We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDasia Crossman
Modified over 2 years ago
March 14, 2011 Smart Grid Security/Privacy Overview
- 2 - Copyright © 2011 Deloitte. All rights reserved. Introduction to the Smart Grid
- 3 - Copyright © 2011 Deloitte. All rights reserved. General Characteristics of a Future Smart Grid Elements of a Smart Grid “The Smart Grid is not an altogether ‘new’ grid and infrastructure as much as it is the overlay of a communications network on top of the electric distribution / transmission network and an upgrade of the existing electric delivery system with advanced monitoring sensors, control mechanisms, and some new transmission / distribution circuits to enable improved reliability, improved uptime, improved asset management, improved customer choice, and the integration of distributed generation and storage technologies.” Digital information and controls technology Dynamic grid and resource optimization “Smart technologies” (real-time, automated, and interactive) Demand response, demand-side management and energy efficiency Smart appliances and consumer devices Provision of timely information and control options Standards for appliances and equipment connected to the grid Distributed resources and generation Advanced electricity storage and peak- shaving technologies Electric Network Demand for Electricity Supply of ElectricityConsumers
- 4 - Copyright © 2011 Deloitte. All rights reserved. Getting Smart About the Grid What is Smart Grid? A smart grid updates the traditional electricity grid to enable new capabilities, such as load control. Smart grid adoption includes the replacement of legacy meters with an advanced meter infrastructure, which is enabled through a communication network. Smart grid implementation creates additional security and privacy risks This pervasive and massive deployment of networked components, ranging from thousands of smart meter sensors and other IT-enabled components that captures and stores user data, makes security issues daunting. Smart grid adopters are experiencing many of the same security and privacy issues that were experienced with the adoption of wireless networks and devices. Smart grids use intelligent information exchange systems and equipment that support bidirectional communication of information and electricity
- 5 - Copyright © 2011 Deloitte. All rights reserved. Value Proposition: Improved reliability + security greener and more efficient energy markets Smart Grids allow energy companies to remotely manage their networks (generation, transmission, and distribution), providing the following main benefits: Power reliability and quality (fewer blackouts, cleaner power and self-healing systems) Safety and cyber security benefits (continuous monitoring and response) Energy efficiency benefits (load power control based on real-time demands) Environmental and conservation benefits (fewer greenhouse gases and pollutants) Smart Meters are the key components in providing the aforementioned benefits of a Smart Grid network. Meter sophistication has evolved over the years as new types of Meters have been introduced: Meter Reading: Manual reading meters based on a utility employee physically and locally reading and registering meter status data Automatic Meter Reading (AMR): First-generation of semi-smart, one-way meters Advanced Metering Infrastructure (AMI): Second-generation of truly smart meters with continuous monitoring and two-way communications between Smart Meters and the Central System
- 6 - Copyright © 2011 Deloitte. All rights reserved. Secure Smart Grid Security Issues and Opportunities BUSINESS PROBLEM The adoption of Smart Grid brings communications, services and new capabilities, but also creates new risks to security and privacy Organizations are not effectively positioned to protect critical infrastructure and data Cyber crime is increasing in volume and sophistication; an incident could be catastrophic I dentify security and privacy vulnerabilities through actionable risk- based approach D evelop a security policy and technical architecture compliant with federal mandates I mplement scalable processes and technologies that safe guard each end point R educe the amount of time necessary to detect and address potential threats OPPORTUNITIES
- 7 - Copyright © 2011 Deloitte. All rights reserved. Security and Privacy are not the same thing Massive, new volumes customer information are generated New critical infrastructures are relied upon Information and energy are bidirectional Smart Grid-enabled utilities are telecommunications companies, not just energy providers Customers Transmission & Distribution Utility Operations Metering technology Network operations Smart Meter Endpoints Grid operations Demand-side management Third-party entities Internet service provider Energy service provider Data exchanges Regulatory agencies Information Systems; Billing and reporting Local Powerline Carrier Wide Area Network Renewables Generation Internet EV Wireless Carriers Device Control Data Account Transactions Demand Response Customer Usage Compliance Data Electric Distribution Gas Distribution Water Internet Service Wireless Network DATA CRITICAL INFRASTRUCTURE Distributed Generation Marketing Data PrivacySecurity
- 8 - Copyright © 2011 Deloitte. All rights reserved. Smart Grid enables increased digital information, 2-way communication, and controls technology use to serve consumers, utilities, regulators, shareholders, and 3rd parties Backhaul Back Office – Billing, Control, Data/Info Mgmt, Forecasting Back Haul Advanced Metering Infrastructure
- 9 - Copyright © 2011 Deloitte. All rights reserved. The Smart Grid Threat Landscape
- 10 - Copyright © 2011 Deloitte. All rights reserved. Key Threats and Vulnerabilities
- 11 - Copyright © 2011 Deloitte. All rights reserved. Top Ten Smart Grid Considerations 1. Two Way Communication and Trust Between devices under direct physical control of a utility and devices outside of the utility’s physical control as well as extending trust to those devices that are owned, but not controlled, by a distribution utility 2. Smart Meter Security is an Unknown Quality Proper configuration and deployment to determine the expansion and addition of so many endpoints to the utility’s network does not pose an unacceptable risk Pre-deployment penetration testing by a third-party (not the vendor or utility) will be key to understanding the potential threats introduced when new devices are attached to the utility’s network 3. Understand Customer Privacy of Data Collection Using Smart Meters Understanding what data is collected, and then explaining to the utility’s customers how the data is collected, retained, used, and secured Understanding the obligations and regulatory requirements of customer privacy related to the data collection activities, methods, storage, retention, and other aspects of customer data collection and storage 4. Smart Meter Management Developing scalable and extensible network architectures and management of systems and procedures to support the management of smart meter endpoints on a large scale Development of emergency operations procedures, regular updating and emergency patching of firmware
- 12 - Copyright © 2011 Deloitte. All rights reserved. Top Ten Smart Grid Considerations 5. Smart Meter Network Threat Modeling Understanding how different points on a utility's grid have different levels of vulnerability associated with them, such as ISO interconnections between transmission owners, remote distribution faculties, individual smart grid endpoints on the same data network and Home Area Network Systems Inherent risks of the communications technology used (owned frequency spectrum band may allow a fully-meshed network but with a high cost; existing cell data networks, not fully-meshed but cheaper; PLC communications might be cheaper, but attenuations are a disadvantage) 6. Smart Grid Meter Security Monitoring Understanding how to perform the detection of anomalies such as penetration attempts, unauthorized access, out of profile behaviours of a meter, theft of service attempt, and other similar activities 7. Cost of Adding Security Later to Smart Meter Developments Operational security of the environment is addressed in any deployment using proper methods such as network segregation, access controls, and secure configuration of endpoints Secure development of firmware and communications protocols are used and compared using third parties and proper testing methodologies such as code review automation, ethical hacking, and other similar activities While securing transmission and generation are critical, distribution/demand need to be secured up-front to help control costs
- 13 - Copyright © 2011 Deloitte. All rights reserved. Top Ten Smart Grid Considerations 8. Understanding Regulatory Requirements and Standards of Smart Grid Over 77 pertinent standards for Smart Grid 5 of these standards (NERC, IEEE, AMI System Security Requirements, Utility/AMI Home Area Network System Requirements, and IEC Standards) apply to Smart Grid security 9. Using Existing Security Systems to Secure Smart Grid Deployments Unification of a security landscape viewpoint to provide a single common security management plane Understanding the threats in the demand space holistically and how they potentially relate to transmission and generation 10. Shifting Focus from Preventative Security to Detective Security The success of Stuxnet demonstrates a gap in defective controls While delineation of control and data-acquisition networks are critical, the focus needs to be on detective controls, sensors, and anomaly detection rather than building hard perimeters through firewalls and intrusion prevention systems Create a layered security model, and apply detective techniques in each so-called “interface.” Detect if any attacks reach as far up as the main and core systems
- 14 - Copyright © 2011 Deloitte. All rights reserved. Mitigation Strategies
- 15 - Copyright © 2011 Deloitte. All rights reserved. Implications – Specifications, Standards, and Policy Drive Investment Costs Key Consideration of Leading Security Practices Encryption Layered Defenses R&D Investments Real-time Monitoring Shared Situational Awareness System of Systems Integration Trusted Hardware & Software Communications Head-end Collector COTS/Open Source Systems Focus Area Source: Deloitte Consulting analysis. Smart Meter Device Security Evolving Security Standards
- 16 - Copyright © 2011 Deloitte. All rights reserved. A Smart Grid Risk Assessment uses a zoned-based approach that extends the security perimeter to envelope customers, utilities and third parties. Zone 4Zone 5Zone 6Zone 7Zone 1Zone 2Zone 3 Source: Deloitte Consulting, Lockheed Martin analysis.
- 17 - Copyright © 2011 Deloitte. All rights reserved. Risk Assessment Framework - identify, assess, and mitigate threats / vulnerabilities Assessment Planning Confirm Project Stakeholders, Scope, & Approach Identify Reporting Requirements Establish Definitions Define Analysis Process Establish Risk Scenarios, Impact, Likelihood, Risk Rating, and Risk Tolerance Criteria Project Scoping Analysis Framework Current State Assessment Identify AMI Architecture and Zones Identify Business, Regulatory and Legal Drivers Identify Data Flow And Privacy Analysis Identify Business Assets & Controls within zones Identify Business Asset Criticality & Sensitivity System Characterization Zone Risk Analysis Identify General Control Environment Establish Zone Risk and Tolerance Rating Identify Threat Vulnerabilities Identify and Analyze As-IsZone Controls Identify Likelihood and Impact Establish Zone Risk and Tolerance Rating High-level Risk Analysis Detailedlevel Risk Analysis Risk Response Establish the High-level Control Options for Reducing Risk Recommend Control(s) and Alternative Solutions Identify Areas Where an Immediate Response is Required Establish the Risk Mitigation Preferred Option – Reduce Risk, – Avoid Risk – Accept Risk – Transfer Risk Finalize Control(s) Approach based on Risk Mitigation Option Selected Establish the Residual Risk Rating Risk Mitigation Options Risk Decision Documentation Perform Risk Roll Up and Reporting Develop a High-level Recommendation Roadmap Document and Present Findings and Recommendations to Management Obtain Management Approval Management Reporting ‘’ Line Up Interviews, Request Access to Key Data and Personnel Conduct Kick-Off Collect and Review System and Process Documentation Schedule Specific Testing, Analysis, and Interviews Conduct Interviews Perform Testing – Penetration Testing – Vulnerability Scans – Patch Reviews – App Scans Conduct Reviews of: – Infrastructure – Middleware & Apps – Providers Source: Deloitte & Touche
Copyright © 2011 Deloitte. All rights reserved.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Advanced Metering Infrastructure by: Michael Brandt 1.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch February 4, 2010.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
DOE Analysis Approach Peak demand and electricity consumption March 1, 2012 Office of Electricity Delivery & Energy Reliability.
Smart Grid Schneider Electric Javier Orellana National Training and Development Manager (Industry)
Page 1© 2012 Quanta Technology LLC LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart.
An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.
FirstEnergy / Jersey Central Power & Light Integrated Distributed Energy Resources (IDER) Joseph Waligorski FirstEnergy Grid-InterOp 2009 Denver, CO November.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
World Class Standards Smart Grids ETSI Strategic Topic Philippe Lucas © ETSI All rights reserved ETSI Smart Grid workshop, June 14th 2010.
EMS Checklist (ISO model) EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
© 2010 IBM Corporation Designing, Developing and Implementing a Management System: An Overview April 2010 IBM Corporate Environmental Affairs and Product.
Smart Grid: an Ontario Perspective Brian Hewson, Senior Manager Regulatory Policy Hamilton May 8, 2013.
1 Smart Grid Vision Electric Grid Modernization Steering Committee Grid Facing Technology Subcommittee January 14, 2013.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
The Fully Networked Car Geneva, 3-4 March 2010 Enabling Electric Vehicles Using the Smart Grid George Arnold National Coordinator for Smart Grid Interoperability.
FCC Field Hearing on Energy and the Environment Monday November 30, 2009 MIT Stratton Student Center, Twenty Chimneys Peter Brandien, Vice President System.
June Intelligently Connecting Plug-In Vehicles & the Grid.
Smart Grid PRESENTED BY: ZUBAIR AHMAD
DOE’s Smart Grid R&D Needs Steve Bossart Energy Analyst U.S. Department of Energy National Energy Technology Laboratory Materials Challenges in Alternative.
August 8, 2015ECI Confidential. AccessWave Smart Grid Market Trends& Applications Matthias Nass VP Field Marketing EMEA.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 2 Network Security Basics.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.
ETHICAL HACKING A LICENCE TO HACK. INTRODUCTION Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major.
© Copyright IBM Corporation 2008 Smart Grid Overview US Chamber of Commerce Kieran McLoughlin Smart Grid Solution Leader Global Energy & Utility Industry.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
A smart grid delivers electricity from suppliers to consumers using two-way digital technology to control appliances at consumers' homes to save energy,
EU Commission Task Force for Smart Grids Expert Group 3: Roles and Responsibilities of Actors involved in the Smart Grids Deployment Samia Benrachi-Maassam.
© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.
SEC835 Database and Web application security Information Security Architecture.
Tom Standish Group President & COO Regulated Operations CenterPoint Energy Visions of the Smart Grid: Deconstructing the traditional utility to build the.
DOCUMENT #:GSC15-PLEN-53 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.11 CONTACT(S):Emmanuel Darmois, Board Member Marylin Arndt, TC M2M chair Smart.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Smart Grid Mark Dudzinski August 25, What it is Why $15MM/yr** 58K tons of CO2 reduction Res consumer savings up to 10% Utility Value Example* *Utility.
Interoperability Standards and Next Generation Interconnectivity Pankaj Batra Chief (Engineering) CERC.
Future of Smart Metering Kansas Renewable Energy & Energy Efficiency Conference September 26, 2007.
June 17, 2009 Michael W. Howard, Ph.D. Sr. Vice President The Interoperable Smart Grid Evolving.
© 2017 SlidePlayer.com Inc. All rights reserved.