How to protect the substations from physical or cyber intrusion. IEEE T&D 2014 Chicago

Transcription

1 How to protect the substations from physical or cyber intrusion IEEE T&D 2014 Chicago

2 2 Substations represent a critical element of the national infrastructure aimed at the security and wellness of the population.

3 Presenters Overview of standards related to cyber security Marc Lacroix Substation physical security standard Craig Preuss Development of IEEE PC Mike Dood Introduction to Lemnos - Scott D. Sternfeld

4 Objectives Presentation of major threats, physical or virtual, that may impact the integrity of the substation. Introduction to recent development of standards, intended to mitigate such threats, will be presented. Share their experience in the implementation of mitigation approaches. Future standards development, such as Lemnos, will be described.

5 Overview of standards related to cyber security Marc Lacroix - Vizimax inc.

6 Complexity of Power Systems Ref: IEC

7 Office/Power System Security Requirements Ref: IEC

8 Mapping of Security Standards Ref: IEC

9 9 ISO Information technology Security techniques Information security management systems Requirements specifies a set of information security management requirements designed to be used for certification purposes.

10 10 IEEE 1686 The standard defines functions and features that must be provided in substation intelligent electronic devices to accommodate critical infrastructure protection programs. It addresses security in terms of access, operation, configuration, firmware revision, and data retrieval from IEDs.

11 ISA99 11

12 12 CIGRE D22.2 Treatment of Information Security for Electric Power Utilities Risk Assessment of Information and Communication Systems Security Frameworks for Electric Power Utilities Security Technologies Guideline

13 13 NIST Recommended Security Controls for Federal Information Systems Provides guidelines for selecting and specifying technical and organizational security controls and connected processes for information systems supporting the executive agencies of the federal government to meet the requirements of FIPS 200

14 NERC CIP CIP Title / Content Sabotage Reporting Reporting disturbances or unusual occurrences, suspected or determined to be caused by sabotage to appropriate authorities Critical Cyber Asset Identification Identification and documentation of Critical Cyber Assets using risk-based assessment methodologies Security Management Controls Documentation and implementation of Cyber Security Policy reflecting commitment and ability to secure Critical Cyber Assets Personnel and Training Maintenance and documentation of security awareness programs to ensure personnel knowledge on proven security practices Electronic Security Protection Identification and protection of Electronic Security Perimeters and their access points surrounding Critical Cyber Assets Physical Security Program Creation and maintenance of physical security controls, including processes, tools, and procedures to monitor perimeter access Systems Security Management Definition and maintenance of methods, procedures, and processes to secure Cyber Assets within the Electronic Security Perimeter to do not adversely affect existing Cyber Security Controls. Incident Reporting & Response Planning Development and maintenance of a Cyber Security Incident response plan that addresses classification, response actions and reporting Recovery Plans for Critical Cyber Assets Creation and review of recovery plans for Critical Cyber Assets Bulk Electrical System Cyber System Categorization (draft) Categorization of BES systems that execute or enable functions essential to reliable operation of the BES into three different classes. Bulk Electrical System Cyber System Protection (draft) Mapping of security requirements to BES system categories defined in CIP-010

15 IEC Definition of Security Services Standardization Status Part 1 Introduction and overview Technical Specifications Part 2 Glossary of terms Technical Specifications Part 3 Profiles Including TCP/IP Technical Specifications Part 4 Profiles Including MMS Technical Specifications Part 5 Security for IEC and Derivatives Technical Specifications

16 IEC Definition of Security Services Standardization Status Part 6 Security for IEC Technical Specifications Part 7 Part 8 Part 9 Network and system management (NSM) data object models Role-Based Access Control for Power systems management Data and Communication Security - Key Management Technical Specifications Technical Specifications In preparation Part 10 Security architecture guidelines Technical Specifications Part 11 Security for XML Documents In preparation

17 Mapping of IEC to protocols Ref: IEC

18 Cyber Security Categories 18

19 Countermeasures 19

20 20

21 21

22 22

23 23

24 24

25 25 Security Domains Security Domain Required Protection Level Applies to Public Low Assets, supporting the communication over public networks Corporate Medium Assets, supporting the business operation with baseline security not essential to the power system reliability and availability Business Critical System Operation Critical High Very high Assets, supporting the critical operation, which are not critical to power system reliability and availability. Assets directly related to the availability and reliability of power generation and distribution infrastructure Example Systems 3 rd party networks, Internet Office level business network Finance network, human resource systems, ERP systems Control systems, SCADA networks

26 Mapping of Security Domains Ref: IEC