CYBER SECURITY of POWER GRID

P.K.Agarwal, Addtional General Manager,

Power System Operation Corporation
SCADA Hacking News

22-Feb-2012 2
Convergence of Information Technology and
Operation Technology.
Smart Grid Technology
Information Technology Operations Technology

Enterprise Systems
Control Systems
Web Applications
Protection Systems
AMI
DSM
OMS
GIS

Concerns of Cyber Security

22-Feb-2012 3
 -: Need of Data Sharing :-
-: Increased use of digital information :-
-: Two way flow of information for Power Grid :-

Service
Markets
Providers
Flow of Information

Generation Transmission Distribution Customer

Flow of Electricity

22-Feb-2012 4
Agenda
Concerns with regard to security of power grid
solutions.

Existing standards for system security under a

smart grid environment for System Operator.

Challenges of integrating new technologies

with legacy systems.

Roadmap for technology adoption required for

network security in smart grid environment.

22-Feb-2012 5
 Concerns with regard to security of
power grid solutions.

22-Feb-2012 6
 Cyber Security in Power Grid
Requirements Threats
Unauthorised
Integrity Modification or Theft
of Infomation

Denial of Service or
Availability Prevention of
Authorised Access

Unauthorised
Confidentiality access to
Infomation

Non- Accountability: Denial of Action

That took place, or claim of
Repudiation Action that did not take place

22-Feb-2012 7
Concerns
• Current power grid depends on complex network of
computers, software and communication technologies.
• If compromised, have the potential to cause great
damages.
• A cyber attack has the unique in nature that it can be
launched through
– public network
– from a remote location
– Form any where in the world.
– Coordinated to attack many locations

22-Feb-2012 8
More Concerns
• The legacy communication method used for grid
operations also provide potential cyber attack
paths.
• Many cyber vulnerabilities in Supervisory Control
and Data Acquisition (SCADA) System have been
surfaced.
• Level of automation in substations is increasing,
which can lead more cyber security issues.
• Recent study have shown that the deployed
components have significant cyber vulnerabilities.9
22-Feb-2012
Still More Concerns
• Efforts of energy sector to
uncover system vulnerabilities
develop effective countermeasures

have prevented serious damages to electric supply

chain.

• Some of these vulnerabilities are in the process of

being mitigated.
• However, attack on energy control systems have
been successful in many cases.
22-Feb-2012 10
 Existing standards for system security
under a smart grid environment for
system operators.

22-Feb-2012 11
Standards and Framework
• ISO/IEC 27001- Information Security
Management System.
• NERC-CIP Standards - Critical
Infrastructure Protection
Standard.
• NIST IR 7628 – Guidelines for Smart
Grid Cyber Security.
• IEC 62351 Series Security Standards Standards

22-Feb-2012 12
ISO/IEC 27001 - ISMS
• Information Security Management System
Standard.
• Published by International Organization for
Standards and International Electro technical
Commission.
• Information technology -- Security techniques --
Information security management systems --
Requirements.
• Formally specifies a management system that is
intended to bring information security under explicit
management control.
22-Feb-2012 13
NERC – CIP Standards
• Critical infrastructure protection (CIP) is a
concept by North American Reliability Corporation
(NERC).
• Efforts to improve physical and cyber security for
the bulk power system of North America.
• include standards development, compliance
enforcement, assessments of risk and
preparedness
• provide a cyber security framework for the
identification and protection of Critical Cyber
Assets to support reliable operation of the Bulk
22-Feb-2012 14
NERC – CIP Standards Series
CIP-001 Sabotage Reporting
CIP-002 Critical Cyber Asset Identification
CIP-003 Security Management Controls
CIP-004 Personnel & Training
CIP-005 Electronic Security Perimeter(s)
CIP-006 Physical Security of Critical Cyber Assets
CIP-007 Systems Security Management
CIP-008 Incident Reporting and Response Planning
CIP-009 Recovery Plans for Critical Cyber Assets
22-Feb-2012 15
NIST IR-7628 Guidelines for Smart Grid
Cyber Security.
• Advisory guidelines – neither prescriptive
nor mandatory
• Intended to facilitate efforts to develop:-
– A cyber Security Strategy
– Effectively focused on
• Prevention
• Detection
• Response and
• Recovery

22-Feb-2012 16
NIST IR-7628 Guideline
The three-volume reports of Guidelines for Smart
Grid Cyber Security are:-
• Volume 1 - Smart Grid Cyber Security Strategy,
Architecture, and High-Level
Requirements
• Volume 2 - Privacy and the Smart Grid
• Volume 3 - Supportive Analyses and References

Freely available at http://csrc.nist.gov/publications/nistir

22-Feb-2012 17
IEC-62351 Standards
• Communication protocols are one of the most
critical parts of power system operations.
• Communication protocols developed by TR 57
are:-
– IEC 60870-5 – 101, 102, 103, 104
– IEC 60870-6 – TASE.2
– IEC 61850
• These were very specialized, rely on “Security by
Obscenity” – now no longer valid.
22-Feb-2012 18
IEC-62351 Standards Series
• Series provides provides a frame work for security of
existing power system protocols:-
– IEC 62351-1 : Introduction and overview
– IEC 62351-2 : Glossary of Terms
– IEC 62351-3 : Profiles including TCP/IP
– IEC 62351-4 : Profiles including MMS
– IEC 62351-5 : Security for IEC 60870-5 & derivatives
– IEC 62351-6 : Security for 61850 Profiles
– IEC 62351-7 : Management Information Base Requirements
for End-to-End Network Management

22-Feb-2012 19
Correlation between IEC 62351 and Power
System Protocols
IEC 62351-1 : Introduction

IEC 62351-2 : Glossary

IEC
IEC 60870-6
60870-6 TASE.2
TASE.2
IEC 62351-3 : Profiles Including TCP/IP

IEC 62351-7 : MIB for

Network and System
IEC 61850-8-1 MMS
Profiles

Management
IEC 62351-4 : Profiles Including MMS
IEC 60870-5-104 TCP/IP
IEC 62351-5 : IEC 60870-5 &
Derivatives IEC 60870-5-101, 102 and 103

IEC 61850-8-1 GOOSE

IEC 62351-6 : IEC 61850
Profiles

IEC 61850-9-2 Profiles

Source – IEC 62351-

1

22-Feb-2012 20
 Challenges of integrating new
technologies with legacy systems.

22-Feb-2012 21
Legacy System – Silos of Information

GEN1 - Operational Information TOP1 – Operational Information DIST1 - Operational Information

GENx - Operational Information TOPx – Operational Information DISTx – Operational Information

22-Feb-2012 22
Smart System – Sharing of Information
Generation Transmission Distribution Customers

AMI DSM

System System
Operations Operations
22-Feb-2012 23
Challenges in Integrating
Increasing New 2-Way
Interconnection Systems
and Integration (e.g. AMI, DSM)

Increasing Use of New Customer

COTS Hardware Touch Points into
and Software Utilities

Control Systems Increasing Number

Not Designed with Of Systems and
Security in Mind Size of Code Base

Increased Attack Surface

Increased Risk to Operations

22-Feb-2012 24
Some Solutions

• Air gap between legacy and new system.

– Sharing of information through batch transfer.
– Not possible in real tim emode.
• Publish/Subscribe technology between legacy
system and new system.
– Information can only be shared if the source system
publishes it.
• Use of Data-diode technolgy.

22-Feb-2012 25
 Challenges of integrating new
technologies with legacy systems.

22-Feb-2012 26
Barriers
• Cyber threats are unpredictable and evolve faster
than the sector’s ability to develop and deploy
countermeasures
• Security upgrades to legacy systems are limited by
inherent limitations of the equipment and
architectures
• Threat, vulnerability, incident, and mitigation
information sharing is insufficient among
government and industry
• Weak business case for cyber security investment
by industry
22-Feb-2012 27
Strategies
• Build a culture of security.
• Access and Monitor Risks.
• Develop and Implement New Protective Measures
to reduce Risks.
• Manage Incidence.
• Sustain Security Improvements.

22-Feb-2012 28
Road Map for Security of Smart Grid
• Information Security Management System have
been adopted by each regional load dispatch
center.
• Each RLDC has been certified by International
Certifying Body (BSI) for ISO 27001:2005.
• SCADA system up gradation is being done with:-
– Adoption of IEC 62351 security standards.
– Secure connection between SCADA network and
Enterprise network for cyber security.
– Access control for physical security.
22-Feb-2012 29
22-Feb-2012 30