2008 Visualization and Controls Peer Review. NSTB Program. Sam Clements Pacific Northwest National Laboratory

Transcription

1 2008 Visualization and Controls Peer Review NSTB Program Washington, DC October 21-22, 2008 Sam Clements Pacific Northwest National Laboratory

2 PNNL - NSTB Program Vision GRIDSTAT SECURITY EVALUATION Enterprise Networks SECURE DATA TRANSFER Control Center WIRELESS GRIDSTAT Strategic Partnerships SECURITY VISULAZITION TOOL SSCP GRIDSTAT Field Equipment WIRELESS

3 GridStat Security Assessment Project Outcomes: Test the cyber security of a regional GridStat deployment NSTB Goals: Widespread implementation of methods for secure communication between remote access devices and control centers that are scalable and cost-effective to deploy Approach: Evaluate security by testing the robustness, redundancy, authentication and encryption capabilities Progress/accomplishments: 1. Regional network complete 2. Security assessment complete 3. Visualization integrated into PNNL s Electricity Infrastructure Operations Center Schedule: Regional test bed Mar. 08, Assessment Sep. 08, EIOC integration Sep. 08 Funding: PNNL 174K, WSU 221K, INL 120K Performers: PNNL, INL, WSU Partners: Avista

4 What is GridStat? A technology collaboratively developed by Washington State University s Electrical Power Engineering and Distributed Computing Science departments providing: A secure, robust, fast and flexible data delivery service for the Power Grid A middle-ware framework to: Reduce complexity Ease deployment challenges A capability providing real-time monitoring capabilities of critical infrastructure across organizational boundaries A Two-Tiered design Management Plane Data Plane

5 Task 1. Regional Test Bed Deployment Platform for testing security attributes VPN over the Internet Optimally this would be deterministic over dedicated fiber Redundant links Transmits both real and synthetic power grid data

6 Task 2. Security Assessment Focus Areas Authentication & Authorization Spoofing and other rogue actions Encryption Used to implement authentication and authorization Management Plane Used for configuration and modification of GridStat nodes.

7 Security Assessment Findings Encryption Errors Replay Attacks Message Spoofing Identity Spoofing Unsecured Management Plane Underutilized Logging Authorization Mechanism Needed Fall 2008 Dynamic Port Allocation (CORBA) Summer 2009 Vendor Implementation Need Significant Research (Not Funded)

8 Security Assessment Take Away Known issues identified Minor unknown issues easily resolved No impassable roadblocks found

9 Task 3. Integration into the EIOC Electricity Infrastructure Operations Center Research Lab for the Power Grid Energy Management System Training Grid Visualization Visitor Visibility

10 GridStat Integration into the EIOC Latency INL to WSU PNNL to WSU Redundancy Link failures Data Types Generation Frequency Pseudo-frequency

11 Technology Transfer/Collaboration Work with Washington State University partners to define a development and commercialization roadmap to include: Development Tasks Estimate Funding Requirements Address Deployment Barriers Seek Commercialization Partners Trustworthy Cyber Infrastructure for the Power Grid (TCIP) TrustBuilder2 Developed and Maintained by University of Illinois at Urbana-Champaign Industry Partnership with Avista that provided communication media (fiber-optic transmission environment) and generation data

12 Benefits of the GridStat Project Security assessment while in development Successful demonstration over wide area Increased industry awareness of GridStat capabilities Advanced GridStat further in its development life-cycle

13 Questions? Enterprise Networks SECURE DATA TRANSFER Control Center WIRELESS GRIDSTAT Strategic Partnerships SECURITY VISULAZITION TOOL SSCP GRIDSTAT Contact Info: Sam Clements (509) Field Equipment WIRELESS