Upload
vankurd
View
16
Download
0
Embed Size (px)
DESCRIPTION
Cyber security for substation automation
Citation preview
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 1/27
© ABB Inc.
12/17/15 | Slide 1
Texas A&M University6t! Ann"al #$n%erence %$r r$tective 'elay (n)ineers
'e*lacin) +ear ,it! -n$,led)e #yer Sec"rity %$r
S"stati$n A"t$0ati$n r$tecti$n and #$ntr$l Syste0s
Steven A. Kunsman, April 1, 2014
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 2/27
S0art rid #yer Sec"rity Strate)y and'e3"ire0ents
4ISTI' 762 21
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 3/27
!at is #yer Sec"rity
NERC CIP$r 0aye n$t a%ter all 8
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 4/27
#yer Sec"rity %$r S"stati$n A"t$0ati$n!y is #yer Sec"rity an iss"e
#yer sec"rity !as ec$0e an iss"e by introu!in" Et#ernet
$%CP&IP' base !ommuni!ation proto!ols t$ ind"strial
a"t$0ati$n and c$ntr$l syste0s. e.). I(#67519 :4
;. via T#/I $r I(#615
Conne!tions to an (rom e)ternal net*or+s <e.). $%%ice
intranet= t$ ind"strial a"t$0ati$n and c$ntr$l syste0s !ave
$*ened syste0s and can e 0is"sed %$r cyer attac>s
Cyber atta!+s on inustrial automation an !ontrol systems
are real an in!reasin" leadin) t$ lar)e %inancial l$sses
tilities nee to avoi penalties d"e t$ n$nc$0*liance ,it!re)"lat$ry directives $r ind"stry est *ractices
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 5/27
?$, i) is t!e ris>
#yer incidents are real and cyer sec"rity %$r
ind"strial c$ntr$l syste0s 0"st e ta>en seri$"sly
but it is a c!allen)e t!at !an e 0et
Ste*!en #"00in)s direct$r $% t!e Britis!
)$vern0ent@s #entre %$r t!e r$tecti$n $%
4ati$nal In%rastr"ct"re
-Cyberterrorism is a myt#
:enial anic
'eality
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 6/27
#yer Sec"rity %$r S"stati$n A"t$0ati$nBac> t$ t!e asics
Sec"rity is a$"t a,areness *$licy and *r$cess
I)n$re c$0*liance at least at %irst
+$c"s $n ris> 0iti)ati$n and 0ana)e0ent
Assess y$"r 0at"rity 0$del and t!en i0*r$ve
T!ere is n$ s"c! t!in) as 1 sec"rity
Act$rs and t!reats c$nstantly c!an)in)
:e*l$y :e%ense in :e*t!
:eter :etect and :elay t!e ad )"ys
Sec"rity d$es n$t c$0e %$r %ree
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 7/27
!at is #yer Sec"rityBac> t$ t!e asics
T!e )$als $% #yer Sec"rity are Availability av$id denial $% service
Inte"rity av$id "na"t!$riCed 0$di%icati$n
Con(ientiality av$id discl$s"re
Aut#enti!ation av$id s*$$%in) / %$r)ery Aut#ori/ation av$id "na"t!$riCed access
Auitability av$id !idin) $% attac>s
Nonrepuiation av$id denial $% res*$nsiility
#yer Sec"rity !as (un!tional aspe!ts <e.). "ser a"t!enticati$n %ire,all antivir"s=
uality aspe!ts <e.). de%ense in de*t! testin)=
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 8/27
#yer Sec"rity %$r S"stati$n A"t$0ati$nT!e 0$st relevant e%%$rts
NIS%IR 32 S0art rid #yer Sec"rity Strate)y and 'e3"ire0ents
IEEE C5.240 #yer Sec"rity 'e3"ire0ents %$r S"stati$n A"t$0ati$n r$tecti$n
and #$ntr$l Syste0s
IEEE 133 I((( Standard %$r S"stati$n Intelli)ent (lectr$nic :evices <I(:s=
#yer Sec"rity #a*ailities
IEEE 111 Trial Use Standard %$r #yer Sec"rity $% Serial S#A:A Din>s and I(:
'e0$te AccessIEC 32561 :ata and #$00"nicati$ns Sec"rity
NERC CIP Sec"rity re)"lati$n %$r 4$rt! A0erican *$,er "tilities
ISE/I(# 271 in%$r0ati$n sec"rity 0ana)e0ent *r$cesses
ISA SFF Ind"strial A"t$0ati$n and #$ntr$l Syste0 Sec"rity
Criti!al In(rastru!ture Cyber Community $a+a -C Cube' 7oluntary Pro"am
ased $n (xec"tive Erder <(E= 1;6;6G
Improving Critical Infrastructure Cybersecurity and released
residential $licy :irective <:=21G Critical Infrastructure Security and Resilience!tt*G//,,,.d!s.)$v/a$"tcriticalin%rastr"ct"recyerc$00"nityc
#2B;v$l"ntary*r$)ra0
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 9/27
'e*resentati$n $% sc$*e and c$0*leteness $% selected standards
S$"rce :TS I(# 62;511 G Sec"rity arc!itect"re )"idelines
#yer Sec"rity %$r S"stati$n A"t$0ati$n
Standards and sc$*e
IEEE C5.240
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 10/27
?$, d$ y$" ens"re in%$r0ati$n & net,$r> sec"rity
#yer sec"rity as an inte"ral *art $% t!e prou!t li(e!y!le %r$0 early desi)n and devel$*0ent t!r$")!
testin) t$ li%e ti0e s"**$rt service and %"t"re ada*tati$ns
t!e pro8e!t li(e!y!le ens"rin) $t! t!e delivery $% s$l"ti$ns ,it!
t!e a**r$*riate sec"rity *r$*erties as ,ell as sec"re exec"ti$n $%
t!e *r$Hect ,$r> itsel%
t!e substation li(e!y!le s"**$rtin) e%%$rts t$ $*erate and 0aintains$l"ti$ns sec"rity *r$*erties t!r$")!$"t entire $*erati$ns *eri$d
Jend$rUtility str$n) c$lla$rati$ns $r>in) cl$sely ,it! c"st$0ers K'e*lacin) +ear ,it! -n$,led)eL
artnerin) ,it! )$vern0ent $r)aniCati$ns ind"stry *artners $racade0ia
Actively drivin) standards e.). I((( 166 & I((( #;7.29
Understandin) res*$nsiility et,een Jend$r and Utility
?$listic and c$lla$rative a**r$ac!
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 11/27
#yer sec"rity initiatives
Sec"rity 4eed
?i)! level $% sec"rity %$r *r$d"cts & s$l"ti$ns
+ast res*$nse and reliale *artner in case $%
a cyer sec"rity incident
Jend$r res*$nsiility
#r$ss%"ncti$nal cyer sec"rity $r)aniCati$n
Instit"ti$naliCe sec"rity c"lt"re
Active *artici*ati$n in sec"rity standards
(stalis!ed sec"rity *r$cesses Sec"rity assess0ent in '&:
Sec"rity a>ed int$ t!e tec!n$l$)y
'$"stness and validati$n testin)
atc! 0ana)e0ent *r$cess
Sec"rity $r)aniCati$n & instit"ti$naliCati$n
Demand Technology ProcessesVerification Life cycle support
Standards
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 12/27
:esi)n and devel$*0ent re3"iresG
Understandin) t!reats
Assessin) ris>
Miti)ati$n
T!reat 0$delin) 0et!$d$l$)y a**licale t$ *r$d"ctty*e
syste0s
a**licale inde*endent $%de*l$y0ent
all$,s t!ird *arties t$ validate
ass"0*ti$ns and c$0*are res"lts
r$d"ct Di%ecycle :esi)n & I0*le0entati$nT!reat 0$delin)
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 13/27
:evice Sec"rity Ass"rance #enter <:SA#=
Sec"rity 4eed
'$"st and reliale *r$d"cts and
s$l"ti$ns
Jend$r 'es*$nsiility Sec"rity testin) center )"arantees a
c$00$n and est *ractice r$"stness
testin)
#$ntin"$"s re)ressi$n tests $n
*r$d"cts and syste0s ens"rin) a !i)!
level $% r$"stness a)ainst cyer
sec"rity attac>s
r$d"ct and Syste0 ?ardenin)
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 14/27
r$tect
Sec"rity 4eeds
(ns"re reliale syste0 $*erati$n <availaility and
*er%$r0ance=
Utility 'es*$nsiility Mal,are r$tecti$nG revent detect and re0$ve
0al,are e.). vir"ses ,$r0 8
eri0eter r$tecti$nG 'estrict access y l$c>in)
/ %ilterin) in$"nd and $"t$"nd c$nnecti$ns
Sec"re #$00"nicati$nG (ncry*ti$n t$ *revent"na"t!$riCed "sers %r$0
readin) and 0ani*"latin) data
Is 0y syste0 *r$tected a)ainst an attac>
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 15/27
r$tect :e%ense in :e*t!#yer sec"rity and r$"stness t!reats
!ysical Sec"rity eri0eter
(lectr$nic Sec"rity eri0eter
Net*or+ isturban!e,
mal*are, Cyber atta!+s
(lectr$nic
*eri0eter *r$tecti$n
naut#ori/ePerson
Se!urity measures
!ysical
*eri0eter *r$tecti$n
In(e!te
9obile
ata
stora"e
In(e!te
Noteboo+
:ata storm by a
;aulty :evi!e
naut#ori/e
Person
:e%ense in
de*t!
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 16/27
M$nit$r
Sec"rity 4eed
Alert a$"t critical sec"rity alar0s in real
ti0e t$ enale %ast c$rrective acti$ns
Utility 'es*$nsiility D$))in) & Alar0in)G All sec"rity related
events are rec$rded sever events are
alar0ed t$ t!e re0$te center
'e*$rtin) & A"ditin)G r$d"ce necessary
data re*$rts and d$c"0entati$n %$r an
a"dit
:$ I >n$, ,!at !a**ens $n 0y syste0
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 17/27
M$nit$r Sec"rity events l$))in) / A"dit trail
Sec"rity 4eed
Alert a$"t critical sec"rity alar0s in
realti0e t$ enale %ast c$rrective
acti$ns
Jend$r 'es*$nsiility
(vent l$)s are sec"rely retained
Sec"rity event l$)s dis*layale via
device t$$ls Aility disse0inate sec"rity events t$
external sec"rity l$) clients "sin)
sysl$)
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 18/27
Mana)e
Sec"rity 4eed
-ee* t!e sec"rity $% t!e syste0 "* t$ date
Utility 'es*$nsiility
atc! Mana)e0ent 'ed"ce ris> $% v"lneraility %$r ,ind$,s ased
syste0 c$0*$nents
Bac>"* & 'est$rati$n
(ns"res c$0*lete data sec"rity and enales %ast
rest$rati$n in case $% data l$ss /0ani*"lati$n
Acc$"nts & A"t!enticati$n 'estrict access t$ intended "sers $nly *r$tected
y !i)! *ass,$rd c$0*lexity
#an I s"stain t!e sec"rity $% 0y syste0
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 19/27
Mana)e
9inimi/e ris+
Jend$r 'es*$nsiility Cultural !#an"eG Acce*t t!at v"lnerailities exist
<!avin) a v"lneraility is acce*tale i0*r$*erly
!andlin) t!e0 is n$t=
+$r0al *r$cesses and *$licies
r$*er c$00"nicati$n at t!e ri)!t ti0e
M"st estalis! a %$r0al *r$cess and v"lneraility
res$l"ti$n ,it! "r)ency
J"lneraility !andlin) & Incident res*$nse
C o
m
m u
n i !
a t i o n
In%$r0ati$n
#$llecti$n
Tria)e
Investi)ati$n
'es$l"ti$n
'elease
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 20/27
#yer Sec"rity %$r S"stati$n A"t$0ati$n
S"00ary
9onitorin"
sec"rity and !ealt! activities
in realti0e
<o""in",
Alarmin"
Reportin",
Auitin"
9ana"in"
critical activities s"c! as
c$n%i)"rati$ns c!an)es and
*atc!es
Pat!#
9ana"ement
=a!+up,
Restoration
A!!ounts,
Aut#enti
!ation
Prote!tin"
a)ainst t!reats t$ s"stati$n
a"t$0ati$n syste0s
Perimeter
Prote!tion
9al*are
Prote!tion
Se!ure
Communi!ation Prou!t an
System
>arenin"
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 21/27
T!e #!allen)esEr)aniCati$nal
I0a)esG ,,,.)"ardianc$ns"ltants.c$."> ,e)ilant.c$0 ,,,.%l$risc0.nl l$)*$$l9t$$l.c$0
'is> Mana)e0ent A,areness
#$0*etence Mana)e0ent :isr"*tive #!an)es
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 22/27
(nter*rise IT vs. #$ntr$l Syste0s
A di%%erent set $% c!allen)es
Enterprise I% Control Systems
Primary ob8e!tunerprote!tion
In%$r0ati$n !ysical *r$cess
Primary ris+impa!t
In%$r0ati$n discl$s"re%inancial
Sa%ety !ealt!envir$n0ent %inancial
9ain se!urityob8e!tive
#$n%identiality Availaility
Se!urity (o!us #entral Servers<%ast #U l$ts $% 0e0$ry 8=
:istri"ted Syste0<*$ssily li0ited res$"rces=
Availabilityreuirements
F5 FF<acce*t. d$,nti0e/yearG 1.25 ;.65days=
FF.F FF.FFF<acce*t. d$,nti0e/yearG .76 !rs 6.26 minutes=
Problemresponse
'e$$t*atc!in)/"*)radeis$lati$n
+a"lt t$lerance $nlinere*air
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 23/27
(arly #I #$00ittee *$siti$n $n (t!ernet
4('# #I #$00ittee N"esti$ns t$ Jend$r anel <:ec27=G
-IEC 3160 $Et#ernet base' is *ie open !ommuni!ation
t#at oes not !omply *it# CIP stanars. T!ere are
0an"%act"rers *lannin) t$ c$nnect s"stati$n e3"i*0ent t$)et!er
"sin) c$ntr$l I(:s c$nnected ,it! 615. ?$, ,ill t!e 615
s"stati$n $% t!e %"t"re 0aintain c$0*lianceL
-?@e #ave etermine t#e best approa!# (or our substation!ontrol IE:Bs is to use ?nonroutable serial !ommuni!ation.
T!is re0$ves t!e need %$r I in t!e s"stati$n c$nnected t$
c$ntr$l I(:s t!"s >ee*in) t!e six ,alls $% *r$tecti$n in t!e c$ntr$l
and c$00"nicati$n centers. OeP ,ill $nly *"rc!ase c$ntr$l I(:s
t!at 0aintain t!e sec"re c$00"nicati$n t$ 0aintain c$0*liance.
!at are t!e 0an"%act"rers !earin) %r$0 $t!er c"st$0ers ,it!
re)ards t$ serial $r I c$00"nicati$n ill all $% t!e %"ncti$ns*r$vided via I c$00"nicati$n e availale "sin) serial
c$00"nicati$ns ill serial inter%aces c$ntin"e t$ e *r$vided
%$r t!e %$reseeale %"t"reL -R in NERC stans (or Reliability Preventin" realtime out(lo*
o( substation in(ormation *ill only be etrimental to t#e
overall Dri Per(orman!e an Reliability
@e #ave !ome a lon" *ay sin!e 200 Air"ap is not t#e solution
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 24/27
Measures taken to protect a
computer or computer system
(as on the Internet) against
unauthorized access or
attack*
translates int$
Measures taken to protect the
reliability integrity andavailability of po!er and
automation technologies
against unauthorized
access or attack
#yer Sec"rity A de%initi$n in the context of power and automation technology
*Merriam"#ebster$s dictionary
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 25/27
ra* "*
Sec"rity is not 8ust a matter o( te!#nolo"y it is *ri0arily
a$"t *e$*le relati$ns!i*s $r)aniCati$ns and *r$cesses,$r>in) in tande0 t$ *revent $r rec$ver %r$0 an attac>
(%%ective sec"rity s$l"ti$ns re3"ire a 8oint e((ort yvend$rs inte)rat$rs $*eratin) syste0 *r$viders and"tilities
T!ere is no sin"le solution t!at is e%%ective %$r all$r)aniCati$ns and a**licati$ns
Se!urity is a !ontinuous pro!ess n$t a *r$d"ct $r a$neti0e invest0ent
Sec"rity 0"st e addressed ,it! multiple barriers and
re3"ires prote!tion, e(erral and ete!tion 0ec!anis0s
Se!urity is about ris+ mana"ement *er%ect sec"rity isn$n existent n$r ec$n$0ically %easile
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 26/27
N"esti$ns
Q$nat!an $llet %$"nder $% 'ed Ti)er Sec"rity
stated K!at I advise 0$re t!an anyt!in) is t!at,e 0"st st$* s"rvivin) $n t!e Q$n B$n Q$vi
versi$n $% sec"rity 8 <ivin" on a prayer
7/21/2019 Cyber security for substation automation
http://slidepdf.com/reader/full/cyber-security-for-substation-automation 27/27