Cyber Security in Implementing Modern Grid Automation Systems Vijayan SR CIGRE SC D2 Tutorials & Colloquium on SMART GRID Mysore, 13 – 15 November 2013
Dec 17, 2015
Cyber Security in Implementing Modern Grid Automation Systems
Vijayan SR
CIGRE SC D2 Tutorials & Colloquium on
SMART GRIDMysore, 13 – 15 November 2013
Agenda
Introduction
Why Cyber Security ?
Cyber Security Architectures, Features and Solutions
An Overview of Cyber Security Standards
Key Take Away/Summary
April 18, 2023 | Slide 2© ABB Group
Agenda
Introduction
Why Cyber Security ?
Cyber Security Architectures, Features and Solutions
An Overview of Cyber Security Standards
Key Take Away/Summary
April 18, 2023 | Slide 3© ABB Group
© ABB Group April 18, 2023 | Slide 4
Introduction
TR
AD
ITIO
NA
L G
RID
INTER-CONNECTED GRID
Hierarchical
Top to bottom approach
Inter-Connected
Injections at various points (DERs)
Customer inclusive
© ABB Group April 18, 2023 | Slide 5
Enhanced Automation
Phasor Measurement and Wide Area Monitoring
Stability Analysis
IP based communications:
- IEC 61850 based SA systems
- IEC 104 based communication to control systems
Demand Side Management and Demand Response
Asset Management/Asset Health Monitoring
Management Tools
Integration of different systems (OT – IT integration)
– SCADA, OMS, GIS, Asset Mgmt etc.
© ABB Group April 18, 2023 | Slide 6
Evolution of Substation Automation Systems
© ABB Group April 18, 2023 | Slide 7
Conventional v/s Modern SCADA systems
Conventional SCADA Systems Modern SCADA SystemsHigh Sophisticated System (Touch Me Not !!!) Every utility feels the necessity (No more a
Luxury)
No Remote Operations Possibilities for Remote operations
Closed network Remote Monitoring, including corporate and external networks
Minimal / No external integrations Increasing integration between various systems within and outside the organization
Communications based on Serial Interfaces IP based communications including the field sub-devices
Hierarchical communication between control center, field devices
Data / Information exchanges at different levels
Hierarchical Grid Connectivity to Inter Connected Grid
Agenda
Introduction
Why Cyber Security ?
Cyber Security Architectures, Features and Solutions
An Overview of Cyber Security Standards
Key Take Away/Summary
April 18, 2023 | Slide 8© ABB Group
© ABB Group April 18, 2023 | Slide 9
Why is Cyber Security an issue?
Cyber security has become an issue by introducing Ethernet (TCP/IP) based communication protocols to industrial automation and control systems. e.g. IEC60870-5-104, DNP 3.0 via TCP/IP or IEC61850
Connections to and from external networks (e.g. office intranet) to industrial automation and control systems have opened systems and can be misused for cyber attacks…….
……..the interface sometimes is not in utilities control
Implementing Smart Grid Technologies to improve operational efficiencies
Cyber attacks on industrial automation and control systems are real and increasing, leading to large financial losses
© ABB Group April 18, 2023 | Slide 10
Why is Cyber Security an issue?Threats & Vulnerabilities
Grid Security
Operation Sabotages
Data Security(Database & Communication)
CommunicationInterference
© ABB Group April 18, 2023 | Slide 11
Cyber Security
Cyber Security - Main Objectives
Preventing the unauthorized access to information
Preventing the unauthorized modification or theft of information
Preventing the denial of service
Preventing the denial of an action that took place or the claim of an action that did not take place
Agenda
Introduction
Why Cyber Security ?
Cyber Security Architectures, Features and Solutions
An Overview of Cyber Security Standards
Key Take Away/Summary
April 18, 2023 | Slide 12© ABB Group
April 18, 2023 | Slide 13© ABB Group
Cyber Security – Solution Overview
April 18, 2023 | Slide 14© ABB Group
Cyber Security – Solution Overview
April 18, 2023 | Slide 15© ABB Group
Cyber Security – Mitigation Techniques
Hardening
Insure all hosts run at a minimum level. Only mission critical software, services, ports and devices are allowed.
Access Control
Strong authentication and Role Based Access Control (RBAC) is a natural requirement in any security architecture, but is never stronger than the implementation.
Intrusion Detection/Prevention
Deploy sensors or agents on all hosts, perform log management of all devices, and use security information and event management (SIEM) to detect and possibly respond to anomalies in the system.
Patch Management
Processes and technology to insure that all available security updates that are verified not to interfere with
system operation are installed in all hosts.
April 18, 2023 | Slide 16© ABB Group
Cyber Security – Mitigation Techniques (Cont’d)
Anti-Virus
Employs blacklist, heuristic, and behavioral detection and prevention of malware. Application Whitelisting
Only allows pre-approved software to execute. Less intrusive than Anti-Virus.
Traffic Whitelisting
Only accepts pre-approved traffic through stateful and deep packet inspection.
April 18, 2023 | Slide 17© ABB Group
Cyber Security – Mitigation TechniquesNetwork Partitioning Example
Network Partitioning: Insure cyber assets are isolated, categorized by criticality, external interfaces and physical location.
Agenda
Introduction
Why Cyber Security ?
Cyber Security Architectures, Features and Solutions
An Overview of Cyber Security Standards
Key Take Away/Summary
April 18, 2023 | Slide 18© ABB Group
© ABB Group April 18, 2023 | Slide 19
Cyber Security for Substation Automation Key Cyber-Security initiatives
Standard Main Focus StatusNIST SGIP-CSWG Smart Grid Interoperability Panel – Cyber Security
Working GroupOn-going *
NERC CIP NERC CIP Cyber Security regulation for North American power utilities
Released, On-going *
IEC 62351 Data and Communications Security Partly released, On-going *
IEEE PSRC/H13 & SUB/C10
Cyber Security Requirements for Substation Automation, Protection and Control Systems
On-going*
IEEE 1686 IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities
Finalized
ISA S99 Industrial Automation and Control System Security Partly released, On-going *
© ABB Group April 18, 2023 | Slide 20
Graphical representation of scope and completeness of selected standards
*) source DTS IEC 62351-10 10: Security architecture guidelines
Cyber Security for Substation Automation Standards and their scope
© ABB Group April 18, 2023 | Slide 21
Cyber Security for Substation Automation Relevant standards – NERC-CIP
CIP 002 - Critical Cyber Asset IdentificationCIP 003 - Security Management ControlsCIP 004 - Personnel and TrainingCIP 005 - Electronic Security Perimeter(s)CIP 006 - Physical Security of Critical Cyber AssetsCIP 007 - Systems Security ManagementCIP 008 - Incident Reporting and Response PlanningCIP 009 - Recovery Plans for Critical Cyber Asset
The North American Electric Reliability Corporation (NERC), provides for critical infrastructure protection (NERC CIP).
© ABB Group April 18, 2023 | Slide 22
Cyber Security for Substation Automation Relevant standards – IEC62351
Explanation Information security for power system control operations. Security standards for IEC TC 57 defined protocols, specifically the IEC
60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series.
Status Some part approved as
Ed1 but not compatible with new draft of Ed2
Recommendation Wait until standard is
fully approved
© ABB Group April 18, 2023 | Slide 23
Cyber Security for Substation Automation Relevant standards – IEEE1686
Explanation IEEE Standard for Substation Intelligent Electronic Devices (IEDs)
Cyber Security Capabilities The standard defines the functions and features to be provided in
substation intelligent electronic devices (IEDs) to accommodate critical infrastructure protection (CIP) programs. The standard addresses security regarding the access, operation, configuration, firmware revision, and data retrieval from an IED.
Status Approved since 2008
Agenda
Introduction
Why Cyber Security ?
Cyber Security Architectures, Features and Solutions
An Overview of Cyber Security Standards
Key Take Away/Summary
April 18, 2023 | Slide 24© ABB Group
April 18, 2023 | Slide 25© ABB Group
Key Take Away
Protect, Detect and Respond
The implementation should be able to minimize the attack surface, detect possible attacks and respond in an appropriate manner to minimize the impacts
Defense in Depth
No single security measure itself is foolproof as vulnerabilities and weaknesses could be identified at any time. In order to reduce these risks, implementing multiple protections in series avoids single point of failure.
Technical, Procedural and Managerial measures
Technology is insufficient on its own to provide robust protection. Cyber security policies and processes must be implemented in the organization to best be able to assess and mitigate the risks and respond to incidents.
Implementing solutions around cyber security has to be a continuous process. It’s not only important to protect a system from the current vulnerabilities, but is also equally important to have mechanisms (technical and process) in place to quickly detect and effectively react to any incidents and isolate security breaches.
© ABB Group April 18, 2023 | Slide 27
Enterprise Application and Data Integration
Communication Infrastructure
Bidding & Scheduling
Planning & Forecasting
Trading & Contracts
Resource Dispatch
Settlements
Power Procurement & Market Ops.
SCADA
EMS DMS
DSM
Ops .Planning
T&D Operations
OMSGIS
Dist. Mgmt.
MDMS CIS Call Center
Billing
Customer Services
System Planning
Maint. Mgmt.
Asset Mgmt.
T&D Planning & EngineeringExecutive Dashboard
Inter-Connected Systems
© ABB Group April 18, 2023 | Slide 28
Smart Grid Systems