More Related Content
Similar to Information Security in Electrical Power Distribution
Similar to Information Security in Electrical Power Distribution (20)
More from Dr Ashok Tiwari
More from Dr Ashok Tiwari (20)
Information Security in Electrical Power Distribution
- 1. Dr. Vivek Chandra, Head IT vivekchandra123@gmail.com
Dr. Ashok Kumar Tiwari, EE (RAPDRP)
ashokktiwari@gmail.com
MPPKVVCL Jabalpur
1
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 2. S.
No.
Particulars
1 East Discom in MP as a typical Indian Power Distribution
Utility & prevailing IT systems prior to R-APDRP.
2 Launch of R-APDRP & ERP in the Discom.
3 Network Architecture Post R-APDRP & ERP
4 Vulnerability of the new system and Potential Threats to
Security.
5 Security Measures adopted at various levels.
6 Conclusion
2
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 4. MP East Discom was
formed after the
unbundling of
erstwhile MP State
Electricity Board in
July’02.
4
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 5. The major applications deployed included:
Consumer Bill Generation System
Financial Accounting System
Stores Management System
Payroll System.
5
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 7. S.
No.
Name of
Application
Architecture Office
where
deployed
No. of
locations.
1. Billing System (HT) Distributed RAO 6 Nos.
2. Billing System (LT) Distributed Circle/Dn 29 Nos.
3. Stores
Management
System
Distributed Area Stores 5 Nos.
4. Financial
Accounting System
Distributed RAO 6 Nos.
5. Payroll System Distributed RAO 6 Nos.
7
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 9. Power Sector in the country suffers a loss of over 35% on
account of AT&C losses.
To curtail these losses R-APDRP scheme was launched by
GoI to reform Distribution Sector during XITH
plan.
The scheme intends to cover urban areas i.e. towns and cities
with population above 30,000 (10,000 in case of special
category states).
Projects under the scheme is in Two Parts.
Part-A covered IT applications in distribution sector
Part-B covered System improvement, strengthening
and augmentation etc.
9
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 10. Establishment of IT Infrastructure for determination of
baseline data of AT&C losses.
Reduction of AT&C losses
Focus on system reliability and customer satisfaction
Achieve operational efficiency through IT enablement
10
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 12. Creation of Centralized Consumer Care Centre.
Setup of Data Centre at Jabalpur.
Setup of a Centralized Control Centre at Jabalpur.
Setup of Data Recovery Centre at Bhopal.
All offices located in select 27 towns connected
through MPLS network .
12
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 13. Considering the
limited modules
coverage under R-
APDRP the Company
decided to procure the
same through ERP .
It was decided to
implement the solution
across all offices up
the level of
Distribution Centres.
The Project has been
launched in 2011.
R-APDRP ERP
1 Metering, Billing &
Collection
Procurement &
Material
Management
2 Maintenance
Management
Project Systems
3 Asset
Management
Human Resource
Management
4 Email Solution Financial
Accounting
13
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 14. Particulars R-APDRP ERP
1. Extent 27 towns having
population above
30,000.
All offices up to distribution Centres i.e
500+ locations.
2. Connectivity
through MPLS
Through MPLS
Network only
(Primary as well as
secondary)
Through MPLS Network
3. Connectivity
Through
Internet
Not provisioned Yes, The VPN Users(Around 500 No.
who have been provided the firewall
authentication (VPN username and
password) shall be able to access the
entire MPLS network. Normal Internet
users shall access the application
through Reverse Proxy.
14
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 17. DMZ stands for "demilitarized zone“.
The purpose of a DMZ is to add an additional layer of
security to an organization's local area network (LAN).
An external attacker only has access to equipment in
the DMZ, rather than any other part of the network.
A DMZ configuration typically provides security from
external attacks.
17
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 18. The VPN Users who have been provided the
firewall authentication (VPN username and
password) can access the entire MPLS network.
Normal Internet users shall access the application
through Reverse Proxy. Reverse proxy fetches
the information from internal network. These users
shall require login and passwords of application.
As per requirements only some forms/reports are
exposed to internet.
18
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 20. Proxy: A proxy takes requests from an
internal network and forwards them to the
Internet To keep machines behind it
anonymous, mainly for Security.
Reverse Proxy receives requests from
the Internet and forwards them to servers in
the internal network. This is for Security of
Internal Network.
20
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 26. Creation of sizable amount of IT Infrastructure.
Built of great amount of data.
Convergence of GIS, AMR , SCADA and CCC networks to a
single network.
Creation of numerous interface points between heterogeneous
networks which could prove potential weak links.
Creation of a very large Intranet exposed to internet.
26
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 28. Introduction of malicious code such as viruses,
Trojan horses, and worms.
Interception and tampering of data.
Denial of service attacks.
Web hacking.
SQL Injection.
Input Validation attacks.
28
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 29. 5. Security Measures adopted at
various levels.
29
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 30. 30
Physical
Security
Fire &
Smoke
Redundant Power
Supply
Data Backup
Closed Circuit
Cameras
Smoke
Detectors
Redundant Power Supply SAN Storage
Permanent Security
Guards
Fire
Extinguishers
Backup power consists of
power from two feeders,
battery banks, and diesel
generators
Tape Library
Use of Identity
Access Cards
Water Leakage
Detectors
To prevent single points of
failure, all elements of the
electrical systems, including
backup systems, are typically
fully duplicated.
Replication of
Data at SAN in
Data Recovery
Site.
Use of Biometric
Devices like Finger
Print Recognition
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 31. Network virtualization is a method of combining the
available resources in a network by splitting up the
available bandwidth into channels.
Each resource is independent from the other and
each of which can be assigned (or reassigned) to a
particular server or device in real time.
Each channel is independently secured.
Every subscriber has shared access to all the
resources on the network from a single computer.
31
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 32. Identity Access Management
Blocking use of CD Drives and Pen Drives
Anti-virus software is installed and enabled on all
workstations.
Anti-virus definition are updated through Antivirus
server at Data Centre rather than individual
machine getting updated through internet.
32
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 33. Role based Access Control.
Audit trail and Real time Monitoring Logs.
Administrator and operator logs.
Communication through Asymmetric/ symmetric
key Cryptography
Role Based Access Control
Single Sign-on functionality
33
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 34. Internet access is given to users who have legitimate
need. Following kind of access can be provided to users
to restrict misuse of internet:
Use of Web Filter for Filtration of undesired web content.
Throttling of bandwidth (to restrict the download speed)
Use of Spam Filter for blocking of junk mails.
34
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur
- 36. As technology advances, so does the associated
threats and risks.
There is no panacea against all potential threats.
It is for the utility to identify the treats, prioritize
them and identify the mitigation actions according
to the risk involved and its affordability.
36
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur