How to protect the substations from physical or cyber intrusion IEEE T&D 2014 Chicago
2 Substations represent a critical element of the national infrastructure aimed at the security and wellness of the population.
Presenters Overview of standards related to cyber security Marc Lacroix Substation physical security standard Craig Preuss Development of IEEE PC 37-240 Mike Dood Introduction to Lemnos - Scott D. Sternfeld
Objectives Presentation of major threats, physical or virtual, that may impact the integrity of the substation. Introduction to recent development of standards, intended to mitigate such threats, will be presented. Share their experience in the implementation of mitigation approaches. Future standards development, such as Lemnos, will be described.
Overview of standards related to cyber security Marc Lacroix - Vizimax inc.
Complexity of Power Systems Ref: IEC 62351-10
Office/Power System Security Requirements Ref: IEC 62351-10
Mapping of Security Standards Ref: IEC 62351-10
9 ISO 27001 Information technology Security techniques Information security management systems Requirements specifies a set of information security management requirements designed to be used for certification purposes.
10 IEEE 1686 The standard defines functions and features that must be provided in substation intelligent electronic devices to accommodate critical infrastructure protection programs. It addresses security in terms of access, operation, configuration, firmware revision, and data retrieval from IEDs.
ISA99 11
12 CIGRE D22.2 Treatment of Information Security for Electric Power Utilities Risk Assessment of Information and Communication Systems Security Frameworks for Electric Power Utilities Security Technologies Guideline
13 NIST 800-53 Recommended Security Controls for Federal Information Systems Provides guidelines for selecting and specifying technical and organizational security controls and connected processes for information systems supporting the executive agencies of the federal government to meet the requirements of FIPS 200
NERC CIP CIP Title / Content 001 002 003 004 005 006 007 008 009 010 011 Sabotage Reporting Reporting disturbances or unusual occurrences, suspected or determined to be caused by sabotage to appropriate authorities Critical Cyber Asset Identification Identification and documentation of Critical Cyber Assets using risk-based assessment methodologies Security Management Controls Documentation and implementation of Cyber Security Policy reflecting commitment and ability to secure Critical Cyber Assets Personnel and Training Maintenance and documentation of security awareness programs to ensure personnel knowledge on proven security practices Electronic Security Protection Identification and protection of Electronic Security Perimeters and their access points surrounding Critical Cyber Assets Physical Security Program Creation and maintenance of physical security controls, including processes, tools, and procedures to monitor perimeter access Systems Security Management Definition and maintenance of methods, procedures, and processes to secure Cyber Assets within the Electronic Security Perimeter to do not adversely affect existing Cyber Security Controls. Incident Reporting & Response Planning Development and maintenance of a Cyber Security Incident response plan that addresses classification, response actions and reporting Recovery Plans for Critical Cyber Assets Creation and review of recovery plans for Critical Cyber Assets Bulk Electrical System Cyber System Categorization (draft) Categorization of BES systems that execute or enable functions essential to reliable operation of the BES into three different classes. Bulk Electrical System Cyber System Protection (draft) Mapping of security requirements to BES system categories defined in CIP-010
15 62351 IEC 62351 Definition of Security Services Standardization Status Part 1 Introduction and overview Technical Specifications Part 2 Glossary of terms Technical Specifications Part 3 Profiles Including TCP/IP Technical Specifications Part 4 Profiles Including MMS Technical Specifications Part 5 Security for IEC 60870-5 and Derivatives Technical Specifications
16 62351 IEC 62351 Definition of Security Services Standardization Status Part 6 Security for IEC 61850 Technical Specifications Part 7 Part 8 Part 9 Network and system management (NSM) data object models Role-Based Access Control for Power systems management Data and Communication Security - Key Management Technical Specifications Technical Specifications In preparation Part 10 Security architecture guidelines Technical Specifications Part 11 Security for XML Documents In preparation
Mapping of IEC 62351 to protocols Ref: IEC 62351-10
Cyber Security Categories 18
Countermeasures 19
20
21
22
23
24
25 Security Domains Security Domain Required Protection Level Applies to Public Low Assets, supporting the communication over public networks Corporate Medium Assets, supporting the business operation with baseline security not essential to the power system reliability and availability Business Critical System Operation Critical High Very high Assets, supporting the critical operation, which are not critical to power system reliability and availability. Assets directly related to the availability and reliability of power generation and distribution infrastructure Example Systems 3 rd party networks, Internet Office level business network Finance network, human resource systems, ERP systems Control systems, SCADA networks
Mapping of Security Domains Ref: IEC 62351-10