Cyber Security in Implementing Modern Grid Automation Systems Vijayan SR CIGRE SC D2 Tutorials & Colloquium on SMART GRID Mysore, 13 – 15 November 2013.

Cyber Security in Implementing Modern Grid Automation Systems

Vijayan SR

CIGRE SC D2 Tutorials & Colloquium on

SMART GRIDMysore, 13 – 15 November 2013

Agenda

Introduction

Why Cyber Security ?

Cyber Security Architectures, Features and Solutions

An Overview of Cyber Security Standards

Key Take Away/Summary

April 18, 2023 | Slide 2© ABB Group

Agenda

Introduction

Why Cyber Security ?

Cyber Security Architectures, Features and Solutions

An Overview of Cyber Security Standards

Key Take Away/Summary

April 18, 2023 | Slide 3© ABB Group

© ABB Group April 18, 2023 | Slide 4

Introduction

TR

AD

ITIO

NA

L G

RID

INTER-CONNECTED GRID

Hierarchical

Top to bottom approach

Inter-Connected

Injections at various points (DERs)

Customer inclusive

© ABB Group April 18, 2023 | Slide 5

Enhanced Automation

Phasor Measurement and Wide Area Monitoring

Stability Analysis

IP based communications:

- IEC 61850 based SA systems

- IEC 104 based communication to control systems

Demand Side Management and Demand Response

Asset Management/Asset Health Monitoring

Management Tools

Integration of different systems (OT – IT integration)

– SCADA, OMS, GIS, Asset Mgmt etc.

© ABB Group April 18, 2023 | Slide 6

Evolution of Substation Automation Systems

© ABB Group April 18, 2023 | Slide 7

Conventional v/s Modern SCADA systems

Conventional SCADA Systems Modern SCADA SystemsHigh Sophisticated System (Touch Me Not !!!) Every utility feels the necessity (No more a

Luxury)

No Remote Operations Possibilities for Remote operations

Closed network Remote Monitoring, including corporate and external networks

Minimal / No external integrations Increasing integration between various systems within and outside the organization

Communications based on Serial Interfaces IP based communications including the field sub-devices

Hierarchical communication between control center, field devices

Data / Information exchanges at different levels

Hierarchical Grid Connectivity to Inter Connected Grid

Agenda

Introduction

Why Cyber Security ?

Cyber Security Architectures, Features and Solutions

An Overview of Cyber Security Standards

Key Take Away/Summary

April 18, 2023 | Slide 8© ABB Group

© ABB Group April 18, 2023 | Slide 9

Why is Cyber Security an issue?

Cyber security has become an issue by introducing Ethernet (TCP/IP) based communication protocols to industrial automation and control systems. e.g. IEC60870-5-104, DNP 3.0 via TCP/IP or IEC61850

Connections to and from external networks (e.g. office intranet) to industrial automation and control systems have opened systems and can be misused for cyber attacks…….

……..the interface sometimes is not in utilities control

Implementing Smart Grid Technologies to improve operational efficiencies

Cyber attacks on industrial automation and control systems are real and increasing, leading to large financial losses

© ABB Group April 18, 2023 | Slide 10

Why is Cyber Security an issue?Threats & Vulnerabilities

Grid Security

Operation Sabotages

Data Security(Database & Communication)

CommunicationInterference

© ABB Group April 18, 2023 | Slide 11

Cyber Security

Cyber Security - Main Objectives

Preventing the unauthorized access to information

Preventing the unauthorized modification or theft of information

Preventing the denial of service

Preventing the denial of an action that took place or the claim of an action that did not take place

Agenda

Introduction

Why Cyber Security ?

Cyber Security Architectures, Features and Solutions

An Overview of Cyber Security Standards

Key Take Away/Summary

April 18, 2023 | Slide 12© ABB Group

April 18, 2023 | Slide 13© ABB Group

Cyber Security – Solution Overview

April 18, 2023 | Slide 14© ABB Group

Cyber Security – Solution Overview

April 18, 2023 | Slide 15© ABB Group

Cyber Security – Mitigation Techniques

Hardening

Insure all hosts run at a minimum level. Only mission critical software, services, ports and devices are allowed.

Access Control

Strong authentication and Role Based Access Control (RBAC) is a natural requirement in any security architecture, but is never stronger than the implementation.

Intrusion Detection/Prevention

Deploy sensors or agents on all hosts, perform log management of all devices, and use security information and event management (SIEM) to detect and possibly respond to anomalies in the system.

Patch Management

Processes and technology to insure that all available security updates that are verified not to interfere with

system operation are installed in all hosts.

April 18, 2023 | Slide 16© ABB Group

Cyber Security – Mitigation Techniques (Cont’d)

Anti-Virus

Employs blacklist, heuristic, and behavioral detection and prevention of malware. Application Whitelisting

Only allows pre-approved software to execute. Less intrusive than Anti-Virus.

Traffic Whitelisting

Only accepts pre-approved traffic through stateful and deep packet inspection.

April 18, 2023 | Slide 17© ABB Group

Cyber Security – Mitigation TechniquesNetwork Partitioning Example

Network Partitioning: Insure cyber assets are isolated, categorized by criticality, external interfaces and physical location.

Agenda

Introduction

Why Cyber Security ?

Cyber Security Architectures, Features and Solutions

An Overview of Cyber Security Standards

Key Take Away/Summary

April 18, 2023 | Slide 18© ABB Group

© ABB Group April 18, 2023 | Slide 19

Cyber Security for Substation Automation Key Cyber-Security initiatives

Standard Main Focus StatusNIST SGIP-CSWG Smart Grid Interoperability Panel – Cyber Security

Working GroupOn-going *

NERC CIP NERC CIP Cyber Security regulation for North American power utilities

Released, On-going *

IEC 62351 Data and Communications Security Partly released, On-going *

IEEE PSRC/H13 & SUB/C10

Cyber Security Requirements for Substation Automation, Protection and Control Systems

On-going*

IEEE 1686 IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities

Finalized

ISA S99 Industrial Automation and Control System Security Partly released, On-going *

© ABB Group April 18, 2023 | Slide 20

Graphical representation of scope and completeness of selected standards

*) source DTS IEC 62351-10 10: Security architecture guidelines

Cyber Security for Substation Automation Standards and their scope

© ABB Group April 18, 2023 | Slide 21

Cyber Security for Substation Automation Relevant standards – NERC-CIP

CIP 002 - Critical Cyber Asset IdentificationCIP 003 - Security Management ControlsCIP 004 - Personnel and TrainingCIP 005 - Electronic Security Perimeter(s)CIP 006 - Physical Security of Critical Cyber AssetsCIP 007 - Systems Security ManagementCIP 008 - Incident Reporting and Response PlanningCIP 009 - Recovery Plans for Critical Cyber Asset

The North American Electric Reliability Corporation (NERC), provides for critical infrastructure protection (NERC CIP).

© ABB Group April 18, 2023 | Slide 22

Cyber Security for Substation Automation Relevant standards – IEC62351

Explanation Information security for power system control operations. Security standards for IEC TC 57 defined protocols, specifically the IEC

60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series.

Status Some part approved as

Ed1 but not compatible with new draft of Ed2

Recommendation Wait until standard is

fully approved

© ABB Group April 18, 2023 | Slide 23

Cyber Security for Substation Automation Relevant standards – IEEE1686

Explanation IEEE Standard for Substation Intelligent Electronic Devices (IEDs)

Cyber Security Capabilities The standard defines the functions and features to be provided in

substation intelligent electronic devices (IEDs) to accommodate critical infrastructure protection (CIP) programs. The standard addresses security regarding the access, operation, configuration, firmware revision, and data retrieval from an IED.

Status Approved since 2008

Agenda

Introduction

Why Cyber Security ?

Cyber Security Architectures, Features and Solutions

An Overview of Cyber Security Standards

Key Take Away/Summary

April 18, 2023 | Slide 24© ABB Group

April 18, 2023 | Slide 25© ABB Group

Key Take Away

Protect, Detect and Respond

The implementation should be able to minimize the attack surface, detect possible attacks and respond in an appropriate manner to minimize the impacts

Defense in Depth

No single security measure itself is foolproof as vulnerabilities and weaknesses could be identified at any time. In order to reduce these risks, implementing multiple protections in series avoids single point of failure.

Technical, Procedural and Managerial measures

Technology is insufficient on its own to provide robust protection. Cyber security policies and processes must be implemented in the organization to best be able to assess and mitigate the risks and respond to incidents.

Implementing solutions around cyber security has to be a continuous process. It’s not only important to protect a system from the current vulnerabilities, but is also equally important to have mechanisms (technical and process) in place to quickly detect and effectively react to any incidents and isolate security breaches.

© ABB Group April 18, 2023 | Slide 27

Enterprise Application and Data Integration

Communication Infrastructure

Bidding & Scheduling

Planning & Forecasting

Trading & Contracts

Resource Dispatch

Settlements

Power Procurement & Market Ops.

SCADA

EMS DMS

DSM

Ops .Planning

T&D Operations

OMSGIS

Dist. Mgmt.

MDMS CIS Call Center

Billing

Customer Services

System Planning

Maint. Mgmt.

Asset Mgmt.

T&D Planning & EngineeringExecutive Dashboard

Inter-Connected Systems

© ABB Group April 18, 2023 | Slide 28

Smart Grid Systems