02 ibm security for smart grids

© 2009 IBM Corporation

IBM End-to-End Security for Smart Grids

1


Più energia alla Sicurezza1 Dicembre, 2010



2

Electric Meters

In-Home displays

Personal Computers

Load Control Devices

Smart Appliances

Handheld Data DevicesGas Meters

Water Meters

Electric Vehicles Outlets

Solar Panels

Reclosers

Condition Sensors

Voltage Controllers

Switches

Substation & Grid Devices

Smart Meters

In-home Devices

Ruggedised Laptops

Mobile Devices

Distributed Resources

Cell Phones

Wind Turbines

Home Area Network

Neighborhood Network

Access Network

Backhaul Network

Extranet

Office Network

1. Smart, Connected Devices

2. Integrated Communication Networks

3. System Integration Platform

4. Applications & Analytics

Servers

EMS

System and Network Management

DMS

MDMS

Meter Data Collection

Load Control

GISNetwork Analytics

OMSAsset Management

CIS

CallManagement

Storage and Backup

Business Process Management

Computing Infrastructure

Application Integration

WMS

CHP

Systems Management

Security Management

Messaging & Web Services

Instrumented

Interconnected

Intelligent 5. Presentation Employee Portal/Dashboard

Field Employee Mobile Devices

Display Device

Interface

Customer Mobile Devices

Customer Web

Paper Bills

Energy Storage

What is involved in a smarter energy infrastructure?



333

A smart grid needs security enforcement at multiple points

11

Meter to Collection Engine

Substation Remote Monitoring equipment

Distributed Control systems and SCADA

Advanced metering control and data management system

Meter Concentrator

Web Services

Web Services

Distributed Generation

Home Area NetworksMeter

Utility

Utility Data Link

IP addressability and use of open standard protocols for the control grid necessitates it to be securely protected at multiple points

Pike Research forecasts smart grid cyber security sector will increase from $1.2 billion in 2009 to $3.7 billion by 2015



4

Security Concerns in a Smart Grid

• Metering Data Access Control• Privacy of Customer PII data• Audit/Compliance of policy

changes• Data Integrity• Multi-tenant access to gas/ water

data• Third party service provider access

to data for energy management• Log user activity and operations• Compliance Reporting

• Control Network Segregation• Communications Security • Integrity of command-n-control

between MTU-RTU, MTU-PLC and HMI applications.

• Cryptographic Key management • Adequate authentication strength• Hardened platforms in control room• Secure Provisioning for embedded

systems• Access Control Policy• Identity management for SCADA HMI• Physical security linked with Cyber

Security• NERC-CIP Compliance

• Managing trust across domains• Managing username /

passwords/ certification for third party service providers, contract workers

• NERC-CIP* compliance

NERC = North American Electric Reliability CouncilCIP= Critical Infrastructure Protection

•or equivalents like CPNI, ENISA•ENISA European Network and Information Security Agency

• Meter Data Integrity• Secure Meter

Provisioning• Meter Tampering• Secure Home Area

Network



5

Information Sharing Components in a Smart Grid

Source: NIST Smart Grid Framework 1.0NIST = National Institute of Standard & TechnologyColored lines denote domain changes



6

Utilities have lots of legacy and new software to secure



7

Some widespread vulnerability types in software

Buffer overflows

Format string vulnerabilities

Race conditions

Resource leaks

Input/ Output validation and encoding errors

SQL injection Cross-site scripting Cross-site request

forgery OS injection

Error handling and logging

vulnerabilities Insecure error handling Insecure or inadequate

logging Native code loading Data storage vulnerability

Insecure Components Malicious Code Unsafe native methods Unsupported methods Custom Cookies/ hidden

fields

Cryptography Network communication Application configuration Access control Database and file system use Dynamic code Access control and

authentication errors

Coding MistakesCoding Mistakes Configuration, Policy and Design FlawsConfiguration, Policy and Design Flaws



8

Many factors shape the degree and nature of the risk; there are multiple scenarios to plan for

External Threat

Insider Threat

Inadvertent Deliberate

Malware Denial of service Sophisticated,

organized attacks

Natural disasters Economic

upheaval

Unpatched systems Code vulnerability Lack of change

control Human errors

Developer-created back door

Information theft Insider fraud

Stuxnet

Wikileaks



9

Technical knowledge required for cyber attacks

Source: PlantData Technologies



10

Potential Impact of a Breach to Power Control Systems Could Be Severe

Personal injury Serious disruption to national critical

infrastructure Loss of system availability Process interruption Equipment damage Asset mis-configuration Data Loss Penalties resulting from regulatory

violations Loss of public trust



11

Dependency matrix of critical infrastructures(source Terna)



12

PAST HARD-WIRED CONTROL

PRESENTSCADA / RF ENABLED

NEAR FUTURESMART GRID / RF PERVASIVE

Financial pressure to reduce staffing;

Computerization and RF control become common

Project excellence not always followed by outstanding security operations

SCADA hacking can cause damage to neighborhoods and equipment

Uncertain regulatory, audit, and liability landscape

Control inside-the-home of all appliances

Wide use of 802.x, ZigBee, X10 methodologies

Uncertain Software Provenance, Packages

Increased organized crime / terrorist focus

Potential for damage to, and “net” theft by everyone

Revenue/Risk asymmetry for each customer

RF transition to IP and Windows “Monoculture”

Increased public and regulatory scrutiny

Most controls are “hard wired” AND require manual intervention

Lesser public availability of RF devices

Little capability for damage to or financial benefit from RF attacks

Cost-plus charging – “If we need it, we’ll do it! If we can’t do it, we’ll buy it!”

Clear regulatory and financial landscape

Evolution of Electric Utility Risks



13

Our Lessons Learned from the Cyber Security Front

Focus points Perimeter defense alone is probably not enough RF devices require additional security

consideration It is not just keeping the ‘bad guys’ out, it is

making the internal systems less vulnerable Points of View

Security is risk management- thus it is a business problem, not just a technical problem

Security overlaps reliability Security is part of the phase one design Projects have schedules and budgets – hackers

have no such constraints – thus periodic testing is required

Do not overlook physical security and think only of cyber

Technology Implications Some IP enabled devices can benefit

from IT systems methods Correlating suspicious activity from all

inputs is part of the detection methodology

Chain rule – security is only as strong as its weakest link

Aspects of security involve privacy issues If it has a computer in it, then the security

of it must be evaluated Platforms must be secure too, not just

components

If we know we can't practically defend against Stuxnet or its spawn, what is our approach? Giving up is not an option.

"Roll with the punch" may end up being a viable strategy. How could we design control systems, or other IT environments for that matter, to be resilient enough to take a potential

knock out punch and yet be able to come back up swinging?In the end, can we optimize our investment by planning to take the punch rather

than futilely hiding from it?



14

Gartner research: “Evolving Cybersecurity Issues in the Utility Industry” 20/08/2010

“Utilities need to assess the risks and make good decisions over which controls are reasonable and appropriate for their situation”



15

Enterprise IT systems are increasingly becoming integrated with a broader set of operational technologies (OT). IT and OT will continue to become more entwined in terms of both technology and management

Source: Gartner Market Insight: Utilities Industry Primer, 2010 19 August 2010



16

IBM Research for Smarter Energy leverages three approaches to add value to our clients.

Solution-driven strategy

Smart grid enablement

Intelligent buildings and green data centers

Photovoltaics (PV)

Battery storage for electric vehicle (EV)

Chip and server systems power management

Joint research and pilots

Regional demonstrations

National labs

Universities

Industry and client partners, technology consortia

Smart grids, batteries, plug-In vehicles

Committees and standards

Department of Energy GridWise Architecture Council

National Institute of Standards and Technology (NIST) smart grid working groups

International Organization ISO1, IEC2, IEEE3



17

IBM is driving industry transformation through its active leadership in

key industry organizations.

Chair, GridWise Alliance

Chair, GridWise Architecture Council

Chair-Elect, Architecture Committee for NIST1 Smart Grid Interoperability Panel

Member, US DOE2 Electricity Advisory Committee

Sub-committee Chair, Smart Grid, Electricity Advisory Committee

Member, IEC3 Technical Committee 8 on System Issues in Electric Grid

Member, ISO4/IEC JTC5 1/SC 25 Working Group

Member, IEC 57 Working Group 8 on Distribution Management

Chair-Elect, IEC 61968 Part 6 Standards Stream

Vice Chairman, World Energy Council Interconnectivity Working Group

Member, UCA6 International Users Group including OpenHAN, OpenAMI, Common Information Model and IEC61850

Member, OASIS7 Energy Management Information Exchange and Energy Interoperation Technical Committees

NIST8

GridWise Architecture Council

GridWise

Electricity Advisory Committee

UCAInternational Users Group

ISO

IEC

World Energy Council Interconnectivity Working Group

OASIS9

IEEE11UTC10



18* Items that help meet NERC-CIP requirements

Worldwide standards equivalent to NERC-CIPUK: The Center for Protection of National Infrastructure: http://www.cpni.gov.uk/ EU: European Network and Information Security Agency: http://www.enisa.europa.eu/pages/About_ENISA.htm

What E&U Companies need for Smart Grid Security - a check list

Products and processes that address NERC-CIP requirements* Standards based Industry Framework approach

NERC-CIP compliance report generation tools* Consulting tailored for E&U industry Policy management at the business, architectural and operational levels*

Trusted platforms and networks Secure operating environments for Embedded Systems & Intelligent Devices High performance hardware cryptographic modules

Intrusion detection & protection systems for preemptive threat mitigation* Network, Application & Data security SW products*

supported by research meet independent certifications

Application Security Vulnerability Testing tools*

Periodic Penetration Testing Identity & Access Management Managed Security services to help monitor and remedy networks Research teams that study and publish emerging threats and exploits

Command centers for event management and control* Critical Cyber Asset identification and management tools* Security Incident & Problem Management process automation*



19

IBM has extensive experience in Smart Grid security issues and solutions Application of procedures and practices involving system design, testing,

deployment, operations and decommissioning; full life-cycle Cyber security risks identified at each stage of the system deployment lifecycle

(engineering life-cycle) Cyber security criteria used for vendor and device selection Cyber security control strategies How components (hardware and software) and the installed system will be tested Test the effectiveness of cyber security measures Descriptions of residual cyber security risks Methodology(ies) used to identify cyber security risks and the outputs from those

assessments Relevant cyber security standards and best practices Descriptions of how relevant cyber security standards will be utilized at both the

technology level and the management Descriptions of how the project will support/adopt/implement emerging smart grid

security standards Descriptions of the capabilities of the component and/or system to be updated to

meet future security requirements



20

IBM’s portfolio consists of a multi-phase approach for a full Smart Grid life-cycle cyber security solution that includes design and implementation services

Define the Smart Grid Security Strategy and Roadmap Define the Smart Grid Security Architecture Framework Conduct Smart Grid Risk Assessment Create the Identity Management Solution Design Create the Access Management Solution Design Create the Governance, Risk, and Compliance (GRC) Management

Solution Design Create the Message Digests Solution Design Create the Security Policy Management Solution Design Create the User Registry Solution Design for SOA Create Smart Grid Security Penetration and Vulnerability Test Plan Conduct Smart Grid Penetration Testing



21

IBM Support for NERC-CIP standardCIP Directive

NERC Objectives Related IBM Security Framework Components

Current IBM Product and Service Offerings that address NERC-CIP Directive Objectives

CIP-001 Sabotage Reporting Security Governance, Risk Management, and Compliance Event Handling

Tivoli Service Request Manager IBM Configuration Management Database Tivoli Security Information and Event Manager

CIP-002 Identification and Documentation of Critical Cyber Assets Identification of Authorized Utility/Grid participants

Process, Security Governance, Risk Management, and Compliance People & Identity

IBM Tivoli Application Discovery and Dependency Manager IBM Tivoli Asset Management for IT IBM Configuration Management Database IBM FileNet Content Manager Rational Method Composer IBM Trusted Identity framework Tivoli Identity Manager Tivoli Access Manager

CIP-003 Security Management Controls

Network, Server and Endpoint Application and Process, Data and Information Tivoli Professional Security Services

Tivoli Security Policy Manager IBM Rational Appscan Tivoli Access Manager for Operating Systems IBM Tivoli Access Manager for Enterprise Single Sign-On Tivoli Federated Identity Manager IBM WebSphere DataPower Tivoli Access Manager for e-Business Tivoli Key Lifecycle Manager IBM Change and Configuration Manager

CIP-004 Personnel & Training People and Identity IBM WebSphere Process Server Tivoli Identity Manager Tivoli Directory Server Tivoli Directory Integrator

CIP-005 Electronic Security Perimeter

Network, Server and Endpoint and Professional Security Services

IBM ISS Proventia Intrusion Detection System IBM ISS Proventia Anomaly Detection System IBM ISS Global X-Force(Penetration Testing Services)

CIP-006 Physical Security of Critical Cyber Assets

Physical Infrastructure IBM Physical Security Services IPSecurityCenter™

CIP-007 Systems Security Management

Security Governance, Network, Server and Endpoint Application and Process, Data and Information

Tivoli Provisioning Manager Tivoli Security Compliance Manager Tivoli Identity Manager IBM Rational Appscan Tivoli Security Information and Event Manager Tivoli zSecure

CIP-008 Incident Reporting and Response Planning

Common Policy, Event Handling Tivoli Service Request Manager IBM Configuration and Change Management Database

CIP-009 Recovery Plans for Critical Cyber Assets

Security Governance, Risk Management, and Compliance

Tivoli Asset Manager for IT IBM Maximo Asset Management for Utilities IBMTivoli Application Discovery and Dependency Manager



22

02 ibm security for smart grids

Documents