Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering

Similar documents
Alain Fiocco. Sr. Director CTO Office

Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10

ZigBee IP Stack Overview Don Sturek Pacific Gas and Electric (PG&E) 2009 ZigBee Alliance. All rights reserved. 1

IoT & SCADA Cyber Security Services

Unifying Smart Grid Communications using SIP

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

How Much Cyber Security is Enough?

Security by Design WHITE PAPER

Smart Substation Security

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

What is Really Needed to Secure the Internet of Things?

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

The Smart Grid in 2010

THE FUTURE OF SMART GRID COMMUNICATIONS

TUSKEGEE CYBER SECURITY PATH FORWARD

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

Security Issues with Integrated Smart Buildings

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Great ideas, big data and little privacy? Bart Preneel iminds and COSIC KU Leuven

How To Protect Your Network From Attack

How Secure is Your SCADA System?

The Internet of Things

AMI security considerations

future data and infrastructure

The Internet of Things Risks and Challenges

UPnP: The Discovery & Service Layer For The Internet of Things April 2015

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS

Cybersecurity Training

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

SCADA Security Training

Cyber Security Health Test

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The Internet of Things (IoT) Opportunities and Risks

Information Security Services

Future of Electric Distribution Dialogue

Redefining MDM for a Smart Grid Enabled

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Making Sense of Internet of Things Protocols and Implementations

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios

RuggedCom Solutions for

FERPA: Data & Transport Security Best Practices

I. TODAY S UTILITY INFRASTRUCTURE vs. FUTURE USE CASES...1 II. MARKET & PLATFORM REQUIREMENTS...2

Cyber Security and Privacy - Program 183

EnergyAxis System: Security for the Smart Grid

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Jim Sheppard, Director of Business Processes CenterPoint Energy, Texas, USA

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Normen & Standards Industrie 4.0 IEEE Standards

Smart Grid and Cyber Challenges

Bachelor of Information Technology (Network Security)

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Advanced Metering Infrastructure Security

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things

Cybersecurity Risk Assessment in Smart Grids

Smart Grid Security: A Look to the Future

[CEH]: Ethical Hacking and Countermeasures

Securing Distribution Automation

( Increased usage of IP addresses )

Cyber Security Seminar KTH

Reducing Application Vulnerabilities by Security Engineering

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Security and the Internet of Things (IoT)

Smart Systems: the key enabling technology for future IoT

Enterprise Apps: Bypassing the Gatekeeper

Introduction Chapter 1. Uses of Computer Networks

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Internet of Things. Laurent Toutain. June 11, Caen () IPv6 opérateur June 11, / 14

Cybersecurity The role of Internal Audit

SCADA Security: Challenges and Solutions

System stability through cloud-enabled energy automation An essential building block for the digitalization of distribution networks

VPN. Date: 4/15/2004 By: Heena Patel

DMS - Breakthrough Technology for the Smart Grid

Transcription:

Security in Smart Grid / IoT Nenad Andrejević Comtrade Solutions Engineering

Introduction Why is security important With so much of our lives connected to the Internet from our critical infrastructure and national security systems to our cars and bank accounts we know the urgency of addressing these new and growing cyber threats.

Traditional power grid The present infrastructure is overstrained and inter region bulk transfer is limited Cannot fully support the integration of renewable energy Low reliability of Power - Outage Fluctuating quality of Power Major source is fossil fuel Efficiency of Power transmission Almost zero customer participation Low Billing and collecting efficiency

Smart Grid v3 Decentralization of Generating resources Integration of all sources of energy, mainly renewable Continuous monitoring and feedback from the network Anticipation of faults and helps in fault prevention Establishes a two-way communication between the utilities and the consumers Reduces the stress on the power system infrastructure Reduces and shifts the peak demand Continuous self-learning

SECURITY THREATS TO THE ENERGY NETWORK CYBER-ATTACKS: MALWARE INJECTIONS, DENIAL OF SERVICE, REMOTE CONNECT / DISCONNECT COMMANDS ATTACKS ON PRIVACY REVENUE PROTECTION THE THEFT OF DATA AND ENERGY

Landscape of attack Oil pipeline explosion in Turkey 2008 Stuxnet Virus Ukraine Attack U.S. grid was successfully hacked 2015

Privacy concern #1

Privacy concern #2

Risk Levels More Secure UTILITY Back office HEAD END SYSTEM Collection system Highest Risk WAN Wide Area Network FAN Field Area Network HAN Home Area Network Least Secure Smart Meter Least Risk

Business Outcomes Distribution Automation EV Smart Charging Smart Payment Energy Efficiency Meter-to- Cash Revenue Assurance Renewables Integration Demand Response Outage Management Consumer Engagement More Secure DMS Utility Systems and Back Office Billing/ CIS OMS DRMS/ DLC SCADA Analytics» Transformer Load Management» Power Quality (Voltage/Outage)» Energy Diversion Detection» Energy Efficiency & Demand Response Highest Risk Head End System Security Manager Head-End MDM Cisco NMS Substation WAN Backhaul Network Options Least Secure Least Risk

Open Standards Application Layer Web Services, EXI, SOAP, RestFul,HTTPS/CoAP Metering IEC 61968 CIM, ANSI C12.22, DLMS/COSEM, SCADA IEC 61850, 60870 DNP3/IP, Modbus/TCP, DNS, NTP, IPfix/Netflow, SSH RADIUS, AAA, LDAP, SNMP, (RFC 6272 IP in Smart Grid) Transport Layer UDP/TCP Security (DTLS/TLS) Network Layer IPv6 RPL IPv6/IPv4 Addressing, Routing, Multicast, QoS, Security Mgmt 802.1x / EAP-TLS & IEEE 802.11i based Access Control Data Link Layer LLC M A C IEEE 802.15.4e MAC enhancements IEEE 802.15.4 including FHSS 6LoWPAN (RFC 6282) IPv6 over Ethernet (RFC 2464) IEEE 1901.2 802.15.4 frame format IEEE 802.11 Wi-Fi IEEE 802.3 Ethernet IPv6 over PPP (RFC 5072) 2G, 3G, LTE Cellular IP or Ethernet Convergence SubL. IEEE 802.16 WiMAX Physical Layer IEEE 802.15.4g 2.4GHz, 915, 868MHz DSSS, FSK, OFDM IEEE 1901.2 NB-PLC OFDM IEEE 802.11 Wi-Fi 2.4, 5 GHz, Sub-GHz IEEE 802.3 Ethernet UTP, FO 2G, 3G, LTE Cellular IEEE 802.16 WiMAX 1.x, 3.xGHz

Smart Grid Key Attributes Standards and Conformance Standards are critical to enabling interoperable systems and components. Mature, robust standards are the foundation of mass markets for the millions of components that will have a role in the future smart grid. Standards enable innovation where thousands of companies may construct individual components.

IoT [ WIKIPEDIA ] The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices. [ OXFORD ] A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data

Challenge of Securing the IoT Manufacturers, energy and transportation providers, and smart cities are gaining a competitive advantage by harnessing the Internet of Things (IoT). Connecting more things in more places creates new security challenges. Mitigating risk requires a combination of cybersecurity and physical security. The IoT is expected to grow to 50 billion by 2020. Each device is a potential entry point for a network attack by insiders, hackers, or criminals

How to process IoT is one of the new areas where the new innovative solutions are created every day, for business and eco systems. We still have no complete standard security measures. We use threat modeling to find out all relevant threats and risk model to find out best suite security European Union Agency for Network and Information Security Smart Grid Threat Landscape and Good Practice Guide NIST Cyber security framework for critical infrastructure OWASP Top 10 IoT

Top 10 IoT Vulnerabilities OWASP Top 10 IoT Vulnerabilities Project The OWASP Top 10 IoT Vulnerabilities are as follows: Rank I1 I2 I3 I4 I5 I6 I7 I8 I9 I10 Insecure Web Interface Title Insufficient Authentication/Authorization Insecure Network Services Lack of Transport Encryption/Integrity Verification Privacy Concerns Insecure Cloud Interface Insecure Mobile Interface Insufficient Security Configurability Insecure Software/Firmware Poor Physical Security 10/10 security systems accept 123456 10/10 security systems with no lockout 10/10 security systems with enumeration SSH listeners with root/ access 6/10 web interfaces with XSS/SQLi 70% of devices not using encryption 8/10 collected personal information 9/10 had no two-factor options Unauthenticated video streaming Completely flawed software update systems

Why COMTRADE? Comtrade firmly believes that the best way to ensure reliable security for the entire smart grid /IoT is to integrate security directly into the design process. Our Security by Design methodology involves the security team working hand in hand with Comtrade architecture team to ensure its products are created with security in mind right from the start. Security is not an afterthought; it evolves with the product and needs to be continually developed.

COMTRADE SECURITY BY DESIGN METHODOLOGY The Security by Design methodology is a simple, iterative process. It was decided at Comtrade that in the manufacturing of applications for utilities and IoT An Iterative Approach 1. Assess the security vulnerabilities applicable to the system and all components 2. Conduct a risk evaluation with an impact analysis 3. Design defensive counter measures for mitigating impact 4. Perform penetration tests against each component and then the entire system 5. Iterate - if there are any gaps identified in step Pre poduction Production Secure by design

Conclusion Being knowledgeable about what can be achieved is one thing. The other is to reduce the impact. In cyber-security an environment with asymmetric approaches - this can be achieved through common effort and coordination.

Q&A That which depends on me, I can do; that which depends on the enemy cannot be certain. Therefore it is said that one may know how to win, but cannot necessarily do so (Sun Tzu).

Thanks for coming Have a nice day!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information