Embed Size (px)
Citation preview
November 15, 2019
Defining SCADA &
Leveraging it for
Reliability
& Risk Reduction
Chris Stokes-Pham, CISSP, CEH
Wabash Valley Power Alliance – WVPA
2
• G&T Cooperative with 23 members in IN, IL, MO serving >316,000 end of the line customers
• 17th Largest G&T in USA
• Ownership in Gibson, Prairie State Energy, Holland Energy, Vermillion Generation, Lawrence Generation, & Wabash River Highland Generations
• NERC registered entity
• Offers SCADA as a service to its membership
The G&T Formally Known as Wabash Valley Power Association
• 6 years in the U.S. Navy (SSBN 735 Blue) as nuclear & electrical operator
• BS Nuclear Engineering Technology & MS Computer Information Security & Assurance
• 1 year at Verizon Wireless networking
• 10 year IT/OT with cooperatives
• All those crazy initials: CISSP, CEH, CHFI, GSEC
• Certified Information Systems Security Professional CISSP# 524 808
• Certified Ethical Hacker CEH# ECC82338278139
• Computer Hacking Forensic Investigator CHFI# ECC42447872781
• GIAC Security Essentials – Expired
• New dad in T-22 days
3
whoami
What we will cover: 2-Questions
4
• What is SCADA & should I get one?
• I’ve a SCADA system or already plan to get one. What do I do with it?
What is SCADA or was it ICS?
5
• Supervisory Control and Data Acquisition (SCADA)
• Industrial Control System (ICS)
• IOT, PLC, DCS, Raspberry PI, Smart Home
• Any system that bridges the cyber world to the physical• Security camera with digital out contacts
Risks vs Rewards
6
Risks• Cyber threats and vulnerabilities
• Increased costs - talk about this in a sec
• New safety risks - remote mis operation
• Future or current regulatory implications
Rewards• Real time situational awareness
• Safer operation of field equipment
• Faster restoration times
• Data - planning, diagnostics, maintenance
Total Cost of Ownership
7
Software• OS
• Database license
• Vendor license
• Support fees
Hardware• Servers
• Disks
• Networking
• IED communication cards
• Various other infrastructure: UPS, optical isolator, backup infrastructure
Networking• Hardened gear
• More complex network
• RF - towers, license, studies
HR• Training
• Expertiseo Build in house?
o Hire in
o Contract?
• FTE?
o At least 1 FTE for even a small system
▪ IT - hardware, patching, databases, networking
▪ OT/Ops - engineering model, system configuration
▪ Field Ops - hardware & networking
Infrastructure Required
8
• How to connect everything?
• Who is responsible for networking the substations?
• If it is IT, are you ready to get qualified to work in a substation?
• Doing a historian?• Got Disk?
o 2 years of data can cost you 20TB of storage
• SCADA vendor or 3rd party
• Security infrastructure• New firewalls
• DMZs
• Remote access infrastructure (VPN/VDI/MFA)
How to Secure SCADA
9
• Segment, segment, segment
• Separate authentication• Ideally whole separate domain
• At very least different login from their day to day
• Separate computers
• Good cyber hygiene• Assess management - hardware &
software
• System documentation
• Patch
• Antivirus
• Non-admin accounts
• Non-common login
• No default passwords
• Firewalls are your friend
• Secure communications (VPN, encrypted radio links, TLS(SSL)
• Remote access (from outside the REMC network)• MFA
• VPN/Encrypted communications/VDI
• SIEMS, IDS, IPS
• OSINT• E-ISAC
• FBI Infragard
• Vendor vulnerability subscriptions
• Fusion Center
• DHS HSIN
You already have SCADA,
now what?
10
• Dashboards!
• Reliability, Rates, Risk
• Re-think operating procedures• Make things more efficient
• Can you make things safer
• Reports• Billing vs Actual
o Feeder roll upso Detect unexpected losses
• O&M• Predictive maintenance
• Fault detection
• Outage detection
• Growth planning
You already have SCADA, now what?
Basic Usage
11
Situational Awareness• Is transmission out?
• What fault current did we see?
• Do we have a voltage issue at certain parts of the day?
Remote operations• Improved safety
• Faster restoration
12
Advanced Usage
13
• Distribution Automation (DA) \Feeder automation (YFA, DEL, OSII DA)
• Fault Analysis
• Engineering Planning • Need a historian
• OMS Integrations• Multispeak
Moving Forward:
Conversation with Operations
14
• Have you used any of this in the past?
• If yes what did you like & not like?
• Who is responsible for what?• Is operations programming the IED communication card?
• Is IT or Operations responsible for network gear in the sub?
• Is everyone prepared for doing things securely?
Hosted “Cloud” SCADA
15
• Seeing a lot of vendors explorer options of hosting in AWS & Azure
• Federal OnRamp might be a path
• NERC currently working with a cloud standard drafting team
• OSIsoft cloud based PI has some possibilities with a non-control system
• WVPA “Cloud” model• Trusted member owned organization
• NERC registered entity – can be fined
• Best SLA model around
• Some Benefits• Can reduce costs
• Easier to deploy (usually)
• Can lean on host’s expertise
• Increases risks• Doesn’t remove responsibility
• You can delegate authority but not responsibility
• Reliability questions. How good is your internet? The host’s?
Sources & some light reading
16
• Pictures & graphics citation• https://www.deviantart.com/anilcorn/art/WoW-BFA-Editable-Logo-
735165953
• https://www.public.navy.mil/subfor/underseawarfaremagazine/Issues/Archives/issue_08/smithsonian.html
• https://commons.wikimedia.org/wiki/File:Effl_Pump_popups.jpg
• https://giphy.com/gifs/the-wolf-of-wall-street-gTURHJs4e2Ies
• Some light reading:• C2M2
o https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0
• OnRamp
o https://www.fedramp.gov/
• DNP
o https://www.dnp.org/Portals/0/AboutUs/DNP3%20Primer%20Rev%20A.pdf
