Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering

Transcription

1 Security in Smart Grid / IoT Nenad Andrejević Comtrade Solutions Engineering

2 Introduction Why is security important With so much of our lives connected to the Internet from our critical infrastructure and national security systems to our cars and bank accounts we know the urgency of addressing these new and growing cyber threats.

3 Traditional power grid The present infrastructure is overstrained and inter region bulk transfer is limited Cannot fully support the integration of renewable energy Low reliability of Power - Outage Fluctuating quality of Power Major source is fossil fuel Efficiency of Power transmission Almost zero customer participation Low Billing and collecting efficiency

4 Smart Grid v3 Decentralization of Generating resources Integration of all sources of energy, mainly renewable Continuous monitoring and feedback from the network Anticipation of faults and helps in fault prevention Establishes a two-way communication between the utilities and the consumers Reduces the stress on the power system infrastructure Reduces and shifts the peak demand Continuous self-learning

5

6

7 SECURITY THREATS TO THE ENERGY NETWORK CYBER-ATTACKS: MALWARE INJECTIONS, DENIAL OF SERVICE, REMOTE CONNECT / DISCONNECT COMMANDS ATTACKS ON PRIVACY REVENUE PROTECTION THE THEFT OF DATA AND ENERGY

8 Landscape of attack Oil pipeline explosion in Turkey 2008 Stuxnet Virus Ukraine Attack U.S. grid was successfully hacked 2015

9 Privacy concern #1

10 Privacy concern #2

11 Risk Levels More Secure UTILITY Back office HEAD END SYSTEM Collection system Highest Risk WAN Wide Area Network FAN Field Area Network HAN Home Area Network Least Secure Smart Meter Least Risk

12 Business Outcomes Distribution Automation EV Smart Charging Smart Payment Energy Efficiency Meter-to- Cash Revenue Assurance Renewables Integration Demand Response Outage Management Consumer Engagement More Secure DMS Utility Systems and Back Office Billing/ CIS OMS DRMS/ DLC SCADA Analytics» Transformer Load Management» Power Quality (Voltage/Outage)» Energy Diversion Detection» Energy Efficiency & Demand Response Highest Risk Head End System Security Manager Head-End MDM Cisco NMS Substation WAN Backhaul Network Options Least Secure Least Risk

13 Open Standards Application Layer Web Services, EXI, SOAP, RestFul,HTTPS/CoAP Metering IEC CIM, ANSI C12.22, DLMS/COSEM, SCADA IEC 61850, DNP3/IP, Modbus/TCP, DNS, NTP, IPfix/Netflow, SSH RADIUS, AAA, LDAP, SNMP, (RFC 6272 IP in Smart Grid) Transport Layer UDP/TCP Security (DTLS/TLS) Network Layer IPv6 RPL IPv6/IPv4 Addressing, Routing, Multicast, QoS, Security Mgmt 802.1x / EAP-TLS & IEEE i based Access Control Data Link Layer LLC M A C IEEE e MAC enhancements IEEE including FHSS 6LoWPAN (RFC 6282) IPv6 over Ethernet (RFC 2464) IEEE frame format IEEE Wi-Fi IEEE Ethernet IPv6 over PPP (RFC 5072) 2G, 3G, LTE Cellular IP or Ethernet Convergence SubL. IEEE WiMAX Physical Layer IEEE g 2.4GHz, 915, 868MHz DSSS, FSK, OFDM IEEE NB-PLC OFDM IEEE Wi-Fi 2.4, 5 GHz, Sub-GHz IEEE Ethernet UTP, FO 2G, 3G, LTE Cellular IEEE WiMAX 1.x, 3.xGHz

14 Smart Grid Key Attributes Standards and Conformance Standards are critical to enabling interoperable systems and components. Mature, robust standards are the foundation of mass markets for the millions of components that will have a role in the future smart grid. Standards enable innovation where thousands of companies may construct individual components.

15

16 IoT [ WIKIPEDIA ] The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices. [ OXFORD ] A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data

17 Challenge of Securing the IoT Manufacturers, energy and transportation providers, and smart cities are gaining a competitive advantage by harnessing the Internet of Things (IoT). Connecting more things in more places creates new security challenges. Mitigating risk requires a combination of cybersecurity and physical security. The IoT is expected to grow to 50 billion by Each device is a potential entry point for a network attack by insiders, hackers, or criminals

18 How to process IoT is one of the new areas where the new innovative solutions are created every day, for business and eco systems. We still have no complete standard security measures. We use threat modeling to find out all relevant threats and risk model to find out best suite security European Union Agency for Network and Information Security Smart Grid Threat Landscape and Good Practice Guide NIST Cyber security framework for critical infrastructure OWASP Top 10 IoT

19 Top 10 IoT Vulnerabilities OWASP Top 10 IoT Vulnerabilities Project The OWASP Top 10 IoT Vulnerabilities are as follows: Rank I1 I2 I3 I4 I5 I6 I7 I8 I9 I10 Insecure Web Interface Title Insufficient Authentication/Authorization Insecure Network Services Lack of Transport Encryption/Integrity Verification Privacy Concerns Insecure Cloud Interface Insecure Mobile Interface Insufficient Security Configurability Insecure Software/Firmware Poor Physical Security 10/10 security systems accept /10 security systems with no lockout 10/10 security systems with enumeration SSH listeners with root/ access 6/10 web interfaces with XSS/SQLi 70% of devices not using encryption 8/10 collected personal information 9/10 had no two-factor options Unauthenticated video streaming Completely flawed software update systems

20 Why COMTRADE? Comtrade firmly believes that the best way to ensure reliable security for the entire smart grid /IoT is to integrate security directly into the design process. Our Security by Design methodology involves the security team working hand in hand with Comtrade architecture team to ensure its products are created with security in mind right from the start. Security is not an afterthought; it evolves with the product and needs to be continually developed.

21 COMTRADE SECURITY BY DESIGN METHODOLOGY The Security by Design methodology is a simple, iterative process. It was decided at Comtrade that in the manufacturing of applications for utilities and IoT An Iterative Approach 1. Assess the security vulnerabilities applicable to the system and all components 2. Conduct a risk evaluation with an impact analysis 3. Design defensive counter measures for mitigating impact 4. Perform penetration tests against each component and then the entire system 5. Iterate - if there are any gaps identified in step Pre poduction Production Secure by design

22 Conclusion Being knowledgeable about what can be achieved is one thing. The other is to reduce the impact. In cyber-security an environment with asymmetric approaches - this can be achieved through common effort and coordination.

23 Q&A That which depends on me, I can do; that which depends on the enemy cannot be certain. Therefore it is said that one may know how to win, but cannot necessarily do so (Sun Tzu).

24 Thanks for coming Have a nice day!