How to protect energy distribution for millions of people against cyber attacks (real case)
•Download as PPTX, PDF•
2 likes•239 views
Como proteger contra ataques cibernéticos os sistemas de tecnologia de automação na distribuição de energia elétrica
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to How to protect energy distribution for millions of people against cyber attacks (real case)
Similar to How to protect energy distribution for millions of people against cyber attacks (real case) (20)
More from TI Safe
More from TI Safe (20)
Recently uploaded
Recently uploaded (20)
How to protect energy distribution for millions of people against cyber attacks (real case)
- 1. How to protect energy distribution for millions of people against cyber attacks Case study Thiago Branquinho CTO & Founder TI Safe
- 2. Thiago Branquinho – CTO, TI Safe Critical infrastructures defender Biologist Information Systems Auditor FIFA World CUP 2014 Planner Maker Sustainability activist Origamist
- 4. Generation Transmission Distribution Consumption Electrical Power Systems https://electrical-engineering-portal.com/electric-power-systems
- 5. Intrinsic issues of Electrical Systems Variable and seasonal Consumption, with increasing trend Subject to contingencies and emergencies Faults and defects in equipment Faults and short circuits Maneuvers and topology changes Changes in the availability of the energy matrix Changes in consumption Events and disturbances of varying duration, of scheduled or sudden occurrence (unpredictable) Other numerous technical, financial and legal issues (operational margins, economic operation, contracts)
- 6. Automation to minimize issues • Protection • Command • Control • Measurement • Supervision These functions have specific requirements (e.g. response time) Automation becomes crucial
- 7. Electric power processes digitalization Generation •Measurements, command, control and protection •Alarms and Event Logging Supervision and monitoring of equipment status •Start, stop, synchronization of generator sets •Supervision and control of the elevating substation •Dispatch of the plant (joint or individual control): •active power •voltage / reactive •Automatic spillway operation •Hydro-energy programming, flood and flow forecasting Transmission •Measurements, command, control and protection •Alarms and Event Logging Supervision and monitoring of equipment status •Load Forecasting and Selective Cutting •Power Flow Control •State Estimators •Contingency analysis (safety analysis) •Optimization of generation and transmission •Coordination of maintenance, etc. Distribution •Command, control and protection •Measurements, billing and billing •Supervision and monitoring of equipment and network status •Engineering, planning and network expansion •Control of voltage and quality of energy •Load maneuvering and rearrangement •Coordination of maintenance, location and defect repair •Maintenance of network and consumption database and maps •Customer service (links, support and billing)
- 9. Fault Chain Affected cyberenvironment •Compromised Machines •Disrupted Communications •Inoperative Systems Manual Operation or limited contingency Limited supply Infrastructure collapse
- 10. Electricity is the core of the critical infrastructure Verner, Duane, Frederic Petit, and Kibaek Kim. “Incorporating Prioritization in Critical Infrastructure Security and Resilience Programs.” Homeland Security Affairs 13, Article 7 (October 2017). https://www.hsaj.org/articles/14091
- 11. Who will be the next attacker? http://energyskeptic.com/2014/terrorism-and-the-electric-power-grid/
- 12. In 2016 alone, the US Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team responded to 290 incidents, including 63 in the critical manufacturing sector, and 59 in the energy sector More than one quarter of the incidents related to so-called spear phishing attacks, which involve sending fraudulent email in order to entice someone into disclosing confidential information.
- 13. How to protect electric power systems?
- 14. Generation Transmission Distribution Consumption Distribution case https://electrical-engineering-portal.com/electric-power-systems
- 15. TI Safe’s ICS-SOC coverage ~40 million people living on these brazilian states Map by Ricardo Marins Rosa - Own work, CC BY-SA 4.0, httpscommons.wikimedia.orgwindex.phpcurid=58541820
- 16. TI Safe’s ICS-SOC (Industrial Control Systems – Security Operations Centre) TI Safe's ICS-SOC integrates cyber security functions with industrial processes monitoring. It is a prepared structure equipped to anticipate, prevent, defend and respond to cyber attacks against critical infrastructures. Continuous monitoring Risk managemtn Cyber intelligence
- 17. The focus is to predict and prevent disruptive incidents Otherwise the infrastructure may not survive!
- 18. ICS-SOC main activities Prevent Detect RespondPredict Intelligence The ICS-SOC expert team with the support of artificial intelligence infers how the next attacks will be and establish measures to prevent them in our clients cybersecurity technologies protect the environment and provides occurrences logs Non-compliances are handled by the customer in a manual or automated manner
- 19. Threat Hunting This is how we really protect people
- 21. Threat Hunting Controls Environment analysis Hypotheses formulation Investigation Discoveries Actions Multi-layered controls approach GOVERNANCE AND MONITORING EDGE SECURITY INDUSTRIAL NETWORK PROTECTION MALWARE CONTROL DATA SECURITY AWARENESS & EDUCATION
- 22. Threat Hunting Controls Environment analysis Hypotheses formulation Investigation Discoveries Actions 1. Collect all data 2. Do time machine approach 3. Trust no one...
- 23. Threat Hunting Controls Environment analysis Hypotheses formulation Investigation Discoveries Actions • Examples of hypotehes to be tested • Hardware or software failure • Malware • Malicious user • Infection path (i.e. from telco provider) • Impacts to be assessed • Unauthorized access • Compromised systems or data • Services interruption
- 24. Threat Hunting Controls Environment analysis Hypotheses formulation Investigation Discoveries Actions • Hypotheses are tested and new data can be agreggated from external databases, like other cybersecurity providers, to enrich the findings • Ex.: IBM X-Force, Palo Alto Networks Autofocus, Nozomi Threat Feeds, among others
- 25. Threat Hunting Controls Environment analysis Hypotheses formulation Investigation Discoveries Actions • Discoveries can validade or not the hypotheses • At this point, we can plan the actions to be done • Interrupt • Contain • Re-image • Add controls • ...
- 26. Threat Hunting Controls Environment analysis Hypotheses formulation Investigation Discoveries Actions Incident detected by the ICS-SOC ICS-SOC team sends remediation measures to local team Local team implements remediation and review controls The environment is reassessed Incident closed
- 27. ICS Cybersecurity is a process, not a product
- 28. Maslow’s hierarchy of needs (updated) ICS Cybersecurity https://www.simplypsychology.org/maslow.html
Editor's Notes
- Good morning ladies and gentlemen! I am Thiago Branquinho and I came here to present you how to protect energy distribution for millions of people against cyber attacks. This lecture is based on our daily activities in our ICS-SOC at TI Safe
- First, I would like to introduce myself. I am CTO of TI Safe. In more than 20 years of work experience I did a lot of different things, as you can see here. But today I am bringing my Critical Infrastructures Defender alter-ego.
- Let’s start from the beggining. I would like to bring you an overview of Electrical Power Systems
- So, there are three main componentes: generation, transmission and distribution, until get to the end users for energy consumption.
- These environments, by themselves, have a lot of intrinsic issues to be addressed. For example, faults and defects in equipments, maneuvers to adapt to changes in the consumption profile and many other issues.
- Thus, automation becomes crucial to minimize issues. Functions as electric protection, command and control, measurement, and operational supervision have specific requirements to be addressed. And only automation can save it.
- Just to illustrate, I brought a non-exaustive list of activities usually automated on the electric power systems. It is, definetely, a lot of digitalization.
- But here comes an alert. Since we have become higly dependent on automated systems, it is not possible to go back on non-digital fashion and live our normal life. Thus, the affirmative: Digitalization without cybersecurity jeopardizes mankind.
- And electricity is the core of the critical infrastructure. Almost everything depends on electric power nowadays. And everyone here in this room is plenty of sure that light will always shine when we flip the switch.
- The point is... Who will be the next attacker? Can be anyone, including your brand new IoT device if misprogrammed. We know that there are targetted attacks. But since the complexity of security tools is lowering down, anyone can become the next attacker.
- As an expression of this, in 2016 the US Department of Homeland Security for Industrial Control Systems Cyber Emergency response Team responded to 290 incidentes, including 59 in the energy sector. One quarter of the incidents involved fraudulent e-mail on spear phishing attacks.
- So... How to protect the electrical power systems?
- I would like to bring some reflection here... If we create a direct analogy between Maslow’s hierarchy of human needs to the industry 4.0, we can include the top of the piramid the beautiful components that we all love to see. Integrated systems, 5G, 3D printers, artificial intelligence, robots, drones and anything else. But we cannot forget that the basis of the piramid is the physiological needs and safety. It is exactly on the base where ICS cybersecurity resides. So, if you consider stepping into the forth industrial revolution, I strongly recommend you to plug in security constrains prior to move forward.
- Thank you very much for your attention!