Cyber security: Practical Utility Programs that Work

Cyber security: Practical Utility Programs that Work Securing Strategic National Assets APPA National Conference 2009 Michael Assante Vice President & CSO, NERC June 15, 2009

The Electric Grid - Challenges Energy Policy Objectives

The Electric Grid Generation Transmission Distribution 5,000 plants 65% of monthly bill Employs approx. 120,000 people 160,000 miles 5% of average customer monthly bill Employs approx. 15,000 people Over 1,000,000 miles 30% of average customer monthly bill Employs approx. 400,000 people The electric infrastructure underpins all others and is vital for both economic and national security

Common Hazards Storms (ice, hurricane, wind), tornados, earthquakes, flooding Squirrels and possums Aging staffs, skilled staff availability and labor disputes Fuel disruptions and reduced onsite supplies Aging infrastructures and critical components Vegetation-related T&D outages Lack of preventative maintenance System congestion and operations close to load limits Voltage/reactive reserve availability Mal-operating system protection and controls System complexity and coordination breakdowns Accidents & other human activity Investment uncertainty, renewable mandates and environmental regulation Physical security incidents

Competing System Goals The most efficient system operates exactly at its operating limits with little redundancy Every component is critical Every component utilized to its maximum Very economical as long as nothing breaks A resilient system has sufficient redundancies in the right places to withstand losses of any component No one component is critical Components far from their operating limits Very robust but expensive to build and operate

Technology Transformation We are at a transformational moment a moment in history when our interconnected world presents us, at once, with great promise but also great peril. President Obama, May 2009

Change & Enduring Structures SCADA 765 kv system Electric Capacity In Decline & Aging Infrastructure CIA disclosure Greater Internet Use EBR-I First Nuclear NE Blackout I SCADA EMS NE Blackout II Smart Grid Pulverized Coal Generation Digital Replace EM in Newcon Aurora Research 1920 1951 1960 1965 1975 1985 1995 2001 2003 2006 Risk over time: Threats are LOW Vulnerabilities are LOW Consequences are LOW Threats are LOW* Vulnerabilities are MED+ Consequences are MED Threats are MED Vulnerabilities are HIGH Consequences are HIGH 2009

Electric Infrastructure Security Landscape Change 1900-2001 2001 - Present Few homeland threats Perceived security Limited digital technology change (manageable complexity) Ample human and material resources Threat potential increasing Recognized national security issue Aging infrastructure undergoing technology enhancements Increasing complexity Limited transmission investment

Cyber & the Pace of Change It's the great irony of our Information Age -- the very technologies that empower us to create and to build also empower those who would disrupt and destroy. President Obama, May 2009

Cyber Risk & the Grid

Unique Nature of Cyber Threats Understanding of cyber technologies change frequently New vulnerabilities & technical exploits Growing system complexity & connectivity/access paths (e.g. Smart Grid) Potential threats can be unknown and arise very quickly Can require rapid and often confidential responses Attackers are intelligent and watching Attacker s advantage - unbounded attack scenarios (vulnerabilities, technical threats, and consequences) Cyber threats can arise virtually anytime and anywhere across the vast array of communicating devices on the grid Probably don t have all information and expertise Attacks might not happen making measurement difficult (human dilemma) Cyber Security threats are unlike any other threat to the electric grid.

Control System Security Snapshot ICS-Specific Vulnerabilities ICS-Attack Tools Electric ICS Port Probes Vulnerabilities that can affect ICS Source: Critical Intelligence info@critical-intelligence.com

Increased Attention 1Q 09 - ICS Attack Presentations Critical intelligence noted six presentations at open information security conferences covering ICS vulnerabilities in the first quarter and a total of 20 in 2009. The security conferences include (25C3, Black Hat DC, Shmoocon, Source Boston) Source: Critical Intelligence info@critical-intelligence.com

Threat Actors & Scenarios to Consider Threat Actors: Extremist (single issue groups) Terrorist Organized Criminals Nation States Lone wolf Insiders Viral Threat Scenarios: Physical Attacks Cyber Attacks Blended Attacks EMP/RF Energy, EMC Pandemics WMD (RDD, etc.)

Cyber Events and Power Systems CIA discloses they have information of cyber attacks against power system controls outside the US. Resulted in multi-city outage Extortion as the prime motivation US Power companies have been penetrated Media reports & government officials Connectivity to substations & digital hardware exist Market Surveys (modems, SCADA, Internet, wireless, etc ) Restoration time is critical, Availability is priority Websites, presentations and books devoted to hacking our systems CNN Aurora disclosure & video Senate Energy & Natural Resources Committee Chairman Jeff Bingham at recent classified briefing I found the briefing chilling 15

Recent Wall Street Journal & Media Reports Cyber spies have penetrated the U.S. electrical grid and left behind software systems that could be used to disrupt the system. Current and former national security officials The Russians and Chinese have attempted to map our infrastructure. Senior intelligence official U.S. Intelligence agencies detected the intrusions, not the companies in charge of the infrastructure. Officials There are intrusions and they are growing. There were a lot last year. Former DHS official Utilities are reluctant to speak about the dangers. PJM

Greatest Challenge to Overcome The potential for an intelligent cyber attacker to exploit a common vulnerability that impacts many assets at once, and from a distance is one of the most concerning aspects of this challenge Common or single point of failure (horizontal nature of technology) Universal points for commands/action Still need to prioritize our effort (investment, time and attention) Essentially, we re working to protect the grid against an armed and moving target that has a closet full of camouflage, so to speak. It s no easy task. Cyber threats can develop in the shadows and arise in minutes, exhibiting different characteristics than those preceding them, and are being driven by intelligent threat actors attempting to manipulate system components to achieve their objective (all the while enjoying the attacker s advantage). Michael Assante, CSO of NERC, 2009

Cyber Security & the Grid

Addressing Cyber Risk Requires a different approach, that must include: Constant vigilance Urgent action (as technologies change, threats arise, and vulnerabilities are identified) Information must be disseminated to the individuals who need it most as quickly and securely as possible Layered defense (CIP Standards, Active risk identification & management, Communications) Involved risk decision making model Identify, measure, and manage risk, scope and pinpoint specific issues, and determine the timeframe in which they must be addressed.

Reliability & Security Goals Understand what is possible Mitigate consequences of a successful attack Reduce the attractiveness of the power grid as a target Shift the majority of our focus from prevention to engineering in resilience & safety, restoration, and system recovery From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage. President Obama, May 2009

Foundations of Protection Leadership & Culture Bi-directional communications Skilled people Dynamic & resourced security operations Awareness & Coordination Foundational standards System Resilience & Capacity

CIP Standards The critical infrastructure protection standards approved through Order No. 706 are a sound starting point for the electric industry to address cybersecurity. Designed as a foundation for sound practices Good housekeeping requirements intended to help protect asset owners from unstructured cyber threats NERC s Reliability Standards development process enables the progressive and continuous improvement of Reliability Standards. Important milestone to help ensure grid reliability by improving the resiliency of control system cyber assets and enhancing their ability to withstand cyber-based attacks

Limitations of the CIP Standards The CIP Reliability Standards alone cannot eliminate the threat of a cyber disruption of critical national infrastructure NERC has jurisdiction only to propose reliability standards for the bulk power system CIP Reliability Standards cannot address other critical assets such as telecommunications systems, for example, or electricity distribution systems The open process by which Reliability Standards are developed, while demonstrably successful in producing standards that have significantly enhanced the reliability of the grid, may not be ideally suited to sensitive subject matter where confidentiality is required Standards take time to modify (foundational but static) Specific cyber security risk can be very dynamic Compliance can t be at the expense of developing necessary and more flexible security management approaches Cyber Security standards are a foundation, designed to be built upon.

Electric Sector Coordination Government Regulators Governmental NEB Provincial Govts. Government CIP Public Safety Canada RCMP NRCAN NERC iero ES-ISAC FERC Regulator DOE Sector Specific Agency DHS NIPP Utility Industry Canadian Registered Entities Canadian Electric Association NERC Committees CIPC ESSG & ESCC 19 CIKR sectors U.S. Registered Entities U.S. Remaining Sector Entities Electric Associations (EEI, NRECA, APPA, EPSA)

A Changing World Cartoon credit: The Economist 2009

Barriers to Reducing Risk Constant increase in complexity associated with new technology deployments and applications Organizational complexity of the grid in North America Lack of positive economic motivation for utilities to increase security Growing dependence on communications A more complex and distant global supply chain Skilled cybersecurity professionals

Question & Answer Contacts: Michael Assante Vice President & CSO michael.assante@nerc.net 609.452.8060 It's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. President Obama, May 2009

About NERC International regulatory authority for electric reliability in North America Develop & enforce reliability standards Analyze system outages and near-misses & recommend improved practices Assess current and future reliability