CYBER SECURITY OF SCADA SYSTEMS TESTBED
|
|
- Marshall Mosley
- 7 years ago
- Views:
Transcription
1 10/12/2010 SDMAY11/11 CYBER SECURITY OF SCADA SYSTEMS TESTBED Project Plan Tony Gedwillo, James Parrott, David Ryan
2 TABLE OF CONTENTS Problem statement... 4 System overview... 4 System Description... 4 Conceptual Diagram... 5 Market and Literature Survey NSTB... 5 NERC... 6 US-CERT CSSP... 7 Operating environment and Technology Considerations... 7 Siemens SCALANCE S612 Security Module... 7 Siemens SIPROTEC 4 7SJ61 Relay (Sensor)... 8 Siemens Spectrum Power TG SCADA/EMS (HMI)... 8 Siemens SICAM PAS v6.00 (RTU)... 8 Siemens DIGSI Virtualization Software... 9 Vulnerability assessment software... 9 Expected Project Deliverables... 9 Virtualized test bed... 9 Vulnerability assessment and fixes... 9 physical representation of relay outputs Requirements Functional Requirements Virtualization Cyber security Power system integration Non-functional Requirements... 11
3 Optional Requirements Work plan Tasks Schedule Risks Mitigation of Risks Resource Requirements Personnel Hardware Project Milestones and tracking Software and Facilities Client Information Client and Faculty Advisor Student Team Members References... 16
4 PROBLEM STATEMENT Supervisory Control and Data Acquisition (SCADA) systems are the nervous systems for the body of our country s infrastructure. This body includes many systems that are vital to the function of our society: power, water, natural gas, oil, and road traffic systems among many others. However, the nervous systems (SCADA systems) that control our infrastructure are currently vulnerable to cyber-attack. Since the mid-1990 s, security experts have become increasingly concerned about the threat of malicious cyber attacks on the vital supervisory control and data acquisition (SCADA) systems used to monitor and manage our energy systems. Most SCADA system designs did not anticipate the security threats posed by today s reliance on common software and operating systems, public telecommunication networks, and the Internet. [1] Our goal is to improve the cyber security of SCADA systems by making our own SCADA test bed, where we can simulate power systems and the communication protocols they use, and attempt cyber attacks on our systems. Through this process, we can test vulnerabilities of commercial SCADA protection products report their vulnerabilities. We can also demonstrate the effects a SCADA cyber attack can have on a power system. We will be improving the test bed created by the previous year s team. We will be adding virtualization, power flow analysis, and more advanced cyber-attacks. SYSTEM OVERVIEW SYSTEM DESCRIPTION A SCADA system can be separated into these 4 components: Control Center Usually consists of a Human-Machine Interface (HMI) by which a human operator can view process data and control that same process Supervisory Station This element consists of the servers, software and stations responsible for providing communication between the Control center and RTU s Remote Terminal Unit (RTU) Typically connected to physical equipment. Used to convert electrical signals from hardware sensors to digital data which is collected by the supervisory station Sensor A device that measures an analog or status value in some element of a process, a sensor collects the raw process data used to make decisions about a process
5 CONCEPTUAL DIAGRAM Human Machine Interface 1 Human Machine Interface 2 DTS Control Center Scalence Remote Workstation Internet Web Access Substation 1 Scalence Substation 2 Scalence Substation 3 Firewall Substation N Firewall Relay 1 Relay 2 Relay 3 Relay N SICAM 1 SICAM 2 SICAM 3 SICAM N Proposed Virtualized Substations MARKET AND LITERATURE SURVEY 10 NSTB The National SCADA Test Bed (NSTB) is a nation effort focused identification and mitigation of new and existing security vulnerabilities in SCADA systems as well as raising awareness of control system security, specifically within the energy sector. The NSTB is a special collaboration between both public and private sector entities representing the energy sector and equipment vendors. The primary goals of this effort, as listed by the NSTB, are to: Raise industry awareness of system vulnerability issues and mitigation techniques Collaborate with industry to identify, assess, and mitigate current SCADA system vulnerabilities Work with industry to develop near-term solutions and risk mitigation strategies for existing systems Develop best practices as well as next-generation architectures for intelligent, inherently secure and dependable control systems and infrastructures Support development of national standards and guidelines for more secure control systems
6 These research goals are geared towards answering and satisfying the problem and need statement of this project as well as industry need. One of the primary functions of the NSTB program is to provide control system security assessment of industry hardware and software SCADA systems and associated devices. Typically, the NSTB will develop an agreement that defines a working relationship with an intended industry partner. The NTSB will then obtain and setup any equipment or software that is intended for testing. After the test bed has been setup and configured, using the industry equipment, the NSTB will perform test to identify possible cyber security vulnerabilities within the SCADA system. At this point a test evaluation report is created for the industry partner that assesses and presents the results of the cyber security tests performed on the system. NERC The North American Electricity and Reliability Corporation (NERC) is an organization focused on development and enforcement of reliability standards in power systems. In 2007 the Federal Energy Regulatory Commission (FERC) granted NERC the legal authority to enforce reliability standards on all bulk power system users, owners, and operators within the US. With this authority NERC made compliance with NERC reliability standards both mandatory and enforceable. While it is only one aspect of NERC s operations, currently the NERC Critical Infrastructure Protection (CIP) program is coordinating with the energy sector to evaluate and provide standards to improve and protect critical infrastructure against physical and cyber-attack. The key efforts to support of this goal include: Standards development Compliance enforcement Assessment of risk and preparedness Disseminating critical information via industry alerts Raising awareness of key issues The Critical Infrastructure Protection (CIP) program maintains and updates a set of standards known as the CIP Reliability Standards; industry systems which meet or comply with the CIP standards are known to be CIP- Compliant. Dissemination and enforcement of these standards is performed by NERC and it is through enforced compliance with these standards that increased security within energy critical infrastructure can be achieved. CIP reliability standards include: CIP Sabotage Reporting CIP Critical Cyber Asset Identification CIP Cyber Security Critical Cyber Asset Identification CIP Security Management Controls CIP Cyber Security Security Management Controls CIP Personnel & Training CIP Cyber Security Personnel & Training CIP Electronic Security Perimeter(s) CIP Cyber Security Electronic Security Perimeter(s) CIP Physical Security of Cyber Assets
7 CIP Cyber Security Physical Security of Cyber Assets CIP Systems Security Management CIP Cyber Security Systems Security Management CIP Incident Reporting and Response Planning CIP Cyber Security Incident Reporting and Response Planning CIP Recovery Plans for Critical Cyber Assets CIP Cyber Security Recovery Plans for Critical Cyber Assets Another aspect of NERC s CIP program is the Electric Sector Information Sharing and Analysis Center (ES-ISAC) is responsible for dissemination of critical information regarding infrastructure protection to industry partners and participants. The information provided by ES-ISAC includes vulnerability alerts, protection strategies and threat levels. US-CERT CSSP The focus of the United States Computer Emergency and Response Team (US-CERT) is to provide response support and defense against cyber-attacks for the Federal Civil Executive Branch as well as collaboration and information sharing with state, local, industry and international partners. The US-CERT has coordinated with the Department of Homeland Security Nation Cyber Security Division (DHS NCSD) to reduce risk in critical infrastructure through the join Control System Security Program (CSSP). In addition to assessing and reducing risk in critical infrastructure the CSSP coordinates activities to reduce the success and impact of attacks against critical infrastructure control system through various risk-mitigation activities. Most of the efforts of the US-CERT CSSP are focused towards dissemination of critical information regarding security threats and vulnerabilities and development of recommended security best practices in collaboration with industry experts through the CSSP workgroup. Other tools offered through the US-CERT CSSP include training courses geared towards control system security, the Cyber Security Evaluation Tool (CSET) used to assess control system and IT network security practices, and numerous documents pertaining to cyber security best practices, common vulnerabilities, and case studies. OPERATING ENVIRONMENT AND TECHNOLOGY CONSIDERATIONS Our SCADA network test bed consists of a few key pieces of hardware and software: Hardware o Siemens SCALANCE S612 Security Module o Siemens SIPROTEC 4 7SJ61 Relay (Sensor) Software o Siemens Spectrum Power TG SCADA/EMS (HMI) o Siemens SICAM PAS v6.00 (RTU) o Siemens DIGSI (Software for SIPROTEC Protection Relays) o Virtualization Software o Vulnerability Assessment Software SIEMENS SCALANCE S612 SECURITY MODULE SCADA systems operate across large distances and are required transmit process information across Wide Area Networks (WANs). It is therefore important to employ some sort of protection method to ensure the integrity
8 and confidentiality of this data. The SCALANCE S612 Security Module is used to provide point-to-point data integrity and confidentiality within SCADA system networks by controlling data traffic to and from SCALANCE S612 cells. These devices will be used within our SCADA system test bed to protect information being transmitted between our SCADA control center and substation RTUs across Wide and Local Area Networks. This device, developed by Siemens, is designed to provide data protection to and from the SCALANCE cell by being connected upstream from the devices to be protected. The SCALANCE device solves the problem of security rule and configuration checks that hinder the transmission and use of information in real-time by encrypting and sending data transmissions in real-time. The SCALANCE S612 can protect up to 32 devices and supports a maximum of 64 VPN tunnels simultaneously. 2 SIEMENS SIPROTEC 4 7SJ61 RELAY (SENSOR) The SIPROTEC 4 7SJ61 Relay can be used to provide simple control of circuit-breaker and automation functions 3 and will be used in our SCADA system test bed to act as a sensor that performs our system s process data collection. The relays that will be used within our SCADA system will be operated and managed by Siemens DIGSI 4 software, allowing the operator implement customized automation functions via the relays integrated programmable logic (CFC). 3 SIEMENS SPECTRUM POWER TG SCADA/EMS (HMI) The Spectrum Power TG software is the supervisory control and data acquisition (SCADA) system within our test bed. It is also the Human-Machine Interface (HMI) by which a human operator can view data from and make decisions about a process. According to Siemens, this software is the most reliable, scalable, flexible, highly available SCADA system on the market and can be used to control various large scale infrastructures such as those of electric, gas, and water utilities and railways. This system is scalable from a single Substation/RTU to the world s largest control centers with a hierarchical system capable of linking in infinite number of systems. 4 SIEMENS SICAM PAS V6.00 (RTU) SICAM PAS (Power Automation System) is a piece of software used in conjunction with Spectrum Power TG software as a part of a SCADA system. The SICAM PAS software runs on and acts as a Remote Terminal Unit that is responsible for interpreting sensory data about a process and communicating this data to a control center running the Spectrum Power TG software. Siemens describes SICAM PAS as a computer-based information management system used to structure the diverse substation information and ensure that it is used efficiently. This software can be implemented in a distributed configuration, allowing the system to operate simultaneous on multiple systems. At the same time SICAM PAS acts as a gateway, requiring only one connection to higher-level control centers. 5 SICAM PAS can use existing hardware components and communication standards as well as their connections. 5
9 SIEMENS DIGSI 4 The Siemens DIGSI 4 software is used for configuration, operation and organization of Siemens SIPROTEC protection relays. This software will be used in this capacity to support the SIPROTEC Relays used in our SCADA system test bed to retrieve simulated process information. DIGSI 4 is considered Siemens easy-to-use and user-friendly solution for commission and operation of Siemens protection devices. This system integrates password protection to restrict access for different jobs only authorized staff. The DIGSI software allows for easy of use of PLCs with a graphical editor without any programming skills. 6 Additionally, DIGSI remote allows access to process data and event logs from a remote station when the location of a relay station may be far away. VIRTUALIZATION SOFTWARE In order to provide virtualized substations for the test bed, we will be using VmWare ESXi Hypervisor Operating System to host all the virtual machines. This OS is used by many companies for their virtual platform. It allows easy control over Virtual Machines by using a VSphere client to connect to the VmWare Server. VmWare ESX also has the ability for virtual machine templates. Meaning that we can setup a RTU the way we want and then we can deploy many RTU s from that one RTU. VULNERABILITY ASSESSMENT SOFTWARE We plan to use a variety of free and open source software to conduct our vulnerability assessment. As a starting point, we plan on using NMap, Wireshark, and the Backtrack distribution of Linux. Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. 7 Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions. It allows for deep inspection of hundreds of protocols, live capture and offline analysis of network traffic, and the most powerful display filters in the industry. 8 BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. 9 EXPECTED PROJECT DELIVERABLES VIRTUALIZED TEST BED One of our goals is to have virtualized substations in the test bed. This will allow for scalability and ease of configuration for the test bed. The virtualized test bed will be delivered in April of VULNERABILITY ASSESSMENT AND FIXES
10 The main goal of this test bed is to find cyber-security flaws and find ways to fix them. Our plan is to first find exploits for the SCADA system, then assess the effect of the attack on the system and then finally provide fixes to the exploit. This will be an ongoing task and will be delivered at the end of the project, in May PHYSICAL REPRESENTATION OF RELAY OUTPUTS This is an optional deliverable, but we would still like to include it in our report. This physical representation of the relay outputs will take information from virtualized relays and then map them to a physical representation. We are thinking that we could have a map with LEDs to represent a real world power grid. This would help us demonstrate the test bed to those not familiar with the technology. If able to, we plan to deliver this in May REQUIREMENTS FUNCTIONAL REQUIREMENTS VIRTUALIZATION Create a virtualized platform that allows network stack inspection. o Creating a virtualized platform will be the basis of adding more substations to the current test bed. Since we are limited on financial resources, we are unable to purchase more SIPROTEC Relays and SCALANCE devices. We need a virtualized platform that will allow virtual substations that can connect to the physical test bed. We also need this platform to have the ability of network stack inspection in order for us to test cyber-attack scenarios. Create virtualized images for RTUs, Control Center, firewalls and Relays o In order to fully virtualize a substation, we will need to create virtual images for each segment of the substation. Creating a virtualized image for the RTU should be somewhat basic since it is a software application that runs on Windows. Creating a virtualized relay will be more difficult since it will require finding a relay simulator that can communicate with the RTU. We can use an open source firewall solution to simulate the SCALANCE firewalls. Virtualized system should be scalable to provide more realistic scenarios. o We want this system to be scalable to upwards of 30, if not more, substations. To be able to do this, we will first need to purchase and install a physical virtual host server with properly allocated physical resources. The substations should be deployed from the server. CYBER SECURITY Our analysis of vulnerabilities should follow industry s best practices. We plan on touring the MidAmerican Energy control center in Des Moines to see how they handle their security issues. We plan on investigating other industry practices, and modeling our system after commonly used industrial techniques. Additionally, attack scenarios should directly display power flow modification. POWER SYSTEM INTEGRATION Integrate DTS with current SCADA test bed
11 o We want to integrate our Dispatcher Training Simulator (DTS) in Spectrum Power TG into our test bed. The DTS has power flow analysis abilities, and we want to use these to model a system and make our cyber-attack scenarios more realistic. We need to figure out how the DTS operates and use that knowledge to integrate the DTS into our SCADA system in real time. Power Simulation should represent real world scenarios o We want to integration between the Power Flow Simulation of the DTS and the test bed to be able to represent real world scenarios. This will make the test bed more realistic and applicable to the world s SCADA systems. NON-FUNCTIONAL REQUIREMENTS We have a few minor requirements that we have deemed non-functional : Minimal configuration on virtual image deployment o We want our system to be easy to set up and analyze. We don t want to have to configure each of our virtual images individually. Images should have backups to prevent loss o We are currently using one external hard drive to accomplish this task, but we are looking into other solutions. Attack scenarios can be demonstrated without requiring detailed information on attack functionality o The simpler we make our system to operate, the easier it will be to demonstrate it to the Senior Design Review Board and others who wish to see a demonstration. All test equipment should function correctly Power flow system should be easily interpreted o Again, we want observers to understand what s happening in our system. If the casual viewer can t easily understand what s going on, they will lose interest. OPTIONAL REQUIREMENTS Power system should be represented physically o This will help observers quickly and easily understand the implications of a cyber-security attack. We are considering using a LED display to model transmission lines, substations, relays, generators, and loads. This LED display would make our SCADA system very easy to conceptualize, and it will make our system look more attractive and functional to observers. WORK PLAN TASKS We are focusing on three task area s for this project; Virtualization, Power Flow Integration and System Vulnerability Assessment. Below are the detailed tasks for each. Virtualization Test virtualization of substation on PC and make sure it integrates correctly.
12 Install and deploy physical server. Deploy and test virtual substations. Integrate with test bed. Develop physical representation of substation relays and integrate with test bed. Real-Time Implementation of Power Flow Software Network and software familiarization. Develop integration with physical test bed. Develop power system scenarios. Test the scenarios. System Vulnerability Assessment Research system and networking protocols Analyze network traffic. Create and test attacks. Assess the impact on the Virtualization and Power Flow components Provide fixes for attacks and make recommendations SCHEDULE Each team member is focusing on one of the specific areas as listed above. James is working on Virtualization, Tony is working on Power Flow Integration and David is working on Cyber Security Analysis. Each member will focus on their individual area with the main goal of providing better analysis of cyber security threats. Below is a Gantt chart of our work schedule. RISKS The primary risk, at least initially, is a lack of training on our part. This is a complex, industrial grade system that we are working on, and it requires a lot of training. Add to this the poor documentation that was sent with the system, and we have a very high learning curve. We also run the risk of breaking the system, or at least making it non-functional. This could happen through improper usage, most likely through uploading bad configurations to the equipment. It is also possible that we could corrupt the equipment with a successful attack.
13 A third possibility is finding that some of the equipment is malfunctioning. We have already had one of the software s USB authentication dongles go bad, which put s the software back into demo mode and lets it run for a maximum of three hours. MITIGATION OF RISKS We have hundreds of pages of manuals to learn from or to refer to if we have any questions. We also have access to some grad students who are familiar with the test bed, who will provide some much needed expertise to our project. We need to ensure that ensure that devices can be restored to a working configuration. As such, we need to make sure that we backup any and all working configurations. This way, if a configuration change seems to bring down the system, we can compare the current configuration against one that we are certain is valid. RESOURCE REQUIREMENTS PERSONNEL Labor for this project will be shared between the three project members. Given our project goals and tasks, we have estimated a total of hours we have to spend on this project. This will result in a total cost of $10,000-12,000 (at $20/hr). This is a heavily research and development dependent project and the SCADA software has an extremely high learning curve. In addition, we have an entire year s worth of research to catch up on. This means that the first few weeks will be spent primarily training. HARDWARE Since the test bed has already been established, there will be relatively few hardware expenditures. If we are able to successfully virtualize a network of substations, we intend to purchase a server capable of sustaining as large a virtual network as possible, though a good starting point is around 30 stations. We also want to make some upgrades to the physical representation of the power grid. Our initial idea is to add a map or an LED board to give a more visual representation of the network status. PROJECT MILESTONES AND TRACKING This project has multiple milestones in the progress of the tasks. For the virtualization segment, there are two milestones. The first milestone is being able to prototype a complete virtual substation connected to the test bed. The second milestone is connecting many, upwards of 30, substations to the test bed. In the Real-time Simulation of Power flow, there are also two milestones. The first milestone is to be able to integrate real time simulation into the test bed. The second is to simulate real-world scenarios with the test bed. In regards to the Cyber-Security Analysis part of the project, no milestones were made, but this part is an ongoing cycle of testing an attack, assessing the attacks effects and providing mitigation of attack. SOFTWARE AND FACILITIES
14 The software costs will be zero. The Siemens SCADA software is already present, the VmWare s virtualization software has a free license option, and any security auditing tools we will be likely to use are free and open source. CLIENT INFORMATION Personnel hours $10,000-$12,000 Hardware Virtualization Server $3000-$10,000 Power System Physical Representation $ SIPROTEC 4 7SJ61 Relay s $0 SCALANCE S612 Security Module $0 Software Spectrum Power TG SCADA/EMS (HMI) $0 SICAM PAS v6.00 (RTU) $0 DIGSI (Relay Configuration) $0 VmWare ESXi $0 NMap $0 Wireshark $0 BackTrack Linux $0 Total $13,100-$22,200 Table 1: Budget estimate CLIENT AND FACULTY ADVISOR Manimaran Govindarasu 3227 Coover Hall Ames IA gmani@iastate.edu STUDENT TEAM MEMBERS Tony Gedwillo 6212 Frederiksen Ct Ames, IA gedwillo@iastate.edu James Parrott 416 Ash Ave Ames, IA jparrott@iastate.edu David Ryan 2304 Wallace Rambo Ames, IA drryan50@iastate.edu
15
16 REFERENCES 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) Market and Litureature Survey information taken from previous senior design team May1013
Design Document. Team Members: Tony Gedwillo James Parrott David Ryan. Faculty Advisor: Dr. Manimaran Govindarasu
12/6/2010 SDMAY11-11 CYBER SECURITY OF SCADA SYSTEMS TEST BED Design Document Team Members: Tony Gedwillo James Parrott David Ryan Faculty Advisor: Dr. Manimaran Govindarasu Design Document Tony Gedwillo
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationSICAM PAS - the Key to Success Power Automation compliant with IEC 61850 - and your existing system
SICAM PAS - the Key to Success Power Automation compliant with IEC 61850 - and your existing system Power Transmission & Distribution SICAM PAS - Power Automation Up-To-Date Siemens Power Transmission
More informationINTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT
Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationCyber Security Compliance (NERC CIP V5)
Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationUNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY ADMINISTRATION TOOLS Stormshield Network Security solutions simplify
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationCYBER SECURITY POLICY For Managers of Drinking Water Systems
CYBER SECURITY POLICY For Managers of Drinking Water Systems Excerpt from Cyber Security Assessment and Recommended Approach, Final Report STATE OF DELAWARE DRINKING WATER SYSTEMS February 206 Kash Srinivasan
More informationEmbracing Microsoft Vista for Enhanced Network Security
Embracing Microsoft Vista for Enhanced Network Security Effective Implementation of Server & Domain Isolation Requires Complete Network Visibility throughout the OS Migration Process For questions on this
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationCYBER SECURITY. Is your Industrial Control System prepared?
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect Operation & Optimization Software Activity Schneider-Electric Challenges What challenges are there
More informationCyber Security of the Smart Grid
Cyber Security of the Smart Grid Design Document May 12-21 11/4/11 Group Members John Majzner Daniel Kosac Kyle Slinger Jeremy Deberg Team Advisor Manimaran Govindarasu Graduate Students Adam Hahnad Siddharth
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationFour Top Emagined Security Services
Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security
More informationDIGITAL CONTROL SYSTEM PRODUCT SOLUTIONS
Multi-function substation server Unlock the value of your substation data with Alstom s multi-function substation server Enabling the Smart Grid with Alstom's DAP server The is a multi-function substation
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationSan Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015. Electric Grid Operations
San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationSan Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions. Electric Grid Operations
San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission system operations
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationCG Automation Solutions USA
CG Automation Solutions USA (Formerly QEI Inc.) Automation Products and Solutions CG Automation Works for You INDUSTRY SOLUTIONS Electric T&D Utilities Renewable Energy Transit Authorities Public Power
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationSan Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015. Electric Grid Operations
San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission
More informationKeeping the Lights On
Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding
More informationCIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationRedesigning automation network security
White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The
More informationCIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationPOSITION QUALIFICATIONS. Minimum Experience (Yrs)
POSITION QUALIFICATIONS Core Labor Category Skill Minimum Education Minimum Experience (Yrs) Labor Category Description Technical Manager, Principal Bachelors Degree 12 Technical Manager, Senior Bachelors
More informationHow to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework
How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationSample Career Ladder/Lattice for Information Technology
Click on a job title to see examples of descriptive information about the job. Click on a link between job titles to see the critical development experiences needed to move to that job on the pathway.
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationCisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions
Data Sheet Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security
More informationReporting and Incident Management for Firewalls
Reporting and Incident Management for Firewalls The keys to unlocking your firewall s secrets Contents White Paper November 8, 2001 The Role Of The Firewall In Network Security... 2 Firewall Activity Reporting
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationNetwork Security Infrastructure Testing
Network Security Infrastructure Testing Version 1.2 October 12, 2005 Prepared by: Sandia National Laboratories Center for SCADA Security Project Lead Ray Parks Technical Lead Jason Hills Technical Support
More informationSCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist
SCADA The Heart of an Energy Management System Presented by: Doug Van Slyke SCADA Specialist What is SCADA/EMS? SCADA: Supervisory Control and Data Acquisition Retrieves data and alarms from remote sites
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Cyber Security IT People Geeks How
More information1.1.1 Introduction to Cloud Computing
1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the
More informationCONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT
Energy Research and Development Division FINAL PROJECT REPORT CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Prepared for: Prepared by: California Energy Commission KEMA, Inc. MAY 2014 CEC
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationGE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems
GE Intelligent Platforms Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems Overview There is a lot of
More informationSEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID
SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: KALBARCZ@ILLINOIS.EDU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationNERC CIP Version 5 and the PI System
Industry: Transmission/Distribution/Smarts Presented by NERC CIP Version 5 and the PI System Bryan Owen PE OSisoft Cyber Security Manager Agenda Update on OSIsoft Cyber Initiatives War Story CIP Version
More informationSCADA/Business Network Separation: Securing an Integrated SCADA System
SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIntegrating F5 Application Delivery Solutions with VMware View 4.5
APPLICATION READY SOLUTION GUIDE What s inside: 2 Improving user experience 2 Enhancing security and access control 3 Application Performance and Availability 4 F5 and global configuration diagram 5 More
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationUnified Threat Management Throughput Performance
Unified Threat Management Throughput Performance Desktop Device Comparison DR150818C October 2015 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Products Tested... 6 How We Did
More informationVendor System Vulnerability Testing Test Plan
INEEL/EXT-05-02613 Vendor System Vulnerability Testing Test Plan James R. Davidson January 2005 Idaho National Engineering and Environmental Laboratory Bechtel BWXT Idaho, LLC INEEL/EXT-05-02613 Vendor
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationThe Shift to Wireless Data Communication
The Shift to Wireless Data Communication Choosing a Cellular Solution for Connecting Devices to a WWAN Dana Lee, Senior Product Manager dana.lee@moxa.com Recent developments in the wireless and industrial
More informationErik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges
Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges ABB Group October 19, 2009 Slide 1 Possibilities and Challenges The open debate of virtualization
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationCyber Security. Global solutions for energy automation. Benefit from certified products, system solutions. www.siemens.
Benefit from certified products, system solutions Cyber Security Global solutions for energy automation WIB Certification www.siemens.com/gridsecurity Cyber Security: Security from the very start More
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationVMware vsphere Data Protection 6.1
VMware vsphere Data Protection 6.1 Technical Overview Revised August 10, 2015 Contents Introduction... 3 Architecture... 3 Deployment and Configuration... 5 Backup... 6 Application Backup... 6 Backup Data
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationINFORMATION TECHNOLOGY PROGRAM DESCRIPTIONS OPERATIONAL INVESTMENTS
EB-0-0 Exhibit D Schedule - Page of INFORMATION TECHNOLOGY PROGRAM DESCRIPTIONS OPERATIONAL INVESTMENTS SCADA SECURITY, GOVERNANCE AND OPERATIONS Program Overview Within THESL s operations, there is a
More informationNAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives
NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology
More informationSCADA System Overview
Introduction SCADA systems are critical to the control and monitoring of complex cyber-physical systems. Now with advanced computer and communications technologies, SCADA systems are connected to networks
More informationBlackBerry 10.3 Work Space Only
GOV.UK Guidance BlackBerry 10.3 Work Space Only Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network architecture
More informationTest du CISM. Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais.
Test du CISM Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais. 1. Which of the following would BEST ensure the success of information security governance within an organization?
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationPlease Note: Temporary Graduate 485 skills assessments applicants should only apply for ANZSCO codes listed in the Skilled Occupation List above.
ANZSCO Descriptions This ANZSCO description document has been created to assist applicants in nominating an occupation for an ICT skill assessment application. The document lists all the ANZSCO codes that
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationDesign and Implementation of SCADA System Based Power Distribution for Primary Substation ( Monitoring System)
Design and Implementation of SCADA System Based Power Distribution for Primary Substation ( Monitoring System) Aye Min Zaw 1, Hla Myo Tun 2 Department of Electronic Engineering, Mandalay Technological
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationOlav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
More informationNERC CIP Compliance with Security Professional Services
NERC CIP Compliance with Professional Services The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is
More informationTop 3 Issues and Questions (in Network Monitoring!) Developing a Network Monitoring Architecture! infotex. Dan Hadaway CRISC Managing Partner, infotex
Top Three Issues and Questions in Network Monitoring Dan Hadaway and Sean Waugh of Auditors now know why we can t monitor event logs, but guess what, they don t care!! So let s open the hood of the managed
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationHow To Secure A Wireless Utility Network
Utilities Facing Many Challenges Cyber Security Is One Area Where Help Is Available Executive Summary Utilities are in the crosshairs of many forces in the world today. Among these are environmental global
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More informationREQUIREMENTS FOR AUTOMATED FAULT AND DISTURBANCE DATA ANALYSIS
REQUIREMENTS FOR AUTOMATED FAULT AND DISTURBANCE DATA ANALYSIS Mladen Kezunovic *, Texas A&M University Tomo Popovic, Test Laboratories International, Inc. Donald R. Sevcik, CenterPoint Energy Aniruddha
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationHMS Industrial Networks. Putting industrial applications on the cloud
HMS Industrial Networks Putting industrial applications on the cloud Whitepaper Best practices for managing and controlling industrial equipment remotely. HMS Industrial Networks Inc 35 E Wacker Drive,
More informationTesting Intelligent Device Communications in a Distributed System
Testing Intelligent Device Communications in a Distributed System David Goughnour (Triangle MicroWorks), Joe Stevens (Triangle MicroWorks) dgoughnour@trianglemicroworks.com United States Smart Grid systems
More information