William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly



Similar documents
Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Cyber Security and Privacy - Program 183

future data and infrastructure

Basics of Internet Security

Secure Data Management in Trusted Computing

How to Secure Infrastructure Clouds with Trusted Computing Technologies

The Importance of Cybersecurity Monitoring for Utilities

Property Based TPM Virtualization

Security Issues with Integrated Smart Buildings

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Building A Secure Microsoft Exchange Continuity Appliance

Attestation and Authentication Protocols Using the TPM

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE

CTS2134 Introduction to Networking. Module Network Security

A Modern Framework for Network Security in the Federal Government

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Securing the Electric Grid with Common Cyber Security Services Jeff Gooding

Trusted Platforms for Homeland Security

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

What is Really Needed to Secure the Internet of Things?

SCADA Security: Challenges and Solutions

Cyber Security Risk Mitigation Checklist

Overview. Firewall Security. Perimeter Security Devices. Routers

Top virtualization security risks and how to prevent them

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

UNCLASSIFIED Version 1.0 May 2012

How Much Cyber Security is Enough?

Mutual Authentication Cloud Computing Platform based on TPM

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

2) trusted network, resilient against large scale Denial of Service attacks

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

What Risk Managers need to know about ICS Cyber Security

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Smart Grid Cybersecurity

DeltaV System Cyber-Security

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Risk Management in Practice A Guide for the Electric Sector

Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Seven Strategies to Defend ICSs

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Working with the FBI

Breakthrough Cyber Security Strategies. Introducing Honeywell Risk Manager

Wireless Network Security

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

WHITEPAPER. Smart Grid Security Myths vs. Reality

Cyber Security Seminar KTH

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Redesigning automation network security

Smart Substation Security

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

Protecting Critical Infrastructure

The State-of-the-State of Control System Cyber Security

Bypassing Network Access Control Systems

Critical Security Controls

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Introduction to Wireless Sensor Network Security

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

GE Measurement & Control. Cyber Security for NEI 08-09

SCADA SYSTEMS AND SECURITY WHITEPAPER

White Paper. Enhancing Website Security with Algorithm Agility

CDM Hardware Asset Management (HWAM) Capability

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

Securing Distribution Automation

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

External Supplier Control Requirements

Energy Cybersecurity Regulatory Brief

Active Learning with the CyberCIEGE Video Game

Enterprise Cybersecurity: Building an Effective Defense

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

Best Practices For Department Server and Enterprise System Checklist

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

New Era in Cyber Security. Technology Development

Data Security Concerns for the Electric Grid

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection

Critical Controls for Cyber Security.

Transcription:

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly

Why is cyber security important for the smart grid? Why is it so hard? What are the general principles applied? Research Activities

Security analysis is always based on risk management: What do I have that is valuable (assets) Who wants to attack them and why (threats) How can they do it (vulnerabilities) Security decisions are based on understanding the damage that can be done to the assets, the likelihood of the attacks, and the cost of protecting the vulnerable points

Assets: The ability to deliver electric power to customers reliably Grid elements (generation, transmission ) Accurate billing Threats: Terrorists, war time enemies, hackers, want to block he delivery of electric power Customers want to change their bills

This is the game changer compared to, say, 20 years ago: Networking of grid control elements, connecting smart meters in customer premises, tying in corporate billing systems, etc. means that the smart grid can potentially be attacked remotely, without any physical presence, as was needed in the past

Cyber Security is very hard in general! Legacy controllers, networks Fragile security, built to run on private data links, 24/7 (hard to update, patch), real time requirements (security, crypto may impact timing) Will legacy components still be in smart grids? Control nets run over (or tunneled though) public networks (attack channel, or subject to broader disruption)

Different vendors with different interface standards, approaches to security, proprietary (hidden) methods Security is a system issue, not a component issue Smart Grid specifics: Business processes & systems an essential part of smart grid (no isolation for control systems) Smart meters on customer premises, possibly routed over customer site networks (called hostile territory in military systems) Cost tradeoffs (development, deployment, management)

Best Practices for Cyber Security (NIST, many others) Best Practices for Control Systems & Grid Security (DHS, NERC CIP standards, NIST Draft NISTIR 7628, etc.) These are processes for developing secure systems, not cookbook answers! Security is a system issue what are the pieces and how do they work together Security is a moving target

Build in security at the system design phase, based on a careful risk analysis Carefully control all interfaces/access to the control networks Standardized, simplified interfaces, protocols, processes (complexity breeds vulnerabilities) Security will fail: Defense in Depth! New attacks and vulnerabilities will be developed security is a continuous process, not a point solution

US Government: DHS, INL, NIST, etc. Foreign Governments Industry Consortia Universities, I3P (industry, universities) Two Relevant Research Projects at NYU-Poly Trusted Platforms: A hardware basis for trusting software, grid element identity, and actions INFER when the defenses have failed

Cybersecurity of the Smart Grid is a significant challenge, but is a critical to the success of smart grid deployments Grid security is a major area of research A high degree of cybersecurity can be attained by integrating the results of this research with a process to include security as a key design parameter for smart grid systems, and a process to maintain security through the life of the system

What do you do when defenses fail and some node in your network has been compromised? Standard approaches to intrusion detection are based on Signatures (attacks that look just like prior attacks) Anomalies (we never saw that before, so we better investigate) Straightforward bad behavior INFER looks for a pattern of more subtle symptoms of a compromised host Used as a last line of defense when other tools have failed

Based on passive monitoring of network traffic at routers ( drop in deployment) Not on any grid elements no need to change/update them, even legacy elements Does not change any network traffic at all no effect on real time needs, etc. Not observable to attackers, so they cannot subvert it Prototype successfully deployed on general purpose university, government, and corporate networks. Knowledge of traffic patterns on smart grid nets will enable a more precise set of symptoms to be developed

Sample Threats An attacker runs a program that shuts down the grid. A consumer changes the billing records. Install malicious programs on grid elements Approach Use tamper-proof hardware (TPM) that only runs approved, trusted programs Store integrity and authenticity measurements in the tamperproof storage on the TPM Measure and verify measurements using crypto in the TPM Verify integrity, authenticity of everything TPM communicates using crypto.

Crypto Processor RNG RSA key gen. SHA-1 Signature engine Non-volatile memory Endorsement key Storage root key Volatile memory PCRs Attestation keys Storage keys Supports: Remote attestation, data sealing, and binding Remote Attestation Proving to you (the challenger) that I (the attester) run legitimate programs Data Sealing Protected data is sealed to a specific (TPM) platform and a particular grid element configuration. 15

Public part of AIK signed by the TPM s EK Request attestation Certificate Authority (Cert[AIK]) CA Sign PCR values with AIK and forward the certificate Certificate for AIK signed by CA (PCRs) AIK,Log, (Cert [AIK]) CA 16

Low cost and can be deployed and queried remotely Prototypes successfully tested on different application scenarios Redesign smart grid elements (smart meters, grid sensor platforms and grid control elements) Deployment in pilot studies will uncover practical kinks

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information