Embed Size (px)
Citation preview
Critical Energy Infrastructure (CEI) Cyber Security –
protecting the CEI in an age of increasing
threatsBy: Antonio MaceoOffice of Administrative
Litigation (OAL)10/2/13
INTRODUCTION• What is the CEI interface?• How does cyber security impact the interface in the CEI industry?
• What are some of the CEI system cyber vulnerabilities?
• How can the CEI cyber security vulnerabilities be mitigated?
• A case in point-PECO Energy
BLOCK DIAGRAM OF TYPICAL SMART GRID COMPONENTS AND CONNECTIONS
Map of smart metering initiatives in the U.S.A as of 2009
What is an interface?• Supervisory Control and Data Acquisition System (SCADA)
• Distributed Control System (DCS)
• Industrial Control System (ICS)• Programmable Logic Controller (PLC)
SMALL FACILITY SCADA SYSTEM
MEDIUM FACILITY SCADA SYSTEM – REDUNDANT M/E SYSTEM
MEDIUM SCADA SYSTEM – REDUNDANT M/E COMPONENTS
DISTRIBUTED CONTROL SYSTEM (DCS) ARCHITECTURE
IMPACT OF CYBER SECURITY ON THE CEI INTERFACE
• Computer, communication, and power infrastructures have a greater interdependency in the power grid
• Increases in security risk• Changes in protocols
CEI Cyber Security vulnerabilities
• Computer, Communications, and Power Systems.
• Internal and external threats.• Denial of Service (DOS)• VIRUSES• WORMS
MITIGATION OF THE CEI CYBER SECURITY VULNERAILITIES
• Firewalls and IDS• Electronic Perimeter• Domain Specific IDS• Secure Communication• Best Security Practices• Online Vulnerability Map Tool
DISCRETE CONTROL SYSTEM BLOCK DIAGRAM
ANALOG CONTROL SYSTEM BLOCK DIAGRAM
Key elements of effective incident management
Conflicting cultures Internet Factory Floor
Reliability Occasional failures toleratedBeta test in the field acceptable
Outages intolerableThorough QA testing expected
Risk Impact Loss of data Loss of production, equipment, life
Performance High throughput demandedHigh delay and jitter accepted
Modest throughput acceptableHigh delay a serious concern
Risk Management Recover by rebootSafety is a non-issue
Fault tolerance essentialExplicit hazard analysis expected
Security Most sites insecureLittle separation between intranets on same siteFocus is central server security
Tight physical securityIsolated MIS network from plant networkFocus is edge control device stability
A case in point – PECO Electric
• PECO Energy currently utilizes (Act 129) energy efficiency and demand reduction programs.
• Act 129 mandates that each electrical distribution company (EDCs) serving 100,000 customers would reduce energy sold by 2% in Pennsylvania.
• Similarly EDCs would reduce peak demand over their “Top 100” summer hours (June – September).
A case in point – PECO Electric(Cont.)
• Energy efficiency has occurred based on the use of Smart metering – this has greatly reduced demand by having greater direct load control and distributed energy resources.
• With a greater dependency of smart metering, comes a greater vulnerability of cyber attacks on the PECO system.
QUESTIONS??????
