LD&C_SCADA

Security
Smart Grid and Security
,



LD&C_SCADA
Why Secure
Interoperability among six aspects of the electric
power industry
Power generation, transmission and distribution
(all things that are physical)
Command, control and communications
sensing,
collection,
analysis and
interpretation of all source operational data into
information, and
Transfer of such information to facilitate
commerce and
safe and reliable operation of power systems;
Include such things as scheduling and dispatching the
power and control of the whole power system
If Man in middle, impact is slow/local/partial;
Everything auto, impact swift/widespread/total
LD&C_SCADA
IEEE POWER & ENERGY Magzine 2009
LD&C_SCADA
STRUCTURE
o What need to be secured,
o How it can be secured
o Who will secure what and how
o Operational systems which can be facing
cyber vulnerability
o Security System requirement
o Security practices
o Security audit
o Continual Improvement perspective i.e. we
need to plan, build processes to do, check
effectiveness of the two and act for
improvement.
LD&C_SCADA
SECURITY
Firewalls and security zoning
Separation among application
SCADA/EMS
ISR
STOA
Scheduling
Metering and settlement
Web access
Corporate access
Competing Objective
Maintaining Model/values exchange
Single sign on for users v/s individual
application v/s zonal boundaries
LD&C_SCADA
To Secure
Malware
Careless Employees (Password robustness
etc)
Exploited vulnerabilities
Zero-day exploits
Application robustness against known
exploits such as buffers overflow/RPC
LD&C_SCADA
SECURITY
Utility companies Critical-infrastructure custodians
Likely targets of cyber terrorism
Government regulations
Historically DCS/ SCADA/ EMS/ DMS
Protected by proprietary technology
Isolated from enterprise IT
Cost and Skill Issues led to:
Standard operating systems
exposure of internet connectivity
Remote access
Has Exposed these networks to 21st-century cyber threats
LD&C_SCADA
Approach
A holistic approach based on standards of good
practices (e.g., ISO 27002)
to achieve and maintain compliance with the
regulations and applicable standards
Plan-Do-Check-Act
security gap analysis
risk based prioritization of remediation requirements
implementation of controls
periodic assessment of implemented controls
Implementing an information security management
system based upon standard to demonstrate high
standard of security
business partners,
customers, and
regulators
LD&C_SCADA
REGULATION
Discuss regulatory landscape
CERC,
IT Act
List security implications for utilities
Recommended approach for compliance
To achieve
To maintain
Evaluate The Rules
implications
requirements
approach for compliance
LD&C_SCADA
Possible incident scenario
An employee has a company laptop on the internet
at his home office, connected to the control
network through a VPN (Virtual Private Network)
A hacker from overseas infects the laptop with a
virus over the Internet
The virus then propagates over the VPN connection
into the control network and infects another
Windows PC located right in the heart of the
control system
Is this just a hypothetical situation? It couldn't
happen to you? The bad news is that this is a real
incident that actually happened to the water
supply system in Harrisburg, Pennsylvania in 2006
LD&C_SCADA
Communication
General Issues
Complacency
Not a concern since not attacked
Institute a security process/team building
exercise that includes consequence analysis/
ramifications of a successful security attack
Utility do not assess any value to the information
being communicated, except in the case of control
actions Unbundling may change this attitude???
Dial-Up Modem Usage
use of auto-answer modems is of concern
TCP/IP
increasing dependence on TCP/IP as a transport for
critical information ICCP; Exchange; schedule
LD&C_SCADA
Communicationcontd
Some information exchanged (e.g. schedule)
is using the Internet instead of
Intranets. The trend may continue, since
connectivity options using the Internet
represent a low cost option.
security threats
eavesdropping,
spoofing,
denial of service,
Replay
number of people/entities attached
Appropriate security measures should be
deployed based upon an appropriate
consequence analysis
LD&C_SCADA
Internet Connectivity
infrastructure connectivity point to the
Internet needs to be isolated through a
screening router/firewall combination from
the rest of the corporate LAN/Intranet
personnel need to be assigned to audit/
monitor this connectivity for any security
attacks that occur
Given sufficient audit trail, prosecution
of every attacker should be strongly
considered
LD&C_SCADA
FIREWALL
Firewall represent a valid security countermeasure
typically validate a remote connection/ user to
use a given transport -TCP/IP or OSI
make application service requests - FTP, HTTP, RFC-
1006, DNP
Limited to a set of well defined nodes/applications
However, once authenticated and connected,
firewall is not sufficient to enforce
access/service privileges to information on the
destination application
Internet applications e.g. FTP, Telnet - have the
ability to be configured for user authentication
(usually passwords) upon which access privileges
(e.g. read, write, etc.) will be granted.
However, protocols (e.g. DNP/870-5) are inadequate in
this regard
Active work is ongoing to address the issue of
authentication and security within several protocols
by TC 57
LD&C_SCADA
Risks
consequence analysis is unique to each business
entity however Bypassing of controls/ control
security can be rated as highest. Others include
Exposed Trading Functions - analysis of the type
of information conveyed anticipated financial
damages of a successful attack
ICCP - Analysis of the dependency on information
conveyed (Telemetry and calculated data from RLDC
to SLDC etc.) by/to other control centers
Control Center to Substation Communication: The
disruption of a substation communication can cause
problem only if remotely controlled
Metering: All revenue is based upon data acquired
through metering - this may not be an area of
concern given alternate available and mode of data
communication
LD&C_SCADA
Substation
LD&C_SCADA
Control System
Control systems
Distributed Control Systems (DCS),
Programmable Logic Controllers (PLC),
Supervisory Control and Data Acquisition
(SCADA),
Remote Terminal Units (RTUs),
Intelligent Electronic Devices (IEDs)
Designed to be highly reliable and
interoperable
proprietary operating systems in the
control systems often preclude the use of
existing Information Technology (IT)
security
LD&C_SCADA
Vulnerability
Vendors and utilities employ
Remote access
dial-up modem
pc
facilitate maintenance and remote operations
cyber vulnerabilities can result in business-
related or safety/regulatory issues
IT security technology will help with known
Internet threats, but is not designed to secure
control systems
IT is responsible for cyber security but often
does not understand control systems
Control system suppliers understand control
systems, but they are not security experts
LD&C_SCADA
Differences
IT security policies such as ISO-17799 do not
address the unique needs of control systems
Remote access is important for the efficient
operation of control systems
vulnerability assessments and penetration testing
of T&D and generation control systems lead to
successful breach in obtaining unauthorized access
to SCADA and DCS
In the near term, control system security can be
enhanced by a combination of implementing cyber
security procedures and utilizing IT technologies
to protect from traditional IT threats