Cyber Security for the Smart Grid Peter David Vickery Executive Vice President N-Dimension Solutions Inc. APPA National Conference June 21, 2010 Cyber Security Solutions For <Client Name> Cyber Security for the Smart Grid
Selected Partner of the APPA As stated by the Federal Energy Regulatory Commission, cyber attacks can damage generation and distribution facilities in ways that cause widespread disruption of electric service and undermine our government, economy, and the health and safety of millions of citizens. We selected N-Dimension Solutions Inc. as the official cyber security partner of Hometown Connections because the firm offers a deep knowledge of cyber security, a proven methodology, and a commitment to addressing the unique requirements of public power systems of all sizes. - Tim Blodgett, the President and CEO of Hometown Connections -2-
About N-Dimension Solutions Cyber Security Solutions Provider laser focused on the Power & Energy market Member of: NIST Cyber Security Committees: Cyber Security Working Group (CSWG) Smart Grid Interoperability Panel (SGIP) NERC and NERC s Demand-Side Management Task Force Cyber Security Technical Working Groups (IEEE P1711, AMI-SEC) Advisory Committee for U. of Illinois Trusted Computing Infrastructure for Power Developed comprehensive power & energy cyber security and NERC CIP assessment methodology Developed cyber security product family specifically for the Smart Grid Published thought leader on cyber security for the emerging Smart Grid Recognized as an industry leader by Pike Research Active across North America and globally in delivering Smart Grid cyber security solutions in conjunction with our business partners -3-
Industry Leading Partners Smart Grid Integration Communications Asian Distribution Distribution ib ti & P&E Consulting ASP Delivery Hardened Platforms SCADA & Smart Grid Systems -4-
Technology Evolution Internet Services Firewall Workplaces IP Enterprise Optimization Suite Enterprise Network Third Party Application Server Mobile Operator Network Connectivity Server Historian Server Application Server Engineering Workplace Control Network Modbus DNP3 Device Network Redundant -5-
What Are The Most Likely Attacks? Malware impairing operations no human behind the attack no awareness that victim is a utility Malware exploited for extortion targeted at insecure enterprises with significant ability to pay Dormant malware activated some day in the future terrorists, nation states Hacker attacks against US power system terrorists, nation states combined cyber/physical attack Insiders These attacks seek out poorly secured systems -6-
Lifecycle Approach to Cyber Security 1. Preparation Preparation create/review policy statements t t conduct a risk analysis establish/review security team structure 2. Prevention Prevention 3. Response deploy security countermeasures approve security changes monitor security posture Response respond to security violations restoration review -7-
Defense in Depth Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Interior Security Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711, IEC 62351 NAC Scanning Monitoring Management Processes IDS IPS DMZ VPN AV NAC Intrusion Detection System Intrusion Prevention System DeMilitarized Zone Virtual Private Network (encrypted) Anti-Virus (anti-malware) Network Admission Control -8-
N-Dimension s Products and Services Professional Services Cyber Security Services for Smart Grid Operational Environments Technical Solutions n-platform UTM n-central Management System Industry Partners Solution Augmentation Turnkey ASP Service + Addresses Pain Points in Target Sector + Integrated Solution -9-
Perimeter Defense-in-Depth Firewall IDS Remote Access VPN Site-to-Site VPN DMZ Site-to-site VPN Proxy Anti-Virus IDS NAC -10-
Interior Defense-in-Depth IDS Port Scan Vuln Scan Firewall NAC SSL VPN IPSEC VPN SCADA VPN Firewall Port Scan IDS Access Control SSL VPN IPSEC VPN SCADA VPN Firewall IDS -11-
Central Log and Event Management Internal: Log, Analyze, Report, Compliance Outsourced Smart Grid Security Service -12-
ASP Service Description Based on term agreement with each participating Utility Pricing is for all elements of the service including: Initial design Configuration and hardware / software installation Level 1, 2 and 3 customer support Cyber node hardware / software Maintenance including hardware replacement if required Software updates Reports, audits, logs 24x7x365 Cyber Security Monitoring Secure Utility Web portal Annual Cyber Security Policy Review Add-on capabilities within term e.g. AMI and additional substations Contract extension option after initial term -13-
ASP Service Program Benefits High ease-of-procurement and ease-of-use Cost efficiencies: typically < 0.1% of utility s O&M budget 7x24x365 coverage by subject matter experts No need to expend capital nor hire and train expensive specialists Utility retains control of its cyber data through remote access to their specific data, customized reports and real-time insight via secured web portal Additional end points and operating areas (e.g. AMI and additional substations) can be added within the term of the agreement Program aligns with NERC-CIP standards Approach is endorsed d by insurance providers as demonstration of duty of care -14-