Smart grid security analysis



Similar documents
Cybersecurity Risk Assessment in Smart Grids

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

ICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

KEY TRENDS AND DRIVERS OF SECURITY

Cyber Security and Privacy - Program 183

Overview TECHIS Carry out risk assessment and management activities

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

IEEE-Northwest Energy Systems Symposium (NWESS)

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

future data and infrastructure

Intrusion Detection for SCADA Systems

Rethinking Cyber Security for Industrial Control Systems (ICS)

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

National Institute of Standards and Technology Smart Grid Cybersecurity

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Web Team Roles & Responsibilities. This document defines the approved Roles & Responsibilities for the Web Team and related Job Descriptions.

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

WORKSHOP Rethinking Cyber Security for Industrial Control Systems

Comparison of Risk Analysis Methodologies in an Electrical Grid. Svana Helen Björnsdóttir STAMP Workshop in Amsterdam October 4-6, 2015

Risk Management in Practice A Guide for the Electric Sector

Cloud Infrastructure Security Management

Appropriate security measures for smart grids

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Cyber Security Seminar KTH

How To Manage Risk On A Scada System

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Cyberspace Situational Awarness in National Security System

3rd International Symposium on Big Data and Cloud Computing Challenges (ISBCC-2016) March 10-11, 2016 VIT University, Chennai, India

SMART ASSET MANAGEMENT MAXIMISE VALUE AND RELIABILITY

JOB DESCRIPTION CONTRACTUAL POSITION

NERC CIP VERSION 5 COMPLIANCE

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Cyber security Indian perspective & Collaboration With EU

White Paper. Convergence of Information and Operation Technologies (IT & OT) to Build a Successful Smart Grid

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

IoT & SCADA Cyber Security Services

CACI Cloud Consulting Services

Lessons from Defending Cyberspace

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Software Defined Security Mechanisms for Critical Infrastructure Management

Department of Homeland Security Federal Government Offerings, Products, and Services

1 st Symposium on Colossal Data and Networking (CDAN-2016) March 18-19, 2016 Medicaps Group of Institutions, Indore, India

How to Do/Evaluate Cloud Computing Research. Young Choon Lee

The IBM Solution Architecture for Energy and Utilities Framework

Cybersecurity Framework: Current Status and Next Steps

FAQ to ENISA s report on technologies to improve the resilience of communication networks

Smart Cities. Smart partners in tomorrow s cities

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Concept and Project Objectives

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

SECURITY RISK MANAGEMENT

Cybersecurity in the maritime and offshore industry

D 6.4 and D7.4 Draft topics of EEGI Implementation Plan Revision: Definitive

Georgia Tech ARPA-E: Energy Internet

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Protecting critical infrastructure from Cyber-attack

Addressing Cyber Risk Building robust cyber governance

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

Cyber Risk to Help Shape Industry Trends in 2014

Agenda do Mini-Curso. Sérgio Yoshio Fujii. Ethan Boardman.

NIST Cloud Computing Program Activities

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Framework for Improving Critical Infrastructure Cybersecurity

ISO27032 Guidelines for Cyber Security

Information Security Management System for Microsoft s Cloud Infrastructure

CYBER SECURITY, A GROWING CIO PRIORITY

Cybersecurity The role of Internal Audit

Flexible Plug & Play Smart grid cyber security design and framework. Tim Manandhar

Industrial Control Systems Security Guide

SCADA System Overview

Compliance and Unified Communication

Grid Modernization and Smart Grid

Attachment A. Identification of Risks/Cybersecurity Governance

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Transcription:

Smart grid security analysis Paul Smith et al. paul.smith@ait.ac.at SPARKS Stakeholder Workshop 20 th May, 2014, Graz

SPARKS Objectives The SPARKS project has three main objectives regarding security analysis: 1. Develop a methodology for risk assessment that addresses the specific challenges of the smart grid 2. Create appropriate tools to support this methodology 3. Build a simulation environment that can be used to measure the impact of a cyber-attack These items will be applied to the project s demonstration facilities 2

Cybersecurity Risk Assessment Risk assessment is concerned with understanding the probability of a cyber-attack and its impact risk = probability x impact Based on an understanding of threats and vulnerabilities For example, financial loss, damage to equipment, loss of power, The basis for prioritising how to mitigate threats and apply resources for cybersecurity 3

A Smart Grid Risk Assessment: Motivation The smart grid will consist of legacy systems and new ICT components that implement advanced measurement and control functions The precise nature of a smart grid deployment is (at least) country specific For example, regulatory norms differ between countries Different approaches to Advanced Metering Infrastructures A risk assessment method should account for these characteristics of the smart grid 4

Risk Assessment Method for Smart Grids Two-tier risk assessment method 1. Conceptual level is used to assess risks to novel ICT systems 2. Implementation level is used to assess risks of existing (or prototype) systems The starting point of the assessment is a national reference architecture derived from SGAM The two processes interact, e.g., the conceptual assessment is used to determine the System Under Test (SUT) for the security audit 5

Risk Assessment: An Austrian Case Apply threat catalogue to the architectural clusters and perform a risk assessment using Delphi Make security architecture recommendations Identify architecture clusters for assessment Determine audits and System Under Test based on high risk categories Create a national reference architecture Based on SGAM Make security implementation recommendations Populate with implementation details and identify vulnerabilities Perform a security audit on the System Under Test 6

Analysing Multi-stage Attacks Attacks are becoming increasingly sophisticated and using numerous steps to achieve their goal See Bob s presentation on Security Analytics Threat analysis techniques often require the assessor to think like an attacker This is difficult to do, and is not a widely available skills set Vulnerability analysis tools can generate a deluge of information How can an analyst prioritise this data? 7

Vulnerability-centric Threat Analysis for APTs Aim: identify the paths of technical vulnerabilities through an infrastructure that can be used by an attacker This information can be used to prioritise vulnerability data Does not require attacker knowledge to gain actionable information Four stage process: 1. Identify hosts in the infrastructure and their connectivity 2. Enumerate the vulnerabilities associated with hosts, using public information, e.g., NIST National Vulnerability Database 3. Chain vulnerabilities together based on connectivity and vulnerability information 4. Identify attack paths to targets in the infrastructure by searching the connectivity-vulnerability graph 8

An Example Attack Path Origin Target 9

Simulating Cyber-attacks It is not possible to perform all attacks in reality Large-scale attacks and the potential of physical damage cannot be readily implemented This motivates the need for suitable simulation tools Simulators can be used to study two aspects Attacks to the ICT infrastructure, e.g., DoS attacks The impact to the power grid Simulation can give an indication of the effectiveness of security measures 10

Simulation Environment: Approach To develop a hybrid simulation environment based on the interconnection of existing tools 1. Power Distribution Simulators (GridLAB-D, etc.) Adapt power grid models from US network standards to European network standards Achieve a realistic model of the real environment and generate comparable results which are directly applicable to real European infrastructure 2. ICT network simulation tools Examples include ns-2, OMNeT++, 3. Real smart grid hardware Automation equipment (AIT SmartEST Lab) E.g., Secondary substation Smart meters 11

Safety and Security Co-Analysis Safety analysis methods are widely used in the energy domain Examples include HAZOP, fault-tree analysis, event-tree analysis, FMVEA, STAMP/STPA, There are parallels in the security domain, e.g., attack trees Benefits can be had by performing security and safety co-analysis Reuse of results across analyses Ability to consistently prioritise different types of threats, i.e., attacks versus faults 12

SPARKS Objectives: Restated The SPARKS project has three main objectives regarding security analysis: 1. Develop a methodology for risk assessment that addresses the specific challenges of the smart grid 2. Create appropriate tools to support this methodology 3. Build a simulation environment that can be used to measure the impact of a cyber-attack These items will be applied to the project s demonstration facilities 13

Discussion Points What (if any) security (risk) assessment techniques or methods do you currently use in your organisation? Why did you choose to apply these? Do you make use of tool support to implement these? If so, which ones? Are there any particular regulatory requirements or standards that you must (or choose to) adhere? For example, is ISO 27K relevant to your organisation? Are there any EU directives, etc., current or upcoming that will be relevant to your organisation in this area? Security and safety analysis, e.g., analysing faults and their consequences, are closely related; do you perform any safety-related analysis currently? If so, which ones, e.g., HAZOP, FMVEA, fault-tree analysis? 14

Discussion Points (contd.) What information sources do you use to inform your security analyses, regarding current threats, etc.? Examples might include security advisories, news media, national CERTS, stakeholder groups,... In your opinion, what is the main challenge a project like SPARKS should look to address in the area of security / risk analysis? Examples include safety and security co-analysis, cyber-physical impact analysis, determining reliable threat probability figures, etc. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information