Document ID. Cyber security for substation automation products and systems

Transcription

1 Document ID Cyber security for substation automation products and systems

2 2 Cyber security for substation automation systems by ABB

3 ABB addresses all aspects of cyber security The electric power grid has evolved significantly over the past decade thanks to many technological advancements and breakthroughs. As a result, the emerging smart grid is quickly becoming a reality. At the heart of these intelligent advancements are specialized IT systems various control and automation solutions such as substation automation systems. To provide end users with comprehensive real-time information, enabling higher reliability and greater control, automation systems have become ever more interconnected. To combat the increased risks associated with these interconnections, we offer a wide range of cyber security products and solutions for automation systems and critical infrastructure. The new generation of automation systems uses open standards such as IEC , DNP 3.0 and IEC and commercial technologies, in particular Ethernet- and TCP/IP-based communication protocols. They also enable connectivity to external networks, such as office intranet systems and the Internet. These changes in technology, including the adoption of open IT standards, have brought huge benefits from an operational perspective, but they have also introduced cyber security concerns previously known only to office or enterprise IT systems. To counter cyber security risks, open IT standards are equipped with cyber security mechanisms. These mechanisms, developed in a large number of enterprise environments, are proven technologies that enable the design, development and continual improvement of cyber security solutions specifically for control systems, including substation automation applications. We fully understand the importance of cyber security and its role in advancing the security of substation automation systems. As an ABB customer investing in new ABB techno- System architecture for substation automation system. Cyber security for substation automation systems by ABB 3

4 Systematic approach to cyber security logies, you can rely on products and system solutions where reliability and security have the highest priority. To assure reliability and availability of electricity, ABB has a strategic partnership with the well known cyber security company Industrial Defender. Industrial Defender s solutions provide in-depth monitoring, enhanced management, and protection for utility operations networks. At ABB, we have identified cyber security as a key requirement and we are committed to providing products, systems and services that clearly address this issue. We take a systematic approach to cyber security through our operations on a global level. For instance, we have established the Power Systems Security Council to keep track of global needs and require- 4 Cyber security for substation automation systems by ABB ments concerning cyber security. The mandate of the council is to ensure that products and solutions used in power systems meet the expectations of customers. Besides continuously adapting security requirements to keep up with the changing demand, the Security Council drives proactive R&D efforts to address emerging trends, and ensures fast and efficient security improvements. We also recognize the importance of cyber security standards and we are an active member in several industry initiatives, including IEEE and IEC. This involvement ensures that the needs of our customers are considered in the development of new standards and that ABB remains abreast of new developments. It also enables us as a company to incorporate new standards into our products and systems, helping our

5 customers to comply with regulation as it comes into force. Key cyber security initiatives driven or supported by ABB: Standard Main Focus NERC CIP Cyber Security regulation for North American power utilities IEC 62351* Data and Communications Security IEEE 1686 IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities IEC * Industrial Automation and Control System Security (formerly known as ISA S99) * standard is still in development Cyber security embedded Cyber security is integral to the product life cycle at ABB, and it is incorporated into our substation automation products and systems. Threat modeling and security design reviews, security training of software developers, as well as in-house and external security testing, are some of the multiple actions we are taking to ensure reliable and secure solutions for our customers. Individual user accounts and detailed security event logs are just two examples of built-in security features available in our products. Our substation automation systems are available with firewalls and pre-defined antivirus software, and all system deliveries follow our strict guidelines on cyber security. Cyber security for substation automation systems by ABB 5

6 Cyber security - addressed throughout the system life cycle Cyber security without compromises Evolving technologies like Ethernet and industry-specific standards such as IEC are enablers for information exchange that support higher system reliability, but it is also important to safeguard interoperability. This is an essential feature in modern systems, allowing information exchange between different vendors IEC compliant products and systems. Ensuring reliability and interoperability are two of the main goals when designing and engineering IEC based substation automation products and systems. Ensuring these aspects while maintaining availability and also addressing cyber security is a challenging set of tasks. ABB is committed to providing you with substation automation products and solutions that address all of these aspects without compromise. We aim to provide products and solutions that enable substation automation customers to fulfill the requirements of cyber 6 Cyber security for substation automation systems by ABB security standards, such as NERC CIP. We view cyber security not as a single, one-time activity, but as an integrated part of different phases in the product and system life cycle. Cyber security aspects are taken into consideration from early design and development, extending through testing and commissioning, as well as to processes supporting products and systems in operation. One key element is our independent robustness test center, where all our products are tested using current, state-of-the-art security testing tools. A centralized security testing process, applying up-to-date and rigorous procedures, guarantees a common and bestpractice approach. Our test center conducts regular regression tests on our products and systems to warrant a high level of robustness against cyber security attacks.

7 Cyber security on the system level Cyber security service offering At ABB, we are constantly extending and improving our security-related processes to ensure that new vulnerabilities are handled properly. A timely response to such issues is an important factor in our efforts to help customers minimize their exposure to cyber security threats. The focus is on maintaining and increasing the cyber security level of the installed base of substation automation systems. In addition to our technical solutions we provide training, consulting as well as a cyber security risk assessment, providing the best cyber security solution for the installation. This assessment analyses the technical as well as the organizational aspects of the installation in order to reduce cyber security risks. Based on this assessment the optimized measures will be proposed. Interactions between substation automation systems, corporate networks and the outside world are usually handled on the station level. In order to secure the substation automation system itself, it is therefore vital to ensure high levels of security at that level. ABB products and systems use best-in-class firewalls, intrusion detection and prevention systems, as well as VPN technology for encryption. Thanks to the firewall the substation can be protected by blocking all unnecessary incoming communication. To provide an additional level of security, systems can be subdivided into multiple security zones. Protect against threats to substation automation systems Manage critical activities, such as configurations, changes and patches Monitor security and health activities in real-time Product and system cyber security features Cyber security for substation automation systems by ABB 7

8 Cyber security product features ABB s cyber security feature packages ABB offers a large number of cyber security features in the field of substation automation. Those features cover the following areas: Product and system hardening: All components of the system are permanently hardened according to well-known best-practice guides. Monitor: The monitor features provide real-time security and health activity monitoring across the substation automation systems including networks and applications. Manage: The Managing features enable users to monitor and manage critical activity such as configurations, changes and patches across the substation automation system. Protect: Protecting substation automation systems means defending against unauthorized applications, memory exploits and malware that can compromise SA system availability, performance, security and compliance. At ABB, we are addressing cyber security requirements on a system- as well as on a product level to support cyber security standards such as NERC-CIP, IEEE 1686 and BDEW Whitepaper. We support verified third-party security patches and antivirus software to protect station computers from viruses and other types of attacks. Cyber security can also be improved by preventing the unauthorized use of removable media (such as USB memory sticks) in station computers. We have built additional security mechanisms into our products. Those offer advanced account management, secure communication and detailed security audit trails. This makes it easier for our customers to address NERC CIP requirements and maintain compliance standards. Secure architecture for MicroSCADA Pro based solution. 8 Cyber security for substation automation systems by ABB

9 Authentication and authorization (Role Based Access Control) ABB substation automation products support user authentication and authorization on an individual user level. Authentication is required and authorization enforced for all access to these products. As a customer, you will be able to manage user accounts yourself. You will be able to create, edit and delete accounts, as well as define usernames and passwords according to your own policies. User rights can be managed either by assigning access permissions directly to individual accounts or by using granting access according to a user s job title (role-based access control). To support NERC-CIP and IEEE 1686 requirements, ABB s substation automation products support password policies that allow you to specify the minimum length as well as the password complexity. Passwords are case sensitive and can include alphanumeric and special characters. Auditability and logging ABB substation automation products create audit trails (log files) of all security-relevant user activity to monitor within actions users perform. Security events that are logged include individual user log-in, log-out, change of parameters or configurations, and updates to software or firmware. For each event, date and time, user, event ID, outcome and source of event are logged. Access to the audit trail is available to authorized users only. Product and system hardening Products can be made significantly more robust by closing ports and services that are not in use. Our products have been systematically hardened to ensure that the products are robust against attacks and perform their main function. For example, unused services have been removed and unused ports closed, and the products have been thoroughly tested at our dedicated, independent security test center using state-of-the-art commercial and open-source security testing Cyber security for substation automation systems by ABB 9

10 tools. Hardening steps as well as the resulting configurations, such as open ports and services, are documented in detail. By default, only ports and services required for normal operation are enabled in our devices. Secure communication ABB substation automation products permits various measures to secure the communication. One example is the built in VPN communication in MicroSCADA Pro SYS 600 and RTU500 series to establish a secure communication between the substation and the remote system. RTU500 series permits encrypted communication between the web browser and the RTU as well as the Relion 650 series supports a secure communication between the PCM600 and the control and protection devices using state of the art encryption methods. ABB evaluates security updates from third-party software such as McAfee, Adobe, Microsoft and other operating systems with respect to relevance to, and compatibility with, substation automation products. Compatibility with both MicroSCADA Pro SYS 600 and MicroSCADA Pro SYS 600C are analyzed and, for verification, a compatibility report is then issued, certifying that the relevant security patches can be installed in the system, following guidelines from the software vendor, without impacting the functionality, stability or performance of the products. For embedded devices latest security patches are used to increase the robustness of the substation automation products. Patch management Secure architecture for RTU560 based solution. 10 Cyber security for substation automation systems by ABB

11 Patch deployment To ensure an adequate security throughout the whole system lifecycle ABB can provide a comprehensive patch management deployment as part of a service or maintenance agreement for the substation automation system. Malware protection MicroSCADA Pro-based systems can also be equipped with industry-standard malware and intrusion protection solutions, like virus protection and application whitelisting. Back up & disaster recovery Back up and Restore creates safety copies of the most important files, to be always prepared for the worst. Back up the files to another drive, a DVD or to a network. Cyber security for substation automation systems by ABB 11

12 Contact us ABB Switzerland Ltd Power Systems Bruggerstrasse 72 CH-5400 Baden, Switzerland Phone: Fax: ABB Oy Substation Automation Products MicroSCADA Pro P.O. Box 699 FI Vaasa, Finland Phone: Fax: ABB AG Substation Automation Products Remote Terminal Units P.O. Box DE Mannheim, Germany Phone: Fax: ABB AB Substation Automation Products Transmission protection and control IEDs SE Västerås, Sweden Phone: Fax: KHA , - SEN PDF Printed in Switzerland ABB Switzerland Ltd, April The right to modifications or deviations due to technical progress is reserved. Scan this QR code to visit our Substation Automation website Scan this QR code to visit our Substation Automation Cyber Security website