Upload
ibm-italia-web-team
View
535
Download
3
Embed Size (px)
Citation preview
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
1
IBM End-to-End Security for Smart Grids
Più energia alla Sicurezza1 Dicembre, 2010
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
2
Electric Meters
In-Home displays
Personal Computers
Load Control Devices
Smart Appliances
Handheld Data DevicesGas Meters
Water Meters
Electric Vehicles Outlets
Solar Panels
Reclosers
Condition Sensors
Voltage Controllers
Switches
Substation & Grid Devices
Smart Meters
In-home Devices
Ruggedised Laptops
Mobile Devices
Distributed Resources
Cell Phones
Wind Turbines
Home Area Network
Neighborhood Network
Access Network
Backhaul Network
Extranet
Office Network
1. Smart, Connected Devices
2. Integrated Communication Networks
3. System Integration Platform
4. Applications & Analytics
Servers
EMS
System and Network Management
DMS
MDMS
Meter Data Collection
Load Control
GISNetwork Analytics
OMSAsset Management
CIS
CallManagement
Storage and Backup
Business Process Management
Computing Infrastructure
Application Integration
WMS
CHP
Systems Management
Security Management
Messaging & Web Services
Instrumented
Interconnected
Intelligent 5. Presentation Employee Portal/Dashboard
Field Employee Mobile Devices
Display Device
Interface
Customer Mobile Devices
Customer Web
Paper Bills
Energy Storage
What is involved in a smarter energy infrastructure?
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
333
A smart grid needs security enforcement at multiple points
11
Meter to Collection Engine
Substation Remote Monitoring equipment
Distributed Control systems and SCADA
Advanced metering control and data management system
Meter Concentrator
Web Services
Web Services
Distributed Generation
Home Area NetworksMeter
Utility
Utility Data Link
IP addressability and use of open standard protocols for the control grid necessitates it to be securely protected at multiple points
Pike Research forecasts smart grid cyber security sector will increase from $1.2 billion in 2009 to $3.7 billion by 2015
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
4
Security Concerns in a Smart Grid
• Metering Data Access Control• Privacy of Customer PII data• Audit/Compliance of policy
changes• Data Integrity• Multi-tenant access to gas/ water
data• Third party service provider access
to data for energy management• Log user activity and operations• Compliance Reporting
• Control Network Segregation• Communications Security • Integrity of command-n-control
between MTU-RTU, MTU-PLC and HMI applications.
• Cryptographic Key management • Adequate authentication strength• Hardened platforms in control room• Secure Provisioning for embedded
systems• Access Control Policy• Identity management for SCADA HMI• Physical security linked with Cyber
Security• NERC-CIP Compliance
• Managing trust across domains• Managing username /
passwords/ certification for third party service providers, contract workers
• NERC-CIP* compliance
NERC = North American Electric Reliability CouncilCIP= Critical Infrastructure Protection
•or equivalents like CPNI, ENISA•ENISA European Network and Information Security Agency
• Meter Data Integrity• Secure Meter
Provisioning• Meter Tampering• Secure Home Area
Network
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
5
Information Sharing Components in a Smart Grid
Source: NIST Smart Grid Framework 1.0NIST = National Institute of Standard & TechnologyColored lines denote domain changes
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
6
Utilities have lots of legacy and new software to secure
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
7
Some widespread vulnerability types in software
Buffer overflows
Format string vulnerabilities
Race conditions
Resource leaks
Input/ Output validation and encoding errors
SQL injection Cross-site scripting Cross-site request
forgery OS injection
Error handling and logging
vulnerabilities Insecure error handling Insecure or inadequate
logging Native code loading Data storage vulnerability
Insecure Components Malicious Code Unsafe native methods Unsupported methods Custom Cookies/ hidden
fields
Cryptography Network communication Application configuration Access control Database and file system use Dynamic code Access control and
authentication errors
Coding MistakesCoding Mistakes Configuration, Policy and Design FlawsConfiguration, Policy and Design Flaws
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
8
Many factors shape the degree and nature of the risk; there are multiple scenarios to plan for
External Threat
Insider Threat
Inadvertent Deliberate
Malware Denial of service Sophisticated,
organized attacks
Natural disasters Economic
upheaval
Unpatched systems Code vulnerability Lack of change
control Human errors
Developer-created back door
Information theft Insider fraud
Stuxnet
Wikileaks
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
9
Technical knowledge required for cyber attacks
Source: PlantData Technologies
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
10
Potential Impact of a Breach to Power Control Systems Could Be Severe
Personal injury Serious disruption to national critical
infrastructure Loss of system availability Process interruption Equipment damage Asset mis-configuration Data Loss Penalties resulting from regulatory
violations Loss of public trust
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
11
Dependency matrix of critical infrastructures(source Terna)
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
12
PAST HARD-WIRED CONTROL
PRESENTSCADA / RF ENABLED
NEAR FUTURESMART GRID / RF PERVASIVE
Financial pressure to reduce staffing;
Computerization and RF control become common
Project excellence not always followed by outstanding security operations
SCADA hacking can cause damage to neighborhoods and equipment
Uncertain regulatory, audit, and liability landscape
Control inside-the-home of all appliances
Wide use of 802.x, ZigBee, X10 methodologies
Uncertain Software Provenance, Packages
Increased organized crime / terrorist focus
Potential for damage to, and “net” theft by everyone
Revenue/Risk asymmetry for each customer
RF transition to IP and Windows “Monoculture”
Increased public and regulatory scrutiny
Most controls are “hard wired” AND require manual intervention
Lesser public availability of RF devices
Little capability for damage to or financial benefit from RF attacks
Cost-plus charging – “If we need it, we’ll do it! If we can’t do it, we’ll buy it!”
Clear regulatory and financial landscape
Evolution of Electric Utility Risks
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
13
Our Lessons Learned from the Cyber Security Front
Focus points Perimeter defense alone is probably not enough RF devices require additional security
consideration It is not just keeping the ‘bad guys’ out, it is
making the internal systems less vulnerable Points of View
Security is risk management- thus it is a business problem, not just a technical problem
Security overlaps reliability Security is part of the phase one design Projects have schedules and budgets – hackers
have no such constraints – thus periodic testing is required
Do not overlook physical security and think only of cyber
Technology Implications Some IP enabled devices can benefit
from IT systems methods Correlating suspicious activity from all
inputs is part of the detection methodology
Chain rule – security is only as strong as its weakest link
Aspects of security involve privacy issues If it has a computer in it, then the security
of it must be evaluated Platforms must be secure too, not just
components
If we know we can't practically defend against Stuxnet or its spawn, what is our approach? Giving up is not an option.
"Roll with the punch" may end up being a viable strategy. How could we design control systems, or other IT environments for that matter, to be resilient enough to take a potential
knock out punch and yet be able to come back up swinging?In the end, can we optimize our investment by planning to take the punch rather
than futilely hiding from it?
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
14
Gartner research: “Evolving Cybersecurity Issues in the Utility Industry” 20/08/2010
“Utilities need to assess the risks and make good decisions over which controls are reasonable and appropriate for their situation”
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
15
Enterprise IT systems are increasingly becoming integrated with a broader set of operational technologies (OT). IT and OT will continue to become more entwined in terms of both technology and management
Source: Gartner Market Insight: Utilities Industry Primer, 2010 19 August 2010
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
16
IBM Research for Smarter Energy leverages three approaches to add value to our clients.
Solution-driven strategy
Smart grid enablement
Intelligent buildings and green data centers
Photovoltaics (PV)
Battery storage for electric vehicle (EV)
Chip and server systems power management
Joint research and pilots
Regional demonstrations
National labs
Universities
Industry and client partners, technology consortia
Smart grids, batteries, plug-In vehicles
Committees and standards
Department of Energy GridWise Architecture Council
National Institute of Standards and Technology (NIST) smart grid working groups
International Organization ISO1, IEC2, IEEE3
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
17
IBM is driving industry transformation through its active leadership in
key industry organizations.
Chair, GridWise Alliance
Chair, GridWise Architecture Council
Chair-Elect, Architecture Committee for NIST1 Smart Grid Interoperability Panel
Member, US DOE2 Electricity Advisory Committee
Sub-committee Chair, Smart Grid, Electricity Advisory Committee
Member, IEC3 Technical Committee 8 on System Issues in Electric Grid
Member, ISO4/IEC JTC5 1/SC 25 Working Group
Member, IEC 57 Working Group 8 on Distribution Management
Chair-Elect, IEC 61968 Part 6 Standards Stream
Vice Chairman, World Energy Council Interconnectivity Working Group
Member, UCA6 International Users Group including OpenHAN, OpenAMI, Common Information Model and IEC61850
Member, OASIS7 Energy Management Information Exchange and Energy Interoperation Technical Committees
NIST8
GridWise Architecture Council
GridWise
Electricity Advisory Committee
UCAInternational Users Group
ISO
IEC
World Energy Council Interconnectivity Working Group
OASIS9
IEEE11UTC10
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
18* Items that help meet NERC-CIP requirements
Worldwide standards equivalent to NERC-CIPUK: The Center for Protection of National Infrastructure: http://www.cpni.gov.uk/ EU: European Network and Information Security Agency: http://www.enisa.europa.eu/pages/About_ENISA.htm
What E&U Companies need for Smart Grid Security - a check list
Products and processes that address NERC-CIP requirements* Standards based Industry Framework approach
NERC-CIP compliance report generation tools* Consulting tailored for E&U industry Policy management at the business, architectural and operational levels*
Trusted platforms and networks Secure operating environments for Embedded Systems & Intelligent Devices High performance hardware cryptographic modules
Intrusion detection & protection systems for preemptive threat mitigation* Network, Application & Data security SW products*
supported by research meet independent certifications
Application Security Vulnerability Testing tools*
Periodic Penetration Testing Identity & Access Management Managed Security services to help monitor and remedy networks Research teams that study and publish emerging threats and exploits
Command centers for event management and control* Critical Cyber Asset identification and management tools* Security Incident & Problem Management process automation*
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
19
IBM has extensive experience in Smart Grid security issues and solutions Application of procedures and practices involving system design, testing,
deployment, operations and decommissioning; full life-cycle Cyber security risks identified at each stage of the system deployment lifecycle
(engineering life-cycle) Cyber security criteria used for vendor and device selection Cyber security control strategies How components (hardware and software) and the installed system will be tested Test the effectiveness of cyber security measures Descriptions of residual cyber security risks Methodology(ies) used to identify cyber security risks and the outputs from those
assessments Relevant cyber security standards and best practices Descriptions of how relevant cyber security standards will be utilized at both the
technology level and the management Descriptions of how the project will support/adopt/implement emerging smart grid
security standards Descriptions of the capabilities of the component and/or system to be updated to
meet future security requirements
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
20
IBM’s portfolio consists of a multi-phase approach for a full Smart Grid life-cycle cyber security solution that includes design and implementation services
Define the Smart Grid Security Strategy and Roadmap Define the Smart Grid Security Architecture Framework Conduct Smart Grid Risk Assessment Create the Identity Management Solution Design Create the Access Management Solution Design Create the Governance, Risk, and Compliance (GRC) Management
Solution Design Create the Message Digests Solution Design Create the Security Policy Management Solution Design Create the User Registry Solution Design for SOA Create Smart Grid Security Penetration and Vulnerability Test Plan Conduct Smart Grid Penetration Testing
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
21
IBM Support for NERC-CIP standardCIP Directive
NERC Objectives Related IBM Security Framework Components
Current IBM Product and Service Offerings that address NERC-CIP Directive Objectives
CIP-001 Sabotage Reporting Security Governance, Risk Management, and Compliance Event Handling
Tivoli Service Request Manager IBM Configuration Management Database Tivoli Security Information and Event Manager
CIP-002 Identification and Documentation of Critical Cyber Assets Identification of Authorized Utility/Grid participants
Process, Security Governance, Risk Management, and Compliance People & Identity
IBM Tivoli Application Discovery and Dependency Manager IBM Tivoli Asset Management for IT IBM Configuration Management Database IBM FileNet Content Manager Rational Method Composer IBM Trusted Identity framework Tivoli Identity Manager Tivoli Access Manager
CIP-003 Security Management Controls
Network, Server and Endpoint Application and Process, Data and Information Tivoli Professional Security Services
Tivoli Security Policy Manager IBM Rational Appscan Tivoli Access Manager for Operating Systems IBM Tivoli Access Manager for Enterprise Single Sign-On Tivoli Federated Identity Manager IBM WebSphere DataPower Tivoli Access Manager for e-Business Tivoli Key Lifecycle Manager IBM Change and Configuration Manager
CIP-004 Personnel & Training People and Identity IBM WebSphere Process Server Tivoli Identity Manager Tivoli Directory Server Tivoli Directory Integrator
CIP-005 Electronic Security Perimeter
Network, Server and Endpoint and Professional Security Services
IBM ISS Proventia Intrusion Detection System IBM ISS Proventia Anomaly Detection System IBM ISS Global X-Force(Penetration Testing Services)
CIP-006 Physical Security of Critical Cyber Assets
Physical Infrastructure IBM Physical Security Services IPSecurityCenter™
CIP-007 Systems Security Management
Security Governance, Network, Server and Endpoint Application and Process, Data and Information
Tivoli Provisioning Manager Tivoli Security Compliance Manager Tivoli Identity Manager IBM Rational Appscan Tivoli Security Information and Event Manager Tivoli zSecure
CIP-008 Incident Reporting and Response Planning
Common Policy, Event Handling Tivoli Service Request Manager IBM Configuration and Change Management Database
CIP-009 Recovery Plans for Critical Cyber Assets
Security Governance, Risk Management, and Compliance
Tivoli Asset Manager for IT IBM Maximo Asset Management for Utilities IBMTivoli Application Discovery and Dependency Manager
© 2009 IBM Corporation
IBM End-to-End Security for Smart Grids
22