Cyber Security of the Power Grid Chen-Ching Ching Liu Professor of Power Systems University College Dublin Research for Ireland s Future
Ireland -Country of natural beauty -Quality of life ranked among highest in the world -Ranked 1 st in Europe for most competitive location for R&D investment in 2010
Dublin - Capital of Ireland A city with a population of 1,5 million
UCD University College Dublin UCD Belfield Campus: 365 Acres - 5 km south of Dublin City Centre
UCD Facts & Figures UCD is founded 1854 UCD is the largest university in Ireland UCD is in Top 100 by Times World Univ. Rankings in 2010 (221 in 2005)
UCD Facts & Figures 27,000 total students 17,000 undergrads 6,000 post grads 4,250 international students from 110 countries, Most in Ireland; 19% of student population. 138 international students from India 2,500 academic staff, 30% international Highest in Ireland
UCD University Structure Arts & Celtic Studies Business & Law Human Sciences Life Sciences Engineering, Mathematics and Physical Sciences
College of Engineering, Mathematical and Physical Sciences (EMPS) Current Structure School of Architecture, Landscape & Civil Engineering School of Chemical & Bioprocess Engineering School of Computer Science & Informatics School of Electrical, Electronic & Mechanical Engineering School of Geological Sciences School of Mathematical Sciences School of Physics
Restructured College and Schools After Sept. 2011 College of Engineering and Architecture School of Architecture School of Biosystems Engineering School of Chemical and Bioprocess Engineering School of Civil, Structural and Environmental Engineering School of Electrical, Electronic and Communications Engineering School of Mechanical and Materials Engineering College of Science School of Computer Science and Informatics Other Schools
EMPS Research Themes Energy Systems Nanbioscience & Engineering Computational Modelling ICT and Critical Infrastructures Bioengineering
UCD Engineering & Computer Science Research Students
UCD Computer Science & Informatics Currently: 30 academics 40 post-docs 400 Postgrads CSI Research Grants: 32 million won between 2005-09 Average funding won per annum 8M Research graduations 2009/2010: Target of 40 PhDs per year
Vulnerability Assessment and Mitigation of Information and Communication Systems for Critical Infrastructures Institution: University College Dublin Lead PI: Prof. Chen-Ching Liu Dr Pavel Gladyshev Academic Partner Iowa State University, USA Prof. Manimaran Govindarasu Industry Advisors EIRGRID, Ireland INTEL, Ireland RSE, Italy RTE, France Defend ICT infrastructure against cyber intrusions Vulnerability assessment of critical infrastructures Supervisory control and data acquisition (SCADA) systems for power grids Team of Researchers Prof. C. C. Liu, Dr. P. Gladyshev 5 PhD Students (S. Ryan, J. Hong, S. S. Wu, A. Stefanov, A. Shosha) Term 5 Years Commencing Sept 2009
Power Grid with ICT
Supervisory Control And Data Acquisition (SCADA) Sectors Example Protocols Framework Input Variables Control Variables Application Electric Power Transmission, Distribution, Substation Network Monitoring) Wind Farms ICCP / DNP3i / Modbus over TCP/IP / IEC870-5-101/104 / IEC 61850 Data Polling Acquisition & Control / Automation Are Configured for Interlocking and Protection Scheme Voltage, Current, Frequency, Time, Active Power, Reactive Power, Apparent Power Switching Devices Energy Management System (EMS) / Distribution Management System (DMS) / Substation Automation System (SAS) Natural Gas Pipelines, Process Control Systems Gas Pipeline, Chemical, Oil and Gas, Power Plants Fieldbus or Profibus Automation by Programmable Logic Controller (PLC) Temperature, Pressure, Time, etc. Valve, Pump Generation Management System (GMS), Resource Planning System (ERP) Transportation Roadway, Rail System, Space and Air Traffic Cellular Digital Packet Data Network and Global Positioning System Ensuring Associated Tasks with Given Function, Satisfying System Performance in Centre Traffic and Roadway Sensors, Visual Closed Circuit Television Sensors, Voice Communication, Probe Vehicle and Database Services, Global Positioning System Controls of Roadway Access and Intersection Devices Adaptive Traffic Control System, Incident Detection and Location System, and Predictive Traffic Modelling System
Impact Analysis Anomaly Detection Power Grids Control Centres ICT Real-Time Monitoring Mitigation Substations
Critical Cyber Assets Infrastructures Energy Management System (EMS) in Control Center Distribution Management System (DMS) Process Control System (Power Plants) Substation Automation System (SAS)
Cyber Systems in Power Infrastructure
Escalating Cyber Security Factors Adoption of standardized technologies with known vulnerabilities Connectivity of control systems to other networks Constraints on use of existing security technologies and practices Insecure remote connections Widespread availability of technical information about control systems
Access Points in Control Networks Virtual Private Network (VPN) Dial-up Networks Wireless Networks Any Remote Logon Programs Backdoor Access - Trojan Horse (on Unknown Service Ports)
Example Intrusion Tools War Dialing Scanning Traffic Sniffing Password Cracking
Direct DoS/DDoS Attacks Slaves Slaves are are instructed instructed to to flood flood the the victim victim with with packets packets holding holding spoofed spoofed IPs IPs Attacker Attacker compromises compromises attack attack machine machine (the (the master). master). The The master master installs installs attack attack code code on on slave slave machines, machines, also also called called (zombies). (zombies). master Victim Slave (zombie)
System Vulnerability A system is defined as the wide area interconnected, IP-based computer communication networks linking the control center and substations-level networks System vulnerability is the maximum vulnerability level over a set of scenarios represented by I V S max V ( I )
Access Point Vulnerability Access point provides the port services to establish a connection for an intruder to penetrate SCADA computer systems Vulnerability of a scenario i, V(i), through an access point is evaluated to determine its potential damage V i j S j j Scenario vulnerability - weighted sum of the potential damages over the set S. j
Generalized Stochastic Petri Net (GSPN) Intrusion and cyber-net are modeled by a GSPN model GSPN consists of two different transition classes: immediate and timed transitions States of the stochastic process are the status of intrusions to a network that are inferred from abnormal activities Cyber-net is a composite model Firewall model Password model These include malicious packets flowing through Pre-defined firewall rules Failed logon password
Firewall Model Denial or access of each rule Malicious packets traveling through policy rule j on each firewall i is taken into account. probability of malicious packets traveling through a firewall rule p fp i, j f N fp i, j fp i, j probability of the packets being rejected denotes the frequency of malicious packets through the firewall rule total record of firewall rule j. p fr i f N fr i fr i n i the number of rejected packets fr p i denotes the total number of packets in the firewall logs fp fp fp pi, 1 pi, 2 p i, n f i f i f i
Detecting Anomaly at Substation Database Anomaly Detection Algorithm Human Machine Interface Intelligent Electronic Devices Intrusion Detection
UCD Testbed
Electricity and Information Flows on Smart Grid Markets Operations Service Provider Bulk Generation Information Flow Electricity Flow Transmission Distribution Customer Source: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0
Information Security and Protection
Conclusions Interdisciplinary: computer science and energy systems Critical infrastructures SCADA cyber security: anomaly detection and vulnerability analysis Evaluation of cyber security on test beds Awareness and cyber security education Enabling cyber security and power technologies for Smart Grid
Further Information J. Yan, C. C. Liu, and M. Govindarasu, Cyber Intrusion of Wind Farm SCADA System and Its Impact Analysis, IEEE Power and Energy Society Power Systems Conference and Exposition (PSCE), Mar 20-23, 2011, Phoenix, USA. J. Hong, S. S. Wu, A. Stefanov, A. Shosha, C. C. Liu, P. Gladyshev, and M. Govindarasu, An Intrusion and Defense Testbed in a Cyber-Power System Environment, IEEE PES General Meeting, 2011. Chee-Wooi Ten, Manimaran Govindarasu, and Chen-Ching Liu, Cybersecurity for Critical Infrastructures: Attack and Defense Modeling, IEEE Trans. Systems, Man, and Cybernetics Part A: Systems and Humans, July 2010, pp. 853-865. Srdjan Pudar, Manimaran Govindarasu, and Chen-Ching Liu, PENET: A Practical method and tool for integrated modeling of security attacks and countermeasures, Computers and Security, 28, 2009, pp. 754-771. Chee-Wooi Ten, Chen-Ching Liu, and Manimaran Govindarasu, Vulnerability Assessment of Cybersecurity for SCADA Systems," IEEE Trans. on Power Systems, vol. 23, no. 4, pp. 1836-1846, Nov. 2008. Chee-Wooi Ten, Chen-Ching Liu, and Manimaran Govindarasu, Anomaly Extraction and Correlations for Power Infrastructure Cyber Systems, Proc. enetworks Cyberengineering Workshop, October 12-15, 2008, Singapore. Chee-Wooi Ten, Chen-Ching Liu, and Manimaran Govindarasu, Cyber-Vulnerability of Power Grid Monitoring and Control Systems, Proc. 4th Cyber Security and Information Intelligence Research (CSIIR) Workshop, May 12-14, 2008, Oak Ridge, Tennessee, USA.
Contact email liu@ucd.ie Research for Ireland s Future