Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Similar documents
Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

Innovative Defense Strategies for Securing SCADA & Control Systems

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

RuggedCom Solutions for

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

SCADA Security Training

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

IT Security and OT Security. Understanding the Challenges

Manage Utility IEDs Remotely while Complying with NERC CIP

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Designing a security policy to protect your automation solution

TRIPWIRE NERC SOLUTION SUITE

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Verve Security Center

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

IT Networking and Security

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure

Smart Substation Security

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Holistic View of Industrial Control Cyber Security

SECURING THE MOVE TO IP-BASED SCADA/PLC NETWORKS

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Security Testing in Critical Systems

Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Best Practices for DanPac Express Cyber Security

Notable Changes to NERC Reliability Standard CIP-005-5

Cyber Security Compliance (NERC CIP V5)

ISACA rudens konference

Client-Server SCADA Technology

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

What Risk Managers need to know about ICS Cyber Security

Secure Substation Automation for Operations & Maintenance

Document ID. Cyber security for substation automation products and systems

Remote Services. Managing Open Systems with Remote Services

NERC CIP VERSION 5 COMPLIANCE

Ovation Security Center Data Sheet

Palomar College Dial-up Remote Access

Lessons Learned from AMI Pioneers Follow the Path to Success

GE Measurement & Control. Cyber Security for NERC CIP Compliance

The Importance of Cybersecurity Monitoring for Utilities

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity

Making the most out of substation IEDs in a secure, NERC compliant manner

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Network Management System (NMS) FAQ

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

NERC CIP Requirements and Lexmark Device Security

Print Audit Facilities Manager Technical Overview

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall

Electronic Transaction Market Industry Whitepaper. Systech Corporation Internet Payment Gateways

Industrial Security in the Connected Enterprise

Cyber Security nei prodotti di automazione

Machine control going www - Opportunities and risks when connecting a control system to the Internet

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

Redesigning automation network security

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Securing Distribution Automation

GE DigitalEnergy. Integrated Substation Control System (iscs) IEC based Substation Automation Solutions

Network Assessment Services

OPCNet Broker TM for Industrial Network Security and Connectivity

Industrial Security Solutions

Summary of CIP Version 5 Standards

Using the DNP3.0 Protocol via Digi Device Servers and Terminal Servers

IT Networking and Security

AMI security considerations

DNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices

Could your utility improve efficiency and performance with third-party services?

Network Client. Troubleshooting Guide FREQUENTLY ASKED QUESTIONS

Overview. Firewall Security. Perimeter Security Devices. Routers

Secure SCADA Network Technology and Methods

Industrial Security for Process Automation

What is Really Needed to Secure the Internet of Things?

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist

Ovation Security Center Data Sheet

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

Virtual Privacy vs. Real Security

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Network Security Administrator

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

Transcription:

Utility Telecom Forum Robert Sill, CEO & President Aegis Technologies February 4, 2008 1

Agenda Asked to describe his job, Mike Selves, director of Emergency Management and Homeland Security in Johnson County, Kan., recalls what he once told county commissioners who also posed the question. My job, he said, is to tell you things you don t want to hear, asking you to spend money you don t have for something you don t believe will ever happen. Page 2 2

Agenda Current communications networks Issues facing the industry Case Study: Integration into production environment at Utility Page 2 3

Typical Communication Network Page 3 4

Industry Parallel: Banking Banking sector Relatively secure islands until networking technology introduced in the 1980 s and 1990 s Beginning of modern IT Security, vulnerability protection Energy Sector Discovering that Utilities are already connected, vulnerabilities exist NERC compliance is the first step towards complete cyber security Heading toward federally-influenced completely secure systems as in banking Page 4 5

Increasing Complexity of Systems Increased demand on Control System networks has outpaced spending on communication infrastructure upgrades Communication infrastructure limitations may prevent new control devices from being effectively added Bit-oriented protocols still utilized by Utility, but new devices may not support Lack of understanding of bit protocols Reliability can become jeopardized Page 7 6

Current Options for System Upgrade Industry and Government moving in different directions Smart-Grid and Substation Automation Interconnectivity NERC it or disconnect it Routable protocols must have security measures in place Replacement costs associated with new technology are high Technology available is limited and incomplete Upgrade process is time-consuming Budget limitations may cause upgrades to be done in pieces over time Supplier industry moving towards IP networks Consideration must be given to security, reliability, and cost of upkeep Page 8 7

Convergence of Technologies Serial: designed for reliability IP: designed for information sharing Non-guaranteed delivery (without TCP) Shared bandwidth Neither system designed for security Page 9 8

Effects of an IP Network IP is and will be ever more expensive to secure 30+ years of developed hacking experience 25,000+ known IP network vulnerabilities (CVE list) Some of these bugs are in currently deployed security patches Annual Hacking Conferences Millions upon millions are and will be spent on defending against these IP vulnerabilities More vulnerabilities discovered every day Page 10 9

Division Between Control Center and the Field Who s responsibility is this? Control Center responsibility Field responsibility Page 11 10

Network Vulnerabilities are Across the Entire System Page 12 11

Division Between Control Center and the Field Lack of understanding of entire communication network Network is segmented with specialized expertise/knowledge Collaboration between those in the control center and those in the field is minimal Vendors are specialized in one area and don t necessarily look at the big picture Makes implementing upgrades to the system very difficult Page 13 12

Influence of Aging Workforce on Electric Industry Baby Boomers make up 1/3 of US workforce Two biggest challenges facing the Power Industry* loss of critical knowledge inability to find replacements with utility-specific skills Number of Electrical Engineering degrees is declining Inadequate Knowledge transfer/documentation passed down to new workforce *According to the APPA research report Work Force Planning for Public Power Utilities Page 14 13

Thousands 90 80 70 60 Workforce Maturation 3000 50 2500 40 30 20 2000 1500 Billions KWH 10 0 1000 500 1970 1975 1980 1985 1990 1995 2000 2005 *2010 *2015 Year baby boomers % of workforce Demand for Energy Degrees in EE (thousands) Degrees in IT (thousands) Sources: U.S. Bureau of Labor Statistics U.S. Dept of Education Energy Information Administration Page 15 14

Changing Environment Control networks are now more connected, more complex, and more expensive to maintain Replacement costs are high Influence of IP on Control Systems Choice between reliable serial vs. TCP/IP with vulnerabilities NERC, Routable protocols Specialized expertise no comprehensive understanding of the system. Fewer Electrical Engineers, more IT NERC influencing utilities to disconnect their systems Page 16 15

What can you do? An Actual Case Study Investor Owned Utility: Co-developer Design considerations Life extension of current system by utilizing proven technology to provide performance improvement Improve troubleshooting capabilities to increase reliability and response time while reducing maintenance costs Operate with a vastly improved cyber security system Improve and secure control systems now and expand capabilities as new technology and standards emerge Cannot effect SCADA traffic, must operate between data scans Latency must be minimal Page 17 16

Smarter, Faster, Safer SCADA Odyssey Product Series operational benefits Make the system smarter with: troubleshooting tools such as event logging, byte by byte data captures, and control from the Host (not the field) Make the system faster with: self-optimizing compression and bit and byte-oriented protocol compatibility Extend the life of your system, and in the process, secure your communications and achieve NERC CIP compliance Page 18 17

Installed in the system Page 19 18

Actual 19 Rack Mount Installation At Operations Center: Host installs next to EMS/DMS At the Substation: RSM, RMD next to RTU, IEDs Page 20 19

Appl Appl Appl SW RSM Communication Communication Communication Appl Appl Appl Communication SW RSM HW RSM Optionally Manages SCADA OCPs Too Control Network RMD Dial-Up Modem AMI Data AMI Data ooo oo Residential Meter AMI Data AMI RSM EMS Odyssey Web & DB ICCP AMI Data RTU Control Network ooo oo Residential Meter Optional connection to To RTU AMI Data OCP Odyssey Authentication Server Collection Point Meter ooo oo Residential Meter Embedded OCP Software SCADA SCADA Video Communication Audio SCADA SCADA Card RTU RSM Multifunction RSM/RMD RTU Standalone RMD IED IED RTU IED RMD Dial-Up Modem Dial-Up Modem Dial-Up Modem Complete Security Perimeter Generation Plant SCADA Control Center Pole Top Substation #1 UNIT 1 PLC RSM DCS Network DCS Network UNIT 2 d Remote PLC Over Short-Range Wireless Link Internet Remote Access Corporate WAN Remote Access FEP FEP SCADA Communications Cloud Substation #2 Operations LAN Substation #3 Odyssey Host Web/DB Server OCP Security Measures Plant Security: Authenticates all application traffic, point to point Blocks virus and other unauthorized traffic between servers OCP isolates Units and Operations LAN, for maximum protection Detailed event logging Remote Link Security Authenticates all remote user and WAN access Authenticates traffic from remote PLC s Generation Plant Network Remote Access Security T&D Network Security Measures T&D Network: Encrypt and compress SCADA traffic Device Authentication Central Management and Troubleshooting Remote Access Defense: Real-time access control of dial-up lines Authenticates against Odyssey Web & DB RMDs centrally managed Enterprise WAN To SCADA Network AMI Control Center Security Measures Metering Office: Encrypt telecom Authenticate that readings are from an authorized collection point Substation: Encrypt telecom connection to T&D SCADA Field Meter: Authorized metering source Encrypt meter readings Prevent & alert on tampering AMI Server Odyssey Web & DB Comm. Server OCP Comm. Server AM I Network AMI Communications Cloud Smart RSM Substation ooo oo A variety of communications formats may be present, such as: PSTN (telephone lines) Serial Leased Lines Serial RF Links Comm. Over Power Lines Satellite Page 21 20

Defense in Depth 2048-bit streaming encryption Eliminates latency associated with block encryption Supports TCP and serial links Authentication Device to device User authentication Configurable role-based user permission settings Centralized password management Dialup Remote Modem Defense RMD Hardened field unit installs at the substation Authenticates users dialing into IEDs Central management of dial-in users and passwords Real-time reporting of modem activity, alerts Page 23 21

Case Study Summary Life of existing communication infrastructure extended through: Improved system performance Effective troubleshooting tools Central control of remote devices Utility Operational system after Odyssey installation: Devices with serial maintenance ports configured from control center Errors in communication diagnosed from control center Comprehensive cyber-security perimeter Event logging capabilities for efficient troubleshooting Extensive data monitoring/forensics Able to send byte-oriented Conitel data to substation Improved communication speeds with compression and bit to byte capabilities Page 24 22

Your Aging Communications Infrastructure Extend the life of your existing system Effective troubleshooting tools can reduce maintenance costs and increase efficiency Speeding up communication can allow more data to be transmitted, more devices to be added, and increase reliability Securing the system ensures longevity Questions? Page 25 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information