SMSRT Grif PDF

CYBER SECURITY OF
SMART GRID
JAZEEL K T
7821
Page 1 E
Free Powerpoint Templates
7
CONTENTS
• Introduction
• What is a smart grid?
• Power grid automation
• Classification of cyber attacks
• Consequences of cyber attacks
• Security requirements of a Smart Grid
• Integrated Security Framework
• Conclusion
Page 2
Introduction
 Nations across the world face the challenge of

increasing power production while reducing the
carbon footprint.They need to minimize power
loss and downtime, harness alternative power
sources, and so on.
 The numerous challenges facing them have one
solution – smart grids.
 While smart grids bring improvements in cost and
performance, the security of the power grids
becomes more complex and risky, calling for a
comprehensive and integrated solution
Page 3
Current electric grid
Generation Transmission Distribution Customers

Page 4
What is a smart grid?
 A digital upgrade to the existing electric grid

technology that has been quite the same for over
100 years.
 Integration of electrical infrastructure with
information infrastructure.
 Identified as a bigger opportunity than the
internet itself.
 Various points of power generation communicate
with each other and use the shared information to
make intelligent decisions.
Page 5
Smart Grid: An overview
Information Infrastructure
Smart Grid Technology
Electrical Infrastructure
Enterprise Systems
Control Systems
Web Applications
AMI Protection Systems
DSM
OMS
GIS
Cyber Secure

Page 6
Smart Grid: An overview

Page 7
Power Grid Automation
Asset
Planning Engineering Accounting
management
CORPORATE
User interface Historical Dashboard HMI

Other
Other
control
control Transmission/Distribution Applications Operator training simulator
centers
centers
Communication front end ICCP Server Information Model Manager
SCADA/EMS CONTROL CENTRE
SUBSTATION
RTU/PLC/Protocol Gateway I/Os Log Server HMI
Communication Switch / Communication Processor

Other
substations Field Devices
Protective
Meters Wired I/Os IEDs Wired I/Os
Relays
FreePOWER
Powerpoint Templates
GRID AUTOMATION SYSTEM
Page 8
Cyber Security of Smart Grid
 Traditionally, power grid automation systems

have been physically isolated from the corporate
network.
 This has been changing, perhaps due to the cost
effectiveness of utilizing public networks.
 Using public networks considerably increases the
vulnerability of power grids to cyber attacks by
increasing the exposure surface of these networks.

Page 9
Classification of cyber attacks

Page 10
Component-wise attack
Perform
SQL
Send e-mail Admin
ARP Scan
withEXEC
malware Operator
Admin
U
Opens Email
T
with Malware
f R
Internet
l o
o
Acct Operator
n t r
C o
e s
1. Hacker performs an ARP (Address
k
Ta
Master
1. Hacker sends an e-mail with malware DB
Resolution Protocol) Scan
2. E-mail recipient opens the e-mail and the Slave Database
2. Once the Slave
malware Database
gets installed is found, hacker
quietly
sends an SQL EXEC command RTU
3. Using the information that malware gets,
hacker another
3. Performs is able toARP
take control
Scan of the e-mail
recipient’s PC!
4. Takes control of RTU
Page 11
Consequences of cyber attacks

Page 12

Page 13

Page 14
Security Requirements
 Many cyber security solutions exist to protect IT

networks and to reduce their vulnerability to
attacks.
 These IT-based cyber security solutions come
short of providing the same level of security at the
control and automation levels.
 Power automation systems and applications were
not originally designed for the general IT
environment.

Page 15
IT Networks and Smart Grid
A comparison of security
requirements

Page 16
Security Objective
IT Networks Smart Grid

• Main security objective is • First priority is always
data, in terms of; human safety
– Data integrity • Second priority is to
– Data confidentiality ensure that the system
– Data availability runs under normal
operating conditions.
• Third priority is the
protection of equipment
and power lines.

Page 17
Security Architecture

• Data server resides at the • EMS/SCADA at the centre,
centre and access points, RTU/PLCs at the edge.
used by the end users, at • Usually only devices
the edge. controlled by RTU/PLCs
• Data server requires more can do direct damage to
protection than the edge humans, equipments and
nodes power lines.
• Edge nodes need the same
level of protection as the
central devices.

Page 18
Technology Base

• Use common OS • Different system vendors
(Windows, Linux, Unix) use proprietary OS and
and common networks network protocols.
(Ethernet).
• Communication protocols • Communication protocols
common, IP-based. different.
• Common security • Difficult to develop
solutions can be designed common host-based or
based on these common network-based security
architectures. solutions.
Page 19
Quality of Service Requirements

• Tolerances for delay of
data exchange, and
occasional failures are not
as strict as power grid
automation network.
• Simply rebooting a • Rebooting is not
computer or application is acceptable in many control
a common solution in the applications in power grid
case of failures. systems.

Page 20
Integrated Security Framework
A novel framework of security

solution for smart grid

Page 21
Design Principles
 Three layers:
 Power
 Automation & Control
 Security
 Provides clear demarcation of control and security
functionalities.
 Scalability: security performance remain unabated with
increase in load and system volume.
 Extendibility: able to handle any future state of power grid.
 Can be integrated into the existing, legacy systems in a
non-intrusive fashion.

Page 22
Components
SECURITY AGENTS
 Bring security to the edges of the system.
 Firmware or software
 Less intelligent at lower levels, more at higher levels
 Functions:
• To translate between different protocols.
• To acquire and run the latest vulnerability patches from its
security manager.
• To collect data traffic pattern, system log data and report to the
security manager.
• To analyze traffic and access patterns with varying complexity
depending on the hierarchical layer.
Page 23
Components
• To run host-based intrusion detection.

• To detect and send alarm messages to the security manager and
designated devices, such as HMI.
• To acquire access control policies from the security manager and
enforce them.
• To encrypt and decrypt exchanged data
MANAGED SECURITY SWITCH

 To protect bandwidth and prioritize data.
 Work as network devices and connect controllers, RTUs,
HMIs, and servers in the substation and control center.

Page 24
Components
 Functions of Managed Security Switch

• To separate external and internal networks, hide the internal
networks.
• To run as a DHCP (Dynamic Host Configuration Protocol) server.
• To acquire bandwidth allocation pattern and data prioritization
pattern from the security manager.
• To separate data according to prioritization pattern, such as
operation data, log data, trace data and engineering data.
• To provide QoS for important data flow, such as operation data,
guaranteeing its bandwidth, delay.
• To manage multiple VLANs (Virtual Local Area Network).
• To run simple network-based intrusion detection

Page 25
Components
SECURITY MANAGER
 Connect directly or indirectly to managed security
switches.
 Functions:
• To collect security agent information.
• To acquire vulnerability patches from a vendor’s server and
download them to the corresponding agents.
• To manage keys for VPN.
• To work as an AAA (Authentication, Authorization and Accounting)
server, validating user identifications and passwords, authorizing
user access right (monitor, modify data), and recoding what a user
has done to controllers.

Page 26
Components
• To collect data traffic pattern and performance matrix from agents

and switches.
• To collect and manage alarms/events from agents, switches.
• To generate access control policies based on collected data and
download to agents.
• To run complex intrusion detection algorithms at automation
network levels.
• To generate bandwidth allocation pattern and data prioritization
pattern and download them to managed switches.
 Security manager sits in the center of the power grid
automation network, managing what and how security
functions are performed by security agents and QoS
functions performed by the managed security switch.
Page 27
Intrusion Detection System
 Anomaly based Intrusion Detection System (IDS) is used.

 Sound alarms when observed behavior is outside baseline
parameters.
 Performed at three levels:
• Security agent performs intrusion detection based on the CPU and
memory utilization of the protected device (such as RTU/PLC),
scan time, protocol pattern, communication partners, etc.
• Managed security switch performs intrusion detection function
based on the delay of data packet, the allocated bandwidth profile,
protocol pattern, etc.
• Security manager performs intrusion detection at the highest
level, by monitoring power grid system and its automation system
state.
Page 28
Conclusion
 It is misleading to suggest that IT people take the full

responsibility for power grid network security including
automation and control networks.
 Compared with regular IT systems, power automation
systems have definite different goals, objectives and
assumptions concerning what needs to be protected.
 It is necessary to embrace and use existing IT security
solutions where they fit, such as communication within a
control center, and develop unique solutions to fill the gaps
where IT solutions do not work or apply.

Page 29
References
 Dong Wei; Yan Lu; Jafari, M.; Skare, P.; Rohde, K.; , "An integrated
security system of protecting Smart Grid against cyber attacks,"
Innovative Smart Grid Technologies (ISGT), 2010 , vol., no., pp.1-7,
19-21 Jan. 2010.
 Ericsson, G.N., "On requirements specifications for a power system
communications system," Power Delivery, IEEE Transactions
on,vol.20, no.2, pp. 1357-1362, April 2005.
 Anthony R. Metke and Randy L. Ekl, “Security Technology for Smart
Grid Networks”, Smart Grid, IEEE Transactions on, vol. 1, no. 1, June
2010
 Amin, M., "Energy Infrastructure Defense Systems," Proceedings of the
IEEE, vol.93, no.5, pp.861-875, May 2005.
 http://www.net-security.org/secworld.php?id=8830

Page 30
THANK YOU

Page 31
Questions

Page 32

SMSRT Grif PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SMSRT Grif PDF

Uploaded by

Copyright:

Available Formats

CYBER SECURITY OF

 Nations across the world face the challenge of

Generation Transmission Distribution Customers

Free Powerpoint Templates

 A digital upgrade to the existing electric grid

Free Powerpoint Templates

Free Powerpoint Templates

User interface Historical Dashboard HMI

SCADA/EMS CONTROL CENTRE

RTU/PLC/Protocol Gateway I/Os Log Server HMI

Communication Switch / Communication Processor

 Traditionally, power grid automation systems

Free Powerpoint Templates

Free Powerpoint Templates

Free Powerpoint Templates

Free Powerpoint Templates

Free Powerpoint Templates

 Many cyber security solutions exist to protect IT

Free Powerpoint Templates

Free Powerpoint Templates

IT Networks Smart Grid

Free Powerpoint Templates

IT Networks Smart Grid

Free Powerpoint Templates

IT Networks Smart Grid

IT Networks Smart Grid

Free Powerpoint Templates

A novel framework of security

Free Powerpoint Templates

Free Powerpoint Templates

• To run host-based intrusion detection.

MANAGED SECURITY SWITCH

Free Powerpoint Templates

 Functions of Managed Security Switch

Free Powerpoint Templates

Free Powerpoint Templates

• To collect data traffic pattern and performance matrix from agents

 Anomaly based Intrusion Detection System (IDS) is used.

 It is misleading to suggest that IT people take the full

Free Powerpoint Templates

Free Powerpoint Templates

Free Powerpoint Templates

Free Powerpoint Templates

You might also like