Challenges and Opportunities for Aligning the Power System Cybersecurity and Reliability Objectives

Transcription

1 Challenges and Opportunities for Aligning the Power System Cybersecurity and Reliability Objectives for Mexico, US and Canada Ameen H. Hamdon SUBNET Solutions Inc Cuernavaca, Morelos, México, 23 al 27 de Marzo

2 Recent US Regulations Much work in the past 10 years has gone on with the Federal Energy Regulatory Commission especially in two aspects for Bulk Transmission and Distribution Companies NERC CIP Cyber Security Standards NERC PRC 005 Reliability Standard This presentation primary focus is NERC Critical Infrastructure Protection ( CIP ) Reliability Standards Cuernavaca, Morelos, México, 23 al 27 de Marzo

3 North American Electric Industry Regulations As we know, Canada, US and Mexico Grids are interconnected It follows that the Grid regulations share commonalities They do not need to be identical, however some opportunities and benefits exist from some alignment Cuernavaca, Morelos, México, 23 al 27 de Marzo 3

4 North American Electric Industry Regulations Canada Provincially Regulated US National Regulations (DOE, FERC) Mexico National Regulations (SENER, CRE) Cuernavaca, Morelos, México, 23 al 27 de Marzo 4

5 NERC CIP Historical Timeline in US Cuernavaca, Morelos, México, 23 al 27 de Marzo

6 NERC CIP v3 Sections Remote Engineering Access (CIP 005, CIP 007) Password Change Management (CIP 005, CIP 007) Configuration Management (CIP 010) Fault File Management Cuernavaca, Morelos, México, 23 al 27 de Marzo

7 CIP Developments in the US Being Followed In Canada Cuernavaca, Morelos, México, 23 al 27 de Marzo 7

8 Products and Services Innovation from Regulations US NERC Compliance Requirements have resulted in massive vendor investment in systems and tools that facilitate utility compliance Many Successful deployments have been implemented as a result This Presentation details a project successfully completed with Southern California Edison that goes beyond compliance to true innovation Cuernavaca, Morelos, México, 23 al 27 de Marzo

9 Southern California Edison Irvine Smart Grid Demonstration The project will demonstrate the next generation of automation and control design based on the open standard IEC This is expected to provide measurable engineering, operations, and maintenance benefits through improved safety, security, and reliability. Demonstration of a new autoconfiguration application is intended to significantly reduce manual effort, errors, and omissions. Cuernavaca, Morelos, México, 23 al 27 de Marzo

10 Address Regulations and Provides Needed Innovations Remote Engineering Access (CIP 005, CIP 007) Password Change Management (CIP 005, CIP 007) Configuration Management (CIP 010) Fault File Management Multi Vendor IED Integrations Supports install base of non IEC devices Modbus, DNP3, etc. as well as IEC devices Cuernavaca, Morelos, México, 23 al 27 de Marzo

11 The Situation Today We have amassed a vast number of IEDs in our substations. This has brought a complexity that is unmanageable. Cuernavaca, Morelos, México, 23 al 27 de Marzo 11

12 The Situation Today Factors to consider when putting together a full NERC/CIP solution that involves the changing of Passwords in the End Device. Cuernavaca, Morelos, México, 23 al 27 de Marzo 12

13 Integrated Solution You can t keep passwords a secret if every time someone uses your remote engineering access system, they need the password. Cuernavaca, Morelos, México, 23 al 27 de Marzo 13

14 Integrated Solution Password Management and Remote Engineering Access need to be integrated. Cuernavaca, Morelos, México, 23 al 27 de Marzo 14

15 Integrated Solution The same is true with configuration management. If the system is to provide automation of these functions, it needs to be able to logon to the device at an authorized privilege level. This requires both remote engineering access and the device passwords. Cuernavaca, Morelos, México, 23 al 27 de Marzo 15

16 Integrated Solution The Configuration Management, Password Management, and Remote Engineering Access Management need to be integrated. Cuernavaca, Morelos, México, 23 al 27 de Marzo 16

17 Integrated Solution The solution needs to be vendor agnostic. Cuernavaca, Morelos, México, 23 al 27 de Marzo 17

18 Configuration Management (CIP 010) What functions are we looking for? Version control Permission policies Approval processes and workflow Change Notifications Cuernavaca, Morelos, México, 23 al 27 de Marzo 18

19 Extending configuration management What about considering all device configurations as one holistic substation configuration? differencing two different configuration files? ensuring compatibility with legacy devices? considering the IT devices (routers, switches, and radios) the same at the OT devices? leveraging open standards? synchronization between the corporate environment and the substation? actively monitoring the devices in the substation? automatically extracting changed configurations from devices? Cuernavaca, Morelos, México, 23 al 27 de Marzo 19

20 Based on Standards IEC Defines a Standards Based Approach to Configurations with SCL. SED SSD SCD ICD CID IID System Exchange Description System Specification Description Substation Configuration Description IED Capability Description Configured IED Description Instantiated IED Description Cuernavaca, Morelos, México, 23 al 27 de Marzo 20

21 SCL Files are XML A vast array of tooling and technology can be leveraged for working with the information. Cuernavaca, Morelos, México, 23 al 27 de Marzo 21

22 SCL Files are Extensible The CID schema can be extended for defining legacy devices (Modbus, DNP3, etc.) within the context of IEC The CID schema can be extended to support equipment such as routers and switches. Cuernavaca, Morelos, México, 23 al 27 de Marzo 22

23 Solving part of the problem IEC SCL helps us with considering all device configurations as one holistic substation configuration. differencing two different configuration files. Ensuring compatibility with legacy devices. considering the IT devices (routers, switches, and radios) the same at the OT devices. Leveraging open standards. Cuernavaca, Morelos, México, 23 al 27 de Marzo 23

24 Solving the other part of the problem Our corporate and substation level architecture can help with the rest. Synchronization between the corporate environment and the substation. actively monitoring the devices in the substation. Automatically extracting changed configurations from devices. Cuernavaca, Morelos, México, 23 al 27 de Marzo 24

25 1. SCD File Configuration The system starts with the building of a Substation Configuration Description file (.SCD) by a Substation Engineering Modelling Tool. The SCD describes the entire substation configuration, including every IED, HMI, network switch, and router. Substation Engineering Modelling Tool outputs.scd Cuernavaca, Morelos, México, 23 al 27 de Marzo 25

26 2. The SCD File is Loaded into the Corporate Device Manager Because the SCD File is XML, the Corporate Device Manager has an opportunity to configure itself based on the SCD file..scd Input to Corporate Device Manager Cuernavaca, Morelos, México, 23 al 27 de Marzo 26

27 3. Transfer of SCD File to Substation Gateway Electronic transfer ensures: SCD updates are always accessible at the substation The right configuration file is at the substation Corporate Device Manager.SCD Substation Gateway Cuernavaca, Morelos, México, 23 al 27 de Marzo 27

28 3. Transfer of SCD File to Substation Gateway Electronic transfer ensures: SCD updates are always accessible at the substation The right configuration file is at the substation The substation gateway can auto configure itself. The substation gateway can auto configure the rest of the equipment in the substation. Corporate Device Manager.SCD Substation Gateway Cuernavaca, Morelos, México, 23 al 27 de Marzo 28

29 3. Transfer of SCD File to Substation Gateway Configuring the substation gateway: Automatically create all substation devices. Automatically build point references. Establish which end devices have configurations ready to be deployed. Automatically deploy those end device configurations. Cuernavaca, Morelos, México, 23 al 27 de Marzo 29

30 4. Transfer of Configurations to Devices A user working with SubSTATION Server selects the configurations to be deployed. Cuernavaca, Morelos, México, 23 al 27 de Marzo

31 5. Active Configuration Monitoring The Substation Gateway can actively poll and monitor the devices in the substation for out of band configuration changes. 1. Front faceplate changes 2. Users accessing devices with vendor configuration software Substation Gateway Substation IED Cuernavaca, Morelos, México, 23 al 27 de Marzo 31

32 5. Active Configuration Monitoring If a change is detected, the Substation Gateway can extract the configuration from the device. Substation Gateway Substation IED.CID Cuernavaca, Morelos, México, 23 al 27 de Marzo 32

33 5. Active Configuration Monitoring The Substation Gateway can automatically transfer the file to the Corporate Device Manager for archival. Corporate Device Manager.CID Substation Gateway Cuernavaca, Morelos, México, 23 al 27 de Marzo 33

34 5. Active Configuration Monitoring The Corporate Device Manager can notify users that an out of band change was detected. Corporate Device Manager Cuernavaca, Morelos, México, 23 al 27 de Marzo 34

35 In summary Configuration management needs to be tightly integrated with password and remote engineering access management. IEC gives us an open way to exchange and interpret substation configurations. SCL needs to be extended to support legacy devices. Consider OT and IT equipment as the same. Our tool chains can fully automate the process of configuring our entire substation. Our tool chains can watch for unexpected events and automatically act accordingly. Cuernavaca, Morelos, México, 23 al 27 de Marzo

36 Challenges and Opportunities for Aligning the Power System Cybersecurity and Reliability Objectives for Mexico, US and Canada Ameen H. Hamdon SUBNET Solutions Inc Cuernavaca, Morelos, México, 23 al 27 de Marzo