Cyber Security and The Smart Grid November 11, 2008

Cyber Security andThe Smart Grid

November 11, 2008

Cyber Security for the Smart Grid TM

Ontario Smart Grid Forum

Cyber Security and The Smart Grid - Ontario Smart Grid Forum

- 2 -November 2008 Cyber Security for the Smart Grid TM

• Objectives of Presentation• About N-Dimension Solutions• Cyber Security and the Smart Grid• Solutions and Recommendations

Discussion Topics



Engage in two-way discussion on a critical Smart Grid topic

and

provide useful context and recommendations for the Ontario Smart

Grid Forum participants

Objectives of Presentation



N-Dimension Solutions Inc.

• Cyber Security Solutions Provider laser focused on the Power & Energy market

• Headquartered in Richmond Hill Ontario with office in Austin Texas • Member of:

• NERC• NERC’s new Demand-Side Management Task Force• IESO’s Reliability Standards Standing Committee• Cyber Security Technical Working Groups (IEEE P1711, AMI-SEC)• Advisory Committee for University of Illinois Trusted Cyber Security

Computing Infrastructure for Power• Developed comprehensive AMI cyber security analysis and report for

the Ontario Utilities Smart Metering (OUSM) working group• Published thought leader on cyber security for the emerging Smart Grid• Active across North America and globally in delivering Smart Grid cyber

security solutions in conjunction with our business partners

Cyber Security and

The Smart Grid

The Ontario Smart Grid

Forum

November 2008Cyber Security for the Smart Grid TM

Overview of The Smart Grid



Transmission

TOP1 – Operational Information

Distribution

DIST1 - Operational Information

DISTx – Operational Information

CustomersGeneration

GEN1 - Operational Information

GENx - Operational Information

The Current Electric Grid – Islands of Technology

TOPx – Operational Information



Convergence of Enterprise & Operations IT

Enterprise Systems

Web ApplicationsControl Systems

Protection Systems

Information Technology Operations Technology

AMIDSMOMSGIS

Smart Grid Technology

Integration counters key security principals of isolation and segregation

Cyber Secure

Integration counters key security principals of isolation and segregation



The Smart Grid – Connectivity with Security

Transmission Distribution CustomersGeneration

System

Operators

Conservation

Authorities

End-to-End Communications, Intelligence, and Defense-in-Depth Security

AMI DSM

Cyber Security and

The Smart Grid


Forum


Smart GridCyber Security



The Smart Grid – Characteristics

1. Self-healing

2. Empowers and incorporates the consumer

3. Resilient to physical and cyber attacks

4. Provides power quality needed by 21st century users

5. Accommodates a wide variety of generation options

6. Fully enables maturing electricity markets

7. Optimizes assets

Source: The US National Energy Technology Laboratory



Smart Grid Technology

Source: The Emerging Smart Grid, Global Environment Fund - Centre for Smart Energy

• Sensors– Monitoring and detecting the data

• Communications– Moving the data through the build of networks

• First-level integration– Collecting the data

• Centralized control– Using the data for visualization and control

• Security– Protecting the data with Security Services & Solutions

• Full integration– Integrating the data with the rest of the business

• Services and Applications– Using the data in new ways



Smart Grid Attack Threats

“Energy control systems are subject to targeted cyber attacks. Potential adversaries have pursued progressively devious means to exploit flaws

in system components, telecommunication methods, and common operating systemsfound in modern energy systems with the intent to infiltrate and sabotage

vulnerable control systems. Sophisticated cyber attack tools require little technicalknowledge to use and can be found on the Internet, as can manufacturers’

technical specifications for popular control system equipment.”

Source: Roadmap to Secure Control Systems in the Energy Sector, The Department of Homeland Security and US Department of Energy



Smart Grid Cyber Security Drivers

Increasing NumberOf Systems and

Size of Code Base

Control SystemsNot Designed withSecurity in Mind

Increasing Use ofCOTS Hardware

and Software

New CustomerTouch Points into

Utilities

New 2-WaySystems

(e.g. AMI, DSM)

IncreasingInterconnectionand Integration

Increased Attack SurfaceIncreased Risk to Operations



Example from 2006 SANS SCADA Security Summit, INL

Overview of Cyber Security – Threats

InternetInternet

Admin

Acct

Opens Email with Malware

Admin

Send e-mail with malware

1. Hacker sends an e-mail with malware

2. E-mail recipient opens the e-mail and the malware gets installed quietly

3. Using the information that malware gets, hacker is able to take control of the e-mail recipient’s PC!

4. Hacker performs an ARP (Address Resolution Protocol) Scan

5. Once the Slave Database is found, hacker sends an SQL EXEC command

6. Performs another ARP Scan

7. Takes control of RTU

Slave Database

Operator

Operator

MasterDB

RTU

PerformARP Scan

SQLEXEC

PerformARP Scan

Takes C

ontrol o

f RTU



Example from AMRAWebinar, Nov ’06“The Active Attacker”

Overview of Cyber Security – Threats

U N I V E R S I T YU N I V E R S I T Y

AMI WAN AMI WAN AMI WAN

Communications Network(WAN)

Communications Network(WAN)

Data Management Systems(MDM/R)

Retailers3rd Parties

AMCC (Advanced Metering Control Computer)

Attacker

Cyber Penetration

Attacker Controls the Head End

Attacker Performs Remote

Disconnect



Cyber Security Challenges

• The challenge is complex and continuously changing

• Legacy systems need to be protected• Number and geographic location of end points• Relationship to physical security• Systems are 7x24 and critical • The human element / social engineering



Cyber Solutions

Unlike the beer industry,there is no silver bullet !



Cyber Solutions - Defense in Depth

• Perimeter Protection– Firewall, IPS, VPN, AV– Host IDS, Host AV– DMZ– Physical Security

• Interior Security– Firewall, IDS, VPN, AV– Host IDS, Host AV– IEEE P1711 (Serial Connections)

– NAC– Scanning

• Monitoring• Management• Processes

IDS Intrusion Detection SystemIPS Intrusion Prevention SystemDMZ DeMilitarized ZoneVPN Virtual Private Network (encrypted)AV Anti-Virus (anti-malware)NAC Network Admission Control



Cyber Solutions – 50,000 Foot View of Control Network

Internet

Enterprise Network

Control Network

Field Site Field Site Field Site

PartnerSite

VPN

VPN

FW

FW

IPS

IDSScan

AV

FWIPS

P1711

FWAV

Host IPS Host AVProxy

Host IDS Host AV

IDSScan

NAC

NAC

• Defense in Depth• Access Control• Secure connections• Link to Physical• Security Management• Apply same approach to other Smart Grid elements

Key Points:



• Cyber security is an absolute requirement for the Smart Grid

• Smart Grid deployments will fail without proper cyber security

• A strong security posture can be established so that the benefits can be realized from Smart Grid deployments

• Ontario can establish a leadership position:– Standards– Trials– Information exchange– Learning

The N-Dimension Viewpoint



• View cyber security as a critical element of your Smart Grid deployment

• Apply the defense in depth concept isolating and segregating systems and applications, then allow selected connectivity– Best accomplished at the foundational / design level

• Establish a security management system – “you can’t manage what you can’t measure”

• Involve your vendors and interconnected partners• Embed into your corporate governance systems• Develop and track business case:

– Project by project basis– Integrated system

• Look to others for learning and suggestions– such as the Ontario Smart Grid Forum !

Recommendations

Cyber Security and

The Smart Grid


Forum


Peter VickeryExecutive Vice-PresidentN-Dimension Solutions Inc.Office: 905-707-8884 ext 223Mobile: [email protected]

Doug WestlundCEON-Dimension Solutions Inc.Office: 905-707-8884 ext 227Mobile: [email protected]

Thank You !

Documents

Cyber Security and The Smart Grid November 11, 2008