Security and smart grid what you need to know john chowdhury 2012 final

introducing Utility of the Future Series

Smart Grid Security &
Reliability
What You Need to Know – February, 2012 John Chowdhury

About the Author
John Chowdhury:
• has been working in the Utility Industry for the last 23 years
• His clients includes CenterPoint, San Diego Gas & Electric, APS,
Southern California Edison, Vectren, TXU, NIPSCO to name a few

Objectives of SmarterUtility.com:
• Create a Federated Knowledge Repository to take
advantage of knowledge, regardless of where it is housed
• Support multiple channels from a single knowledge
repository (Country‐State‐City‐Utility‐Regulator‐Partner
‐Vendor‐etc.)
• Knowledge repository is based on the context and intent
• To Leverage Subject Matter Experts to improve your
success factors
• Adaptive Knowledge architecture that will support all your
needs with a single repository and remain flexible to
change as needed
• Use the Adaptive Knowledge architecture to support
Transparency of knowledge, Cloud computing, Mobile
presentation, and Social use of knowledge with
no additional changes
It’s about Success, and Knowledge Sharing

© 2012 Smarterutility.com | Not to be reproduced without permission Page: 2

Why you should consider this report
• Understand current security issues
• Understand the reliability standards
• How to develop a sustainable security and
reliability process
• Approach to governance
• Tips beyond planning

System vulnerabilities and threats are constantly changing

2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 3

Objective of This Research
Ultimate objectives of Smart Grid is to have
interconnected critical power generation and
distribution systems (intelligent supply and
demand)

Defining, designing, implementing and
managing Security should consider the
overall objectives of Smart Grid

A good framework can be start


Security Concerns for Smart Grid
The security concerns of smart grid are numerous. For this presentation, we are assuming the
SG/AMI encompasses Generation to Meter capabilities (or a subset of this process). Thus
SG/AMI represents an extremely large network that touches many private networks and is
designed for command and control in order to support FLISR, Volt/Var, Intelligence Switch,
Remote Disconnect, Demand Response, Billing, and other features. Combined with a lack of
industry‐accepted security standards, the smart grid represents significant risk to connected
systems that are not adequately isolated. Specific security concerns include the following:

1. Smart meters are highly accessible and therefore require board‐ and chip‐level security
in addition to network security
2. Smart grid protocols vary widely in their inherent security and vulnerabilities
3. Neighborhood, home, and business LANs can be used both as an ingress to the AMI,
and as a target from the AMI
4. Smart grids are ultimately interconnected with critical power generation and
distribution systems (main focus of this presentation)
5. Smart grids represent a target to private hackers (for financial gain or service theft) as
well as to more sophisticated and serious attackers (for sociopolitical gain or cyber
warfare)


Challenges Faced by Organizations
With rapid development and deployment of AMI and Smart Grid, security issues with
ever increasing threat profiles, organizations faced with these challenges,
organizations ask themselves:
– What are the potential security threats and vulnerabilities?
– Are our Smart Grid security initiatives aligned with our business needs?
– Are our Smart Grid vendors security implementation within their products
compliant with Federal Requirements and compatible with ours?
– Are our Smart Grid security practices providing adequate assurance to meet
regulation or compliance agreements?
– Are we perceived as a responsive and proactive organization meeting the
needs of our stakeholders, our customers, and trading partners?
– Do our Smart Grid security controls align with industry‐related and
internationally accepted practices, standards and guidelines?
– Are we aware of our security risks and are they being effectively managed?
– Are we measuring the effectiveness of our Smart Grid security Investments?

Bottom Line…..Are We Secure?

Security and Sustainability ‐ New School Solutions

Old School New School
 Develops Reliability,  Develops comprehensive,
Cyber, Control System, IT sustainable, capable, and
in separate silos transforming processes
 Cling to safe, existing  Recognizes opportunities to
processes even when experimentally change
they are inadequate processes and seeks to adapt
 Rely on past solution to
solve today’s issues


Security and Reliability: Standards and Regulations

NERC /
NIST
CIP (DOE/DHS)
(under FERC)

SECURITY ISO‐
ISA‐99 THREATS 27002

NISPI

Emerging Technologies in Smart Grid, introducing new
opportunities for security breach

NERC CIP Explained
NERC CIP
The NERC CIP reliability standard identifies security measures for protecting critical
infrastructure with the goal of ensuring the reliability of the bulk power system. Compliance
is mandatory for any power generation facility, and fines for noncompliance can be steep.
The CIP reliability standards consist of nine sections, each with its own requirements and
measures. They are
CIP‐001‐4—Sabotage Reporting. Requires that all disturbances or unusual occurrences, suspected or determined to be caused by sabotage,
shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.
CIP‐002‐4—Critical Cyber Asset Identification. Requires the identification and documentation of the Critical Cyber Assets associated with
the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be identified through the
application of a risk‐based assessment.
CIP‐003‐4—Security Management Controls. Requires that Responsible Entities have minimum security management controls in place to
protect Critical Cyber Assets.
CIP‐004‐4—Personnel and Training. Requires that personnel having authorized cyber or authorized unescorted physical access to Critical
Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment, training, and security
awareness.
CIP‐005‐4—Electronic Security Perimeter(s). Requires the identification and protection of the Electronic Security Perimeter(s) inside which
all Critical Cyber Assets reside, as well as all access points on the perimeter.
CIP‐006‐4—Physical Security of Critical Cyber Assets. Ensures the implementation of a physical security program for the protection of
Critical Cyber Assets.
CIP‐007‐4—Systems Security Management. Requires Responsible Entities to define methods, processes, and procedures for securing those
systems determined to be Critical Cyber Assets, as well as the other (noncritical) Cyber Assets within the Electronic Security Perimeter(s).8
CIP‐008‐4—Incident Reporting and Response Planning. Ensures the identification, classification, response, and reporting of Cyber Security
Incidents related to Critical Cyber Assets.9
CIP‐009‐4—Recovery Plans for Critical Cyber Assets. Ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these
plans follow established business continuity and disaster recovery techniques and practices


ISO 27002 Explained
ISO 27002 is a set of security recommendations published by the International Standards
Organization (ISO) and the International Electrotechnical Commission (IEC), and may be
referred to as ISO/IEC 27002 or ISO/IEC 27002:2005. ISO 27002 defines “Information
technology—Security techniques—Code of practice for information security management,”
and is not specific to industrial network security. ISO standards are widely used internationally
and can be easily mapped to the recommendations of NIST, NRC, NERC, and others, as they
consist of functional guidelines for:
1. Risk assessment
2. Security policy and management
3. Governance
4. Asset management
5. Personnel security
6. Physical and environmental security
7. Communications and operations management
8. Access control
9. Asset acquisition, development, and maintenance
10. Incident management
11. Business continuity management
12. Compliance


ISA‐99 Explained
ISA standard 99 (ISA‐99) is an industrial control security standard created by the International Society of Automation (ISA) to
protect SCADA and process control systems. ISA‐99 offers varying security recommendations based on the physical and
logical location of the systems being protected as well as their importance to the reliable operation of the system. In order
to accomplish this, ISA‐99 first attempts to classify functional areas of an industrial system into specific security levels and
then provides recommendations for separating these areas into “zones.” ISA‐99 also defines the interconnectedness of
zones as well as how to enforce security. For utilities, the most public systems such as Internet or Internet‐facing systems
within the business LAN would continue level 5, while the rest of the business LAN may map to level 4. Supervisory
networks (i.e., the SCADA DMZ network) would represent level 3, and so on, with the actual “control system” (the SCADA
networks, HMI systems, field devices, instrumentation and sensors) at level 0. ISA‐99 organizes security recommendations
into seven foundational requirements and each foundational requirement consists of multiple system requirements (SRs).
SR 1.1—IACS user identification and authentication
SR 1.2—Account management
FR1—Access Control (AC) SR 3.1—Communication integrity
SR 3.2—Malicious code protection
FR2—Use Control (UC)
SR 3.3—Security functionality verification
FR3—Data Integrity (DI) SR 3.4—Software and information integrity
FR4—Data Confidentiality (DC) SR 4.3—Cryptographic key establishment and management
SR 5.1—Information flow enforcement
FR5—Restrict Data Flow (RDF) SR 5.2—Application partitioning
FR6—Timely Response to an Event (TRE) SR 5.4—Boundary protection
SR 7.1—Denial of service protection
FR7—Resource Availability (RA)
SR 7.2—Management of network resources
SR 7.6—Network and security configuration settings


NERC Compliance Monitoring Methods
Initiated by NERC and Regional Entities (Audits) Initiated by Entities (Continuing Compliance)
Self‐certification of compliance
1. Periodic compliance audits
1. Periodic reporting of compliance data and
2. Post‐event investigations statistics
3. Random spot‐checking or audits 2. Exception reporting of compliance data and
statistics (post‐event)
3. Self‐reporting of non‐compliance
4. Technical Feasibility Exceptions (TFEs)

NERC Approach
1. Completeness 8. Looked at NIST and other frameworks for
2. Clarity suggestions and guidance
3. Practicality 9. Preserved some existing components of CIP‐
002 through CIP‐009
4. Commensurate with BES impact
10. Requirements adapted from the DHS
5. Reduce Administrative Overhead Catalog of Control Systems Security (subset of
6. Minimize the Need for TFEs NIST SP 800‐53)
7. Leverage Investment in Current Standard 11. Includes directives from FERC Order 706


NERC Proposed Changes
NERC Approach:
1. Looked at NIST and other frameworks for suggestions and guidance
2. Preserved some existing components of CIP‐002 through CIP‐009
3. Requirements adapted from the DHS Catalog of Control Systems Security (subset of NIST SP 800‐53)
4. Includes directives from FERC Order 706

BES Cyber
• A discrete set of one System • A group of one or more
or more BES Facilities (i.e.,
programmable Generation Subsystem,
electronic devices • A Cyber System which if
Transmission
organized for the rendered unavailable,
Subsystem, and Control
collection, storage, degraded, or
Center) used to
processing, compromised has the
generate energy,
maintenance, use, potential to adversely
transport energy or
sharing, impact functions critical to
ensure the ability to
communication, the reliable operation of
generate or transport
disposition, or display the Bulk Electric System.
energy.
of data.
Bulk Electric System
Cyber System Subsystem (BES Subsystem)


Proposed CIP‐010‐1 and CIP‐011‐1

• Reliability Functions identified in the Leverage Current
Potential Impacts
standard Investments
• Responsible Entity (Owner) identifies
BES Cyber Systems performing • Redesign of the • CA and CCA
Reliability Functions ESP Lists
• BES Cyber Systems are categorized • Redesign of the • Restructure ESP
(High / Medium / Low ) based on BES PSP
Impact Criteria identified in the • Restructure PSP
standard • Additional
• Security requirements (controls) are Network
applied based on BES Cyber System Security Devices
impact categorization • Access Controls
• All assets will be categorized
• Monitoring and
• Retiring Terms: CA, CCAs, ESP, PSP
Logging
Major Differences

2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission 14
Page: 14

NIST Interoperability and Cyber Security Standards

NIST Framework and Roadmap for Smart Grid Interoperability Standards v1 (NIST SP‐1108)
Smart Grid interoperability standards should be open meaning the standards should be
developed and maintained through a collaborative, consensus‐driven process

Phase III Other Issues to Address
Phase II

Smart Grid Interoperability Smart Grid Conformity Testing 1. Electromagnetic Disturbances
Framework 2. Electromagnetic interference
Panel (SGIP) is a public‐
private partnership providing 3. Privacy Issues in the Smart Grid
a permanent organizational 4. Safety
structure to support the
continuing evolution of the
framework.


NISTIR 7628 Guidelines for Smart Grid Cyber Security

Volume I Volume II Volume III
Smart Grid Cyber Security Privacy and the Smart Grid Supportive Analyses and
Strategy, Architecture, and References
High‐Level Requirements
Chp 5 – Privacy and the Smart
Grid Chp 6 – Vulnerability Classes
Chp 1 – Cyber Security
Four Dimensions: Chp 7 – Bottom‐Up Security
Strategy C, I, A, NR
Analysis of the Smart Grid
Chp 2 – Logical Architecture 1. Privacy of personal
information Chp 8 – Research and
Seven Domains 22 Interface Development CS in the SG
Categories 2. Privacy of the person
Chp 9 – Overview of the
Chp 3 – High Level Security 3. Privacy of personal Standards Review
Requirements behavior
Chp 10 – Key Power System
Chp 4 – Cryptography and Key 4. Privacy of personal Use Cases for Security
Management communications Requirements


Regional Reliability Standards – Major Bodies

• ERCOT: Electric Reliability Council of
Texas, Inc.
• FRCC: Florida Reliability Coordinating
Council
• MRO: Midwest Reliability Organization
• NPCC: Northeast Power Coordinating
Council
• RFC: Reliability First Corporation
• SERC: SERC Reliability Corporation
• SPP: Southwest Power Pool, Inc.
• WECC: Western Electricity Coordinating
Council

Emerging Technologies in Smart Grid, introducing new
opportunities for security breach

Reliability Considerations

• Coordination of controls and protection systems
• Cyber security in planning, design, and operations
• Ability to maintain voltage and frequency control
• Disturbance ride‐through (& intelligent reconnection)
• System inertia – maintaining system stability
• Modeling harmonics, frequency response, controls
• Device interconnection standards
• Increased reliance on distribution‐level assets to meet
bulk system reliability requirements


Reliability Functional Model


Reliability Standard Categories

Resource and Demand Modeling, Data, and
BAL Balancing MOD Analysis

Critical Infrastructure
CIP Protection ORG Organization Certification
Personnel Performance,
Training, and
COM Communications PER Qualifications

Emergency Preparedness
EOP and Operations PRC Protection and Control
Facilities Design,
Connections and
FAC Maintenance TOP Transmission Operations

Interchange Scheduling
INT and Coordination TPL Transmission Planning
Interconnection Reliability
Operations and
IRO Coordination VAR Voltage and Reactive


Functional Entity/Reliability Standard Relation
BAL CIP COM EOP FAC INT IRO MOD ORG PER PRC TOP TPL VAR
Standards
Developer
Compliance
Monitor

Reliability
Coordinator X X X X X X X X X
Regional
Reliability Org X X X X X X X X
Planning
Coordinator X X X
Interchange
Authority X X
Balancing
Authority X X X X X X X X
Transmission
Service Provider X X X X X
Transmission
Operator X X X X X X X X X X
Generator
Operator X X X X X X X X
Transmission
Owner X X X X X
Generator Owner X X X X X X X
Transmission
Planner X X X
Resource
Provider X
Load Serving
Entity X X X X X X X X
Purchasing-
Selling Entity X X X
Distribution
Provider X X X


Smart Grid Components

Devices Applications Measurement Communications
•Synchrophasors and PMU •State Estimator and
/Data •Precision time protocols
Concentrators Contingency Analysis •Voltage and current angle • Information Management
•Wholesale and customer •Wide‐area situational differences protocols
smart meters awareness •Voltage and current •Wide‐area networks and
• Intelligent end devices •Event detection phasors and DLR communications
(IEDs) •Disturbance location • Frequency • Field area networks and
•Switched/controllable •Dynamic Ratings • Three‐phase AC voltage communications
capacitor banks •Pattern recognition and/or current waveforms •Premises networks and
•Digital fault recorders •Protection systems •Power system modeling communications
• Plug‐in electric vehicles •Remedial action data and real‐time data •Wireless communications
•Power quality meters •Demand Response from DLR •Substation LANs
•Direct control load •Automatic meter Reading •Meter data common •Global Positioning System
management •Voltage/reactive control profiles •Encryption
•DLR for operations •Operator training •Dynamic Line Ratings •Phasor Management
• Tension and Sag simulator Networks
Measurement •Data storage and retrieval


Smart Grid Conceptual Architecture
Generation Transmission Substation Distribution Advanced DER
Automation Automation Automation Automation Metering DR/EV EE (DG/DS) Smart City

Theft detection EV Management

Meter data
Operator Simulation Pricing
management

Renewable load Microgrid/ Street light monitor
Wide area monitoring Asset monitoring Grid/Asset monitoring & mapping Load disaggregation & targeting
Islanding
following & control

Remedial action Load control & Recommendation DG/DS dispatch Parking meter
Market management
scheme
Fault detection & management Outage detection
shaping optimization monitor
engine

Automatic generation Load management
Volt‐VAR Consumer portal
Public EV
control optimization Management

Municipal services
SCADA SCADA Meter management M&V apps

Network Management SW (including device monitoring and APIs to support the SW components)

Intra‐SS comms (Enet, Neighborhood Area RF Mesh WiMAX PLC 3G/GPRS RF Tower
fiber, WiFi, serial) Networks

Home Area Network (2.4 GHz ZigBee, SEP 2.0, PLC, Zwave) Emergency services

Dedicated Circuits (fiber, T1) Backhaul (fiber, WiMAX, cellular) Alternative Networks (Broadband, Cellular)

Generation Control Phasor measurement Load tap changer & Cap Bank controller &
Electric Meters EVSE Smart Appliances PV/Inverters Street lights
Devices unit voltage regulator voltage regulator

Recloser/Switch
Generation Digital fault recorder Transformer Monitor Gas Meters Load Switch Batteries Parking meters
controllers

Circuit breaker FCI/line sensor Water Meters PCT Flywheels Mobile devices

Low‐voltage IHD/Gateway PMU
RTUs Public EVSE
transformer monitor

Generation T&D Consumer Non‐utility


Security compliance must be tested for each
Network Gateway
Backhaul to Office
typically Fiber, PTP or Cellular Network

NAN to Concentrator/Substation
typically Radio, PLC or Cellular

Meter/HAN to Concentrator
WAN typically Radio, Mesh, PLC or Cellular
LAN
NAN HAN

Current offerings have better cyber security, increased situational awareness, lower cost
of ownership, and improved data surfacing capabilities.


Network Security – Multiple Layers


A Note About DNP3

DNP3 ‐ Security Concerns
While much attention is given to the IP network, there is no
authentication or encryption inherent within DNP3 (although there is
within Secure DNP3). Because of the well‐defined nature of DNP3
function codes and data types, it then becomes relatively easy to
manipulate a DNP3 session. Also, while DNP3 does include security
measures, the added complexity of the protocol increases the chances
of vulnerability. There are several known vulnerabilities with DNP3
that are reported by ICS‐CERT.

Because there are known exploits in the wild and DNP3 is a heavily
deployed protocol, proper penetration testing and patching of DNP3
interconnections is recommended.


The risks are enormous… and internal and external pressure
continues to mount
Effective management of Smart Grid security risks using a framework can drive
better business and technology decisions and achieve better results. It can:
• Protect electric grid
Compliance
Escalating Costs
• Ensure Smart Grid integrity, availability, Liability

confidentiality
• Reduce compliance liability
Unprotected Grid Business
• Provide performance, compliance and and AMI Network Risks Liability
reliability
• Enhance productivity and quality
• Protect company assets Reduced Publicity
Effectiveness Nightmare
• Align Smart Grid programs with business
objectives
• Improve customer service and
responsiveness
• Leverage risk to support competitive
opportunities
• Protect the Company reputation
• Reduce cost by enhancing efficiency


Managing the risks to Smart Grid requires a management
lifecycle
Smart Grid Risk Management Elements

Standards & Architectures and Standards –
Management Processes Architecture Standards‐based, business driven security
– Business management processes are architecture is used to develop and
refined and calibrated to efficiently
implement an enterprise‐level security
integrate security standards and expertise
program, operating model – core security
throughout the system development
program and architecture established
lifecycle and day‐to‐day operations –
evolutionary integration of security across
the enterprise including AMI and Smart
Grid
Management
Processes
Processes  & Methods
Roles & Responsibilities
Tools / Enablers
Training & Awareness

Solution
Compliance
Implementati
Monitoring
Compliance / Monitoring on
– Monitoring solutions are established to Solution Implementation
allow mid‐level and senior management – Security for Smart Grid Applications
to monitor and report security
and Architectures is defined, developed
performance effectiveness by measuring
and deployed consistent with the
key performance indicators – is
organization’s desired risk profile  – end‐
everything ok?
to‐end transaction integrity achieved


Qualitative Risk Assessment
Risk Assessment: activities that are carried out to discover, analyze, and describe risks.
Risk assessments may be qualitative, quantitative, or a combination of these.
Internal audit is related to risk assessment;

Qualitative Risk Assessment: A qualitative risk assessment occurs with a pre‐defined
scope of assets or activities. Assets can, for example, consist of software applications,
information systems, CIP equipment, or physical security. Activities may consist of activities
carried out by an individual, group, or department.

A qualitative risk assessment will typically identify a number of characteristics about an
asset or activity, including:
• Vulnerabilities. These are weaknesses in design, configuration, documentation,
procedure, or implementation.
• Threats. These are potential activities that would, if they occurred, exploit specific
vulnerabilities.
• Threat probability. An expression of the likelihood that a specific threat will be carried
out, usually expressed in a Low‐Medium‐High or simple numeric (1–5 or 1–10) scale.
• Countermeasures. These are actual or proposed measures that reduce the risk
associated with vulnerabilities or threats.


Risk Assessment Methodologies

There are several different approaches and methodologies exist,
among these approaches are:
• OCTAVE: (Operationally Critical Threat, Asset, and Vulnerability Evaluation): Developed by
Carnegie Mellon University’s Software Engineering Institute (SEI), OCTAVE is an approach
where analysts identify assets and their criticality, identify vulnerabilities and threats,
evaluate risks, and create a protection strategy to reduce risk.
• FRAP: (Facilitated Risk Analysis Process). This is a qualitative risk analysis
methodology that can be used to pre‐screen a subject of analysis as a means to
determine whether a full blown quantitative risk analysis is needed.
• Spanning Tree Analysis: This can be thought of as a visual method for identifying
categories of risks, as well as specific risks, using the metaphor for a tree and its
branches. This approach would be similar to a Mind Map for identifying categories
and specific threats and/or vulnerabilities.
• NIST 800‐30: Risk Management Guide for Information Technology Systems. This
document describes a formal approach to risk assessment that includes threat and
vulnerability identification, control analysis, impact analysis, and a matrix depiction of
risk determination and control recommendations.


Steps in Creating Smart Grid Security Governance Process
Security and
Reliability
Mission
Smart Grid Security Smart Grid
Vision & Mission Security Strategy

Smart Grid
Security Principles

Motivation Smart Grid Security
Risk Tolerance Implication Architecture
Smart Grid Security
Legislation and Motivation Architecture Design
Regulatory Compliance Principles

Smart Grid Security
Corporate Conceptual Architecture
Policies
Smart Grid Security Smart Grid Security
Policy Framework Functional Architecture

Smart Grid Security Smart Grid Security
Policies Physical Architecture

Smart Grid Security
Smart Grid Security
Standards
Operational Processes

Smart Grid Security
Smart Grid Security
Management
Controls
Processes


Security & Reliability Framework

Security & Reliability Framework
Smart Grid Security Drivers
Reliability, Risk Tolerance , Legislation & Regulations

Security and Reliability Management
Strategy
Requirements & Planning

Security & Reliability Governance

Risk
Management
Principles
Policies Smart Grid
Standards Security
Guidelines Architecture
Procedures

Operations Awareness &
Audit Training
Monitoring &
Enforcement
Management

Measurement & Assessment


Security & Reliability Architecture
…. provides a mechanism to deliver a consistent approach to Smart Grid security decisions
and solutions

Conceptual (Models )
‐ Security & Reliability Principles Security & Reliability
‐ Security & Reliability Policies User Communities Operation
Trust Model Security Zones
‐ Security & Reliability Design Objectives Business Partners Administration,
Availability Information Flow Control
Stakeholders Monitoring & Compliance
‐ /
Threat Risk Profile
‐ Security & Reliability Architecture Principles

Functional ( Components ) Confidentiality
‐ Security & Reliability Standards Identity Business Continuity Intrusion Detection Logging & Monitoring
Authentication Backup & Recovery Network Access Control Incident Management
‐ Security & Reliability Design Decisions Non‐repudiation
Authorization Network Segmentation Reporting
‐ Security & Reliability Design Patterns )
( Credential Management Trusted Time Data Management Security Operation Centre
‐ Security & Reliability Component Role Based Access Control Secure Storage & DMZ Vulnerability & Configuration
Definition Destruction Management
Physical Security

Physical (Nodes ) Encryption Firewalls /VPNs
‐ Technical Operating Standards Credentials Private Keys & Switches / Routers SIM & SEM
‐ Product Standards Profiles Certificates IPS , NIDS & HIDS KPIs & Dashboard
‐ Security & Reliability Design Patterns Authorization Rules Message Digest FIPS 140‐2 Vulnerability Assessment
Credential Repository Digital Signature Anti‐Virus Security Baseline
‐ Process Documents URL Filter
NTP
‐ Configuration Guidebooks
‐ Security & Reliability Node Definitions
Access AMI Network & Security & Reliability
Management Trust & Assurance SG Infrastructure Management


Smart Grid Security Assessment

Information Gathering  Review environment
 Types of systems
 Timing requirements
 Locations
 Security & Reliability requirements
Network Analysis  Gain understanding of network architecture and systems in place
 Identify Security & Reliability issues related to the network architecture
 Identify Security & Reliability issues based on observed network
components and network traffic
 Identify interconnections with other networks - Intranets, wireless, dialup
Network Vulnerability  Identify vulnerabilities in devices
Analysis  Identify vulnerabilities in applications
System Vulnerability  Identify vulnerabilities in devices
Analysis  Identify system configuration and procedural vulnerabilities such as weak
passwords, virus protection, patch management, system logging, etc.
Application  Identify vulnerabilities in Smart Grid application components
Vulnerability Analysis
Vulnerability  Review all data from automated tools and, where possible, check systems
Identification/Validation to verify identified vulnerabilities


How does the Smart Grid security program operate? – Define the
links, start with ISO and ELSSI
ISO 27002 Information Security Management System
INFORMATION TECHNOLOGY & SECURITY OPERATING MODEL
Strategic Planning

STANDARDIZATION RESILIENCE

Information Security Program
Normalized
Normalized Enterprise
Enterprise Approved
Approved
Approved Compliance
Compliance
Compliance Backup &&
Backup&
Requirements
Requirements Architecture
Architecture Asset List Reporting Restoration Diversification
Diversification
Architecture Asset List
Asset List Reporting Restoration
Restoration

Exceptions
Exceptions Tools &&
Tools Risk Control
Risk Control Risk
Risk Network
Network
Policy Infrastructure Redundancy
Redundancy
Policy Infrastructure Library
Library
Library Reporting
Reporting Defense
Defense

GOVERNANCE
Architecture
Architecture Policy
Policy Project/Portfolio
Project/Portfolio Third Party
Third Party Performance
Performance Risk Budget
Risk Budget
Risk Budget
Executive
Executive Definition Definition Review Management Metrics && &
Definition Definition Review Management Metrics
Metrics &&
Steering Committee Committee Committee Committee Committee Incentives Planning
Committee
Committee Committee Committee Committee Incentives Planning
Planning

SECURITY MANAGEMENT ACCESS MANAGEMENT OPERATIONS MANAGEMENT
Delivery

Risk Office
Risk Office Policy
Policy Certification &&
Certification Change
Change Vulnerability
Vulnerability Customer
Customer
Identity
Identity Data
Data Application
Application
Management
Management Management
Management Management Accreditation
Accreditation Management
Management Support
Support

Training & &
Training Risk
Risk
Risk Compliance
Compliance Configuration
Configuration Incident
Incident Systems
Systems
Infrastructure
Infrastructure Personnel
Personnel
Personnel Physical
Physical
Physical Management
Awareness
Awareness
Awareness Management
Management
Management Management Management
Management
Management


A sound Smart Grid security strategy should have proper
balance and integration with the security governance,
architecture and operations

A security strategy
is supported by Strategy
three critical Strategy links security initiatives
with business and technology
components … objectives

Architecture provides
technology standards,
models and technologies to
be leveraged by the business

Architecture


Smart Grid Security Process Integration
Functional-
Organization
Technical
Definition and
Architecture
Planning
Definition Unit And
Integration
Solution Application Testing
Requirements Design Process Build
Rollout And
Definition And Package Design and
Deployment
Selection Configuration
Communications
And Training
Detailed Infrastructure
Application Build And Monitor and
Design Configuration Continuous
Improvement

Develop Security Related Training,
Determine Business
Communications, and Procedures
Risks And Security Security Functional-
Requirements
Technical Pre-Deployment Security
Architecture And Testing
Application Security Design
High Level
Security Design Security Processes
Design Establish Users And
Design Security Roles And Permissions
Operational Support
Requirements Rollout Security Architecture

Build Application And Infrastructure Deploy Processes, Procedures,
Security Components And Ensure And Organization
Secure Configurations


Suggested Approach
• Develop a prudent and compliant cyber security program
• Identify systems considered business critical
• Identify systems considered critical per NERC standards
• Perform risk assessment for each category to determine the
financial impact of cyber security for each category
• Develop documentation that meets needs for business critical
systems and documentation to meet NERC requirements
– Be compliant with the NERC standards
– Also, be prudent in the application of cyber security programs across
business and support systems, in addition to operational systems
– Strive for compliant and prudent cyber security practices


Cyber Security is On‐going

• System vulnerabilities and threats are constantly changing
– Any modification, integration, upgrade, or test can impact a system’s
cyber vulnerability
– Vulnerability assessments are only a snap‐shot in time

• There is NO silver bullet
– No single technology is sufficient to protect control systems
– Relevant control system security policies and procedures are the best
solutions that we have without new technology developments
– Without appropriate policies, any technology can be defeated


Tips beyond Planning

1. Do a gap analysis between requirements and what is provided by the vendors
2. Get your vendors to comply with all security requirements
3. Follow‐up and make sure your vendors are complying with all security
requirements
4. Select a system based on SIEM to help manage and do compliance
5. Using multiple layers of defense
6. Using alternate threat detection mechanisms
7. Use the full capability of security monitoring and analysis tool
8. Look for either intentionally as an act of sabotage or in innocence and ignorance
9. Only a properly trained and motivated staff can ultimately ensure that the
established technical controls will operate successfully
10. Secure all wireless network
11. Misconfigurations – most vulnerabilities comes form configuration weaknesses


How to Choose a SIEM Tool

What is SIEM?
SIEM is the combination of two different types of products, SIM (Security Information
Management) that gathers and creates reports from security logs and SEM (Security
Event Manager) that uses event correlation and alerting to help with the analysis of
security events.

What to look for in a SIEM solution?
Now that we know what a SIEM is and the resource commitments it requires, we can
take a look at various features and characteristics that you should pay attention to when
choosing a product:

Licensing and scalability: Different SIEM vendors license their products differently. Some
of the most common licensing modes are:
1. Number of monitored computers/devices
2. Number of events per day/hour/minute and log volume size (in MB). If you have a
baseline of the logs you wish to monitor, you should already know most (if not all) of
this information beforehand.


If you have any questions…
Please email or call me:
John Chowdhury
Phone: 214‐213‐6226
John.chowdhury@smarterutility.com
http://www.smarterutility.com.

Upload, embed, and share away!


Security and smart grid what you need to know john chowdhury 2012 final

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à Security and smart grid what you need to know john chowdhury 2012 final

Similaire à Security and smart grid what you need to know john chowdhury 2012 final (20)

Plus de John Chowdhury

Plus de John Chowdhury (7)

Dernier

Dernier (20)

Security and smart grid what you need to know john chowdhury 2012 final