Data Security Concerns for the Electric Grid

Similar documents
External Supplier Control Requirements

Security Issues with Integrated Smart Buildings

Information Technology Security Review April 16, 2012

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

HIPAA Security Alert

Managing IT Security with Penetration Testing

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Cyber Security Response to Physical Security Breaches

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

93% of large organisations and 76% of small businesses

What is Really Needed to Secure the Internet of Things?

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

External Supplier Control Requirements

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Cyber Security Metrics Dashboards & Analytics

PCI DSS Requirements - Security Controls and Processes

G-Cloud Definition of Services Security Penetration Testing

Privacy + Security + Integrity

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

IBM Managed Security Services Vulnerability Scanning:

Document ID. Cyber security for substation automation products and systems

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Critical Controls for Cyber Security.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

The Importance of Cybersecurity Monitoring for Utilities

IQware's Approach to Software and IT security Issues

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Mobile Devices and Malicious Code Attack Prevention

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

How To Create An Intelligent Infrastructure Solution

Summary of CIP Version 5 Standards

Security Controls for the Autodesk 360 Managed Services

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cyber Security and Privacy - Program 183

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Preemptive security solutions for healthcare

ALERT LOGIC FOR HIPAA COMPLIANCE

DeltaV System Cyber-Security

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Stay ahead of insiderthreats with predictive,intelligent security

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

FREQUENTLY ASKED QUESTIONS

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

SUPPLIER SECURITY STANDARD

Bellevue University Cybersecurity Programs & Courses

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Becoming PCI Compliant

Deterrent and detection of smart grid meter tampering and theft of electricity, water, or gas

90% of data breaches are caused by software vulnerabilities.

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

Compliance Risk Management IT Governance Assurance

Guide to Vulnerability Management for Small Companies

The Internet of Things (IoT) Opportunities and Risks

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

NERC CIP VERSION 5 COMPLIANCE

Five keys to a more secure data environment

Cisco Advanced Malware Protection

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

Security Management. Keeping the IT Security Administrator Busy

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

How To Manage Security On A Networked Computer System

SECURITY CONSIDERATIONS FOR LAW FIRMS

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Security in the smart grid

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Wireless Network Security

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Transcription:

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical asset that must be secured against potential attacks of all kinds. Measures providing for the physical protection of power generation plants and major control centers are commonplace. These measures include advanced defense mechanisms that monitor facility perimeters for possible intrusion and identity management systems that prevent or limit employee and visitor access. At the same time, the growing use of smart grid technologies to improve operating efficiencies and reduce consumption costs introduces new types of security concerns for the electric grid. Information technology and communications systems and devices now monitor and control energy production, distribution and use, but also allow digital and network access to otherwise physically secure facilities. Although largely unseen, these logical access points are just as vulnerable as physical barriers to attack or other malignant activity that could compromise, interrupt or destroy energy production or distribution. For now, the potential impact of a power outage due to a cyber attack can perhaps best be measured by power system failures attributable to other causes. For example, an August 2003 power outage caused by a high voltage power line in Ohio that came in contact with tree branches left as many as 50 million Americans in the dark for as long as two days and cost an estimated $6 billion 1. Some industry experts have estimated that Internet-based terrorists launching a cyber attack on the power grid infrastructure could be capable of causing blackouts lasting as long as nine to 18 months, with an incalculable financial toll 2. Therefore, the protection of the modern power infrastructure requires protective equipment and security mechanisms that can provide continuous protection through constant learning and adaptation. This UL white paper discusses some of the key vulnerabilities of the logical and physical access points in the power grid infrastructure, as well as the technologies and mechanisms currently available to reduce cyber security risks. Specific risk-reduction measures discussed include biometrics, intrusion detection, video management systems and analytics, network penetration testing, security audits and assessments and intrusion prevention and detection measures. page 2

Security Concerns Regarding Smart Grid Technology A recent survey of network managers at 21 energy companies conducted on behalf of Bloomberg Government found that companies spend an average of $45.8 million a year on computer security, but are able to prevent only 69% of known cyber attacks against their power systems. The survey also estimates that it would take an average annual cyber security budget of $344.6 million to stop 95% of cyber threats 3. Given the enormous expenditures involved, and the odds of success, what are the critical smart grid cyber security concerns that warrant the greatest attention? These vulnerabilities are typically traced to one of the following six areas: 1 Design vulnerabilities in commercial off-the-shelf products: Smart grid products currently being delivered for use in today s power grid infrastructure are not being designed with security as a specific function. 2 Implementation vulnerabilities in use of technology products: As a result of their implementation, technology products can create security vulnerabilities in an otherwise secure infrastructure. 3 Secure communications: Smart grid products often operate via media, including wired, wireless or Internet-based communications technologies, that are susceptible to tampering or eavesdropping, and do not provide for secure communications from one device or system to another. 4 External infrastructure attacks: Any system that is exposed to elements outside of the infrastructure is vulnerable to external threats. External threats include physical intrusions by unauthorized parties. 5 Internal infrastructure attacks: Attacks can also occur on systems that are internal to an infrastructure that has been deemed safe or protected. 6 Availability and integrity: By its very nature, a reliable power grid is always available, making it more susceptible to security threats over time. Figure 1: Smart grid security concerns Known Design Vulnerabilities in Commercial Products Commercial off-the-shelf products typically use common technologies that have both known and unknown design security vulnerabilities. Although the introduction of such vulnerabilities through the design process is mostly unintentional, manufacturers must have procedures in place to test for and identify such vulnerabilities, and to address them as soon as possible after their discovery. Procedures could include the implementation of software patches that address such vulnerabilities. However, patches should be evaluated to determine that they do not create new vulnerabilities or undo previously applied fixes. Addressing known design vulnerabilities in control system equipment requires a different approach than addressing issues found in other types of equipment, such as information technology (IT) equipment operating in an IT environment. Any remedy designed to address control system vulnerabilities must account for the unique uptime requirements of such equipment. Individual consideration should also be given to standard IT systems that are used to manage control system software or back office operations. These systems, which typically fall under an organization s IT security policies, also need to be considered as part of any patch management strategy. Manufacturers of control system equipment should also have a mechanism page 3

in place to identify known vulnerabilities in equipment that has already been deployed, as well as a plan to address vulnerable equipment on the market. In the U.S., the Industrial Control Systems Joint Working Group (ICSJWG) under the Department of Homeland Security (DHS) addresses these and other issues under the scope of its work. Finally, power utilities and system operators must remain vigilant for any information from equipment manufacturers and other sources about potential design vulnerabilities, and have plans in place for dealing with potential events related to those vulnerabilities. Often, so-called zero-day exploits attempt to take advantage of a vulnerability within a technology before the manufacturer has an opportunity to address it. Anticipating the possibility of such events, and developing contingency plans to minimize their impact, can reduce overall risk. Unknown Vulnerabilities The effort to address known vulnerabilities is an important first step in strengthening the security of the power grid infrastructure. But how does a manufacturer evaluate products for unknown vulnerabilities? One of the most common software vulnerability tests is called fuzz testing or exception testing, which involves observing the behavior of a device that has received malformed and invalid data. Product defects or vulnerabilities uncovered through this type of testing, such as memory leaks and buffer overflows, can render a product susceptible to intrusion, and are often a first line of attack. Although fuzz testing takes time, it provides an important measure of the overall robustness of a device or system. In addition, the execution of common vulnerability tests that are public knowledge can also identify unknown vulnerabilities. For example, a denial of service attack is common, and any new product should be tested for its vulnerability to such an attack before being deployed. Another approach that can be used to identify unknown vulnerabilities with a product is to examine similar devices or equipment and to assess the known vulnerabilities with those products. For example, a manufacturer of a wireless base station used for communications can evaluate wireless base stations produced by other manufacturers using the same technology, and assess the known vulnerabilities already found in those products. The investigation of known vulnerabilities in similar products, or products using similar technologies, can often provide clues about potential unknown vulnerabilities in new products. Although these and other vulnerabilities tests and assessments are important, addressing security concerns as an essential part of the product design process should be the priority. Indeed, evaluating and addressing potential vulnerabilities during the product design phase can be the most efficient and cost-effective method for dealing with security issues in the long term. IEC 62443, Industrial communication networks Network and system security, is a set of standards dealing with security in the system control environment. IEC 62443-2-4 includes a security review of the manufacturer s development environment that can help address security issues at the design stage. Implementation Vulnerabilities Most products and software available today offer features that can create security flaws when either enabled or disabled. The deployment of multiple devices, computers and software, each with numerous configurations options, can create a fertile environment for major security vulnerabilities. There are a number of ways to mitigate security risks associated with implementation. For example, standard password rules should always be employed, and default or factory passwords should always be changed. Any software that is not essential to perform the required function should be disabled or removed from a system altogether. These and other simple measures can address security vulnerabilities related to the implementation of products. In addition to these measures, power system operators can also conduct independent security assessments. These assessments can include network penetration testing, penetration testing of specific vendor equipment, and a review of audit logs and security policies. Whether conducted by internal resources or by qualified, third-party experts, such security assessments can identify deficiencies in the implementation of products and software and provide the information required to strengthen system defenses. page 4

Secure Communications Communications with the power grid infrastructure by means of public, non-dedicated media, including wired, wireless and Internet-based communications, are susceptible to eavesdropping and tampering. Therefore, the encryption of communications is essential to ensure overall security, and is one of the most important tools being deployed today. Although encryption of low-bandwidth communications can present a challenge for older, existing systems, the higher bandwidth communications available with smart grid technologies makes encryption a viable option for many system operators. The large number of potential communications connection points in a distributed network within the power grid infrastructure creates unique encryption challenges. Accordingly, public key infrastructure (PKI) cryptography is being deployed to address those security concerns. PKI provides the ability to secure communications channels and also offers safeguards against compromised systems if the keys used within PKI are lost or discovered by unauthorized parties. With PKI cryptography, power system operators can network large numbers of individual points in their transmission and distribution systems and manage those points individually. In developing new products for power production and distribution systems, manufacturers should use public cryptography standards that have been independently validated. Products should also be tested and validated to determine whether the cryptography technologies meet the requirements of the applicable standard and have been correctly implemented. A cryptography algorithm is only as secure as its design and implementation and any deviation from the requirements can significantly reduce its security and effectiveness. Manufacturers can address this concern by validating the implementation of their cryptography algorithms. Both the U.S. and Japan have government programs for evaluating cryptography algorithms. The U.S. National Institute of Standards and Technology (NIST) and Japan s Information Technology Promotion Agency (IPA) test and certify products to published and established cryptography standards. An evaluation and certification by an independent third-party such as UL can help to address potential security issues in an implementation by a manufacturer, and provide power system operators with assurances regarding the security of the products they purchase. External Infrastructure Attacks Exposed, non-secure equipment presents the greatest opportunity for malicious activity and an entry into a power grid s transmission and distribution network. Unprotected equipment provides a potential attacker with easy access and the ability to conduct almost any type of intrusion. Therefore, physically and logically securing access to equipment is paramount. Restricting physical access to facilities is commonplace in most power system operations. But outside equipment and remote substation areas typically involve some physical access control. Equipment can be enclosed in rugged, page 5

tamper-resitant containers which sound an alarm when tampered with. Key access for fences and doors leading to substations is a given. Radio frequency identification (RFID) tags can also be used for personnel requiring scheduled access. Video surveillance techniques have become more widely used during the past ten years as costs have been reduced, and can track movement in the vicinity of the equipment, detecting a potential physical attack. In addition to video techniques, automated perimeter sensor detection with reporting capabilities can be used to identify sanctioned versus unsanctioned visits, and can provide forensic evidence. Strong logical access to equipment is also important. Passwords useable by service personnel for limited periods of time can help to control logical access. Standard IT systems schemes, such as firewalls and intrusion detection and prevention systems, can add to infrastructure security from outside attacks. Advances in these areas have increased the ability to identify and repel industrial control system attacks. Further, these systems can also be used to support a controlled patch management system of control system software and intelligent equipment devices firmware. Protecting network access to these devices and software can alleviate the need to immediately patch and remediate vulnerabilities that can affect the uptime of the system. Manufacturers of these types of security systems are continually adding new capabilities to defend against industrial control equipment attacks. Internal Infrastructure Attacks The security provided by strong defenses against external attacks often leads to a sense of complacency regarding security risks from the inside. Nevertheless, internal vulnerabilities warrant special attention precisely because they are frequently created by seemingly innocent actions, such as opening an email with malicious software. Internally generated attacks like these can easily compromise the most sophisticated security deployed against external threats. System protection mechanisms that restrict what employees can or cannot do are vitally important in protecting against internal attacks. For example, the practice of whitelisting a computer allows employees to use only certain functions while disabling others, thereby preventing intentional or inadvertent malicious activity. There are also advance data loss prevention techniques that track all data moving across a system, from source to destination, both internally and externally. The process of vetting employees, visitors and contractors for access to sensitive areas should also be reviewed, along with systems for providing authorized access. Access technology based on biometrics is becoming less and less expensive, and eye, facial and finger recognition can now be accomplished with simple cameras and fingerprint capture devices combined with commercially available software. When such systems are connected to a well-planned access control and incident management system, a facility can use analytic software to uncover access anomalies and identify possible security breaches. Availability and Integrity A power production or distribution facility needs to provide continuous power as reliably as possible. As such, security issues that have the potential to interfere with that objective must be evaluated as a potential risk facing manufacturers and operators. To mitigate that risk, secure and resilient products and services must be available. Security policies and procedures must be standardized, implemented, reviewed and audited. And security risks must be continuously reassessed so that the level of protection remains consistent with the threat. page 6

Conclusion The security concerns discussed here represent the key risks of unwanted intrusions and attacks that can affect the reliability of the power grid infrastructure, and are of special importance to operators of power transmission and distribution systems incorporating smart grid technologies. There are a number of actions that manufacturers and operators can take to mitigate these concerns, including the implementation of tested and secure technologies, adopting policies and procedures to address potential security concerns, and regular auditing of actual risk to ensure that security measures are adequate. By taking these steps, manufacturers and operators can better achieve the goal of providing reliable, uninterrupted power to their customers, and support continued economic growth and development. For further information about this white paper, contact Ken Modeste, principal engineer, security and global communications, at Ken.Modeste@ul.com. THIS WHITE PAPER IS FOR GENERAL INFORMATION PURPOSES ONLY AND IS NOT INTENDED TO CONVEY LEGAL OR OTHER PROFESSIONAL ADVICE. 1 The 2003 Northeast Blackout Five Years Later, Scientific American. 13 Aug. 2008. Web. 8 Apr. 2012. http://www.scientificamerican.com/article.cfm?id=2003-blackout-five-years-later 2 Power-Grid Cyber Attack Seen Leaving Millions in Dark for Months, Bloomberg News. 1 Feb. 2012. Web. 8 Apr. 2012. http://www.bloomberg.com/news/2012-02-01/cyber-attack-on-u-s-power-grid-seen-leaving-millions-in-dark-for-months.html 3 Power-Grid Cyber Attack Seen Leaving Millions in Dark for Months, Bloomberg News. 1 Feb. 2012. Web. 8 Apr. 2012. http://www.bloomberg.com/news/2012-02-01/cyber-attack-on-u-s-power-grid-seen-leaving-millions-in-dark-for-months.html UL and the UL logo are trademarks of UL LLC 2012. No part of this document may be copied or distributed without the prior written consent of UL LLC 2012. page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information