Securing Distribution Automation

Similar documents
An Introduction to Cryptography as Applied to the Smart Grid

Secure SCADA Network Technology and Methods

How To Understand And Understand The Security Of A Key Infrastructure

Secure Substation Automation for Operations & Maintenance

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Security Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Document ID. Cyber security for substation automation products and systems

Fundamentals of Network Security - Theory and Practice-

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

RuggedCom Solutions for

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Lightweight Security using Identity-Based Encryption Guido Appenzeller

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Network Security 101 Multiple Tactics for Multi-layered Security

Savitribai Phule Pune University

Redesigning automation network security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

White Paper. The risks of authenticating with digital certificates exposed

Cyber Security Practical considerations for implementing IEC 62351

Key Management Interoperability Protocol (KMIP)

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Security Digital Certificate Manager

SSL Protect your users, start with yourself

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security Goals Services

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems

Public Key Infrastructure (PKI)

Cryptography and Network Security

Using BroadSAFE TM Technology 07/18/05

Ciphire Mail. Abstract

Making the most out of substation IEDs in a secure, NERC compliant manner

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Introduction. An Overview of the DX Industrial Router Product Line. IP router and firewall. Integrated WAN, Serial and LAN interfaces

EnergyAxis System: Security for the Smart Grid

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Keeping SCADA Networks Open and Secure DNP3 Security

TLS and SRTP for Skype Connect. Technical Datasheet

Cornerstones of Security

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Security Digital Certificate Manager

Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI)

Mira Zafirovic-Vukotic, Roger Moore, Michael Leslie, Rene Midence, Marzio Pozzuoli, RuggedCom Inc.

Chapter 4 Virtual Private Networking

Chapter 10. Cloud Security Mechanisms

Overview. SSL Cryptography Overview CHAPTER 1

Digital Certificates Demystified

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Case Study for Layer 3 Authentication and Encryption

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Chap. 1: Introduction

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Symphony Plus Cyber security for the power and water industries

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

DRAFT Standard Statement Encryption

Content Teaching Academy at James Madison University

COSC 472 Network Security

Central Agency for Information Technology

Skoot Secure File Transfer

Data Protection: From PKI to Virtualization & Cloud

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Module 7 Security CS655! 7-1!

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Network Security Protocols

Cyber Security for Protection Related Data Files

CipherShare Features and Benefits

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Introduction to Security and PIX Firewall

Computer System Management: Hosting Servers, Miscellaneous

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

The Benefits of SSL Content Inspection ABSTRACT

1. OVERVIEW: IEC TC57 WG15 SECURITY FOR POWER SYSTEM COMMUNICATIONS DUAL INFRASTRUCTURES: THE POWER SYSTEM AND THE INFORMATION SYSTEM...

Open Enterprise Architectures for a Substation Password Management System

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

An Introduction to Entrust PKI. Last updated: September 14, 2004

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

RIG Acceptance Test (RAT) Procedures

OBM (Out of Band Management) Overview

CS 356 Lecture 28 Internet Authentication. Spring 2013

A Case Study: How a Utility Automated and Integrated Data/Control for 4000 Pole-Top Switches and Protection Relays, and Reduced its SAIDI

Security + Certification (ITSY 1076) Syllabus

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Chapter 10. Network Security

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

Transcription:

Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010

Agenda > Hydro-Québec Distribution Automation project overview > Cyber security requirements > Security requirements and applicable standards > Securing the communications link > Securing control operations > Authenticating users and systems > Conclusion 2

Hydro-Québec Distribution Automation Project > Project started in 2001 with the following goals Improve reliability and reduce outage duration Move towards a modern interactive network > Deployment started in 2006 > Project scope 3750 switches 1100 feeders 3

Key Components > Pole-top cabinets that contain: Motorized switch RTU Communications gateway / Data concentrator Protective relay (in some cabinets) > The communications gateway Concentrates data from multiple devices Provides local processing capability Implements electronic perimeter Helps protect against obsolescence 4

Distributed Architecture > Very high volume of data Large number of data points per cabinet > 100 binaries > 20 analogs Large number of cabinets > Load distributed through Regional Control Centers Front End Processor (FEP) Distribution Management System (DMS) 5

Front End Processors > Manage all communications > Feed data to DMS > Support various communication links Direct TCP/IP Dialup Other > Perform scheduled data poll of cabinets > Cabinets can call in to report events and changes of status > On-demand communication to retrieve data, control switches, and perform remote maintenance 6

High Level Cyber Security Requirements > To protect from unintended or malicious operations, the system must ensure that: Only authorized devices can connect to the communications network Control operations originate from an authorized control center Remote maintenance access is only granted to authorized users Local maintenance access is only granted to authorized users 7

Security requirements and applicable standards > Until very recently, security was not a regulatory requirement > NERC CIP introduced a security framework that mostly applies to generation and transmission > NERC CIP definition of critical asset is evolving towards a risk and impact-based assessment > Projects funded under the Recovery Act require cyber security > NIST Framework and Roadmap for Smart Grid Interoperability Standards has identified 75 existing standards, including security, that are applicable to Smart Grid projects 8

Electronic Perimeter IEEE 1686-2007 > IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities Unique user ID and password combinations. Ability to assign IED functions and features according to the individual user accounts. Ability to record an audit trail listing events in the order in which they occur. Ability to monitor security-related activity and make the information available to a supervisory system through a real-time communications protocol. Ability for SCADA to grant permission prior to performing actions, locally or remotely. Ability to authenticate that the configuration software is a copy that has been authorized by the user. 9

Communications Security IEC 62351 > Standard developed for handling the security of TC- 57 protocols including IEC 61850, IEC 60870-5 and it derivatives, such as DNP3 IEC 62351-3 specifies how to secure TCP/IPbased protocols through the use of Transport Layer Security (TLS). IEC 62351-5 specifies how to add user and device authentication, and data integrity. 10

Firmware Updates IEEE C37.231, NEMA SG-AMI 1 > IEEE 1686-2007 specifies that firmware should be managed according to C37.231 IEEE Recommended Practice for Microprocessor-Based Protection Equipment Firmware Control. > NEMA SG-AMI 1 developed as Priority Action Plan, part of the NIST Framework and Roadmap for Smart Grid Interoperability Standards, adresses firmware updates for smart meters. > Many of these requirements apply to any type of device: Recover to previous version if unable to complete upgrade. Have no impact on device operational settings. Validate that a firmware image passes integrity check. Validate that the firmware image comes from a trusted source. 11

Securing the Communications Link 12

Dial-Up Security > Access can be protected by Caller ID, callback, and shared passwords. > Caller ID spoofing is much easier with IP telephony. > Enterprise password management solutions are available, but not designed to handle unreliable communications with field devices. > NIST CyberSecurity Coordination Task Group has identified device password management as one of the issues that needs to be addressed for Smart Grid security. 13

Network-to-Network Security > Typically implemented through a VPN Authenticates both network endpoints. Encrypts traffic exchanged between endpoints. Acts as a tunnel to carry information between two networks > Does not address: Authenticity of party issuing control requests. Rogue application or malware at master station. Rogue application or malware at outstation. 14

Securing TCP/IP-Based Protocols IEC 62351-3 Securing TCP/IP-based protocols through the use of Transport Layer Security (TLS), was previously known as SSL: > Shall support at least AES-128 encryption. > Shall support multiple Certificate Authorities (CA). > Shall renegotiate symmetric keys based upon a time period and a maximum allowed number of packets/bytes sent. > Shall use bidirectional certificate exchange and validation. 15

User Authentication and Data Integrity IEC 62351-5 Securing IEC 60870-5 and derivatives, such as DNP3: > Defines a challenge-response mechanism that addresses the following threats: Spoofing, Modification, Replay. Eavesdropping - on exchanges of cryptographic keys only, not on other data. Non-repudiation to the extent of identifying individual users of the system. > Application layer only Supports bridging across data concentrators and networks with different media types. Protects against rogue applications. Provides the capability of authenticating individual users. > Bidirectional 16

Securing Control Operations Through DNP3 Secure Authentication 17

DNP3 Secure Authentication Agressive Mode 18

Authentication Challenge > Authentication challenge message (g120v1) Sequence number User number identifies session keys to use HMAC algorithm SHA-1 (4 or 10 octets), SHA- 256 (8 or 16 octets) Reason for challenge CRITICAL function. Previous ASDU must be included in calculation of HMAC. Pseudo-random challenge data 19

Authentication Reply > Authentication reply message (g120v2) Sequence number User number HMAC value 20

DNP3 Secure Authentication Key Benefits and Issues > Relatively lightweight, uses cryptography but does not encrypt data. > Can be combined with TLS if confidentiality required. > Independent of transport, can be used with serial or network communications. > Added as new messages to protocol. Can interoperate with legacy devices. > Standard supports the use of data concentrators. > Management of encryption keys is not defined and remains to be addressed. > Now supported by IEEE as IEEE P1815. 21

Authenticating Users and Systems > Requirements Only authorized devices can connect to the distribution automation system. Individual user accounts. Granular access permissions. Support remote maintenance access. Support local maintenance access. Manage access locally, even when no connection is available. 22

X.509 > International Telecommunication Union (ITU) standard that defines a Public Key Infrastructure (PKI) based on: Certificate Authorities (CA) Public key certificates Attribute certificates Certificate revocation lists 23

Asymmetric Cryptography or Public Key Cryptography > The basics In symmetric cryptography both parties share a secret key used to encrypt and decrypt messages. In asymmetric cryptography, keys come in pairs. A message encrypted with one key can only be decrypted using the other key. One key is known as the public key and can be widely shared. The other key, known as the private key, is kept in a secure location. The sender of a message can use the intended receiver s public key to encrypt the message. Only the intended receiver with the appropriate private key will then be able to decrypt the message. 24

Digital Signatures > Asymmetric cryptography can be used to authenticate the sender and to protect the contents of a message: Before sending a message, Alice calculates a hash of the message. Alice encrypts the hash with her private key, adds it to the message as a digital signature and sends the message. Bob calculates the hash of the received message. He extracts the signature and uses Alice s public key to decrypt it. If the hash matches, Bob can be certain it comes form Alice and was not tampered with. 25

Certificate Authority > A Certificate Authority (CA) acts a trusted third party that validates individuals and issues public keys. Alice generates a key pair She sends the public key to the CA The CA confirms her identity The CA generates an electronic document that contains the user s name and public key The CA signs this document using its own private key The signed document is called a public key certificate 26

Establishing Trust > To set up a Public Key Infrastructure (PKI): The CA s public key certificate is distributed to all parties. A party that trusts the CA can then use the CA s public key to validate the authenticity of a public key certificate provided by an unknown user. If the signature on the certificate is valid and we trust the CA, we can also trust the identity of the user bearing the certificate. > Public key certificates are widely used to authenticate web sites and to set up encryption with the TLS protocol. 27

Using Certificates Certificate Authority Alice sends her public key to be signed by the CA Bob retrieves a copy of the CA public key certificate The CA issues Alice a signed public key certificate Bob trusts that the message is really from Alice since it is signed with a certificate issued by the trusted CA Alice s Certificate Alice Alice sends a message to Bob signed with her certificate Bob CA Certificate 28

Transport Layer Security 29

Authenticating and Assigning Permissions > Each user has a public key certificate used for identification purposes. > Each device has a public key certificate to identify it. > Each user has an attribute certificate used to assign permissions. > Attributes certificates are similar to public key certificates but are used to establish access permissions. > The X.509 standard defines attribute certificates, but there is currently no standard format to define device permissions. 30

Revoking Access > Certificates have a limited lifetime Device certificates typically have a very long lifetime. User certificates typically have a shorter lifetime. Attribute certificates typically have an even shorter lifetime. > Certificates can be revoked before their expiration The Online Certificate Status Protocol (OCSP) can be used to validate a certificate when a connection is available. Certificate Revocation Lists (CRL) can be propagated on a periodic basis. 31

Conclusion Many technologies and standards are already available to meet the security requirements of distribution automation. However, there remain gaps and work is still in progress to establish the required standards and best practices. To achieve its original interactive network vision, Hydro-Québec specified from the beginning that Automation components provide sufficient processing power Be remotely upgradable Comply with existing standards, including security By thus future-proofing its solution, Hydro-Québec has been able to evolve its solution as functional and security requirements evolve. 32

Contact Information Jacques Benoit Senior Analyst Information Security Cooper Power Systems Jacques.Benoit@CooperIndustries.com Serge Gagnon Chargé de projets informatiques Hydro-Québec gagnon.serge@hydro.qc.ca Luc Tétreault Ingénieur Automatismes Hydro-Québec Tetreault.Luc.2@hydro.qc.ca 33

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information