CIP2015
Smart Grid Vulnerability Assessment Using National Testbed NetworksIHAB DARWISH OBINNA IGBE TAREQ SAADAWI
CIP2015
Objectives
Critical infrastructure – Energy Sector Smart Grids Security Policies and Strategies Smart Grid Vulnerabilities, Threats and
Risk Management National Testbed Environment Attack Demo using DETER Network
CIP2015
Critical Infrastructure - Sectors
Energy Sector
Petroleum
Electricity
Natural Gas
Generation including
Renewable Energy
Transmission
Distribution of Electricicity
SCADA Control System
Electricity Market
Transportation System
ITSector
Critical Infra-Structure
Water & Waste Water
Systems
***Chemical
Financial ServicesEmergency Services
DamsCritical Manufacturing
Food & AgricultureGovernment Facilities
Healthcare & Public HealthNuclear Reactors, Materials and
WasteCommercial Facilities
Defense Industrial Base****************************
Other Sectors
Critical infrastructure is a collection of systems and assets tangible and non-tangible that provides critical services to the nation.
CIP2015Critical Infrastructure – Energy
Sector
According to the Department of Homeland Security (DHS), more than 80% of the US energy infrastructure is owned and operated by private sectors.
Energy sector is providing different kinds of energy sources including electricity, petroleum and natural gas to households and businesses.
More than 6400 power plants, 30,000 substations and 200,000 miles of transmission lines in the nation.
CIP2015
Critical Infrastructure – Smart Grids
Initiated by National Institute of Standards and Technology (NIST) according to the American Recovery and Reinvestment Act (ARRA) in 2009.
To establish intelligence and interoperability that incorporate smart technologies with various electricity distribution facilities to improve reliability of the grids.
Transmission Lines and Smart-Grid Power NetworkOverlay
Smart-Grid Communication InfrastructureOverlay
Reliability
Reliability is about 100% Availability
CIP2015
Smart Grid as Micro-Grids
Smart grid is a collection of micro-grids interconnected and linked to the SCADA operating at the control center.
Several measurement areas can be performed in each micro-grids including power conditioning, time synchronization, validation, metering and others.
Micro-Grid is Isolated in case of Hazards
CIP2015
Smart Grid - Protocols
Master Slave
Micro-Grid 2
Master Slave
Micro-Grid 1
ICCP – Inter-Master Link
CIP2015
Popular Smart Grid Protocols
Modbus Industrial protocol used in
SCADA
Serial and TCP versions
Master and Slave operation
DNP3 Open standard – IEEE
Most used protocol in the US
Supports Secured Authentication
IEC 61850 Most recent Industry Electronic
Commissions protocol
Substation Automation
Comprehensive set of protocols using layer-link multicasting protocol (GOOSE)
ICCP Inter- Control Center
Communication Protocol – IEC60870-6
Used primarily to interconnect masters from different micro-grids.
CIP2015Security Policies and Strategies -
Penetration
Penetration starts with the weak security perimeter as a back door to all possibilities in an attempt to reach the most critical part of the organization with high security.
Weaknesses – Systems, Policies and Procedures
Layer 1 Layer 2 Layer 3Highly Secure
Layer
Attacker
CIP2015Security Policies and Strategies -
Critical Infrastructure Organizations
DOE –C2M2
DHSICS
CERT
DOC NIST
CERTS
DHSNIPP
EPRI
National Infrastructure Protection Plan
DOENSTB
NERC North American Electric Reliability Corporation
Security policies in critical infrastructure provide the strategy and the governing rules for guidance in protecting critical infrastructure components and valuable assets.
NIST Security Policies
CIP2015Security Policies and Strategies -
Implementations
DOE –C2M2
DHSICS
CERT
DOC NIST
CERTS
DHSNIPP
EPRI
National Infrastructure Protection Plan
DOENSTB
NERC North American Electric Reliability Corporation
Policies should be applicable Polices should enforced Empowering users for policy
adoption Policy auditing
CIP2015
Critical Infrastructure Strategy
Adhere to all legal and legislative requirements and satisfy the government mandatory information management and security principles.
Develop, document, implement, and review information security controls.
Ensure that smart-grids infrastructure and information systems operate with a high degree of assurance and integrity.
Protect assets and data both physically and logically.
CIP2015
Defense of Depth Security Model
An enhanced practical strategy for achieving system reliability and information accuracy.
CIP2015
Defense of Depth Security Model
Layer Defense Mechanism IssuesFirst Layer “Policies and Procedures”
Second Layer “Physical Security”
Third Layer “Security Perimeter”
Firewalls, VPN encryption Network-based Anti-virus
Vulnerable to attackers
Fourth Layer “Network”
Network based intrusion detection systems (IDS)
Vulnerability management systems Network access control and User
Authentication
Could cause false alarms Unauthenticated Access &
Exploitation
Fifth Layer “Host” Host IDS Host Anti-Virus
Host based control, but limited to each device.
New attacks are not detected
Sixth Layer “Applications”
Public Key Interface (PKI) and RSA Access Control and Authentication
Overhead and slow performance
Seventh Layer “Data”
Encryption Good security but subject to security policies
CIP2015Smart Grid Vulnerabilities, Threats
and Risk Management – Energy SectorYear Number of
Incidents% of Incidents
in Energy Sector
Number of Vulnerabilities
Threat Activities Vector or Examples
2014 245 32% 159 Unauthenticated Access & Exploitation
Buffer overflow Spear Phishing Network Scanning and probing SQL Injection Unknown Access Vector (almost
50% of the cases)
2013 256 59% 187
2012 198 41% 171
2011 140 35% 138
CIP2015
Attack and Penetration Strategy
Shared Services
Shared Services Zone
Trusted Network Zone A
Untrusted Zone
Security Perimeter
Target
Trusted Network Zone B
Trusted Network Zone C
Penetration
Reconnaissance or data gathering stage
Scanning for potential target(s) and possible vulnerabilities
Exploiting the vulnerability discovered.
Accessing the compromised host through logical connection
CIP2015Critical Infrastructure Security
Concerns
Critical cybersecurity concerns that need to be addressed in critical infrastructure are so many.
Security Concerns in Smart Grids
CIP2015
Risk Management
“Once we know our weaknesses they cease to do us any harm”
Georg C. Lichtenberg, (1742-1799)
German Scientist
CIP2015
Risk Management Strategy
AttackVector
Comparison
AttackVector
Comparison
EstablishAttack
Behavior
EstablishAttack
Behavior
EstablishImpactTheory
EstablishImpactTheory
DevelopMitigation Strategies
DevelopMitigation Strategies
ImplementSpecificStrategy
ImplementSpecificStrategy
Risk Analysis
EnvironmentalVariables
CountermeasureAnalysis
Continuous Improvements& Change Management
VulnerabilityAssessment
ThreatAnalysis
ImpactAnalysis
Research and Incident Analysis Detection and Mitigation PlanningRisk = Threat x Vulnerability x
Impact
CIP2015
National Testbed Environments
With increased smart-grid complexity, experimental studies of large-scale grids are usually not economically feasible, even for small micro-grid environment with limited number of distributed energy sources and intelligent loads
• National Scada Test Bed (NSTB)
• Smart Grid System Testbed Facility
• DeterLab Testbed Environment
CIP2015
Conclusion
Critical infrastructure – Energy Sector Smart Grids Security Policies and Strategies Smart Grid Vulnerabilities, Threats
and Risk Management National Testbed Environment Attack Demo using DETER Network