Advanced Cyber-Security: Universal solution for Grid IoT OT/IT ... - …emmos.org/prevconf/2017/4....

www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.

Advanced Cyber-Security: Universal solution for Grid IoT OT/IT Integration Ameen Hamdon, President, SUBNET Solutions Inc


Universal solution for Grid IoT Integration

• Grid IoT Universal Solution Background – Historical Vendor Specific Issues and Complexity

– Evolving List of Capabilities needed in a Universal Solution

– Reoccurring risks and issues of Smart Grid Integration Projects

• Benefits of Universal Solution – Multi-Vendor, Multifunction Smart Grid Integration Standard

– Vendor Choice = Competition, Innovation, Savings

– Integrated Integration

– 200% to 500%+ ROI Potential


SYSTEM Intelligence

Objectives for Universal Grid IoT Integration Solution

SubSTATION Intelligence

All Your Primary Equipment and Device Vendors All Your Top Tier OT and IT Management Systems

All Your Various Data Communication Options


SYSTEM Intelligence

Specifically Multi-Vendor vs Vendor Specific


Universal

Grid IoT OT/IT

Integration

Solution

Need A Multi-Vendor, Multi-Function Integration Solution




SYSTEM Intelligence

Multi-Function Integration vs Multiple Single Function


Multi-Function Integration 1. SCADA Data Collection 2. Non-SCADA Data Collection 3. Secure Remote Access 4. Password Management 5. Configuration Management 6. Firmware Management

Need A Multi-Vendor, Multi-Function Integration Solution




Unified Device Integration and Security


Grid IoT Represents that Latest Wave of Connected Grid Solutions

FLISR IVVC Equip Mon Inverters Line Monitors


Thousands of IoT Devices being Deployed: Benefits

- Many New Smart Grid Devices

- New Vendors entering the Market

- New Innovative Product Offerings

- Many New Smart Grid Applications

- The Connected Grid offers many Benefits

- Large Investor-Owned Utilities (IOUs) with Budgets of 100Ms, 1B+ Grid Modernization Budgets


Intelligent End Point IEDs

Business Intelligence Systems

Networking Communications Equipment

Can OT Devices Keep Pace with IT Technology (Evolving Security and Integration)

Life Span

5 years

Life Span

10 - 20 years


Lessons Learned from Connected Grid v1.0

Vendor Specific Technology – A Constant Challenge


“Necessity

is the

mother

of

invention”

Famous Proverb


of 1965

• A significant disruption in the supply of electricity on November 9, 1965 @ 5:16 p.m.

• Affected • Connecticut, Massachusetts, New Hampshire

• Rhode Island, Vermont, New York, New Jersey

• Ontario, Canada

• Over 30 million people Affected

• Task Force Created to Investigate the Blackout

Northeast Blackout

Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_1965

http://en.wikipedia.org/wiki/Electricity_distribution

http://en.wikipedia.org/wiki/Connecticut

http://en.wikipedia.org/wiki/Massachusetts

http://en.wikipedia.org/wiki/New_Hampshire

http://en.wikipedia.org/wiki/Rhode_Island

http://en.wikipedia.org/wiki/Vermont

http://en.wikipedia.org/wiki/New_York

http://en.wikipedia.org/wiki/New_Jersey

http://en.wikipedia.org/wiki/Ontario

http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003



2nd November 9, 1965 Event . . .

• Approximately 7 hours prior to the Blackout, a lesser known event occurred in Western Canada

• At 8:05 a.m. Mountain Time

• My Twin Brother was Born


• Task Force created to Investigated Blackout

• Task Force Conclusions:

• Lack of voltage and current monitoring was a contributing factor

• Task Force Recommendations

• EPRI and electric power industry developed new metering and monitoring equipment & systems

• These systems became the modern SCADA

Northeast blackout of 1965


http://en.wikipedia.org/wiki/Electric_Power_Research_Institute

http://en.wikipedia.org/wiki/SCADA




SCADA Vendor A’s Solution

SCADA Vendor A’s Protocol

Vendor Specific SCADA Protocol Issues


SCADA Vendor B’s Protocol


SCADA Vendor B’s Solution


SCADA Vendor C’s Protocol


SCADA Vendor C’s Solution


SCADA Vendor D’s Protocol


SCADA Vendor D’s Solution


SCADA Vendor E’s Protocol


SCADA Vendor E’s Solution


The Vendor Specific SCADA RTU

Only okay if you only use

that One Vendor

SCADA Vendor X’s Protocol

What if have more that one vendor???


Partial List of Vendor Specific

Protocols

ABB Spa Bus

ABB RP-570

ABB RP-571

ABB Indactic 33/1

ABB Indactic 33/41

ABB Indactic 33/41 Ext.

ACS 3100

AEP Synchronous

AEP Asynchronous

ASEA ADLP 80

ASEA ADLP 180

ASW LS RTU1

Amtrak SDLC

Avista Inp 1000

Bailey MPC

Boeing SDLC

CAE Micro RTU1

CAE HDLC

CDC Type 1

CDC Type 1-12 bit adrs

CDC Type 1 ASCII

CDC Type 2

CDC Type 2 synchronous

CDC Type 2 extended

CDT Types 1, 2, 3, 4, 5

Cegelec HN Z 66 S 11/15

Compumech CD-4150

Conitel 300

Conitel 2000

Conitel 2020

Conitel 2025

Conitel 2100B

Conitel 2100H

Conitel 2100M

Conitel 3000

DYNAC DYNET

Ferranti Van Comm

Fuji

Getac/ 7020/4-BCH

Getac/Betac 7020-LP

Getac/Betac SDLC

Harris 5000/6000

Harris Micro 2

Harris Micro 3

Honeywell 7000

Modbus ASCII

Modbus RTU

Modbus TCP

Moore 9000

Newfoundland

OPC-XML DA

PG&E 2179

Pert 26/31

QEI/Quindar QPLH1

QEI/Quindar Quics II

QEI/Quindar Quics IV1

Quantum DNP 1/QDIF

RainWise Serial

Recon 1.1

Redac 70D

Redac 70H

Redsad

Rockwell 5010

Rockwell 5011 (standard)

Rockwell 5011 (PSI)

Rockwell 5012

Rockwell 5020

SCADA Consultants

Scadapac 1

Scadapac 5

SCA 2500

SCI RDACS1

SEL Fast Meter

SEL Fast Message

SEL Interleiaved

SES 92

SES 92 (GRE)

SES 92 IP (GRE)

Siemens Sinaut 8-FW/DPDM

Southern Services

Southwestern PS Co. SPS

Systems Control 5

Systems Control 5.2

SC1801 5.4.1

SC1802 5.5

SC1803 6

Systems Northwest 11.1

Systems Northwest 111

Systems Northwest Distribution

Toshiba

Telegyr BOA

Telegyr BOA Byte

Telegyr MPS9000 Async

Telegyr MPS9000 Sync

Telegyr Telegyr 800

Telegyr Telegyr 8979

TLC 11M

TRW 850

TRW 9550

TRW System 9

Valmet (Tejas) Series 3

Valmet (Tejas) Series 5

Valmet (Tejas) Series 5 extended

Westinghouse Wisp+

Westinghouse Wisp+

Weston Recon 1

1st Connected Grid Wave SCADA – 1970+


STATION

Intelligence

SYSTEM

Intelligence

Protocol C

Any Protocol

Universal SCADA Data Management Solution =

Replace Vendor Specific RTU with Specifically Multi-Vendor RTU/ Gateway


Multi-Vendor IED Support Matrix

Vendor

Protocol Matrix

Event File Collection

Mgmt

IED Access Mgmt

Password Change Mgmt

IED Config Change Mgmt

Firmware Change Mgmt

1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?

2 ABB RP-570, 571.. ? ? ? ? ?

3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?

4 GE Harris 5000, 6000 ? ? ? ? ?

5 Alstom Proprietary ? ? ? ? ?

6 Schneider Tejas III, V, … ? ? ? ? ?

7+ etc More…. ? ? ? ? ?


Defining Interoperability

Past Three Decades Operational SCADA Data Collection


August 14, 2003 History Repeats


Northeast Blackout of 1965

Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_1965,





• A significant disruption in the supply of electricity on August 14, 2003 @ 4:10 p.m.

• Affected • Northeastern United States

• Midwestern United States

• Ontario, Canada

• Over 55 Million People Affected

• Task Force Created to Investigate the Blackout




http://en.wikipedia.org/wiki/Northeastern_United_States

http://en.wikipedia.org/wiki/Midwestern_United_States

http://en.wikipedia.org/wiki/Midwestern_United_States

http://en.wikipedia.org/wiki/Ontario




• Task Force Recommendations

– Improve Monitoring • Improved Access to Fault Information

• Need Better Time Stamped Data and Data Quality

• Improve Cyber and Physical Security (NERC CIP) • Improve IED Access Management

• Password Management

• Firmware Management

• Improve Reliability • Better Testing and Device Configuration

Controls

• IED Configuration Management Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003



STATION

Intelligence

SYSTEM

Intelligence

Protocol C

Any Protocol

Total SCADA Data Management Solution =

Requires a Multi-Vendor SCADA Protocol Solution


STATION

Intelligence

SYSTEM

Intelligence

Event File C

Total Device Event File Management

Requires a Multi-Vendor Event File Solution

Centralized Event Files


STATION

Intelligence

SYSTEM

Intelligence

Login PW C

Total IED Access Control

Requires a Multi-Vendor

IED Access Control Solution

Centralized Access Control


STATION

Intelligence

SYSTEM

Intelligence

PW Change C

Total Password Management

Requires a Multi-Vendor

Password Management Solution

Centralized Password Management


STATION

Intelligence

SYSTEM

Intelligence

Config C

Total Device Configuration Management Solution =

Specifically Multi-Vendor Configuration Management

Centralized Config Management



• 1965 = Vendor Specific Protocol Communications

• 2003 = Vendor Specific Fault Records Collection

• 2003 = Vendor Specific IED Access Management

• 2003 = Vendor Specific Password Management

• 2003 = Vendor Specific Configuration Management

• 2003 = Vendor Specific Operating Systems Security

• 2003 = Vendor Specific Firmware Management

The Vendor Specific

Issue Repeating Itself

Over & Over Again


Beyond SCADA Integration. Today we need to deal with the complexity of…

• Fault File Management

• Remote Engineering Access (CIP-005, CIP-007)

• Password Change Management (CIP-005, CIP-007)

• Configuration Management (CIP-010, PRC-005)

• IED Documentation Management is even complicated


Defining Interoperability

Today Operational

Firmware Management

Configuration File Management

Password Change Management

Secure Remote Access Management

Non SCADA Data Collection

SCADA Data Collection

& Maintenance

+

Device

Management


Multi-Vendor IED Support Matrix

Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Harris 5000, 6000 ? ? ? ? ?



7+ etc More…. ? ? ? ? ?


Multi-Vendor IED Support Matrix Need IED Access, Password, Config & Firmware Management

Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Harris 5000, 6000 ? ? ? ? ?



7+ etc More…. ? ? ? ? ?


IED Vendors have long history of providing vendor specific solutions…

Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Alstom Harris 5000, 6000 ? ? ? ? ?

5 Eaton Cooper Proprietary ? ? ? ? ?


7+ etc More…. ? ? ? ? ?



Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Alstom Harris 5000, 6000 ? ? ? ? ?



7+ etc More…. ? ? ? ? ?



Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Alstom Harris 5000, 6000 ? ? ? ? ?



7+ etc More…. ? ? ? ? ?



Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Alstom Harris 5000, 6000 ? ? ? ? ?



7+ etc More…. ? ? ? ? ?



Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Alstom Harris 5000, 6000 ? ? ? ? ?



7+ etc More…. ? ? ? ? ?


Multi-Function IED Management

IED

Access IED

Passwords IED

Configurations IED

Firmware

Auditable Process Control

Management

Control IED Access and who is authorized to access what IEDs

Control IED Passwords and who authorized to knows what passwords

Control IED Configurations and who authorized to change what configurations

Centralized IED Firmware Control

Active Monitoring & Alerting

Alert Unauthorized IED Access attempts

Monitor IED Password Changes

Monitor IED Configuration Changes

Monitor IED Firmware Changes

Automated Change

Management

Updates with AD Users and Group changes

Automate IED Password Changes

Automate IED Configuration Changes

Automate IED Firmware Changes


Multi-Vendor IED Support Matrix Need IED Access, Password, Config & Firmware Management

Vendor

Protocol Matrix


Mgmt

IED Access Mgmt





2 ABB RP-570, 571.. ? ? ? ? ?


4 GE Alstom Harris 5000, 6000 ? ? ? ? ?



7+ etc More…. ? ? ? ? ?


Multi-Vendor IED Support Matrix Multiple Control, Monitor, Automate Use Cases

Vendor

Protocol Matrix


Mgmt

IED Access Mgmt




1 Siemens L&G 8979, Spa-Bus ? C M A C M A C M A C M A

2 ABB RP-570, 571.. ? C M A C M A C M A C M A

3 SEL SEL FM, SEL ASCII.. ? C M A C M A C M A C M A

4 GE Alstom Harris 5000, 6000 ? C M A C M A C M A C M A

5 Eaton Cooper Proprietary ? C M A C M A C M A C M A

6 Schneider Tejas III, V, … ? C M A C M A C M A C M A

7+ etc More…. ? C M A C M A C M A C M A


One SUBNET Utility Customers’ IED Support Matrix

89 Different IEDs

17+ Use Cases Defined To Date

Advanced/ Automated Functions

Login Logout Passwords Configurations Firmware Events SOE Logs Discover

Au

tom

ated

logi

n

Au

tom

ated

logo

ut

Ch

ange

Dev

ice

Pas

swo

rd in

ga

tew

ay

Ch

ange

Pas

swo

rd

Bac

kup

co

nfi

g

Res

tore

Co

nfi

g

Ge

t C

on

fig

sum

mar

y

Ret

riev

e fi

rmw

are

vers

ion

Co

mp

are

firm

war

e

Up

dat

e fi

rmw

are

Ret

riev

e n

ew e

ven

t fi

les

Ret

riev

e SO

E fi

les

Ret

riev

e d

evic

e lo

gs

Dis

cove

r C

on

nec

ted

d

evic

es


Evolving SUBNET’s Unified Grid Intelligence is a continual process. Always new devices, Always new use cases…

New IEDs every month

New Use Cases every year…..

Advanced/ Automated Functions

Login Logout Passwords Configurations Firmware Events SOE Logs Discover

Au

tom

ated

logi

n

Au

tom

ated

logo

ut

Ch

ange

Dev

ice

Pas

swo

rd in

ga

tew

ay

Ch

ange

Pas

swo

rd

Bac

kup

co

nfi

g

Res

tore

Co

nfi

g

Ge

t C

on

fig

sum

mar

y

Ret

riev

e fi

rmw

are

vers

ion

Co

mp

are

firm

war

e

Up

dat

e fi

rmw

are

Ret

riev

e n

ew e

ven

t fi

les

Ret

riev

e SO

E fi

les

Ret

riev

e d

evic

e lo

gs

Dis

cove

r C

on

nec

ted

d

evic

es


Many Different IoT Devices, Old and New, 20 year old IED

10 year old IED

3 year old IED Dozens of

Different Vendor IEDs


Multi-Function Integration Evolution


Multi-Function Integration Evolution

Today Operational

Firmware Management

Configuration File Management


Secure Remote Access Management


SCADA Data Collection

& Maintenance

+

Device

Management


Expanding Integration Systems

Remote Engineering

Access

Password Change

Management

Non-SCADA Data

Collection

Configuration and Firmware Management

Firmware Management

Configuration Management


Secure Remote Access



Interdependency of Systems

Remote Engineering

Access

Password Change

Management

Non-SCADA Data

Collection

Configuration and Firmware Management

Interleaving of Operational and Non Operational Device Access

Non-SCADA Data Collection may require knowledge of device password

Passwords may be stored in the configuration

Access to a device requires knowledge of the device password

Extracting a configuration from a device requires remote access

Password changes requires remote access

Access to a device requires knowledge of the device password


Grid IoT: Grid Integration v3.0


Typical Utility Grid IoT Execution Project Team for Each Solution

FLISR IVVC Equip Mon Inverters Line Monitors


SYSTEM Intelligence

Utility Standard Typically

Your Utilities BI System Standards

Your Utilities OT System Standards

Your Utilities Comm System

Standards

Your Utilities IED Edge Integration

Standard????

Does this exist??

Or is this done in a - Project Specific

- Vendor Specific way>

ADMS

OSIsoft PI or eDNA

SAP, Maximo?

SCADA Vendor


The FLISR of Things: Select Edge Device

SYSTEM Intelligence

SELECT FLISR IEDS

ADMS

OSIsoft PI or eDNA

SAP, Maximo?

SCADA Vendor


The FLISR of Things: Determine Communication Network

SYSTEM Intelligence

SELECT FLISR IEDS

Determine Comms FLISR IEDs

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


The FLISR of Things: Determine SCADA Interface

SYSTEM Intelligence

SELECT FLISR IEDS


Determine FLISR SCADA DATA Collection

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


The FLISR of Things: Determine Historian Integration

SYSTEM Intelligence

SELECT FLISR IEDS



Determine Historian FLISR Data Collection

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


The FLISR of Things: Determine Integration with other BI

SYSTEM Intelligence

SELECT FLISR IEDS




Integration FLISR Data to Maximo, ESRI

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


The FLISR of Things: Determine IED Management

SYSTEM Intelligence

SELECT FLISR IEDS




Integration FLISR Data to SAP, Maximo, ESRI

Determine how to manage FLISR Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


Repeat for Implementing VVC

SYSTEM Intelligence

SELECT VVC IEDS

Determine Comms VVC IEDs

Determine VVC SCADA DATA Collection

Determine Historian VVC Data Collection

Integration VVC Data to SAP, Maximo, ESRI

Determine how to manage VVC Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


Repeat for Implementing Fault Indication (Fault In)

SYSTEM Intelligence

SELECT FaultIn IEDS

Determine Comms FaultIn IEDs

Determine FaultIn SCADA DATA Collection

Determine Historian FaultIn Data Collection

Integration FaultIn Data to SAP, Maximo, ESRI

Determine how to manage FaultIn Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


Repeat for Implementing Smart Inverter Integration

SYSTEM Intelligence

Select Inverter IEDS

Determine Comms Inverter IEDs

Determine Inverter SCADA DATA Collection

Determine Historian Inverter Data Collection

Integration Inverter Data to SAP, Maximo, ESRI

Determine how to manage Inverter Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?


Typical Result: Implemented Many Project Specific, Vendor Specific Systems

SYSTEM Intelligence

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?

FlISR IEDS Vendor 1

FLISR DATA Collection

FLISR Data Historian

FLISR BI Integration

FLISR Device Mgmt

VVO IEDS Vendor 2

VVO DATA Collection

VVO Data Historian

VVO BI Integration

VVO Device Mgmt

CFI IEDS Vendor 3

CFI DATA Collection

CFI Data Historian

CFI BI Integration

CFI Device Mgmt

Smart Inv Vendor 4

S Inv DATA Collection

S Inv Data Historian

S Inv BI Integration

S Inv Device Mgmt

XFMR Mon Vendor 5

XFMR DATA Collection

XFMR Data

Historian XFMR BI

Integration XFMR Device

Mgmt





FLISR Device Mgmt

VVO DATA Collection

VVO Data Historian

VVO BI Integration

VVO Device Mgmt

CFI DATA Collection

CFI Data Historian

CFI BI Integration

CFI Device Mgmt




S Inv Device Mgmt


XFMR Data

Historian XFMR BI


Mgmt

Extend Your Utilities Integration Standard Closer to the Edge




Standards


Standard??

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?

FlISR IEDS Vendor 1

VVO IEDS Vendor 2

CFI IEDS Vendor 3

Smart Inv Vendor 4

XFMR Mon Vendor 5

FlISR IEDS Vendor 2

VVO IEDS Vendor 2

CFI IEDS Vendor 2

Smart Inv Vendor 2

XFMR Mon Vendor 2

FlISR IEDS Vendor 3

VVO IEDS Vendor 3

CFI IEDS Vendor 3

Smart Inv Vendor 3

XFMR Mon Vendor 3

Integrated Integration

• ANY IED SCADA and Non-SCADA-DATA Collection

• ANY IED Historian Data Collection • Any IED Integration with BI • ANY IED Device Management

• IED Access Control • Password Management • Configuration Management • Firmware Management





FLISR Device Mgmt

VVO DATA Collection

VVO Data Historian

VVO BI Integration

VVO Device Mgmt

CFI DATA Collection

CFI Data Historian

CFI BI Integration

CFI Device Mgmt




S Inv Device Mgmt


XFMR Data

Historian XFMR BI


Mgmt

Extend Your Utilities Integration Standard Closer to the Edge




Standards


Standard??

ADMS

OSIsoft PI or eDNA

SCADA Vendor

SAP, Maximo?

FlISR IEDS Vendor 1

VVO IEDS Vendor 2

CFI IEDS Vendor 3

Smart Inv Vendor 4

XFMR Mon Vendor 5

FlISR IEDS Vendor 2

VVO IEDS Vendor 2

CFI IEDS Vendor 2

Smart Inv Vendor 2

XFMR Mon Vendor 2

FlISR IEDS Vendor 3

VVO IEDS Vendor 3

CFI IEDS Vendor 3

Smart Inv Vendor 3

XFMR Mon Vendor 3


Remote Engineering

Access

Password Change

Management

Non-SCADA Data

Collection

Configuration and

Firmware Manageme

nt


Multi-Vendor System Level Down Approach is Key

Devices Up Integration Approach System Level Down Integration Approach

SYSTEM Intelligence

Asset MS

Historian

FLISR

IVVC

XFMR Mon

Inverters

CFI

Eng Access

Dev Mgmt

Fault Data

FlISR IEDS

Vendor 1

VVO IEDS Vendor 2

CFI IEDS Vendor 3

Smart Inv

Vendor 4

XFMR Mon

Vendor 5

FlISR IEDS

ADMS Data

VVO IEDS ADMS Data

CFI IEDS ADMS Data

Smart Inv

ADMS Data

XFMR Mon

ADMS Data

FlISR IEDS

Historian Data

VVO IEDS Historian Data

CFI IEDS Historian Data

Smart Inv

Historian Data

XFMR Mon

Historian Data

FlISR IEDS

Asset Mgmt

VVO IEDS Asset Mgmt

CFI IEDS Asset Mgmt

Smart Inv

Asset Mgmt

XFMR Mon

Asset Mgmt

FlISR IEDS

Device Mgmt

VVO IEDS Device Mgmt

CFI IEDS Device Mgmt

Smart Inv

Device Mgmt

XFMR Mon

Device Mgmt

SUBNET PSS

IoT Data Collection

SUBNET PSC

IoT Device

Management

SYSTEM Intelligence

Asset MS

Historian

FLISR

IVVC

XFMR Mon

Inverters

CFI

Eng Access

Dev Mgmt

Fault Data

FlISR IEDS

Vendor 1

VVO IEDS Vendor 2

CFI IEDS Vendor 3

Smart Inv

Vendor 4

XFMR Mon

Vendor 5

FlISR IEDS

ADMS Data

VVO IEDS ADMS Data

CFI IEDS ADMS Data

Smart Inv

ADMS Data

XFMR Mon

ADMS Data

FlISR IEDS

Historian Data

VVO IEDS Historian Data

CFI IEDS Historian Data

Smart Inv

Historian Data

XFMR Mon

Historian Data

FlISR IEDS

Asset Mgmt

VVO IEDS Asset Mgmt

CFI IEDS Asset Mgmt

Smart Inv

Asset Mgmt

XFMR Mon

Asset Mgmt

FlISR IEDS

Device Mgmt

VVO IEDS Device Mgmt

CFI IEDS Device Mgmt

Smart Inv

Device Mgmt

XFMR Mon

Device Mgmt


Remote Engineering

Access

Password Change

Management

Non-SCADA Data

Collection

Configuration and

Firmware Manageme

nt


Universal Grid IoT Integration Project Example 1


Project 1 – Electric Utility, North Eastern US Universal Grid IoT Data Concentration

• Service Area

– 26,000 sq. kilometer service territory

– 80,000 kilometers of Distribution circuits

– 12,800 kilometers of Transmission lines

– 1.4 million meters (transitioning to Smart Meters)

• Deploying 7000 Grid IoT devices


Thousands of Grid IoT Devices being Deployed

FLISR

IVVC

XFMR Mon

Inverters

CFI

• 7000 Devices Being Deployed • Rollout = Approximately 3 Devices added per Day • Didn’t want ADMS to poll all 7000 (Cost, Disruptive) • Didn’t want ADMS to be middleman for Historian (Cost, Disruptive)

SYSTEM Intelligence

Asset MS

Historian

ADMS

Eng Access

Dev Mgmt

Fault Data


Add in Universal Grid IoT FEP for both OT (ADMS) and IT (Historian, SAP, Analytics)

FLISR

IVVC

XFMR Mon

Inverters

CFI

1. Add in Separate IoT FEP Poll Devices 2. IoT FEP Polled for OT Data by ADMS 70 Devices vs 7000, 5% of Data 3. IoT FEP Supplies Data Directly to Historian and Asset Management

SYSTEM Intelligence

ADMS

Asset MS

Historian

Eng Access

Dev Mgmt

Fault Data


Case Study – Electric Utility, US

• All operational SCADA data such as Volt, Amp, Status goes to DMS and displayed to System Operators.

• Telemetry not required by DMS goes directly into the PI System. Saves on licensing costs and network traffic.

• DMS also send data to PI, which is useful for calculated outputs.

• A simplified architecture reducing multiple and proprietary data collectors.


Universal Grid IoT Integration Project Example 2


Project 2 – Canadian Provincial Utility Universal Grid IoT Device Management

• Generation – 41 Dam sites,

– 30 Hydro Facilities

– 9 Thermal units

• Transmission – ~18,000 km of lines

– ~260 substations

• Distribution – ~56,000 km of distribution lines

– ~1.8 million customers

– Service Area: 944,735 km2 (364,764 sq mi)

• Deploying 7000 Grid IoT devices


Thousands of Grid IoT Devices being Deployed

FLISR

IVVC

XFMR Mon

Inverters

CFI

• 7000 Devices Being Deployed • Was doing Traditional ADMS Data Collection • Needed Multi-Vendor Device Management (Avoid Truck Rolls) • Needed Cyber Security (Password Management)

SYSTEM Intelligence

Asset MS

Historian

ADMS

Eng Access

Dev Mgmt

Fault Data


Expand IoT FEP for Engineering Access / Device Mgmt

FLISR

IVVC

XFMR Mon

Inverters

CFI

1. Adds Secure Remote Access 2. Adds Password Management 3. Adds Configuration and Firmware Management 4. Specialized Technology able to manage Essentially Any Device

Asset MS

Historian

Eng Access

Dev Mgmt

Fault Data

SYSTEM Intelligence

ADMS


The FLISR Dollars: Vendor Specific

SYSTEM Intelligence

Automated Recloser SW /w IED Implement Vendor Specific

Device Management System

$40K/switch Qty = 1000 = $40,000,000

FlISR IEDS Vendor 1

FlISR IEDS ADMS Data

FlISR IEDS Historian Data

FlISR IEDS Asset Mgmt

FlISR IEDS Device Mgmt

$45K/switch? Qty = 1000 = $45,000,000

Phase 2: Install another 1000 units

Phase 1: Install 1000 units

ADMS

Asset MS

Historian

Eng Access

Dev Mgmt

Fault Data


The FLISR Dollars: Specifically Multi-Vendor

SYSTEM Intelligence

Automated Recloser SW /w IED Implement Multi Vendor

Device Management System

$40K/switch Qty = 1000 = $40,000,000

FlISR IEDS Vendor 1

FlISR IEDS ADMS Data

FlISR IEDS Historian Data

FlISR IEDS Asset Mgmt

FlISR IEDS Device Mgmt

Phase 2: Install another 1000 units

$25K/switch? Qty = 1000 = $25,000,000

Phase 1: Install 1000 units

ADMS

$35K/switch? Qty = 1000 = $35,000,000

Potential of up to $15M in Savings (over 35%)

New Lower Cost Competitor Option

Asset MS

Historian

Eng Access

Dev Mgmt

Fault Data


Total Universal Grid IoT Solution Both Universal Data Collection AND Device Management

FLISR

IVVC

XFMR Mon

Inverters

CFI SYSTEM

Intelligence

ADMS

Asset MS

Historian

Eng Access

Dev Mgmt

Fault Data


Total Universal Grid IoT Solution Both Universal Data Collection AND Device Management

FLISR

IVVC

XFMR Mon

Inverters

CFI SYSTEM

Intelligence

ADMS

Asset MS

Historian

Eng Access

Dev Mgmt

Fault Data

Extend your Utilities’ integration solution to enable standardized integration and Security to any Device


SUBNET Grid IoT Security and Integration Key Benefits

• Benefits of Universal Solution Benefits Extend Life of Current Install Base

• Multi-Vendor Competition Savings (2X to 5X+ ROI)

– Make Primary and Edge Device Vendor Compete with Multi-Vendor Integration

– Enable Vendor Choice, Avoid Vendor Lock In

• Ensure Maintenance of Grid IoT Infrastructure is cost effective

– Device OT and IT Data Collection Grid IoT Devices

– Centralized Device Management of Grid IoT Devices

– Focus on integrating your systems not trying to multiple Integrate Systems

• Have a Security and Integration Standard for all your Smart Grid projects


Q&A Session / Contact Details

Ameen Hamdon President, CEO Mobile: +1 403 270-8885 Email: [email protected]


SUBNET Company Overview


SUBNET Company Overview • Our Company:

– Private and Founded in 1992

– Software Engineering

– Smart Grid Industry

– HQ: Calgary, Alberta

• Clients:

– 200+ Utilities Worldwide

• Transmission

• Distribution

• Generation

• Renewable Energies

– 50+ Value Added Resellers (VARs)

• Core Expertise:

- Device Management for all your Transmission, Distribution, Generation, Asset Monitoring infrastructure

- Grid IoT Modernization

- Multi-Vendor IED Integration Solutions

- NERC CIP IED Security

- Substation Automation & HMI Solutions (DNP3, IEC 61850, 101/104, OPC, etc.)

• Partners

- OEMs

- Technology Partners

- Networking Partners

- Data Partners


SUBNET Operations 2017

Philadelphia

England


OT

IT

SUBNET’s Vision Substation Integration, Automation and Cyber Security

NETWORK

TECHNOLOGIES

SUBSTATION

TECHNOLOGIES


SUBNET Does Not Provide…

Intelligent End Point

IEDs

Common Utility Business Intelligence

Systems

Networking Communications

Equipment


SYSTEM Intelligence

SUBNET Provides Software to Securely Connect IEDs to Business Intelligence Systems



SYSTEM Intelligence

SUBNET Unified Grid Intelligence for a Specifically Multi-Vendor Smart Grid

A

N

Y

D

E

V

I

C

E

A

N

Y

N

E

T

A

N

Y

S

Y

S

T

E

M

A N Y I N T EG R AT I O N P R OJ EC T



SUBNET Unified Grid Intelligence: Any Grid Project, One Integration Solution

Date post:	22-Aug-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	1 times

Advanced Cyber-Security: Universal solution for Grid IoT OT/IT ... - …emmos.org/prevconf/2017/4....

Documents