Cyber Security of Smart Grid Systems

Slides:

Advertisements

Similar presentations

VSE Corporation Proprietary Information

Advertisements

1 Grid Modernization – A Strategic Imperative for 2050 Advanced Energy Conference May 1, 2013 By Carl Imhoff Electric Infrastructure Sector Manager Pacific.

Smart Grid Primer Funded by the U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability Energy Bar Association – Primer for Lawyers.

Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid Projects Andrew Bui.

Secure and Trustworthy Cyberspace (SaTC) Program Sam Weber Program Director March 2012.

Update to AABE on DOE Smart Grid Investment Grants and Smart Grid Regional Demonstrations Christopher Irwin Smart Grid Standards and Interoperability Coordinator.

Smart The Grid Plenary Panel: Smart Grid Interim Roadmap Draft and Processes Joe Hughes, EPRI Erich Gunther, Enernex Frances Cleveland, Xanthus Consulting.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

Smart Grid Cyber Security Framework

By Lauren Felton. The electric grid delivers electricity from points of generation to consumers, and the electricity delivery network functions via two.

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

Copyright (c) 2008, All Rights Reserved. Iowa State University G. Manimaran & Chen-Ching LiuCPS-Energy Workshop-2009Page  1 SCADA control network.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

What is Smart Grid/Metering for electric distribution? Should they be implemented in the US? Presented by: Jeffrey Grodzki, April Romanishan, Cameron Hinkel,

Jeju, 13 – 16 May 2013Standards for Shared ICT HIS – Smart Grid Karen Bartleson, President, IEEE Standards Association Document No: GSC17-PLEN-72 Source:

SMART GRID: What is it? Opportunities, and Challenges

Cybersecurity of Smart Grid Systems Dr. Vittal S. Rao Electrical and Computer Engineering Texas Tech University November 8, 2012 NSF-SFS Workshop on Education.

Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

DOE’s Smart Grid R&D Needs Steve Bossart Energy Analyst U.S. Department of Energy National Energy Technology Laboratory Materials Challenges in Alternative.

GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.

Chulalongkorn University Department of Electrical Engineering

ACTION PROPOSAL FOR FLYWHEEL ENERGY TECHNOLOGY Enhance future grid reliability, interoperability, & extreme event protection In 20 years, the flywheel.

Smart Grid Overview Ryan Egidi Integrated Electric Power Systems 11 th Annual SECA Workshop July 27, 2010.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

SEC835 Database and Web application security Information Security Architecture.

Smart Grid APPA Annual Meeting Kiah Harris Burns & McDonnell June 15, 2009.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Lessons Learned in Smart Grid Cyber Security

James Brehm Senior Strategist Compass Intelligence.

Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,

Smart Grid Technologies Damon Dougherty – Industry Manager.

© New York Independent System Operator, Inc. All Rights Reserved. Michael Swider Manager – Research & Development New York Independent System.

11 Canal Center Plaza, Alexandria, VA T F Enterprise Computing Conference (ECC) Workshop Alma R. Cole,

Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.

Smart Grid- An Introduction

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

1 Critical Mission Support Through Energy Security Susan Van Scoyoc Concurrent Technologies Corporation 16 August 2012 Energy Huntsville Meeting Huntsville,

An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

Grid Security and Advancements in Smart Grid Technology Dr. Veronika A. RABL Chair, IEEE-USA Energy Policy Committee Principal, Vision & Results Washington,

CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.

Smart Grid Introduction

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

1 © A. Kwasinski, 2015 Cyber Physical Power Systems Fall 2015 Security.

SMART GRID A smart grid for intelligent energy use. By: Suhani Gupta.

Smart Grid Schneider Electric Javier Orellana

IS3220 Information Technology Infrastructure Security

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

THE NEW GENERATION TRANSMISSION By Ashroo M. Das 6 th sem, EEE & Deepak Kumar 6 th sem, EEE.

Portland State University Smart Grid Class Enabling active consumer participation 20 April 2009 Presentation: History Politics Economics Technology.

Sensing and Measurements Tom King Oak Ridge National Laboratory April 2016.

Chapter 1: Roles and Opportunities for Information Technology in Meeting Sustainability Challenges Helynranta Viola Parkkila Vilma

Surveillance and Security Systems Cyber Security Integration.

Society for Maintenance and Reliability Professionals (SMRP)

Ward Jewell Mladen Kezunovic

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

RESEARCH, EDUCATION, AND TRAINING FOR THE SMART GRID

Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Smart Grid Overview] Date Submitted: [13.

An Urgent National Imperative

Presentation transcript:

Cyber Security of Smart Grid Systems Vittal S. Rao Texas Tech University Vittal.rao@ttu.edu May 1, 2015

Phasor Data Concentrator DFIG Solar Data Inverter Control RTDS Controller RSCAD Wind Data Campus Wind Turbine Solar Battery Storage Utility Grid GTNET PMU GE N60 & D90 plus SEL-421 ABB-REL-670 D400 Substation Gateway Phasor Data Concentrator Visualization Screen in our lab IEC 61850 IEEE C37.118 Cyber Security

Sponsors of Research Projects National Science Foundation Northrop Grumman Corporation American Electric Power Alstom Wind Power Ball Aerospace Corporation

Networked Infrastructure Systems Objectives Infrastructure Systems To develop real-time capabilities to detect, assess, analyze and mitigate cyber threats To enhance resilient dynamics in networked systems for natural or man made disasters. To develop decentralized security for complex systems Smart Grid Energy Systems Oil and Gas Pipeline Systems Critical Manufacturing Systems Intelligent Transportation Systems Military Systems Communication Systems

Background Information Protection of critical physical infrastructure from cyber threats presents different challenges than standard cyber security practices. Conversely, while reliability and fault tolerance are well-developed areas of traditional systems engineering, probabilistic failure models do not suffice to capture the complexity of intelligent adversaries with undetermined capabilities and motives. However, critical physical infrastructure systems offer opportunities for powerful approaches to security, since they include a major physical component that must obey natural laws. It is well known that standard cybersecurity practices developed by the information technology (IT) communities are inadequate to the challenges of networked engineering systems, due to real-time performance and uninterrupted service requirements, direct impact on human health and safety, a large base of vulnerable legacy hardware and software, and the culture gap between the engineering and IT communities.

Background Information (continued) Referring to the fact that physical systems can be modeled using well-understood physical laws, Department of Homeland Security (DHS) Best Practices state that “The deterministic nature of the engineering systems can greatly improve the granularity of the signatures, because rogue or malicious behavior from an attacker may require actions that would be well beyond expected behavior levels.” The active cyber defense of engineering systems can be enhanced using the power of dynamical models of networked systems.

Information Security Key Concepts: The CIA triad (confidentiality, integrity and availability) Risk Management: Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization. Vulnerability: is a weakness that could be used to endanger or cause harm to an informational asset. Threat: is anything (manmade or act of nature) that has the potential to cause harm. Impact: is a loss of availability, integrity, and confidentiality, other losses (lost income, loss of life, loss of real property) Mitigation of Risks: Administrative controls, logical controls, Physical controls 7

Differences IT Security Infrastructure Security Highest priority: Confidentiality Information Assurance Architecture and Design for Security Access Control Network Security Highest priority: Real-time performance Legacy Systems High Availability Dynamic deployment and control of sensors Ability to detect attacks and provide attribution based on physical models

Threats Against Cyber Physical Systems Denial of service (DoS) attacks Attacks against open ports and services Attempt to change device settings Attempt to inject malicious data Attempt to change control settings Attempt to place a man-in-the-middle(MITM) between physical systems.

Cyber Security of Critical Infrastructures Assessment and monitoring of risk Development and integration of protective measures Detection of intrusion and implementation of response strategies Enhancement of security methods

Intro-Efforts for securing SCADA systems IT perspective: “Obscurity Principle”. Control Engineering perspective:“reliability” . Very few researchers have investigated how malicious attacks affect the estimation and control algorithms, and ultimately, how attacks affect the physical world 1. Today such protection relies mainly on standards, recommendations, policies, and suggestions for counter measures [6] 2. the protection of the system against random

Smart Grid Energy Systems Integration of ‘Electrical Infrastructure’ with ‘Intelligence Infrastructure’ Smart Sensors, Protective Relays and Control Devices On-Line Equipment Monitoring Communications Infrastructure New Operating Models and Algorithms Real-Time Simulation and Contingency Analysis Improved Operator Visualization Techniques Interconnection Codes and Standards Cyber Security

Smart Grid Energy Systems Enables Active Consumer Participation Accommodates all Generation and Storage Options Enables New Products, Services, and Markets Provides Power Quality for the Digital Economy Optimize Asset Utilization and Operates Efficiently Anticipates and Responds to System Disturbances (Self-heals) Operates Resiliently Against Attack and Natural Disaster

Reference: Salvatore, et al Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011”

Intrusion Detection Methods Anomaly detection: Statistical models (Discrete Wavelet Transform) Machine learning and data mining techniques Specification-based methods Information-theoretic measures Misuse detection: Rule-based language Abstraction-based intrusion detection State transition analysis tool kit Colored Petri automata

Types of Stealth Attacks Game-Theoretic approaches for addressing following stealth attacks: Surge Attacks Bias Attacks Geometric Attacks

TTU Real Time Simulator DFIG Solar Data Inverter Control RTDS Controller RSCAD Wind Data Campus Wind Turbine Solar Battery Storage Utility Grid GTNET PMU GE N60 & D90 plus SEL-421 ABB-REL-670 D400 Substation Gateway Phasor Data Concentrator Visualization Screen in our lab IEC 61850 IEEE C37.118 Cyber Security

State Estimation Techniques Facilitate accurate and monitoring of operational quantities in dynamical systems. Provide a real time data base of the system and will provide information to analyze contingencies and determine required corrective actions. Broadens the capabilities of SCADA control systems.

Conclusions Emphasis on Cyber Physical Systems Importance of Secure Critical Infrastructure Systems Multidisciplinary Research Approaches Real Time Detection Methods Complex Systems and Big Data (Data Analytics) Significant Shortage of Professionals Academic Programs Development of Test Beds Next Big Thing!! [Internet of Things] THANKS for YOUR ATTENTION