Upload
john-chowdhury
View
102
Download
0
Embed Size (px)
DESCRIPTION
The presentation outlines the current regulations, threats and issues with Smart Grid security and how to mitigate the risk.
Citation preview
Utility of the Future Seriesintroducing
Smart Grid Security & Reliability
What You Need to Know – February, 2012 John Chowdhury
© 2012 Smarterutility.com | Not to be reproduced without permission Page: 2
John Chowdhury:• has been working in the Utility Industry for the last 23 years• His clients includes CenterPoint, San Diego Gas & Electric, APS, Southern California Edison, Vectren, TXU, NIPSCO to name a few
Objectives of SmarterUtility.com:• Create a Federated Knowledge Repository to take advantage of knowledge, regardless of where it is housed
• Support multiple channels from a single knowledge repository (Country‐State‐City‐Utility‐Regulator‐Partner‐Vendor‐etc.)
• Knowledge repository is based on the context and intent• To Leverage Subject Matter Experts to improve yoursuccess factors
• Adaptive Knowledge architecture that will support all yourneeds with a single repository and remain flexible tochange as needed
• Use the Adaptive Knowledge architecture to supportTransparency of knowledge, Cloud computing, Mobilepresentation, and Social use of knowledge with no additional changes
It’s about Success, and Knowledge Sharing
About the Author
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 3
Why you should consider this report
• Understand current security issues• Understand the reliability standards• How to develop a sustainable security and reliability process
• Approach to governance• Tips beyond planning
System vulnerabilities and threats are constantly changing
© 2012 Smarterutility.com | Not to be reproduced without permission Page: 4
Objective of This Research
A good framework can be start
Ultimate objectives of Smart Grid is to have interconnected critical power generation and distribution systems (intelligent supply and demand)
Defining, designing, implementing and managing Security should consider the overall objectives of Smart Grid
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 5
Security Concerns for Smart Grid
The security concerns of smart grid are numerous. For this presentation, we are assuming the SG/AMI encompasses Generation to Meter capabilities (or a subset of this process). Thus SG/AMI represents an extremely large network that touches many private networks and is designed for command and control in order to support FLISR, Volt/Var, Intelligence Switch, Remote Disconnect, Demand Response, Billing, and other features. Combined with a lack of industry‐accepted security standards, the smart grid represents significant risk to connected systems that are not adequately isolated. Specific security concerns include the following:
1. Smart meters are highly accessible and therefore require board‐ and chip‐level security in addition to network security2. Smart grid protocols vary widely in their inherent security and vulnerabilities3. Neighborhood, home, and business LANs can be used both as an ingress to the AMI, and as a target from the AMI4. Smart grids are ultimately interconnected with critical power generation and distribution systems (main focus of this presentation)5. Smart grids represent a target to private hackers (for financial gain or service theft) as well as to more sophisticated and serious attackers (for sociopolitical gain or cyber warfare)
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 6
Challenges Faced by Organizations
With rapid development and deployment of AMI and Smart Grid, security issues with ever increasing threat profiles, organizations faced with these challenges, organizations ask themselves:
– What are the potential security threats and vulnerabilities? – Are our Smart Grid security initiatives aligned with our business needs?– Are our Smart Grid vendors security implementation within their products
compliant with Federal Requirements and compatible with ours? – Are our Smart Grid security practices providing adequate assurance to meet
regulation or compliance agreements?– Are we perceived as a responsive and proactive organizationmeeting the
needs of our stakeholders, our customers, and trading partners?– Do our Smart Grid security controls align with industry‐related and
internationally accepted practices, standards and guidelines?– Are we aware of our security risks and are they being effectively managed?– Are we measuring the effectiveness of our Smart Grid security Investments?
Bottom Line…..Are We Secure?
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 7
Security and Sustainability ‐ New School Solutions
Old School New School Develops comprehensive,
sustainable, capable, and transforming processes
Recognizes opportunities to experimentally change processes and seeks to adapt
Develops Reliability, Cyber, Control System, IT in separate silos
Cling to safe, existing processes even when they are inadequate
Rely on past solution to solve today’s issues
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 8
Emerging Technologies in Smart Grid, introducing new opportunities for security breach
Security and Reliability: Standards and Regulations
NIST(DOE/DHS)
NERC / CIP
(under FERC)
NISPI
ISO‐27002ISA‐99
SECURITYTHREATS
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 9
NERC CIP ExplainedNERC CIPThe NERC CIP reliability standard identifies security measures for protecting critical infrastructure with the goal of ensuring the reliability of the bulk power system. Compliance is mandatory for any power generation facility, and fines for noncompliance can be steep. The CIP reliability standards consist of nine sections, each with its own requirements and measures. They are CIP‐001‐4—Sabotage Reporting. Requires that all disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.CIP‐002‐4—Critical Cyber Asset Identification. Requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be identified through the application of a risk‐based assessment.CIP‐003‐4—Security Management Controls. Requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets.CIP‐004‐4—Personnel and Training. Requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment, training, and security awareness.CIP‐005‐4—Electronic Security Perimeter(s). Requires the identification and protection of the Electronic Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points on the perimeter.CIP‐006‐4—Physical Security of Critical Cyber Assets. Ensures the implementation of a physical security program for the protection of Critical Cyber Assets.CIP‐007‐4—Systems Security Management. Requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (noncritical) Cyber Assets within the Electronic Security Perimeter(s).8CIP‐008‐4—Incident Reporting and Response Planning. Ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets.9CIP‐009‐4—Recovery Plans for Critical Cyber Assets. Ensures that recovery plan(s) are put in place for Critical Cyber Assets and that these plans follow established business continuity and disaster recovery techniques and practices
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 10
ISO 27002 Explained
ISO 27002 is a set of security recommendations published by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC), and may be referred to as ISO/IEC 27002 or ISO/IEC 27002:2005. ISO 27002 defines “Information technology—Security techniques—Code of practice for information security management,” and is not specific to industrial network security. ISO standards are widely used internationally and can be easily mapped to the recommendations of NIST, NRC, NERC, and others, as they consist of functional guidelines for:
1. Risk assessment 2. Security policy and management 3. Governance4. Asset management 5. Personnel security 6. Physical and environmental security 7. Communications and operations management 8. Access control9. Asset acquisition, development, and maintenance 10. Incident management 11. Business continuity management 12. Compliance
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 11
ISA‐99 ExplainedISA standard 99 (ISA‐99) is an industrial control security standard created by the International Society of Automation (ISA) to protect SCADA and process control systems. ISA‐99 offers varying security recommendations based on the physical and logical location of the systems being protected as well as their importance to the reliable operation of the system. In orderto accomplish this, ISA‐99 first attempts to classify functional areas of an industrial system into specific security levels andthen provides recommendations for separating these areas into “zones.” ISA‐99 also defines the interconnectedness of zones as well as how to enforce security. For utilities, the most public systems such as Internet or Internet‐facing systems within the business LAN would continue level 5, while the rest of the business LAN may map to level 4. Supervisory networks (i.e., the SCADA DMZ network) would represent level 3, and so on, with the actual “control system” (the SCADA networks, HMI systems, field devices, instrumentation and sensors) at level 0. ISA‐99 organizes security recommendations into seven foundational requirements and each foundational requirement consists of multiple system requirements (SRs).
FR1—Access Control (AC)FR2—Use Control (UC)FR3—Data Integrity (DI)FR4—Data Confidentiality (DC)FR5—Restrict Data Flow (RDF)FR6—Timely Response to an Event (TRE)FR7—Resource Availability (RA)
SR 1.1—IACS user identification and authenticationSR 1.2—Account managementSR 3.1—Communication integritySR 3.2—Malicious code protectionSR 3.3—Security functionality verificationSR 3.4—Software and information integritySR 4.3—Cryptographic key establishment and managementSR 5.1—Information flow enforcementSR 5.2—Application partitioningSR 5.4—Boundary protectionSR 7.1—Denial of service protectionSR 7.2—Management of network resourcesSR 7.6—Network and security configuration settings
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 12
NERC Compliance Monitoring Methods
Initiated by NERC and Regional Entities (Audits) 1. Periodic compliance audits 2. Post‐event investigations 3. Random spot‐checking or audits
NERC Approach
1. Completeness2. Clarity3. Practicality4. Commensurate with BES impact5. Reduce Administrative Overhead6. Minimize the Need for TFEs7. Leverage Investment in Current Standard
8. Looked at NIST and other frameworks for suggestions and guidance9. Preserved some existing components of CIP‐002 through CIP‐00910. Requirements adapted from the DHS Catalog of Control Systems Security (subset of NIST SP 800‐53)11. Includes directives from FERC Order 706
Initiated by Entities (Continuing Compliance) Self‐certification of compliance1. Periodic reporting of compliance data andstatistics
2. Exception reporting of compliance data andstatistics (post‐event)
3. Self‐reporting of non‐compliance4. Technical Feasibility Exceptions (TFEs)
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 13
NERC Proposed Changes
• A discrete set of one or more programmable electronic devices organized for the collection, storage, processing, maintenance, use, sharing, communication, disposition, or display of data.
Cyber System
• A Cyber System which if rendered unavailable, degraded, or compromised has the potential to adversely impact functions critical to the reliable operation of the Bulk Electric System.
BES Cyber System • A group of one or more
BES Facilities (i.e., Generation Subsystem, Transmission Subsystem, and Control Center) used to generate energy, transport energy or ensure the ability to generate or transport energy.
Bulk Electric System Subsystem (BES Subsystem)
NERC Approach: 1. Looked at NIST and other frameworks for suggestions and guidance2. Preserved some existing components of CIP‐002 through CIP‐0093. Requirements adapted from the DHS Catalog of Control Systems Security (subset of NIST SP 800‐53)4. Includes directives from FERC Order 706
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 1414
Proposed CIP‐010‐1 and CIP‐011‐1
• Reliability Functions identified in the standard
• Responsible Entity (Owner) identifies BES Cyber Systems performing Reliability Functions
• BES Cyber Systems are categorized (High / Medium / Low ) based on BES Impact Criteria identified in the standard
• Security requirements (controls) are applied based on BES Cyber System impact categorization
• All assets will be categorized• Retiring Terms: CA, CCAs, ESP, PSP
Major Differences
Potential Impacts
• Redesign of the ESP
• Redesign of the PSP
• Additional Network Security Devices
• Access Controls• Monitoring and Logging
Leverage Current Investments
• CA and CCA Lists
• Restructure ESP• Restructure PSP
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 15
NIST Interoperability and Cyber Security Standards
NIST Framework and Roadmap for Smart Grid Interoperability Standards v1 (NIST SP‐1108)Smart Grid interoperability standards should be open meaning the standards should be developed and maintained through a collaborative, consensus‐driven process
Phase II
Smart Grid Interoperability Panel (SGIP) is a public‐private partnership providing a permanent organizational structure to support the continuing evolution of the framework.
Phase III
Smart Grid Conformity Testing Framework
Other Issues to Address
1. Electromagnetic Disturbances2. Electromagnetic interference3. Privacy Issues in the Smart Grid4. Safety
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 16
NISTIR 7628 Guidelines for Smart Grid Cyber Security
Smart Grid Cyber Security Strategy, Architecture, and High‐Level Requirements
Chp 1 – Cyber Security Strategy C, I, A, NRChp 2 – Logical Architecture Seven Domains 22 Interface CategoriesChp 3 – High Level Security Requirements Chp 4 – Cryptography and Key Management
Privacy and the Smart Grid
Chp 5 – Privacy and the Smart GridFour Dimensions:1. Privacy of personal information2. Privacy of the person3. Privacy of personal behavior4. Privacy of personal communications
Supportive Analyses and References
Chp 6 – Vulnerability Classes Chp 7 – Bottom‐Up Security Analysis of the Smart Grid Chp 8 – Research and Development CS in the SG Chp 9 – Overview of the Standards Review Chp 10 – Key Power System Use Cases for Security Requirements
Volume I Volume II Volume III
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 17
Emerging Technologies in Smart Grid, introducing new opportunities for security breach
Regional Reliability Standards – Major Bodies
• ERCOT: Electric Reliability Council of Texas, Inc.
• FRCC: Florida Reliability Coordinating Council
• MRO: Midwest Reliability Organization• NPCC: Northeast Power Coordinating
Council• RFC: Reliability First Corporation• SERC: SERC Reliability Corporation• SPP: Southwest Power Pool, Inc.• WECC: Western Electricity Coordinating
Council
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 18
Reliability Considerations
• Coordination of controls and protection systems• Cyber security in planning, design, and operations• Ability to maintain voltage and frequency control• Disturbance ride‐through (& intelligent reconnection)• System inertia – maintaining system stability• Modeling harmonics, frequency response, controls• Device interconnection standards• Increased reliance on distribution‐level assets to meet bulk system reliability requirements
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 19
Reliability Functional Model
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 20
Reliability Standard Categories
BALResource and Demand Balancing MOD
Modeling, Data, and Analysis
CIPCritical Infrastructure Protection ORG Organization Certification
COM Communications PER
Personnel Performance, Training, and Qualifications
EOPEmergency Preparedness and Operations PRC Protection and Control
FAC
Facilities Design, Connections and Maintenance TOP Transmission Operations
INTInterchange Scheduling and Coordination TPL Transmission Planning
IRO
Interconnection Reliability Operations and Coordination VAR Voltage and Reactive
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 21
Functional Entity/Reliability Standard Relation
XXXDistribution Provider
XXXPurchasing-Selling Entity
XXXXXXXXLoad Serving Entity
XResource Provider
XXXTransmission Planner
XXXXXXXGenerator Owner
XXXXXTransmission Owner
XXXXXXXXGenerator Operator
XXXXXXXXXXTransmission Operator
XXXXXTransmission Service Provider
XXXXXXXXBalancing Authority
XXInterchange Authority
XXXPlanning Coordinator
XXXXXXXXRegional Reliability Org
XXXXXXXXXReliability Coordinator
Compliance Monitor
Standards Developer
VARTPLTOPPRCPERORGMODIROINTFACEOPCOM CIPBAL
XXXDistribution Provider
XXXPurchasing-Selling Entity
XXXXXXXXLoad Serving Entity
XResource Provider
XXXTransmission Planner
XXXXXXXGenerator Owner
XXXXXTransmission Owner
XXXXXXXXGenerator Operator
XXXXXXXXXXTransmission Operator
XXXXXTransmission Service Provider
XXXXXXXXBalancing Authority
XXInterchange Authority
XXXPlanning Coordinator
XXXXXXXXRegional Reliability Org
XXXXXXXXXReliability Coordinator
Compliance Monitor
Standards Developer
VARTPLTOPPRCPERORGMODIROINTFACEOPCOM CIPBAL
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 22
Smart Grid Components
Devices•Synchrophasors and PMUConcentrators•Wholesale and customersmart meters• Intelligent end devices(IEDs)•Switched/controllablecapacitor banks•Digital fault recorders• Plug‐in electric vehicles•Power quality meters•Direct control loadmanagement•DLR for operations• Tension and SagMeasurement
Applications•State Estimator andContingency Analysis•Wide‐area situationalawareness•Event detection•Disturbance location•Dynamic Ratings•Pattern recognition•Protection systems•Remedial action•Demand Response•Automatic meter Reading•Voltage/reactive control•Operator training simulator•Data storage and retrieval
Measurement/Data•Voltage and current angledifferences•Voltage and currentphasors and DLR• Frequency• Three‐phase AC voltageand/or current waveforms•Power system modelingdata and real‐time datafrom DLR•Meter data commonprofiles•Dynamic Line Ratings
Communications•Precision time protocols• Information Managementprotocols•Wide‐area networks andcommunications• Field area networks andcommunications•Premises networks andcommunications•Wireless communications•Substation LANs•Global Positioning System•Encryption•Phasor ManagementNetworks
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 23
Smart Grid Conceptual Architecture
Theft detection
Transmission Automation
Generation Automation
Generation ConsumerT&D
Dedicated Circuits (fiber, T1) Backhaul (fiber, WiMAX, cellular)
Transformer Monitor
Recommendation engine
Load control & shaping
EV Management
Generation Control Devices
Generation
Cap Bank controller & voltage regulator
Recloser/Switch controllers
Electric Meters
Gas Meters
Water Meters
PV/Inverters
Load Switch
PCT
IHD/Gateway
Smart Appliances
SCADA
Batteries
Flywheels
Distribution Automation
Advanced Metering
Meter data management
Meter management
Neighborhood Area Networks
Network Management SW (including device monitoring and APIs to support the SW components)
Non‐utility
Automatic generation control
Remedial action scheme
Circuit breaker
Pricing
Load disaggregation & targeting
DG/DS dispatch optimization
Microgrid/ Islanding
Municipal services apps
Street lights
Parking meters
Emergency services
Mobile devices
Substation Automation DR/EV EE
DER(DG/DS) Smart City
Phasor measurement unit
Intra‐SS comms (Enet, fiber, WiFi, serial)
Load tap changer & voltage regulator
PMU
Digital fault recorder
SCADA
Renewable load following
EVSE
Wide area monitoring
Operator Simulation
Market management Fault detection & management
Load management Volt‐VAR optimization
Asset monitoring
Parking meter monitor
Street light monitor & control
RTUs Public EVSE
Consumer portal Public EV Management
FCI/line sensor
Low‐voltage transformer monitor
RF Mesh
M&V
Alternative Networks (Broadband, Cellular)
WiMAX PLC 3G/GPRS RF Tower
Home Area Network (2.4 GHz ZigBee, SEP 2.0, PLC, Zwave)
Grid/Asset monitoring & mapping
Outage detection
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 24
Security compliance must be tested for each Network Gateway
Current offerings have better cyber security, increased situational awareness, lower cost of ownership, and improved data surfacing capabilities.
Backhaul to Officetypically Fiber, PTP or Cellular Network
WAN
NAN to Concentrator/Substationtypically Radio, PLC or Cellular
LANMeter/HAN to Concentratortypically Radio, Mesh, PLC or Cellular
NAN HAN
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 25
Network Security – Multiple Layers
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 26
A Note About DNP3
DNP3 ‐ Security ConcernsWhile much attention is given to the IP network, there is no authentication or encryption inherent within DNP3 (although there is within Secure DNP3). Because of the well‐defined nature of DNP3 function codes and data types, it then becomes relatively easy to manipulate a DNP3 session. Also, while DNP3 does include security measures, the added complexity of the protocol increases the chances of vulnerability. There are several known vulnerabilities with DNP3 that are reported by ICS‐CERT.
Because there are known exploits in the wild and DNP3 is a heavily deployed protocol, proper penetration testing and patching of DNP3 interconnections is recommended.
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 27
The risks are enormous… and internal and external pressure continues to mountEffective management of Smart Grid security risks using a framework can drive better business and technology decisions and achieve better results. It can:
Compliance Liability
BusinessLiability
PublicityNightmare
Escalating Costs
Reduced Effectiveness
Unprotected Grid and AMI Network Risks
• Protect electric grid• Ensure Smart Grid integrity, availability,
confidentiality• Reduce compliance liability • Provide performance, compliance and
reliability• Enhance productivity and quality• Protect company assets• Align Smart Grid programs with business
objectives• Improve customer service and
responsiveness• Leverage risk to support competitive
opportunities• Protect the Company reputation• Reduce cost by enhancing efficiency
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 28
Architectures and Standards –Standards‐based, business driven security architecture is used to develop and implement an enterprise‐level security program, operating model – core security program and architecture established
Management Processes – Business management processes are refined and calibrated to efficiently integrate security standards and expertise throughout the system development lifecycle and day‐to‐day operations –evolutionary integration of security across the enterprise including AMI and Smart Grid
Managing the risks to Smart Grid requires a management lifecycle
Management Processes
Processes & MethodsRoles & Responsibilities
Tools / EnablersTraining & Awareness
Standards & Architecture
Solution Implementati
on
Compliance Monitoring
Solution Implementation – Security for Smart Grid Applications and Architectures is defined, developed and deployed consistent with the organization’s desired risk profile – end‐to‐end transaction integrity achieved
Compliance / Monitoring – Monitoring solutions are established to allow mid‐level and senior management to monitor and report security performance effectiveness by measuring key performance indicators – is everything ok?
Smart Grid Risk Management Elements
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 29
Qualitative Risk Assessment
Risk Assessment: activities that are carried out to discover, analyze, and describe risks.Risk assessments may be qualitative, quantitative, or a combination of these.Internal audit is related to risk assessment;
Qualitative Risk Assessment: A qualitative risk assessment occurs with a pre‐definedscope of assets or activities. Assets can, for example, consist of software applications, information systems, CIP equipment, or physical security. Activities may consist of activities carried out by an individual, group, or department.
A qualitative risk assessment will typically identify a number of characteristics about anasset or activity, including:
• Vulnerabilities. These are weaknesses in design, configuration, documentation,procedure, or implementation.• Threats. These are potential activities that would, if they occurred, exploit specificvulnerabilities.• Threat probability. An expression of the likelihood that a specific threat will be carriedout, usually expressed in a Low‐Medium‐High or simple numeric (1–5 or 1–10) scale.• Countermeasures. These are actual or proposed measures that reduce the riskassociated with vulnerabilities or threats.
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 30
Risk Assessment Methodologies
There are several different approaches and methodologies exist, among these approaches are:
• OCTAVE: (Operationally Critical Threat, Asset, and Vulnerability Evaluation): Developed by Carnegie Mellon University’s Software Engineering Institute (SEI), OCTAVE is an approach where analysts identify assets and their criticality, identify vulnerabilities and threats, evaluate risks, and create a protection strategy to reduce risk.• FRAP: (Facilitated Risk Analysis Process). This is a qualitative risk analysismethodology that can be used to pre‐screen a subject of analysis as a means todetermine whether a full blown quantitative risk analysis is needed.• Spanning Tree Analysis: This can be thought of as a visual method for identifyingcategories of risks, as well as specific risks, using the metaphor for a tree and itsbranches. This approach would be similar to a Mind Map for identifying categoriesand specific threats and/or vulnerabilities.• NIST 800‐30: Risk Management Guide for Information Technology Systems. Thisdocument describes a formal approach to risk assessment that includes threat andvulnerability identification, control analysis, impact analysis, and a matrix depiction ofrisk determination and control recommendations.
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 31
Steps in Creating Smart Grid Security Governance Process
Smart Grid Security Vision & Mission
Smart Grid Security Conceptual Architecture
Smart Grid Security Functional Architecture
Smart Grid Security Architecture Design
Principles
Smart Grid Security Physical Architecture
Smart Grid Security Principles
Smart Grid Security Architecture
Smart Grid Security Policies
MotivationImplicationRisk Tolerance
Legislation and Regulatory Compliance
Motivation
Security and ReliabilityMission
Smart Grid Security Standards
Corporate Policies
Smart Grid Security Policy Framework
Smart Grid Security Strategy
Smart Grid Security Controls
Smart Grid Security Operational Processes
Smart Grid Security Management Processes
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 32
Security & Reliability Framework
Security and Reliability Management
Smart Grid Security Drivers
Smart Grid Security
Architecture
Operations
Security & Reliability Governance
StrategyRequirements & Planning
Measurement & Assessment
PrinciplesPolicies
StandardsGuidelinesProcedures
Audit
Enforcement
RiskManagement
Awareness & Training
Reliability, Risk Tolerance , Legislation & Regulations
Monitoring & Management
Security & Reliability Framework
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 33
Security & Reliability Architecture
Conceptual (Models )‐ Security & Reliability Principles‐ Security & Reliability Policies‐ Security & Reliability Design Objectives‐ Threat Risk Profile/‐ Security & Reliability Architecture Principles
Functional (Components )‐ Security & Reliability Standards ‐ Security & Reliability Design Decisions‐ Security & Reliability Design Patterns ( )‐ Security & Reliability Component
Definition
Physical (Nodes )‐ Technical Operating Standards‐ Product Standards‐ Security & Reliability Design Patterns ‐ Process Documents‐ Configuration Guidebooks‐ Security & Reliability Node Definitions Access
ManagementAMI Network &
SG InfrastructureTrust & AssuranceSecurity & Reliability
Management
Firewalls /VPNsSwitches /RoutersIPS , NIDS & HIDS
FIPS 140‐2Anti‐VirusURL Filter
EncryptionPrivate Keys & Certificates
Message DigestDigital Signature
NTP
Trust ModelAvailability
CredentialsProfiles
Authorization RulesCredential Repository
IdentityAuthenticationAuthorization
Credential ManagementRole Based Access Control
User CommunitiesBusiness Partners
Stakeholders
Intrusion DetectionNetwork Access ControlNetwork SegmentationData Management
DMZ
Security & Reliability Operation
Administration,Monitoring & Compliance
ConfidentialityBusiness Continuity Backup & RecoveryNon‐repudiationTrusted Time
Secure Storage & Destruction
Physical Security
Logging & MonitoringIncident Management
ReportingSecurity Operation CentreVulnerability & Configuration
Management
Security ZonesInformation Flow Control
SIM & SEMKPIs & Dashboard
Vulnerability AssessmentSecurity Baseline
…. provides a mechanism to deliver a consistent approach to Smart Grid security decisions and solutions
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 34
Smart Grid Security Assessment
Information Gathering Review environment Types of systems Timing requirements Locations Security & Reliability requirements
Network Analysis Gain understanding of network architecture and systems in place Identify Security & Reliability issues related to the network architecture Identify Security & Reliability issues based on observed network
components and network traffic Identify interconnections with other networks - Intranets, wireless, dialup
Network Vulnerability Analysis
Identify vulnerabilities in devices Identify vulnerabilities in applications
System Vulnerability Analysis
Identify vulnerabilities in devices Identify system configuration and procedural vulnerabilities such as weak
passwords, virus protection, patch management, system logging, etc.
Application Vulnerability Analysis
Identify vulnerabilities in Smart Grid application components
Vulnerability Identification/Validation
Review all data from automated tools and, where possible, check systems to verify identified vulnerabilities
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 35
How does the Smart Grid security program operate? – Define the links, start with ISO and ELSSI
Del
iver
y
SECURITY MANAGEMENT ACCESS MANAGEMENT OPERATIONS MANAGEMENT
Risk Office ManagementRisk Office
Management
Training & AwarenessTraining &
Awareness
Policy Management
Policy Management
Risk Management
Risk Management
Certification & AccreditationCertification & Accreditation
Compliance ManagementCompliance
Management
IdentityIdentity
InfrastructureInfrastructure
DataData
PersonnelPersonnel
ApplicationApplication
PhysicalPhysical
Change Management
Change Management
Configuration ManagementConfiguration Management
Vulnerability ManagementVulnerability Management
Incident Management
Incident Management
Customer SupportCustomer Support
Systems Management
Systems Management
Str
ateg
icP
lann
ing
STANDARDIZATION
Normalized RequirementsNormalized
Requirements
Exceptions Policy
Exceptions Policy
Enterprise ArchitectureEnterprise
Architecture
Tools & Infrastructure
Tools & Infrastructure
Approved Asset ListApproved Asset List
Risk Control Library
Risk Control Library
Compliance Reporting
Compliance Reporting
Risk Reporting
Risk Reporting
RESILIENCE
Backup & RestorationBackup &
Restoration
RedundancyRedundancy
DiversificationDiversification
Network DefenseNetwork Defense
GOVERNANCE
ExecutiveSteering Committee
ExecutiveSteering Committee
Architecture Definition
Committee
Architecture Definition
Committee
PolicyDefinition
Committee
PolicyDefinition
Committee
Performance Metrics &
Incentives
Performance Metrics & Incentives
Risk Budget&
Planning
Risk Budget&
Planning
Third Party Management Committee
Third Party Management Committee
Project/Portfolio Review
Committee
Project/Portfolio Review
Committee
I nfor mation
Sec ur ityPr ogr am
INFORMATION TECHNOLOGY & SECURITY OPERATING MODEL
Del
iver
y
SECURITY MANAGEMENT ACCESS MANAGEMENT OPERATIONS MANAGEMENT
Risk Office Management
Risk Office Management
Training & Awareness
Training & Awareness
Policy Management
Policy Management
Risk Management
Risk Management
Certification & Accreditation
Certification & Accreditation
Compliance Management
Compliance Management
IdentityIdentity
InfrastructureInfrastructure
DataData
PersonnelPersonnel
ApplicationApplication
PhysicalPhysical
Change ManagementChange
Management
Configuration Management
Configuration Management
Vulnerability Management
Vulnerability Management
Incident ManagementIncident
Management
Customer Support
Customer Support
Systems ManagementSystems
Management
Str
ateg
icP
lann
ing
STANDARDIZATION
Normalized RequirementsNormalized
Requirements
Exceptions Policy
Exceptions Policy
Enterprise ArchitectureEnterprise
Architecture
Tools & InfrastructureTools &
Infrastructure
Approved Asset List
Approved Asset List
Risk Control Library
Risk Control Library
Compliance Reporting
Compliance Reporting
Risk ReportingRisk
Reporting
RESILIENCE
Backup & RestorationBackup &
Restoration
RedundancyRedundancy
DiversificationDiversification
Network Defense
Network Defense
GOVERNANCE
ExecutiveSteering Committee
ExecutiveSteering Committee
Architecture Definition
Committee
Architecture Definition Committee
PolicyDefinition
Committee
PolicyDefinition Committee
Performance Metrics &
Incentives
Performance Metrics & Incentives
Risk Budget&
Planning
Risk Budget&
Planning
Third Party Management Committee
Third Party Management Committee
Project/Portfolio Review
Committee
Project/Portfolio Review
Committee
ISO 27002 Information Security Management System
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 36
A sound Smart Grid security strategy should have proper balance and integration with the security governance, architecture and operations
A security strategy is supported by three critical components …
Architecture providestechnology standards,
models and technologies tobe leveraged by the business
Architecture
StrategyStrategy links security initiatives
with business and technologyobjectives
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 37
Smart Grid Security Process Integration
RequirementsDefinition
Solution DesignAnd Package Selection
Functional-TechnicalArchitectureDefinition
Process Design
Organization Definition andPlanning
CommunicationsAnd Training
Application Buildand Configuration
Unit AndIntegrationTesting
Infrastructure Build AndConfiguration
Rollout AndDeployment
DetailedApplicationDesign
Determine BusinessRisks And Security Requirements
High Level SecurityDesign
Security Functional-TechnicalArchitecture And Application Security Design
Design Security Processes
Design Security Roles AndOperational SupportRequirements
Build Application And Infrastructure Security Components And Ensure Secure Configurations
Develop Security Related Training, Communications, and Procedures
Pre-Deployment SecurityTesting
Establish Users And Permissions
Rollout Security Architecture
Deploy Processes, Procedures,And Organization
Monitor and Continuous Improvement
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 38
Suggested Approach
• Develop a prudent and compliant cyber security program• Identify systems considered business critical• Identify systems considered critical per NERC standards• Perform risk assessment for each category to determine the
financial impact of cyber security for each category• Develop documentation that meets needs for business critical
systems and documentation to meet NERC requirements– Be compliant with the NERC standards– Also, be prudent in the application of cyber security programs across
business and support systems, in addition to operational systems– Strive for compliant and prudent cyber security practices
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 39
Cyber Security is On‐going
• System vulnerabilities and threats are constantly changing– Any modification, integration, upgrade, or test can impact a system’s
cyber vulnerability– Vulnerability assessments are only a snap‐shot in time
• There is NO silver bullet– No single technology is sufficient to protect control systems– Relevant control system security policies and procedures are the best
solutions that we have without new technology developments – Without appropriate policies, any technology can be defeated
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 40
Tips beyond Planning
1. Do a gap analysis between requirements and what is provided by the vendors2. Get your vendors to comply with all security requirements3. Follow‐up and make sure your vendors are complying with all security
requirements4. Select a system based on SIEM to help manage and do compliance5. Using multiple layers of defense 6. Using alternate threat detection mechanisms 7. Use the full capability of security monitoring and analysis tool8. Look for either intentionally as an act of sabotage or in innocence and ignorance9. Only a properly trained and motivated staff can ultimately ensure that the
established technical controls will operate successfully 10. Secure all wireless network11. Misconfigurations – most vulnerabilities comes form configuration weaknesses
2/22/2012 © 2012 Smarterutility.com | Not to be reproduced without permission Page: 41
How to Choose a SIEM Tool
What is SIEM?SIEM is the combination of two different types of products, SIM (Security Information Management) that gathers and creates reports from security logs and SEM (Security Event Manager) that uses event correlation and alerting to help with the analysis of security events.
What to look for in a SIEM solution?Now that we know what a SIEM is and the resource commitments it requires, we can take a look at various features and characteristics that you should pay attention to when choosing a product:
Licensing and scalability: Different SIEM vendors license their products differently. Some of the most common licensing modes are:1. Number of monitored computers/devices2. Number of events per day/hour/minute and log volume size (in MB). If you have a
baseline of the logs you wish to monitor, you should already know most (if not all) of this information beforehand.
© 2012 Smarterutility.com | Not to be reproduced without permission Page: 42
If you have any questions…Please email or call me:
John ChowdhuryPhone: 214‐213‐6226
[email protected]://www.smarterutility.com.
Upload, embed, and share away!
Utility of the Future Seriesintroducing
Smart Grid Security & Reliability
What You Need to Know – February, 2012 John Chowdhury