Cyber Security for DER, ADR, and AMI

Similar documents
Cyber Security for DER Systems

Cyber Security and Privacy - Program 183

Risk Management in Practice A Guide for the Electric Sector

future data and infrastructure

Consulting International

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios

Cybersecurity Risk Assessment in Smart Grids

Steve Lusk Alex Amirnovin Tim Collins

Understanding SCADA System Security Vulnerabilities

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Development of a Conceptual Reference Model for Micro Energy Grid

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

THE FUTURE OF SMART GRID COMMUNICATIONS

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Smart Inverters Smart Grid Information Sharing Webcast

Security Threats in Demo Steinkjer

Defending Against Data Beaches: Internal Controls for Cybersecurity

Preparing for Distributed Energy Resources

Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Big Data, Big Risk, Big Rewards. Hussein Syed

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Security Management. Keeping the IT Security Administrator Busy

SANS Top 20 Critical Controls for Effective Cyber Defense

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens

Goals. Understanding security testing

Four Top Emagined Security Services

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

N-Dimension Solutions Cyber Security for Utilities

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Security Controls What Works. Southside Virginia Community College: Security Awareness

How Much Cyber Security is Enough?

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE

TRIPWIRE NERC SOLUTION SUITE

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure

Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security

External Supplier Control Requirements

Facilitated Self-Evaluation v1.0

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Practical Steps To Securing Process Control Networks

Protecting Organizations from Cyber Attack

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

IEEE Smart Grid Series of Standards IEEE 2030 TM (Interoperability) and IEEE 1547 TM (Interconnection) Status. #GridInterop

Security Issues in Cloud Computing

Security Issues in SCADA Networks

OEB Smart Grid Advisory Committee

Data Security Concerns for the Electric Grid

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

The Importance of Cybersecurity Monitoring for Utilities

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

THE TOP 4 CONTROLS.

Attachment A. Identification of Risks/Cybersecurity Governance

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

Critical Controls for Cyber Security.

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

Smart Grid Security: A Look to the Future

Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Guide to Developing a Cyber Security and Risk Mitigation Plan

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

1. Summary. electric grid, strengthen saving programs sponsored by utilities. The project

Information Security Organizations trends are becoming increasingly reliant upon information technology in

Information Security Services

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Industrial Control Systems Security Guide

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Integrating the customer experience through unifying software - The Microsoft Vision

Cyber security measures in protection and control IEDs

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

Cyber Security Risk Mitigation Checklist

IEEE-Northwest Energy Systems Symposium (NWESS)

Cyber Security Seminar KTH

Cybersecurity and internal audit. August 15, 2014

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

Flexible Plug & Play Smart grid cyber security design and framework. Tim Manandhar

Transcription:

Cyber Security for DER, ADR, and AMI EPRI Seminar: Integrated Grid Concept and Technology Development Tokyo Japan, August 20, 2015 Galen Rasche, Senior Program Manager, Cyber Security

Agenda Security Trends and Challenges Failure Scenarios for DER, ADR, and AMI Identifying Cyber Security Requirements 2

Security Trends and Challenges 3

The Landscape Most new generation connecting at grid edge The edge is the distribution system Distribution has least amount of utility visibility/control Distributed Energy Resources (DER) Combined Heat & Power Demand Response Home Energy Rooftop Solar Energy Storage Electric Vehicles Large-Scale Solar 4

Trends Impacting Security Changing regulation Attacks from nation states and terrorist organizations Connections with more business players Reliance on external communications Increased capability of field equipment 5

Threat Model Adversaries with intent Insiders or outsiders, groups or individuals Failure in people, processes, and technology, including human error Threat Agents Economic Criminals Malicious Criminals Recreational Criminals Loss of resources, in particular key employees or communications infrastructure Accidents Natural hazards as they impact cyber security Activist Groups Terrorists Hazards 6

Failure Scenarios for DER, ADR, and AMI 7

National Electric Sector Cybersecurity Organization Resource: Failure Scenario Report Includes malicious and non-malicious events Format: Failure scenario description Relevant vulnerabilities Impact to grid operations Potential mitigations NESCOR report includes many smart grid scenarios: AMI: 32 scenarios DER: 25 scenarios ADR: 7 scenarios Distribution grid management: 16 scenarios Electric Sector Failure Scenarios and Impact Analyses 8

Failure Scenarios - Continued Provide structure for modeling threats and indicators of compromise Can be leveraged as part of a risk assessment process Support cyber security tabletop exercises High-level - must be tailored to each organization 9

DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Description A threat agent unintentionally or maliciously modifies the DRAS configuration to send (or not send) DR messages at incorrect times and to incorrect devices. This could deliver a wrong, but seemingly legitimate set of messages to the customer system. Assumptions DRAS issues a DR message when receiving DR event information in the following ways: (1) Business Logic feeds DR event to DRAS automatically based on its analysis; (2) Authorized manager manually generates and feeds DR event to DRAS through management GUI. 10

DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Utility Boundary Business Logic DR data (subscribers, etc.) DR event Database DRAS DR message Subscribers (DR Client) Graphical User Interface (GUI) DR event Related Architecture Internet Authorized Manager 11

DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages (3/4) 12 Threat Agent Gains Access to Network that hosts Business Logic system 13 Threat Agent Obtains Legitimate Credentials for Business Logic system 14 Threat agent misconfigures Business Logic to feed unauthorized DR event to DRAS 15 Threat agent creates unauthorized DR event via DRAS GUI 3 4 Threat agent misconfigures DRAS to generate unauthorized DR event DRAS host is compromised by malware 5 Unintended DR event is injected into DRAS 6 Unintended DR message is sent out to DR Client Client receives unintended DR message may continue operating at peak demand or curtails energy loads No immediate detection; Delayed diagnosis Possible peak energy demand; loss of public confidence

DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Potential Mitigations 1 - See common sub tree Threat Agent Gains Access to Network <specific network> 2 - See common sub tree Threat Agent Obtains Legitimate Credentials for <system or function> 3 - Generate alerts on changes to configurations on DRAS; Detect unauthorized configuration changes; Create audit log of DR messages generated; Require second-level authentication to change configuration 5, 6 - Validate inputs, specifically the reasonableness of DR event 7 - See common sub tree Threat Agent Finds Firewall Gap 8 - See common sub tree Authorized Employee Brings Malware into <system or network> 9, 11 - Require application whitelisting 11 - Conduct penetration testing; Perform security testing; Maintain patches in DRAS host; Maintain anti-virus 13

DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Potential Mitigations (2) 13 - See common sub tree Threat Agent Obtains Legitimate Credentials for <system or function> 14 - Use RBAC to limit generation of DR event; Generate alerts on changes to configurations on Business Logic; Detect unauthorized configuration changes; Create audit log of DR events generated 15 - Create audit log of DR events generated; Generate alarm on unexpected DR event generation 18 - Maintain patches in DRAS GUI host; Maintain anti-virus; Detect unauthorized connections to DRAS GUI; Restrict Internet access to DRAS GUI 14

Identifying Cyber Security Requirements 15

Hierarchical DER System Five-Level Architecture, in SGAM Format Level 5: Transmission and Market Interactions Distribution Energy Market Clearinghouse Transmission Energy Market Clearinghouse Level 4: Distribution Utility Operational Analysis and Control for Grid Operations System to Manage Demand Response (DR) Pricing Signals Market information Retail Energy Market Clearinghouse Retail Energy Provider (REP) and/ or DER Aggregator Market ISO/RTO/TSO Balancing Authority Geographic Information System (GIS) Outage System (OMS) Distribution System (DMS) Demand Response (DR) System Enterprise Energy System (EMS) Transmission Bus Load Model (TBLM) Utility WAN/LAN DER System (DERMS) DER SCADA System for Control & Monitoring Level 3: Utility and REP Information & Communications (ICT) REP DER & Load System Operation Level 2: Facilities DER Energy System (FDEMS) IEC 61850 over ModBus or SEP 2 IEC 61850 over DNP3 Facilities DER and Load Energy System Market information in OpenADR Facilities Site WAN/LAN Station Facilities DER Energy Systems (FDEMS) Facilities DER Energy Systems (FDEMS) Facilities Load Meter and Utility Grid PCC Level 1: Autonomous cyber-physical DER systems IEC 61850 over ModBus PV Controller PV Equipment Electric Vehicle Supply Equipment Electric Vehicle Battery Storage Controller Battery Diesel Controller Diesel Generator Facilities Site Loads Field Process Circuit breaker ECP ECP ECP ECP 16 Transmission Distribution Distributed Energy Resources (DER) Customer Premises

NIST Interagency Report (NISTIR) 7628, Guidelines for Smart Grid Cyber Security What it IS May be used as a guideline to evaluate the overall cyber security risks to a Smart Grid system Each organization must develop its own cyber security strategy (including a risk assessment methodology) for the Smart Grid What it IS NOT It does not prescribe particular solutions It is not mandatory Version 1.0 Rev 1 published September 2014 http://nvlpubs.nist.gov/nistpubs/ir/2014/nist.ir.7628r1.pdf 17

Risk Assessment using NISTIR 7628 Initial Phase Step 1 Identify the systems and assets Include all assets not just critical cyber assets Step 2 Specify preliminary confidentiality, integrity, and availability objectives Identify system criticality Preliminary identification of threats and impacts (consequences) Step 3 Perform a preliminary risk assessment Define security requirements Overall business assessment 18

DER Logical Reference Model Extended/Modified from the NISTIR 7628 Spaghetti Diagram 25 - Distributed Generation & Storage (DERMS) D01 36 -Outage System (OMS) 17 - Geographic Information System (GIS) U65 U27 D07 D02 32 - Load System / Demand- Response System (LM/DR) D06 29a - DER SCADA U56 U9 D04 27 - Distribution System (DMS) D05 U11 U102 U106 31 - ISO/RTO Operations U58 U52 D03 5 - Customer Energy System (CDEMS) U62 19 - Energy Market Clearinghouse U57 U20 41a - Retail Energy Provider (REP) U45 Transmission Bulk Generation Markets Domain Color Key Operations Service Providers Distribution Customer 4a - DER System Controller 4b DER Device D08 6a - Electric Vehicle Service Element (EVSE) 6b - Electric Vehicle (EV) D09 19

Hierarchical DER Architecture Mapped to the NISTIR 7628 Level 5: Transmission Operations 19 - Energy Market Clearinghouse Multi-Level Hierarchical DER Architecture D06 Level 4: Distribution Utility DER Operational Analysis D01 U58 U20 25 - Distributed Generation & Storage (DERMS) D02 27 - Distribution System (DMS) U102 17 - Geographic Information System (GIS) D07 31 - ISO/RTO Operations 30 - Energy System D04 U87 U27 U11 U52 41a - Retail Energy Provider (REP) Level 3: Utility and REP DER Information and Communications Technology (ICT) U92 U56 D05 U65 29a - DER SCADA D03 U9 36 -Outage System (OMS) 32 - Load System / Demand- Response System (LM/DR) U106 Level 2: Facilities DER Energy (FDEMS) 5 - Facilities Energy System (FDEMS) Level 1: Autonomous DER Generation and Storage 4a - DER System Controller U45 D08 U62 6a - Electric Vehicle Supply Equipment (EVSE) D09 Utility Grid Meter and PCC 4b DER Device 6b - Electric Vehicle (EV) Customer Site Load 20

NISTIR 7628 Preliminary Security Objectives 21

Risk Assessment using NISTIR 7628 Acquisition/Development Phase Step 4 Detailed system design Identify interfaces and interconnected systems Tailor the NISTIR 7628 diagrams Step 5 - Detailed risk assessment Expand upon initial risk assessment More detailed threat and impact assessment Vulnerability assessment Define system level risks 22

EPRI Cyber Security Resources Electric Sector Failure Scenarios and Impact Analyses Analysis of Selected Electric Sector High Risk Failure Scenarios Guidelines for Leveraging NESCOR Failure Scenarios in Cyber Security Tabletop Exercises Integrating Electricity Subsector Failure Scenarios into a Risk Assessment Methodology Cyber Security for DER Systems NESCOR Guide to Penetration Testing for Electric Utilities Cyber Security Strategy Guidance for the Electric Sector 23

Moving Forward Cyber security supports both the reliability and privacy of the Smart Grid Address interconnected systems both IT and control systems Cyber security needs to be addressed in all systems, not just critical assets Augment existing protection controls, as applicable Continuously monitor and assess the security status Acknowledge will be some security breaches Focus on response and recovery Fail secure Address both safety and security 24

Questions 25

Together Shaping the Future of Electricity 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information