Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)
|
|
- Jeffery Berry
- 8 years ago
- Views:
Transcription
1 Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Abstract Strong identity management enforced with digital authentication mechanisms has become the leading requirement to improve cyber security for utility operations. Utility operators don t really care how it works as long as they are confident that it does work. They want a solution that is standards-based, is interoperable with the commonly installed applications, and is extendable for legacy systems to lower the cost of ownership. General recommendations for a cryptographically-based cyber security solution are well defined in the American Gas Association s Report No. 12, Part 1, and commercial products are now available to implement these requirements. This paper presents, from a utility operator s point of view, the requirements to securely manage the keying material to protect SCADA communications and to access the maintenance ports of field devices. This paper also outlines areas of future investigation needed for a comprehensive solution. An introduction to the retrofit solution A retrofit solution to enhance access control and to protect information exchanged over Supervisory Control and Data Acquisition (SCADA) asynchronous serial communication channels and dial-up to the maintenance ports of field devices is now a reality. Recommendations for a cryptographically-based cyber security solution are well defined in American Gas Association (AGA) Report No. 12, Part 1. Recommended architecture A cryptographic module, called a CM, may be configured to protect SCADA communications (SCM) or configured to protect communications to the maintenance ports of field devices (MCM). If the term CM is used, it applies to either configuration. Figure 1 shows the recommended architecture to implement this solution. Retrofit requires the use of cryptography embedded in a SCADA Cryptographic Module (SCM) installed inline on the communication channel. SCMs should require minimal modification to existing hardware or software of the SCADA Master, Front End Processor (FEP), field device, or field technician s laptop computer. The field device may be a Remote Terminal Unit (RTU) or another Intelligent Electronic Device (IED) such as a communication processor or substation host. Some legacy devices may not have the capability to accept any modification. For this reason, the retrofit solution should, for the most part, be designed for no modification to the SCADA Master FEP, RTU and IED. Even if minimum modification is required, there would be significant cost to recertify these components if software or hardware is changed. Cryptographic module configurations It is common to build a cryptographic module that will operate in one of two modes; one box that can be operated in either mode. If a cryptographic module is configured to protect SCADA communications it is called a SCADA Cryptographic Module (SCM). If a cryptographic module is configured to protect access to the field device maintenance port and to protect the data communicated to and from the access port, it is called a Maintenance Cryptographic Module (MCM). All CMs have a local management port for configuration management. This port is used to squirt initial keying material into the CM and to set default parameters prior to field installation. Authorized personnel may access a local CM management port on site, /06/$20.00 (C) 2006 IEEE 1
2 or, if that port is connected to a communication interface it may be accessed remotely (commonly referred to as out-of-band communications). SCM configurations If a modem rack is used to support multiple SCADA communication channels, it is common to install SCMs in a rack configuration rather than stacking individual SCMs. This configuration is shown in Figure 1. SCMs at the field location may be installed on a point-to-point communication network or on a multidrop communication channel. If a multidrop communication channel is used, the SCM must have the capability to operate in a mixed mode because some field units on the multidrop may be protected and others may not. This capability also provides a more graceful cut-over to operations because the field SCMs can be turned on when ready, rather than all at once. Mixed mode operation is the one reason that the SCM must be able to interrogate the native communication protocol; in this case to get the address for each field device for which the message is intended. The other reason the SCM must interrogate the native communication protocol is to detect end of message. MCM configurations Protection of access to the maintenance ports and protecting data communicated over these channels may use an MCM at both ends of the communication channel, or one MCM at the field end of the communication channel and cryptographic software loaded on the field technician s laptop computer. Figure 1 shows the configuration with software and one MCM on each communication channel, because it is less costly and simpler to manage. This configuration is preferred. The field technician s laptop computer must include an available USB port that will accept an Authentication Key to satisfy the requirement for two factor authentication. Although a SmartCard device may be used to provide two factor authentication, it is not preferred because of cost, extra equipment (SmartCard reader), and it is not easy for field technicians to use. Secure cryptographic management system A Secure Cryptographic Management System (SCMS) is a critical component of the solution set needed for a system to cryptographically protect SCADA communications. Key management schemes must provide the capability to control the distribution, use, and to update cryptographic keys. Figure 1 shows the three SCMS subsystems of the recommended architecture. An administrative workstation equipped with a USB port for inserting the authentication key, which provides the authorization for the SCMS operator to manage all SCMS functions. A secure key management appliance used to store all keying materials. This appliance may be implemented as part of the administrative workstation, or as a separate unit that includes the function of a proxy server for key management. A key distribution system used to create and distribute keying material, and to store all the information about the configuration and status of CMs and authentication keys. Although SCMS is shown located in the SCADA control center, the SCMS may be located in any secure facility with the appropriate communication capability. AGA 12, Part 1, Addendum 1 (a work in progress) will specify the recommended practice for key establishment and use, classification and control of keys based on their intended use, requirements for the distribution of public keys, architectures supporting automated key updates in distributed systems, and the roles of trusted third parties. Systems capable of providing cryptographic services require techniques for initialization and key distribution. In addition, a protocol is needed for on-line (or in-band) update of keying material when that is the only means of remote communications, key backup and recovery, key revocation (probably the most difficult problem), and for managing certificates in certificate-based systems. Although AGA 12-1 Addendum 1 addresses key management to protect SCADA 2
3 communications, the same recommendations apply to management of keying material for other enterprise requirements. The AGA 12 project team has a clearly defined objective, which is to develop the framework for one key management system, and thereby avoid creating a unique key management system just for SCADA communications. Scope of this paper The scope of this paper is limited to the implementation requirements for the SCMS as needed to create and manage the keying material for all configurations of the CMs and authentication keys. The problem space and end-user options The purpose of this section is to describe the problem space and end-user options from two points of view. An end-user s operational view of cyber security management is from the time the cryptographic modules, laptop computer software, authentication keys, and SCMS is delivered, through deployment and commissioning, normal operation, repair and maintenance, and decommissioning. A supplier s view of cyber security management functions and capabilities is to determine what is needed throughout its life cycle. Note: bold italic text is used to highlight operational considerations that need to be considered by the supplier. The magnitude of SCADA operations and remote access to field devices Although SCADA operations and remote access to field devices procedures and communication capabilities vary widely, this paper uses one example to illustrate the requirements imposed on a comprehensive SCMS. Operational entities and organizational fiefdoms A hypothetical large energy company providing both gas distribution and electric transmission and distribution services is used as an example to illustrate the need for a comprehensive solution. In this example, gas distribution and electric transmission and distribution are part of the utility enterprise but operate separately. One SCMS, which is an extension of existing Information Technology (IT) policies and procedures throughout the enterprise, is desired for both gas and electric operations. Extending IT policies and procedures for both gas and electric operations through out the enterprise leads to the following SCMS derived requirements. 1. The SCMS must provide the capability for centralized control but decentralized execution to ensure a homogeneous application of IT security policy extensions with efficient operational implementation and management of keying materials. 2. For a large utility described in this example, central control should be implemented through policy rather than physical or logical management of keying material. For a small utility, central control may be implemented through both policy and physical or logical management of keying material. The SCMS must provide the capability to adapt to either environment. 3. The SCMS must provide the capability to establish a sub-enterprise level of control one for gas operation and one for electric operation. It is for this reason that AGA 12-1 recommends ANSI X9.69, which describes the implementation of cyber security for an enterprise, domains within the enterprise, and organizational units within the domain. For both gas and electric operations, it is usual practice that one or more control centers are active to provide regional control, and that one or more backup control centers are on standby to take over in case of an emergency. Furthermore, it is reasonable to assume that each control center operates independently with its own staff and communication channels to field equipment. 4. The recommended architecture shown in Figure 1 should be replicated in each control center. Although Figure 1 describes a retrofit solution, the same requirements apply to an IP-based network solution and an embedded solution. 3
4 One approach is to establish domains within each sub-enterprise. Each control center could represent a domain but there will be at least one other domain needed to include those organization units that support the domain of each control center (e.g., organizations such as Engineering, Field Maintenance). If the utility establishes one enterprise (no sub-enterprises), then each operation, one for gas operation and one for electric operation, could be domains within the enterprise. Communication issues this can get ugly It is common for one operation entity, such as gas distribution, to use a communication protocol, such as Modbus, that is different from the other operational entity. It is also common in a single operation entity to find a mix of a legacy protocol and a more modern protocol, such as DNP 3. And keep in mind, these communication protocols may be at different stages of deployment and commissioning. As described in AGA 12, Part 1, leased line, dial up telephone, and radio communication are the primary targets for the retrofit solution. Although not addressed in AGA 12, Part 1, VSAT-based communication is becoming more popular; for example, some utilities have as many as 200 substations operating SCADA over satellite communications. Multi-drop communication channels operating at 1200 bps to 19.2 Kbps are common. The most common speed is 9600 bps with a polling frequency of 5 seconds. Some channels may have 10 drops, but more commonly they are configured with 5 or 6 drops. In very rare instances, we found a radio channel operating at 1200 bps was configured with 100 drops. Not all field devices need to be protected. In general the installation of SCMs on SCADA communication channels will be phased in, thus creating the need for the Master Station SCMs (or head-end SCMs in a daisy chain configuration as described in AGA 12 Part 1) to operate in a mixed mode. SCMs compliant with AGA 12, Part 1 need to be designed to operate over the most common protocols, operate in a multi-drop and mixed mode configurations. In accordance with cyber security policy, the SCMS must provide the capability to manage keying material needed to support all CM operational modes. 5. Because of the need to support mixed mode and phased deployment, the SCMS must provide the capability to remotely distribute keying material to CMs. The assumption is that CMs are installed but operating in a bypass mode until they are activated. Some consideration needs to be given to providing the SCMS with the capability to securely change a CM from normal operation to operating in a bypass mode. The consequence may be an unacceptable security risk. 6. Distribution of keying material to field CMs may accomplished using one or more of the following approaches: In-band communication channels, Modems (including wireless) if they are provided to support communication to local CM management port, Site visit and load keying material via local CM management port, Load keying material prior to installation and commissioning of CM. SCMS management within the control center Figure 1 shows connectivity between the SCMS Key Management Appliance and the multi-channel SCM rack to the local management port of each SCM in the rack. It is not unreasonable to assume that this communication be implemented over an IPbased LAN. 7. For IP based communication between the SCMS Key Management Appliance and local management ports of each SCM in the multichannel SCM rack, the SCM local management port must have the capability to interface to an IP-based network. 8. For serial based communication between the SCMS Key Management Appliance and each local management 4
5 port on the SCM in the multichannel SCM rack, each SCM local management port must support one of two options: Dedicated communication channel between each SCM management port and the Key Management Appliance, Use of a port share or port switch connected to one serial communication channel to the Key Management Appliance. SCMS management within the field site Figure 1 shows multiple SCMs and MCMs in the remote field site. Although the local management port is only shown on the SCM, a local management port is also required on each MCM. Again, it is not unreasonable to assume that this communication be implemented over an IP-based LAN. 9. For IP-based communication between the SCMS Key Management Appliance and local management port of each CM (SCM and MCM) within the remote field site, the CM local management port must have the capability to interface to an IP-based network. 10. For serial based communication between the SCMS Key Management Appliance and the local management port on each CM within the remote field site, each CM local management port must support one or more options: Provide the capability to use a dedicated communication channel between each CM management port and the Key Management Appliance, Provide the capability to use a port share or port switch connected to one serial communication channel to the Key Management Appliance, Provide the capability to use a local connection to each CM management port from an authorized computer and user. SCMS management of authentication keys As reported by Gellings, Samototyi & Howe in the IEEE Power & Energy magazine September/October 2004, p.43, The Future s Smart Delivery System, disgruntled employees are one of the most perceived intrusion threats. The most perceived threats to power controls are information leakage, intercepting and altering control settings, authorization violation, integrity violation, and bypassing controls. In response to this insider threat, Identity Management (IM) and Role Based Access Control (RBAC) managed by organization units unique to each utility operation are needed. Clearly, the use of RBAC managed by organization units unique to each utility operation is needed. Although the organizational structure for operations may differ widely from utility to utility, the example shown in Figure 2 is useful to identify roles and responsibilities that must be managed by the SCMS. The basic idea portrayed in this example is the separation of roles and responsibilities between three organization units within the Power Delivery domain. Service Center is responsible for substation operations and maintenance, Operations is responsible for 24/7 power system operations, and Engineering and Planning is responsible for engineering and equipment performance. It is important to note that the Dispatcher in Operations is responsible for and has the authority to exercise system control of the power system. Local control within a substation is a separate organizational function wherein the on-site substation operator has responsibility and authority for equipment control as related to the maintenance of the equipment. Engineering and Planning is a mixed breed. Engineering includes Protection Engineering which has the responsibility and authority to change setting related to power system protection but no authority to exercise equipment or power system control. A parallel organization within Engineering and Planning is responsible for equipment performance. The field technicians have the authority to perform diagnosis but no authority to change settings or exercise local control that is, they have a read only privilege. If diagnosis indicates that repair or maintenance is required, the field technician prepares a report and sends it to the Service Center for appropriate action. 5
6 Each of these organizational units may be supported by field engineers representing the vendors that supplied the equipment. These vendors may have similar but restricted authority to support the respective organizations. The SCMS authority given to vendors may vary. One approach is to only allow vendors to simply identify who will support a specific task, and the utility organizational unit authority then issues the needed certificates and credentials to that individual. This minimizes the trust needed in the vendor s internal control processes but adds to the work load of the utility organization supported. Another approach is to empower the vendor as an organizational unit authority, which then allows the vendor to manage identity, authorization and use privileges in accordance with prespecified conditions. This reduces the work load on the utility organization supported but requires more trust in the vendor s internal control processes. The above example for vendors is applicable to the business partnerships that have prespecified contract relationships. In either case, a risk assessment is needed to determine the degree of trust to be placed in a third party and the necessary oversight required to ensure that this trust is warranted. The SCMS must support all approaches to be compliant with security policies and procedures of each utility. Before discussing effective management of certificates of authorization and privileges, it is useful to understand the special case of dial-up access to the maintenance ports of field devices. Figure 3 describes an example of identity management, access rights and authorization privileges afforded by blending the recommendation of AGA 12, Part 1, with existing use of passwords. The current practice is to load the IED vendor toolkit software on the field technician s laptop computer. The technician dials the auto-answering modem and when a connection is established, a password is entered and the IED (RTU, for example) verifies the session password. When verified, the technician now has level 1 (read), level 2 (write: change settings), or level 3 (factory settings) privileges. It is also common practice to permit the technician to change the password of equal or lower level. The relationship between the organizational units shown in Figure 2 and the access and authorization shown in Figure 3 is represented by Group designations in Figure 3. For example, Groups 1 and 6 have access and authorization for the RTU only. They do not have access to other IEDs. For the AGA 12 retrofit solution, changes to existing field device (IED or RTU) software is to be avoided. For the AGA 12 embedded solution, this may not be a problem. As shown in Figure 3, ANSI X9.69 compliant software is loaded on the laptop computer and some of these software components are loaded on the Authentication Key. As a minimum, the identity certificate should be on the authentication key to enforce two factor authentications required by AGA 12, Part 1. More sophisticated authentication keys will accept permission credentials and combiner. A CM operating in the MCM mode is placed between the auto answering modem and a port switch that connects to the maintenance ports of each RTU or IED in Figure 1. In this configuration, one MCM protects access to all field device maintenance ports. As a minimum, the MCM will issue a challenge to the X9.69 identity certificate to ensure that the user has access rights to the field device maintenance ports. This keying material must be managed by the SCMS. Credentials which contain the predefined permissions can also be used to enhance the control of user authorization to perform selected action. However, in addition to MCM software, this may require changes to the field device software depending on the level of control required. Effective authorization certificate and privilege management Because the SCMS manages the certificates of authorization and privileges across this organizational structure, it must provide the capabilities needed to support the functions described below. 11. Because of the organization structure and operational philosophy described by Figure 2 it seems reasonable to 6
7 establish a domain of responsibility for Power System Operation. A parallel or subordinate domain could, if needed altogether, be established for each support vendor. Each domain is empowered to execute and manage its keying material as specified in ANSI X9.69 this is viewed as distributed execution within the centralized control of the Enterprise Authority. As stated before, centralized control ensures that proper extension of the enterprise security policies and procedure are enforced through all domains and organizations, including support vendors and business partnerships. 12. Within each domain, and in compliance with ANSI X9.69, organizational units are responsible for assigning rights and privileges to all entities (people and devices) for which they are responsible. This requires that each domain and organizational unit replicate the SCMS, or selected components of the SCMS that is described in Figure 2, and include those functions needed for their assigned responsibilities. The challenge of issuing, changing, or revoking certificates and privileges Any organization will experience normal turnover of personnel, termination of personnel, and changing roles and responsibility of personnel as they move or add assignments that cross organizational units and many times across domains. For example, it is very common that personnel experienced in power delivery operations will leave the company and go to work for a supplier of equipment used by that company. Therefore, the SCMS must provide the capability to issue, change, or revoke certificates of authorization and privileges in a timely response to organizational and domain changes. 13. Identity management, authorization and privileges need to be assignable for a selected time period and managed by the organizational unit authority(s) that have direct supervision over the tasks performed by the individual. This will probably require agreements of cooperation between domain authorities and between organizational unit authorities as described in ANSI X Individual certificates need to be stored on an Authentication Key that is assigned in accordance with company policies and procedures to any individual. 15. Secure distribution of keying material or revocation of keying material over modems, Wide Area Network (WAN), and the Internet as shown in Figure 1 needs to be supported by the SCMS. Although these requirements seem logical, a reliable, timely, and cost effective implementation is not a simple matter. Revocation lists are commonly used in IT systems, but implementation of these lists creates significant communication, CPU, and memory requirements in cryptographic modules. Several alternative mechanisms are under investigation at this time. Revocation lists can be managed easily by the Key Management Appliance and Administrative Workstation, but this would require that each CM (SCM and MCM) exchange messages with the SCMS to verify that the sending entity has valid access authorization and privileges. Keying material can be issued with short user-settable timeouts so that certificates of authorization and privileges are automatically revoked when their time expires. Field test and evaluation are needed to determine the best techniques. SCMS alarm processing AGA 12, Part 1, requires that all CMs record all events and output an alarm related to a CM anomalous event. How this is implemented is not specified in AGA 12, Part 1. The SCMS needs to provide the capability to receive and process in a timely manner all alarms related to a CM anomalous event. 16. CM alarms detected in a field CM need to be recorded by the field device and reported as alarms through normal SCADA communication channels to the SCADA master. 7
8 17. CM alarms detected within the control center need to be reported as alarms to the SCADA Operator. 18. CM alarms received by the SCADA master need to be communicated to the Key Management Appliance and Administrative Workstation for review and processing by the SCMS operator. 19. The SCMS operator at the SCMS Administrative Workstation needs to have the capability to process alarms related to an anomalous CM event, and to issue the necessary correction action in accordance with predefined policies and procedures in a timely manner. Alarm processing is another area that needs further research in the following areas: Timely and effective methods to deliver alarms to the appropriate administrative workstation for review and processing. Intrusion Detection System (IDS) functions need to be integrated into the SCMS in either an embedded or associate subsystem. Furthermore, adaptive-learning algorithms need to be developed to support the IDS requirements. Trusted 3 rd party SCMS provider All SCMS requirements may be assigned to a trusted 3 rd party SCMS provider under the appropriate terms and conditions negotiated between the utility and the trusted 3 rd party SCMS provider. This will be the subject of a future paper. 3. More research is needed to develop effective alarm processing and timely corrective action mechanisms and procedures. 4. Because some legacy devices do not have the capability to accept any modification, the retrofit solution must be designed to operate without changes to the SCADA Master, Front End Processor, Remote Terminal Unit, or Intelligent Electronic Device in the field. 5. The SCADA cryptographic module must have the capability to operate in a mixed mode on a multi-drop communication channel because some field devices may be protected and some may not. 6. Significant improvements to provide secure access to the maintenance ports of field devices can now be achieved at low cost, and easily be justified with a simple business case, which compares the cost of shutting down the dial-up and sending crews to the field site to perform the same functions locally with the cost of securing remote communications. References 1. AGA Report Number 12, Part 1, Cryptographic Protection of SCADA Communications General Requirements. The latest version of AGA 12, Part 1 is available from holsteindk@adelphia.net. 2. ANSI X , Framework for Key Management Extensions 3. IEEE Power and Energy magazine, September October 2004, see page 43. Conclusions and suggested research The top 6 findings from this study are: 1. A comprehensive solution is needed to avoid building stovepipe solutions, each unique to a specific organizational entity or fiefdom within the end-user s enterprise. 2. Extensive field testing is needed to evaluate the best approach to manage keying materials. A cost effect method to manage keying materials needed for SCADA communication security and secure access to the maintenance ports is the greatest challenge at this time. 8
9 Figure 1 Recommended retrofit architecture Figure 2 Example organizational for utility operations 9
10 Figure 3 Example of access rights and authorization privileges for maintenance 10
NSTB. AGA 12, Part 2 Performance Test Plan. Mark Hadley, Kristy Huston Pacific Northwest National Laboratories. November 2006. National SCADA Test Bed
U.S. Department of Energy Office of Electricity Delivery and Energy Reliability AGA 12, Part 2 Performance Test Plan Mark Hadley, Kristy Huston Pacific Northwest National Laboratories November 2006 NSTB
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationCyber Security for Utility Operations. Final Report. Period of Performance October, 2003 April, 2005
Cyber Security for Utility Operations NETL Project M63SNL34 Sponsored by the U.S. DOE Office of Energy Assurance Managed by NETL Final Report Period of Performance October, 2003 April, 2005 Dennis Holstein
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationINTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT
Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated
More informationWi-Fi Protected Access for Protection and Automation
Wi-Fi Protected Access for Protection and Automation a work in progress by CIGRE Working Group B5.22 Dennis K. Holstein on behalf of CIGRE B5.22 This is an interactive discussion Who is CIGRE B5.22 What
More informationE-Commerce Security Perimeter (ESP) Identification and Access Control Process
Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationFacilitated Self-Evaluation v1.0
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationRuggedCom Solutions for
RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application
More informationChapter 9. Communications and Networks. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 9 Communications and Networks McGraw-Hill/Irwin Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Competencies (Page 1 of 2) Discuss connectivity, the wireless revolution,
More informationOut-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management
WHITE PAPER Management: the Integrated Approach to Remote IT Management EXECUTIVE SUMMARY For decades, business imperatives for information technology (IT) have remained constant to cut costs and improve
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationSecure SCADA Communication Protocol Performance Test Results
PNNL-17118 Secure SCADA Communication Protocol Performance Test Results M.D. Hadley K.A. Huston August 2007 Prepared for U.S. Department of Energy Office of Electricity Delivery and Energy Reliability
More informationSecure Substation Automation for Operations & Maintenance
Secure Substation Automation for Operations & Maintenance Byron Flynn GE Energy 1. Abstract Today s Cyber Security requirements have created a need to redesign the Station Automation Architectures to provide
More informationA Comparison of Oil and Gas Segment Cyber Security Standards
INEEL/EXT-04-02462 Revision 0 Control Systems Security and Test Center A Comparison of Oil and Gas Segment Cyber Security Standards Prepared by the Idaho National Engineering and Environmental Laboratory
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationDIGITAL CONTROL SYSTEM PRODUCT SOLUTIONS
Multi-function substation server Unlock the value of your substation data with Alstom s multi-function substation server Enabling the Smart Grid with Alstom's DAP server The is a multi-function substation
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationCG Automation Solutions USA
CG Automation Solutions USA (Formerly QEI Inc.) Automation Products and Solutions CG Automation Works for You INDUSTRY SOLUTIONS Electric T&D Utilities Renewable Energy Transit Authorities Public Power
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationPotential Targets - Field Devices
Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationFundamentals of Network Security - Theory and Practice-
Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3
ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia
More informationWISE-4000 Series. WISE IoT Wireless I/O Modules
WISE-4000 Series WISE IoT Wireless I/O Modules Bring Everything into World of the IoT WISE IoT Ethernet I/O Architecture Public Cloud App Big Data New WISE DNA Data Center Smart Configure File-based Cloud
More informationHow to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework
How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper
More informationWhat you don t know about industrial GSM/GPRS modem communications
What you don t know about industrial GSM/GPRS modem communications A White Paper presented by: Ira Sharp Product Marketing Lead Specialist Phoenix Contact P.O. Box 4100 Harrisburg, PA 17111-0100 Phone:
More informationPLCs and SCADA Systems
Hands-On Programmable Logic Controllers and Supervisory Control / Data Acquisition Course Description This extensive course covers the essentials of SCADA and PLC systems, which are often used in close
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationCYBER SECURITY POLICY For Managers of Drinking Water Systems
CYBER SECURITY POLICY For Managers of Drinking Water Systems Excerpt from Cyber Security Assessment and Recommended Approach, Final Report STATE OF DELAWARE DRINKING WATER SYSTEMS February 206 Kash Srinivasan
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationOn the Road to. Duke takes the road less traveled and arrives at a new level of distribution automation.
On the Road to Intelligent CONTINUOUS REMOTE MONITORING INTEGRATED VOLT/VAR CONTROL Duke takes the road less traveled and arrives at a new level of distribution automation. LAYING A SOLID FOUNDATION In
More informationJohn M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationIntel Active Management Technology Embedded Host-based Configuration in Intelligent Systems
WHITE PAPER Intel vpro Technology Embedded Host-based Configuration in Intelligent Systems Easy activation of Intel vpro technology remote manageability without trade-offs in security, functionality, and
More informationProtect Identities for people, workstations, mobiles, networks
ot Corporate ID Protect Identities for people, workstations, mobiles, networks Address your security needs with the leader in the corporate identity market Corporate security challenges The security of
More informationOPERATIONS CAPITAL. The Operations Capital program for the test years is divided into two categories:
Filed: September 0, 00 EB-00-0 Tab Schedule Page of OPERATIONS CAPITAL.0 INTRODUCTION Operations Capital funds enhancements and replacements to the facilities required to operate the Hydro One Transmission
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationThe Advantages of an Integrated Factory Acceptance Test in an ICS Environment
The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,
More informationHow To Get A Power Station To Work With A Power Generator Without A Substation
Wi-Fi Protected Access for Protection and Automation Key Material Authentication Key Presented to: 13 December 2006 Dennis K. Holstein on behalf of CIGRE B5.22 1 The good news and the bad news Who is CIGRE
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationSCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist
SCADA The Heart of an Energy Management System Presented by: Doug Van Slyke SCADA Specialist What is SCADA/EMS? SCADA: Supervisory Control and Data Acquisition Retrieves data and alarms from remote sites
More informationSCADA Systems. Make the most of your energy. March 2012 / White paper. by Schneider Electric Telemetry & Remote SCADA Solutions
SCADA Systems March 2012 / White paper by Schneider Electric Telemetry & Remote SCADA Solutions Make the most of your energy Summary Executive Summary... p 2 Introduction... p 3 Field Instrumentation...
More informationA Systems Approach to HVAC Contractor Security
LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationADM:49 DPS POLICY MANUAL Page 1 of 5
DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The
More informationSpillemyndigheden s Certification Programme Information Security Management System
SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency... 3 2.1.1 Initial certification...
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationUnderstanding Programmable Automation Controllers (PACs) in Industrial Automation
Understanding Programmable Automation Controllers (s) in Industrial Automation Meet the Modern Industrial Application Implementing a modern industrial application can present a challenging and sometimes
More informationRIG Acceptance Test (RAT) Procedures
RIG Acceptance Test (RAT) Procedures RIG Acceptance Test (RAT) Procedure 0 Print Date 2 /20/2007 REVISION HISTORY REVISON NO. DATE DESCRIPTION 1.0 Initial Release 0 Update Logo and Links i RIG Acceptance
More informationAn Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015
An Introduction to SCADA-ICS System Security Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015 Overview Supervisory Control And Data Acquisition (SCADA) for Industrial Control Systems
More information6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING
6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information
More informationSan Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015. Electric Grid Operations
San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationDesigning secure networks for substation automation and control systems
Designing secure networks for substation automation and control systems Niculescu Eliodor Sorin, Rusta Constantin, Mircea Paul Mihai, Ruieneanu Liviu and Daianu Adrian Abstract Development of the energy
More informationA M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions
A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various
More informationICTTEN4051A Install configuration programs on PC based customer equipment
ICTTEN4051A Install configuration programs on PC based customer equipment Release: 1 ICTTEN4051A Install configuration programs on PC based customer equipment Modification History Not Applicable Unit Descriptor
More informationCYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.
21, rue d Artois, F-75008 PARIS D2-102 CIGRE 2012 http : //www.cigre.org CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS Massimo Petrini (*), Emiliano Casale
More informationDeployment Of Multi-Network Video And Voice Conferencing On A Single Platform
Deployment Of Multi-Network Video And Voice Conferencing On A Single Platform Technical White Paper Document Overview This document provides an overview of the issues, capabilities and benefits to be expected
More informationThe Shift to Wireless Data Communication
The Shift to Wireless Data Communication Choosing a Cellular Solution for Connecting Devices to a WWAN Dana Lee, Senior Product Manager dana.lee@moxa.com Recent developments in the wireless and industrial
More informationR-Win. Smart Wireless Communication Management System
Smart Wireless Communication Management System General R-Win is a smart communications adapter for management of wireless communications in a SCADA/Distributed Control System. The R-Win system includes
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationCONTROL MICROSYSTEMS DNP3. User and Reference Manual
DNP3 User and Reference Manual CONTROL MICROSYSTEMS SCADA products... for the distance 48 Steacie Drive Telephone: 613-591-1943 Kanata, Ontario Facsimile: 613-591-1022 K2K 2A9 Technical Support: 888-226-6876
More informationUsing Cellular RTU Technology for Remote Monitoring and Control in Pipeline and Well Applications
Using Cellular RTU Technology for Remote Monitoring and Control in Pipeline and Well Applications Steve Frank Business Development Manager Moxa Inc. Introduction Cellular technology minimizes site visits
More informationACE3600 HIGH PERFORMANCE MONITORING & CONTROL REMOTE TERMINAL UNIT
HIGH PERFORMANCE MONITORING & CONTROL REMOTE TERMINAL UNIT PAGE 1 EMPOWER YOUR SCADA NETWORK Utilities, now more than ever, are facing newer and greater hurdles. Multiple wired and wireless communication
More informationJoe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security
Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security CIP-005-3 Audit Approach, ESP Diagrams, Industry Best Practices September 24 25, 2013 SALT LAKE CITY, UTAH
More informationWebsense Support Webinar: Questions and Answers
Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user
More informationUsing HART with asset management systems
Using HART with asset management systems Since it s the most broadly deployed smart device platform, is HART the right choice for your plant? Here are some considerations for end users. John Yingst, Sr.
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationOpengear Technical Note
- Solutions for Avaya Installations Opengear Technical Note Jared Mallett - Product Marketing Manager Opengear solutions deliver cost-effective universal access to Avaya equipment and converged devices
More informationWireless Communications for SCADA Systems Utilizing Mobile Nodes
, pp. 1-8 http://dx.doi.org/10.14257/ijsh.2013.7.5.01 Wireless Communications for SCADA Systems Utilizing Mobile Nodes Minkyu Choi Security Engineering Research Support Center, Daejon, Republic of Korea
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationABB North America. Substation Automation Systems Innovative solutions for reliable and optimized power delivery
ABB North America Substation Automation Systems Innovative solutions for reliable and optimized power delivery Substation Automation Systems Advanced substation automation, protection and control solutions
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationSan Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015. Electric Grid Operations
San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission
More informationSCADA/Business Network Separation: Securing an Integrated SCADA System
SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater
More informationNERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationDeploying iphone and ipad Security Overview
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationConsiderations for Hybrid Communications Network Technology for Pipeline Monitoring
Considerations for Hybrid Communications Network Technology for Pipeline Monitoring Craig Held White Paper April 2012 Abstract The concept of automation (and its corresponding technologies) is a primary
More informationData and Command Encryption for SCADA
Data and Command Encryption for SCADA Kevin Mackie Smart Infrastructure Oil and Gas Division Schneider Electric Calgary, Canada Abstract This paper discusses the encryption of data and commands in oil
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More information