingly used in ICS (IP-networks, Windows, Linux, wireless, web-based systems … all well-known, well-compromised) • Connections between the process network and other networks tend to lack securement • A variety of data flows between networks, using various protocols (including old, proprietary, insecure ones) • Sometimes unprotected control system components (IEDs, RTUs, etc.) – for flexible access for technical personnel, consultants/contractors… Physically and logically distributed environments => more difficult to secure
Different levels of vulnerabilities System/component design: • SCADA-software, HMI and workstation operating systems (Windows, Linux), other systems; • PLC, RTU, IED, switches, routers… Network design: • ICS-network (process network) + its connection to the office network (and other networks); • Application services running on machines in the ICS-network; • Configuration of IT-security protection in the network (firewalls, IDS/IPS, configuration of operating systems)… Organization, people and operations: • Security policy and security culture in the organization; • How people carry out different technical operations; • What devices one can use in the ICS-network (own computers on which one surfs in private, USB-sticks etc.);
Documentation and processes: • Lack of formal documentation • Lacking change management process • Lacking security policy and security culture(awareness, attitudes etc.) Access control: • Lacking access control (which user/role has access where, when, how, etc.) • Vulnerable handling of authentication data (e.g., passwords) • Over-privileged access accounts, old accounts, etc. Network design and state of systems hosted there: • Vulnerable network design, insufficient protection of networks (e.g., unnecessarily broad exposure of systems and data traffic in a network, insufficient separation between process networks, office networks, outside Internet…) • Outdated systems, active modems/VPNs with poor authentication... Security countermeasures (e.g., firewalls, IDS/IPS, configuration, security operations): • Weak network protection (firewall restrictions such as what ports, what IP ranges, what intensity of communication, etc.) • Lacking security reviews and accountability • Vulnerable configuration of system such as unnecessary services and software installed and even running Common vulnerabilities in ICS
How an attack can take place… A network can be penetrated e.g.: • Directly: An attacker manages to get into a network from outside (e.g., by obtaining an own IP-address in there, ARP-spoofing some other machine, …) • Indirectly: An attacker exploits that personnel surfs on Internet, reads e-mail, etc… in order to infect the personnel’s machine(s), and then attack further and deeper • Social engineering: An attacker tricks personnel to do something compromising (e.g., give away a username, password etc.) – through pretending to be a legitimate person, commonly in an urgent situation (e.g., a technician who quickly needs some non-standard help to prevent a major failure/incident from happening…) A software can be infected through (a single data flow can be enough) e.g.: • Known vulnerabilities (on outdated systems) – statistically frequent and often unnecessary vulnerability. Whoever can get exploits and shoot them at a system. • Zero-day vulnerabilities (0-days, yet publicly unknown) – majority is not captured even by advanced, expensive, collaborative security solutions (NGIPS). Luckily, 0-days are very expensive to buy usable exploits for (e.g., black market) and very demanding to identify and develop on own for a generic software. There are different types of attacks, e.g.: • DoS (Denial of Service), DDoS (distributed DoS) – sabotage that blocks, saturates, locks in or takes down systems/functions so that they no longer are available (temporarily or permanently) • MITM (Man-In-The-Middle) – hidden manipulation of data communication… • Intrusion – leads to illegitimate control over a system or a part of it, which then can lead to modifications/sabotage, mapping/espionage, etc…
Identifying potential victim devices… Shodan – it’s like Google, just for devices with public access: https://www.shodan.io/ It’s a computer search engine. Partially free of charge. Helps people to find webcams, fridges, RTUs, etc… … according to country, ports/services, organizations, operating systems, installed software packages…
Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
How to secure ICS environments? Identify and eliminate greatest security holes Harden systems and networks (get rid of unused functionality, unused software installed on machines, unnecessarily open ports; harden your systems configuration, etc. etc.) The goal of all this is to:  Constrain the possibilities and maneuvering space of the attacker(s), and so make their work as difficult, expensive and risky as possible. Scan for vulnerabilities, do penetration tests as applicable (e.g., ICS test beds, typically not on-site, as things could break…) … to measure security Establish a systematic, formal work with IT security – Risk analyses and risk treatment – there are risk analysis methods – Reviews and log analyses – Analysis of in- and outgoing network traffic (e.g. Netflow) – Updates + other security maintenance – Education and training of personnel … etc.
Example countermeasures… just a few • Network segmentation and DMZs between networks • Firewalls • Access control to systems, plus: • Reasonably strong passwords • Smart cards (eventually) • Connection tracking and network access control • Blacklisting • Whitelisting • Intrusion detection (both based on signatures and models of normal behavior) • Honeypots / honeynets The following document gives a very good overview of the different realistic security controls to consider – ”The Critical Security Controls for Effective Cyber Defense” by Council on Cyber Security: https://www.sans.org/critical-security-controls BASIC MORE ADVANCED
Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
Cyber security standards and guidelines General IT security: • ISO/IEC 27000-series (27001, 27002, 27005…) Security in industrial control systems: • NIST SP 800-82 (rev. 2): Guide to Industrial Control Systems (ICS) Security • IEC 62351 – for communication protocols • NIST Framework for Improving Critical Infrastructure Cybersecurity • NERC CIP (Critical Infrastructure Protection) Security in power systems (specifically): • NISTIR 7628 (rev. 1): Guidelines for Smart Grid Cyber Security
Where to look further • Industrial Control Systems Computer Emergency Response Team (ICS-CERT): https://ics-cert.us-cert.gov/ https://ics-cert.us-cert.gov/Standards-and-References • EU Agency for Network and Information Security (ENISA): https://www.enisa.europa.eu/ https://www.enisa.europa.eu/topics/critical-information- infrastructures-and-services/scada • Critical Security Controls (by Center for Internet Security): https://www.cisecurity.org/critical-controls.cfm • SCADAHacker forum (by Joel Langill): https://scadahacker.com/
Great books Highly topic-relevant: Eric D. Knapp & Joel Thomas Langill (2015): Industrial Network Security: Securing Critical Infrastructure, Network for Smart Grid, SCADA, and other Industrial Control Systems A good book about information security (general): John R. Vacca (2013): Computer and Information Security Handbook (second edition)
Books with highly applied, practical focus Tyson Macaulay & Bryan Singer (2012): Cybersecurity for Industrial Control Systems Ralph Langner (2012): Robust Control System Networks
 Thanks for your attention and good luck!

Recommended

Cyber security in power sector
Cyber security in power sectorCyber security in power sector
Cyber security in power sector
P K Agarwal
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
JAZEEL K T
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Leonardo ENERGY
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRID
Siva Sasthri
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
Mukesh Chinta
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Leonardo ENERGY
 
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
University of Southern California
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
 

Recommended

Cyber security in power sector
Cyber security in power sectorCyber security in power sector
Cyber security in power sector
P K Agarwal
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
JAZEEL K T
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Leonardo ENERGY
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRID
Siva Sasthri
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
Mukesh Chinta
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Leonardo ENERGY
 
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
University of Southern California
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
Bob Marcus
 
Cyber security in Smart grid system
Cyber security in Smart grid systemCyber security in Smart grid system
Cyber security in Smart grid system
amaljose949563
 
Smart grid security
Smart grid securitySmart grid security
Smart grid security
Ahmadreza Ghaznavi
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )
TechnoHacks_Infosystem
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
Smart distribution system the need of automation &amp; it application in powe...
Smart distribution system the need of automation &amp; it application in powe...Smart distribution system the need of automation &amp; it application in powe...
Smart distribution system the need of automation &amp; it application in powe...
SoumyaRanjanDas13
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020
Jose Palanco
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
Joan Figueras Tugas
 
Cloud computing for smart grid applications
Cloud computing for smart grid applicationsCloud computing for smart grid applications
Cloud computing for smart grid applications
Siksha 'O' Anusandhan (Deemed to be University )
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
Smart Grid Introduction
Smart Grid Introduction Smart Grid Introduction
Smart Grid Introduction
Nilesh Dhage
 
ICS security
ICS securityICS security
ICS security
Ahmed Shitta
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
Short and long interruptions- UNIT-II-POWER QUALITY
Short and long interruptions- UNIT-II-POWER QUALITYShort and long interruptions- UNIT-II-POWER QUALITY
Short and long interruptions- UNIT-II-POWER QUALITY
ST. MARTIN'S ENGINEERING COLLEGE
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
Lancope, Inc.
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 

More Related Content

What's hot

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
Smart Grid Introduction
Smart Grid Introduction Smart Grid Introduction
Smart Grid Introduction
Nilesh Dhage
 
Short and long interruptions- UNIT-II-POWER QUALITY
Short and long interruptions- UNIT-II-POWER QUALITYShort and long interruptions- UNIT-II-POWER QUALITY
Short and long interruptions- UNIT-II-POWER QUALITY
ST. MARTIN'S ENGINEERING COLLEGE
 

What's hot (20)

Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical Systems
 
Cyber security in Smart grid system
Cyber security in Smart grid systemCyber security in Smart grid system
Cyber security in Smart grid system
 
Smart grid security
Smart grid securitySmart grid security
Smart grid security
 
Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )Cyber Security ( Action Against Cyber Crime )
Cyber Security ( Action Against Cyber Crime )
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Smart distribution system the need of automation &amp; it application in powe...
Smart distribution system the need of automation &amp; it application in powe...Smart distribution system the need of automation &amp; it application in powe...
Smart distribution system the need of automation &amp; it application in powe...
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber security
Cyber securityCyber security
Cyber security
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Cloud computing for smart grid applications
Cloud computing for smart grid applicationsCloud computing for smart grid applications
Cloud computing for smart grid applications
 
Cyber security
Cyber securityCyber security
Cyber security
 
Smart Grid Introduction
Smart Grid Introduction Smart Grid Introduction
Smart Grid Introduction
 
ICS security
ICS securityICS security
ICS security
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
Short and long interruptions- UNIT-II-POWER QUALITY
Short and long interruptions- UNIT-II-POWER QUALITYShort and long interruptions- UNIT-II-POWER QUALITY
Short and long interruptions- UNIT-II-POWER QUALITY
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 

Similar to Cyber Security in Power Systems

LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
Srinu Potnuru
 
Important keyword to remember
Important keyword to rememberImportant keyword to remember
Important keyword to remember
Iszamli Jailani
 
"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...
"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde..."Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...
"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...
HackIT Ukraine
 

Similar to Cyber Security in Power Systems (20)

Monitoring the Data Center
Monitoring the Data CenterMonitoring the Data Center
Monitoring the Data Center
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Network security
Network securityNetwork security
Network security
 
The Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network SecurityThe Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network Security
 
Security.pdf
Security.pdfSecurity.pdf
Security.pdf
 
Isys20261 lecture 11
Isys20261 lecture 11Isys20261 lecture 11
Isys20261 lecture 11
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Important keyword to remember
Important keyword to rememberImportant keyword to remember
Important keyword to remember
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...
"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde..."Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...
"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...
 

More from Power System Operation

What's short circuit level
What's short circuit levelWhat's short circuit level
What's short circuit level
Power System Operation
 
Power System Restoration Guide
Power System Restoration Guide Power System Restoration Guide
Power System Restoration Guide
Power System Operation
 
SPS to RAS Special Protection Scheme Remedial Action Scheme
SPS to RAS Special Protection Scheme Remedial Action SchemeSPS to RAS Special Protection Scheme Remedial Action Scheme
SPS to RAS Special Protection Scheme Remedial Action Scheme
Power System Operation
 
Substation Neutral Earthing
Substation Neutral EarthingSubstation Neutral Earthing
Substation Neutral Earthing
Power System Operation
 
SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...
SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...
SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...
Power System Operation
 
Principles & Testing Methods Of Earth Ground Resistance
Principles & Testing Methods Of Earth Ground ResistancePrinciples & Testing Methods Of Earth Ground Resistance
Principles & Testing Methods Of Earth Ground Resistance
Power System Operation
 
What is load management
What is load managementWhat is load management
What is load management
Power System Operation
 
What does merit order mean
What does merit order meanWhat does merit order mean
What does merit order mean
Power System Operation
 
What are Balancing Services ?
What are Balancing Services ?What are Balancing Services ?
What are Balancing Services ?
Power System Operation
 
Power Quality Trends in the Transition to Carbon-Free Electrical Energy System
Power Quality Trends in the Transition to Carbon-Free Electrical Energy SystemPower Quality Trends in the Transition to Carbon-Free Electrical Energy System
Power Quality Trends in the Transition to Carbon-Free Electrical Energy System
Power System Operation
 
Power Purchase Agreement PPA
Power Purchase Agreement PPA Power Purchase Agreement PPA
Power Purchase Agreement PPA
Power System Operation
 
Harmonic study and analysis
Harmonic study and analysisHarmonic study and analysis
Harmonic study and analysis
Power System Operation
 
What is leakage current testing
What is leakage current testingWhat is leakage current testing
What is leakage current testing
Power System Operation
 

More from Power System Operation (20)

ENERGY TRANSITION OUTLOOK 2021
ENERGY TRANSITION OUTLOOK 2021ENERGY TRANSITION OUTLOOK 2021
ENERGY TRANSITION OUTLOOK 2021
 
Thermography test of electrical panels
Thermography test of electrical panelsThermography test of electrical panels
Thermography test of electrical panels
 
What does peak shaving mean
What does peak shaving meanWhat does peak shaving mean
What does peak shaving mean
 
What's short circuit level
What's short circuit levelWhat's short circuit level
What's short circuit level
 
Power System Restoration Guide
Power System Restoration Guide Power System Restoration Guide
Power System Restoration Guide
 
Big Data Analytics for Power Grid Operations
Big Data Analytics for Power Grid OperationsBig Data Analytics for Power Grid Operations
Big Data Analytics for Power Grid Operations
 
SPS to RAS Special Protection Scheme Remedial Action Scheme
SPS to RAS Special Protection Scheme Remedial Action SchemeSPS to RAS Special Protection Scheme Remedial Action Scheme
SPS to RAS Special Protection Scheme Remedial Action Scheme
 
Substation Neutral Earthing
Substation Neutral EarthingSubstation Neutral Earthing
Substation Neutral Earthing
 
SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...
SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...
SVC PLUS Frequency Stabilizer Frequency and voltage support for dynamic grid...
 
Principles & Testing Methods Of Earth Ground Resistance
Principles & Testing Methods Of Earth Ground ResistancePrinciples & Testing Methods Of Earth Ground Resistance
Principles & Testing Methods Of Earth Ground Resistance
 
Gas Insulated Switchgear? Gas-Insulated High-Voltage Switchgear (GIS)
Gas Insulated Switchgear? Gas-Insulated High-Voltage Switchgear (GIS)Gas Insulated Switchgear? Gas-Insulated High-Voltage Switchgear (GIS)
Gas Insulated Switchgear? Gas-Insulated High-Voltage Switchgear (GIS)
 
Electrical Transmission Tower Types - Design & Parts
Electrical Transmission Tower Types - Design & PartsElectrical Transmission Tower Types - Design & Parts
Electrical Transmission Tower Types - Design & Parts
 
What is load management
What is load managementWhat is load management
What is load management
 
What does merit order mean
What does merit order meanWhat does merit order mean
What does merit order mean
 
What are Balancing Services ?
What are Balancing Services ?What are Balancing Services ?
What are Balancing Services ?
 
The Need for Enhanced Power System Modelling Techniques & Simulation Tools
The Need for Enhanced Power System Modelling Techniques & Simulation Tools The Need for Enhanced Power System Modelling Techniques & Simulation Tools
The Need for Enhanced Power System Modelling Techniques & Simulation Tools
 
Power Quality Trends in the Transition to Carbon-Free Electrical Energy System
Power Quality Trends in the Transition to Carbon-Free Electrical Energy SystemPower Quality Trends in the Transition to Carbon-Free Electrical Energy System
Power Quality Trends in the Transition to Carbon-Free Electrical Energy System
 
Power Purchase Agreement PPA
Power Purchase Agreement PPA Power Purchase Agreement PPA
Power Purchase Agreement PPA
 
Harmonic study and analysis
Harmonic study and analysisHarmonic study and analysis
Harmonic study and analysis
 
What is leakage current testing
What is leakage current testingWhat is leakage current testing
What is leakage current testing
 

Recently uploaded

Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdf
Kamal Acharya
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
AbrahamGadissa
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
Kamal Acharya
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
Kamal Acharya
 
Fruit shop management system project report.pdf
Fruit shop management system project report.pdfFruit shop management system project report.pdf
Fruit shop management system project report.pdf
Kamal Acharya
 
School management system project report.pdf
School management system project report.pdfSchool management system project report.pdf
School management system project report.pdf
Kamal Acharya
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
Atif Razi
 

Recently uploaded (20)

A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdfA CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Democratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek AryaDemocratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek Arya
 
Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdf
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
Natalia Rutkowska - BIM School Course in Kraków
Natalia Rutkowska - BIM School Course in KrakówNatalia Rutkowska - BIM School Course in Kraków
Natalia Rutkowska - BIM School Course in Kraków
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
 
2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
 
Introduction to Machine Learning Unit-5 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-5 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-5 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-5 Notes for II-II Mechanical Engineering
 
Construction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptxConstruction method of steel structure space frame .pptx
Construction method of steel structure space frame .pptx
 
NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...
NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...
NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...
 
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
 
Fruit shop management system project report.pdf
Fruit shop management system project report.pdfFruit shop management system project report.pdf
Fruit shop management system project report.pdf
 
School management system project report.pdf
School management system project report.pdfSchool management system project report.pdf
School management system project report.pdf
 
KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and Visualization
KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and VisualizationKIT-601 Lecture Notes-UNIT-5.pdf Frame Works and Visualization
KIT-601 Lecture Notes-UNIT-5.pdf Frame Works and Visualization
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
 

Cyber Security in Power Systems

  • 1. KTH ROYAL INSTITUTE OF TECHNOLOGY Matus Korman Industrial information and control systems, KTH <matusk@ics.kth.se> www.ics.kth.se Image source: zdnet.com Cyber Security in Power Systems
  • 2. ?
  • 3. Cause: A software defect in a control room. Restoration: Some customers after 6 hours, some after 2 days, some remote places after nearly a week. Consequences (among other): • 45M people in 8 US states • 10M people in Canada • Healthcare facilities experienced $100M lost revenue • 6 hospitals bankrupt one year after Example consequences: US Northeast blackout (2003) Source: Wikipedia
  • 4.
  • 5.
  • 6. Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
  • 7. Technology Human & culture Organization, processes & rutines IT security… what it is about (roughly) TO ENSURE: THE REQUIRED STATE OF DATA, IT SERVICES AND OTHER RESOURCES: … DURING … BY APPLYING
  • 8. Actually more than that… Requirements identification and specification Design and analysis Development and verification (testing) Operation and maintenance (changing, upgrading etc.) Disposal It takes the whole lifecycle … of technical systems … of organizations (socio-technical systems, work systems)
  • 9. What parts does cyber security relate to? Smart Grid Architecture Model. CEN-CENELEC-ETSI Smart Grid Coordination Group: Smart Grid Information Security … pretty much all these layers, domains and zones: To ensure security of the power delivery – that’s on the business layer and that is dependent on roughly everything else in the picture.
  • 10. NISTIR 7628 rev. 1: reference model – entities, actors
  • 11. NISTIR 7628 rev. 1 – entities and data flows
  • 12. Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
  • 13. FRAUDSTERS DIFFERENT CRIMINALS [PROFESSIONAL] HACKERS HACKTIVISTS MILITARY & STATE UNITS BOTNETS AND THEIR OPERATORS MALWARE USERS, WE OURSELVES TECHNICAL FAILURES RANSOMWARE Threats of the cyberspace (general)
  • 14. Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
  • 15. In information technology… … vulnerabilities are all around • Due to complexity… multiple layers, interdependencies: • From physical signals and processing in hardware (the chips, processors with all their registers and how they work) • Through operating system level (e.g., Windows/Linux/VxWorks/… kernel) • Through numerous levels of libraries/APIs + networking (distributed computing) (e.g., system libraries like libc… all the way up) • To user/application level (e.g., file transfer, bus protection logic, …) • Additional considerations: virtualization, cloud… coming in to ICS, too.
  • 16. Why ICS are vulnerable Systems are traditionally designed and tested to: – Work in ideal conditions (functionality) – Work even under different expected variation in the process environment (field-robustness – ”rugged”) – To some extent work under cyber-noise (e.g., higher network load, patching of systems, network scanning etc.) However, they increasingly need to: – Resist sophisticated attacks from intelligent and capable threat agents (cyber-security)
  • 17. Why ICS are vulnerable… cont’d Convergence between ICS and general IT: • General IT-technology is increasingly used in ICS (IP-networks, Windows, Linux, wireless, web-based systems … all well-known, well-compromised) • Connections between the process network and other networks tend to lack securement • A variety of data flows between networks, using various protocols (including old, proprietary, insecure ones) • Sometimes unprotected control system components (IEDs, RTUs, etc.) – for flexible access for technical personnel, consultants/contractors… Physically and logically distributed environments => more difficult to secure
  • 18. Different levels of vulnerabilities System/component design: • SCADA-software, HMI and workstation operating systems (Windows, Linux), other systems; • PLC, RTU, IED, switches, routers… Network design: • ICS-network (process network) + its connection to the office network (and other networks); • Application services running on machines in the ICS-network; • Configuration of IT-security protection in the network (firewalls, IDS/IPS, configuration of operating systems)… Organization, people and operations: • Security policy and security culture in the organization; • How people carry out different technical operations; • What devices one can use in the ICS-network (own computers on which one surfs in private, USB-sticks etc.);
  • 19. Documentation and processes: • Lack of formal documentation • Lacking change management process • Lacking security policy and security culture(awareness, attitudes etc.) Access control: • Lacking access control (which user/role has access where, when, how, etc.) • Vulnerable handling of authentication data (e.g., passwords) • Over-privileged access accounts, old accounts, etc. Network design and state of systems hosted there: • Vulnerable network design, insufficient protection of networks (e.g., unnecessarily broad exposure of systems and data traffic in a network, insufficient separation between process networks, office networks, outside Internet…) • Outdated systems, active modems/VPNs with poor authentication... Security countermeasures (e.g., firewalls, IDS/IPS, configuration, security operations): • Weak network protection (firewall restrictions such as what ports, what IP ranges, what intensity of communication, etc.) • Lacking security reviews and accountability • Vulnerable configuration of system such as unnecessary services and software installed and even running Common vulnerabilities in ICS
  • 20. How an attack can take place… A network can be penetrated e.g.: • Directly: An attacker manages to get into a network from outside (e.g., by obtaining an own IP-address in there, ARP-spoofing some other machine, …) • Indirectly: An attacker exploits that personnel surfs on Internet, reads e-mail, etc… in order to infect the personnel’s machine(s), and then attack further and deeper • Social engineering: An attacker tricks personnel to do something compromising (e.g., give away a username, password etc.) – through pretending to be a legitimate person, commonly in an urgent situation (e.g., a technician who quickly needs some non-standard help to prevent a major failure/incident from happening…) A software can be infected through (a single data flow can be enough) e.g.: • Known vulnerabilities (on outdated systems) – statistically frequent and often unnecessary vulnerability. Whoever can get exploits and shoot them at a system. • Zero-day vulnerabilities (0-days, yet publicly unknown) – majority is not captured even by advanced, expensive, collaborative security solutions (NGIPS). Luckily, 0-days are very expensive to buy usable exploits for (e.g., black market) and very demanding to identify and develop on own for a generic software. There are different types of attacks, e.g.: • DoS (Denial of Service), DDoS (distributed DoS) – sabotage that blocks, saturates, locks in or takes down systems/functions so that they no longer are available (temporarily or permanently) • MITM (Man-In-The-Middle) – hidden manipulation of data communication… • Intrusion – leads to illegitimate control over a system or a part of it, which then can lead to modifications/sabotage, mapping/espionage, etc…
  • 21. Identifying potential victim devices… Shodan – it’s like Google, just for devices with public access: https://www.shodan.io/ It’s a computer search engine. Partially free of charge. Helps people to find webcams, fridges, RTUs, etc… … according to country, ports/services, organizations, operating systems, installed software packages…
  • 22. Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
  • 23.
  • 24. How to secure ICS environments? Identify and eliminate greatest security holes Harden systems and networks (get rid of unused functionality, unused software installed on machines, unnecessarily open ports; harden your systems configuration, etc. etc.) The goal of all this is to:  Constrain the possibilities and maneuvering space of the attacker(s), and so make their work as difficult, expensive and risky as possible. Scan for vulnerabilities, do penetration tests as applicable (e.g., ICS test beds, typically not on-site, as things could break…) … to measure security Establish a systematic, formal work with IT security – Risk analyses and risk treatment – there are risk analysis methods – Reviews and log analyses – Analysis of in- and outgoing network traffic (e.g. Netflow) – Updates + other security maintenance – Education and training of personnel … etc.
  • 25. Example countermeasures… just a few • Network segmentation and DMZs between networks • Firewalls • Access control to systems, plus: • Reasonably strong passwords • Smart cards (eventually) • Connection tracking and network access control • Blacklisting • Whitelisting • Intrusion detection (both based on signatures and models of normal behavior) • Honeypots / honeynets The following document gives a very good overview of the different realistic security controls to consider – ”The Critical Security Controls for Effective Cyber Defense” by Council on Cyber Security: https://www.sans.org/critical-security-controls BASIC MORE ADVANCED
  • 26. Outline 1. Background (IT-security) 2. Attackers, threats 3. Vulnerabilities in power systems 4. Solutions for securing power systems 5. Standards & guidelines, where to look further
  • 27. Cyber security standards and guidelines General IT security: • ISO/IEC 27000-series (27001, 27002, 27005…) Security in industrial control systems: • NIST SP 800-82 (rev. 2): Guide to Industrial Control Systems (ICS) Security • IEC 62351 – for communication protocols • NIST Framework for Improving Critical Infrastructure Cybersecurity • NERC CIP (Critical Infrastructure Protection) Security in power systems (specifically): • NISTIR 7628 (rev. 1): Guidelines for Smart Grid Cyber Security
  • 28. Where to look further • Industrial Control Systems Computer Emergency Response Team (ICS-CERT): https://ics-cert.us-cert.gov/ https://ics-cert.us-cert.gov/Standards-and-References • EU Agency for Network and Information Security (ENISA): https://www.enisa.europa.eu/ https://www.enisa.europa.eu/topics/critical-information- infrastructures-and-services/scada • Critical Security Controls (by Center for Internet Security): https://www.cisecurity.org/critical-controls.cfm • SCADAHacker forum (by Joel Langill): https://scadahacker.com/
  • 29. Great books Highly topic-relevant: Eric D. Knapp & Joel Thomas Langill (2015): Industrial Network Security: Securing Critical Infrastructure, Network for Smart Grid, SCADA, and other Industrial Control Systems A good book about information security (general): John R. Vacca (2013): Computer and Information Security Handbook (second edition)
  • 30. Books with highly applied, practical focus Tyson Macaulay & Bryan Singer (2012): Cybersecurity for Industrial Control Systems Ralph Langner (2012): Robust Control System Networks
  • 31.  Thanks for your attention and good luck!