A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.

Slides:



Advertisements
Similar presentations
An Introduction and Overview Electric Power Research, Engineering and Consulting Why Interoperability? Erich W. Gunther Chairman and CTO.
Advertisements

© 2006 San Diego Gas & Electric Company. All copyright and trademark rights reserved. Microgrid – A Smart Grid Alternative Service Delivery Model? Thomas.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
1 © 2012 Lockheed Martin Corporation, All Rights Reserved Intelligent Microgrid Solutions Efficient, Reliable and Secure Solutions for Today’s Energy Challenges.
Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland
1 Pacific Gas & Electric Company MTS: Evolution of the Electric Distribution System Manho Yeung, Senior Director, System Planning and Reliability PG&E.
Integrating Multiple Microgrids into an Active Network Management System Presented By:Colin Gault, Smarter Grid Solutions Co-Authors:Joe Schatz, Southern.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
10/29/20091 Innovation Partnerhsip Models with the Finance Sector Dept. of Homeland Security Science & Technology Directorate Douglas Maughan, Ph.D. Branch.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Washington DC October 2012 The Role of PEV and PV in the Changing Electric Utility Market Mike Rowand Duke Energy.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Smart Grid Cyber Security Framework
Protocols and the TCP/IP Suite
Disaster Communications System (DCS) Overview for State and Local Governments National Conference on Emergency Communications (NCEC) Panel 5: State and.
By Lauren Felton. The electric grid delivers electricity from points of generation to consumers, and the electricity delivery network functions via two.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
A Survey of Home Energy Management Systems in Future Smart Grid Communications By Muhammad Ishfaq Khan.
© 2011 Infotech Enterprises. All Rights Reserved We deliver Global Engineering Solutions. Efficiently.August 8, 2015 Infotech Service Offerings Rajnish.
SMART GRID: What is it? Opportunities, and Challenges
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Terry Chandler Power Quality Inc, USA Power Quality Thailand LTD Sept /6/20091www.powerquality.org all rights reserve.
2015 World Forum on Energy Regulation May 25, 2015
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Smart Buildings Microgrid Innovations Energy and Construction Best Practices Summit | June 23, 2011.
GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.
ACTION PROPOSAL FOR FLYWHEEL ENERGY TECHNOLOGY Enhance future grid reliability, interoperability, & extreme event protection In 20 years, the flywheel.
Lessons Learned in Smart Grid Cyber Security
James Brehm Senior Strategist Compass Intelligence.
Ch. 1. The Third ICT Wave The Third ICT Wave.
Distributed Real-Time Systems for the Intelligent Power Grid Prof. Vincenzo Liberatore.
FirstEnergy / Jersey Central Power & Light Integrated Distributed Energy Resources (IDER) Joseph Waligorski FirstEnergy Grid-InterOp 2009 Denver, CO November.
Common Information Model and EPRI Smart Grid Research
The Smart Grid Enabling Energy Efficiency and Demand Response Clark W
IT Infrastructure Chap 1: Definition
What is Ubiquity™? ubiquity (noun): the state of being, or seeming to be, everywhere at once Ubiquity™ is a powerful building management system that.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
1 Critical Mission Support Through Energy Security Susan Van Scoyoc Concurrent Technologies Corporation 16 August 2012 Energy Huntsville Meeting Huntsville,
Sandra C Security Advisor Energy Dan B Security Advisor Water
December 2008 Sandia Advanced Microgrid R&D Program Advanced Microgrids – Supporting Use of Renewable, Distributed, and Smart Grid Technologies for Assured.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
IntelliSense.io Beyond the hype - Real World Applications / Solutions of Internet of Things.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Smart Grid Energy Generation Renewable Energy Distributed Generation Transmission & Distribution Load Management Demand Response Electrical Vehicles Charging.
Grid Security and Advancements in Smart Grid Technology Dr. Veronika A. RABL Chair, IEEE-USA Energy Policy Committee Principal, Vision & Results Washington,
CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.
June 17, 2009 Michael W. Howard, Ph.D. Sr. Vice President The Interoperable Smart Grid Evolving.
The Smart Grid: Re-powering America George W. Arnold National Coordinator for Smart Grid Interoperability NIST Gaithersburg, MD April 28, 2010.
CHAPTER 4 PROTOCOLS AND THE TCP/IP SUITE Acknowledgement: The Slides Were Provided By Cory Beard, William Stallings For Their Textbook “Wireless Communication.
© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
Embedded Systems - the Neural Backbone of Society ARTEMIS Industry Association ARTEMIS, from successful R&D to cutting-edge Innovation Rolf Ernst, TU Braunschweig.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Activu-Powered Video Wall Prominently Featured during President Obama’s Visit to the National Cybersecurity and Communications Integration Center On January.
Dr. Vidya Vankayala Director, Grid Modernization (604) Richard Guo
Findings from the DOE-OE Smart Grid Communications Program Meeting Validating the need for enhanced focus on smart grid communications research.
Irvine Smart Grid Demonstration Bob Yinger | Southern California Edison October 27, 2015.
Advancing National Wireless Capability Date: March 22, 2016 Wireless Test Bed & Wireless National User Facility Paul Titus Department Manager, Communications.
Smart City As Unified Multi-tier IoT Solution. Increased Smart City IQ Generation 1: local management systems (e.g. traffic lights synchronization) Generation.
Information Security Policy
Chapter 6: Securing the Cloud
Cybersecurity Framework For Cooperative Utilities
[Person presenting] [Title of event] [Date, Location of the event]
Cybersecurity Framework For Energy Sector
IT Management Services Infrastructure Services
Presentation transcript:

A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory

2 Abstract The Smart Grid is an instance of IoT “Trust and Security” vital to securing our infrastructure NREL has demonstrated end-to-end security using off-the-shelf technology The key: Choosing technology to cover 9 system layers 7 logical layers in the OSI Basic Reference Model 1 semantic layer 1 business layer Tested on NREL’s Distribution Grid Management testbed Results: Highly secure, resistant to penetration testing

3 What technical approach did we take? Built a testbed in NREL ESIF Smart Power Lab with a routed network emulating a typical utility enterprise site, the ISP, 2 substations and field network Integrated the DC Systems RT-SCADA, MatLab Grid Simulator and Field Equipment on the routed network using “power hardware in a loop” architecture Secured access to the enterprise and 2 substation access with firewalls Segmented the network in each site to separate IT, OT and Management functions with firewall policies and restrictive access control lists on the routers Provided network, and file protection against malware proliferation from the Internet or insider threat with in-line blocking appliances for all three targets in the enterprise

4 4 CPSS&R’s DGM Testbed Internet of Things

5 Testbed Security

6 Use Cases Develop 5 use cases utilizing Distribution Grid Management application: – Auto sectionalizing and Restoration (ASR) – Volt-Var Optimization (VVAR) – Demand Response with EV Charging (DR) – PV Smoothing with Storage – Frequency Regulation with Storage Build the distribution system test bed with a DMS, enterprise SCADA, substation automation platform, intelligent electronic devices (RTUs, PLCs, and field sensors), electric storage, electric vehicles and simulated grid with capacitor banks and smart switches 6

7 Solution: 9-Layer Security The secure DGM LDRD provides security at all 9 logical layers of a typical information system (7-layer OSI model + 2 upper layers of Gridwise Architecture Council Stack). Coverage of the 8 vendor products against the 9 layers is shown schematically below.

8 Cyber-Physical Systems Security & Resilience Center Key R&D Thrust Problem Definition o Multiple cybersecurity technologies protecting energy systems today o No standard alarming capability (vendor specific alarms) o Poor situational awareness in the event of a coordinated cyber-attack (siloed data with no correlation capability) CPSS&R R&D Thrust o Develop cybersecurity alarm and performance data integration from multiple vendor technologies o Link integrated alarm data with system configuration data o Perform root cause analysis and develop mitigations for risks in real time o Implement risk mitigations for enhanced security and resilience

9 Project Conclusions Security of power systems is a layered problem with each layer requiring protection (entire GWAC Stack) The technology challenge of securing DGM has been largely solved with off the shelf products today (research is needed in developing integration best practices rather than building new cybersecurity technologies from basic research) The more important matter is sound network design, proper technology integration, strict security policies on routers and firewalls, well defined security patch management processes in the organization and regular employee training on security awareness and defeating social engineering schemes for data exfiltration and insider threat

10 Project Conclusions (Contd.) There is no need to force power systems protocol standards to have all the security controls to protect DGM – systemic level security with third party technologies does a better job of protecting critical infrastructure assets than protocol standards security controls Situational awareness is more robust with multiple viewing perspectives (minimize false positives from monitoring by a single technology) Situational awareness requires security monitoring by third party technologies (not effective within a standard protocol standard security specification)

11 Recommendations Apply project results to secure NREL Energy Systems Integration Facility research data assets, corporate network infrastructure and power systems SCADA Work with DoE, DoD, NIST, etc. to expand the adoption of “lessons learned” from project to develop new “best practices” to secure data assets, corporate network infrastructure and power systems SCADA across US Federal Government facilities Work with utilities, independent power producers, national labs, academia, state and federal agencies, vendors and integrators to establish a new set of empirically based R&D projects (along the lines of this project) to secure critical infrastructure in electric, water, waste water and oil & gas sectors with a combination of public and private sector funding at the national level

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.