Date post: | 20-Dec-2015 |
Category: |
Documents |
View: | 215 times |
Download: | 0 times |
D R . S A T Y A M P R I Y A D A R S H YR K R G R O U P, I N C
( R E N A M I N G A S R E I G N I T E S T R A T E G Y , I N C . M A Y 1 , 1 1 ) P R I Y A D A R S H Y @ I E E E . O R G O R + 1 7 0 3 7 3 1 4 4 6 1
D R . A R U N S O O DS C I T L A B S I N C
&G E O R G E M A S O N U N I V E R S I T Y
a s o o d @ s c i t l a b s . c o ma s o o d @ g m u . e d u
P R E P A R E DF O R
T H I R D W O R K S H O P O N C Y B E R S E C U R I T Y A N D G L O B A L A F F A I R S I N P A R T N E R S H I P W I T H
C E R T- H U N G A R YB U D A P E S T, H U N G A R Y
Smart Grid Cyber Security Framework
M A Y 3 1 - J U N E 2 , 2 0 1 1
Third Workshop on Cyber Security and Global affairs
What is Smart Grid?
Smart Grid is NOT a product or service.
Smart Grid is the integration of two infrastructures Electrical Infrastructure (expanded Energy Infrastructure) Information Infrastructure
Smart Grid is the power delivery system of the future With Increased Energy Efficiency and Operational Productivity With Increased Power System Reliability and QoS (Quality of Service) Empowers Consumers and Everyone for Decision making to use Energy Efficiently
Smart Grid goals will be achieved through Optimal Use of Assets Efficient operation and the inclusion of active participation from consumers Use of new energy sources, storage, products, services and markets Proactive self-healing through continuous self-assessments of grid components Resiliency to cyber attacks
Smart Grid needs a robust Cyber Security Framework, due to network dependency
March 28,2011
2
Third Workshop on Cyber Security and Global affairs
Smart Grid
March 28,2011
3
Image Source: http://www.consumerenergyreport.com/wp-content/uploads/2010/04/smartgrid.jpg
Third Workshop on Cyber Security and Global affairs
Smart Grid Framework
March 28,2011
4
Smart Grid Framework constitutes the following seven layers
Energy transmission and distribution infrastructure Communication network Data center computational platform Informational systems infrastructure and operational systems Business applications for automation, communications and
management Vendor partnerships and services
Smart Grid needs to have defense mechanisms at each of the above seven layers.
Third Workshop on Cyber Security and Global affairs
Smart Grid Framework
March 28,2011
5
The layered cyber security framework should include:
The physical security The access control The secure devices, systems and network The secure software, applications, databases, and storage The secure intercommunications and data transport The defense to the existing and emerging threat landscape The self-healing of grid through real-time monitoring and
management
In the following sections we discuss each one of them.
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework
Leverage the existing security systems. SCADA (Supervisory Control And Data
Acquisition) is the security systems in the current grids, within isolated environments.
Expand SCADA, for Smart Grid, as environments will no longer remain isolated and will be on always connected networks.
March 28,2011
6
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework – Physical Security
Requires an integrated solution for protecting the premises from intruders.
The solution will have to automate Data analysis Creation of Alerts, Response to alerts from
Electronic access controls, Sensors, etc. Generators, Smart Appliances, etc. Equipment transport logs, etc. Video surveillance, etc.
Other new technologies as become available
March 28,2011
7
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework –Access Control and Identity Management
Robust access control & identity management/verification policies for People, Vendors Companies Communicating devices, etc.
Use of strong passwords, reCAPTCHA, biometrics, etc. for authentication from the start
Implementation for Sarbanes-Oxley like rules The default-deny policy for the servers, routers, switches, and
other devices should be in place, when these devices go on the network. An access on the network should require explicit permission settings, to avoid any unauthorized entry.
For example, a customer shall access energy consumption metrics from the Smart Meter, but shall not be allowed to make changes to the device itself.
March 28,2011
8
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework
Hardening of the devices, servers, and network before deployment and connection to the backbone of Smart Grid. For example, the factory settings like passwords, open
ports, etc. on the devices, routers, switches, servers, sensors, and Wi-Fi networks shall be changed based on the access and control policies set earlier.
Implementation of the recommendations from the vendor on making their devices secure For example, disruptions caused by denial of service
(DoS) attacks can be reduced if the vendor recommendations for securing the devices are followed.
March 28,2011
9
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework –Secure SADS
Smart Grid will integrate multiple vendors for software, applications, databases and storage (SADS) through its backbone, the Smart Grid Network.
SADS are secure before deploying it on the networked devices. For example, memory injection issues do not get deployed
knowingly. Consistent and timely upgrade and patch deployment
policies for SADS. should take into account the consistency, timeliness and interdependencies of SADS.
Same robust testing and phased deployment of open source and commercial off-the shelf (COTS) SADS.
March 28,2011
10
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework –Secure Data Transport and Storage
Data transport at very low latency and high throughput is critical for Smart Grid. Data needs be protected as it is shared between
different entities and stored Data encryption would be essential to implement
across the board (both for transport and storage)Granular access to sensitive data at the user
and application level should be implemented. Leveraging VPN technologies for data
transmission between devices in the Smart Grid network will be needed.
March 28,2011
11
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework –Defense in Depth
Defense-in-depth approach of multi-level and multi-layer security to protect from existing and emerging threats.
The known threats from Hackers, vandals, and disgruntled employees, Competitors, customers, security systems, Terrorists, and foreign countries, Rogue devices, tainted software, and other yet unknown
sourcesAddress attacks like
spoofing, cracking denial of service, eavesdropping, traffic analysis, social engineering, malware, etc.
March 28,2011
12
Third Workshop on Cyber Security and Global affairs
Cyber Security Framework –Self-healing
Self-healing of Smart Grid requires that cyber security become pervasive and granular.
Real-time monitoring of data at the lowest possible granular level will provide immediate knowledge About changes Events that can disrupt the Smart Grid Allow to take quick corrective actions
In a complex system like the Smart Grid, events can arise As a result of a security breach As a noise during the course of operations.
Monitoring these events will ensure the protection and security of the Smart Grid.
March 28,2011
13
Third Workshop on Cyber Security and Global affairs
Thanks !!
March 28,2011
14
For a self-healing, always on, highly efficient SMART GRID, a robust Cyber Security
Framework is essential.
For more informationContact