1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Slides:

Advertisements

Similar presentations

1 Landis+Gyr Confidential Analyst Presentation November 2008`1 Confidential Company Overview & Update DRAFT November 2008 Cyber-Security & Interoperability.

Advertisements

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.

David A. Brown Chief Information Security Officer State of Ohio

Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Cyber Security Working Group March 17, Smart Grid Cyber Security Strategy Establishment of a Cyber Security Coordination Task Group (CSCTG) Established.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Lecture 1: Overview modified from slides of Lawrie Brown.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Smart The Grid Track C Security Session 1 10:50 AM 1.

Agenda Scope of Requirement Security Requirements

Smart Grid Cyber Security Framework

By Lauren Felton. The electric grid delivers electricity from points of generation to consumers, and the electricity delivery network functions via two.

(Geneva, Switzerland, September 2014)

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Jeju, 13 – 16 May 2013Standards for Shared ICT HIS – Smart Grid Karen Bartleson, President, IEEE Standards Association Document No: GSC17-PLEN-72 Source:

Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.

Smart Grid Interoperability Standards George W. Arnold, Eng.Sc.D. National Coordinator for Smart Grid Interoperability National Institute of Standards.

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

SEC835 Database and Web application security Information Security Architecture.

ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Lessons Learned in Smart Grid Cyber Security

Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,

HIPAA COMPLIANCE WITH DELL

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.

Status Report for Critical Infrastructure Protection Advisory Group

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

FCC Field Hearing on Energy and the Environment Monday November 30, 2009 MIT Stratton Student Center, Twenty Chimneys Peter Brandien, Vice President System.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Information Security What is Information Security?

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

Smart Grid Interoperability Standards George W. Arnold, Eng.Sc.D. National Coordinator for Smart Grid Interoperability National Institute of Standards.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.

Chap1: Is there a Security Problem in Computing?.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

DOCUMENT #:GSC15-PLEN-52 FOR:Presentation SOURCE:ATIS AGENDA ITEM:PLEN 6.11 CONTACT(S):Maria Estefania ATIS and.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Computer Science / Risk Management and Risk Assessment Nathan Singleton.

CS457 Introduction to Information Security Systems

ISSeG Integrated Site Security for Grids WP2 - Methodology

Information Technology Sector

Introduction to the Federal Defense Acquisition Regulation

CNET334 - Network Security

Smart Grid Interoperability Standards

Karen Bartleson, President, IEEE Standards Association

Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Smart Grid Overview] Date Submitted: [13.

NERC Cyber Security Standard

AMI Security Roadmap April 13, 2007.

Group Meeting Ming Hong Tsai Date :

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June 17, 2009

2 President’s Cyberspace Policy Review …as the United States deploys new Smart Grid technology, the Federal government must ensure that security standards are developed and adopted to avoid creating unexpected opportunities for adversaries to penetrate these systems or conduct large-scale attacks. 2

3 3 Customer LAN Metering Network Wide Area Network What Interoperability Standards are Needed? Bulk Power Generation Operations Transmission Operations Retail Delivery Operations Consumers Back Office Customer Operations Wholesale Market Operations Distributed Energy Resources ElectricityInformationData Communication Metering Distribution Operations Standards are needed for each of the interfaces shown to support many different smart grid applications. Standards are also needed for data networking and cyber security

4 4 Current Grid Environment…  Limited cyber security controls currently in place  Specified for specific domains – bulk power distribution, metering  Vulnerabilities might allow an attacker to  Penetrate a network,  Gain access to control software, or  Alter load conditions to destabilize the grid in unpredictable ways  Even unintentional errors could result in destabilization of the grid

5 5 Current Grid Environment…(2)  Cyber security must address  Deliberate attacks such as from  Disgruntled employees,  Industrial espionage, and  Terrorists  Inadvertent compromises of the information infrastructure due to  User errors,  Equipment failure, and  Natural disasters

6 Potential Cyber Security Issues  Increasing complexity can introduce vulnerabilities and increase exposure to potential attackers  Interconnected networks can introduce common vulnerabilities  Increasing vulnerability to communication and software disruptions could result in  Denial of service or  Compromise of the integrity of software and systems 6

7 Potential Cyber Security Issues (2)  Increased number of entry points and paths for adversaries to exploit  Potential for compromise of data confidentiality, including the breach of customer privacy 7

8 8 The Way Forward…  The overall cyber security strategy for the Smart Grid must  Address both domain-specific and common risks  Ensure interoperability among the proposed cyber security solutions  With the adoption and implementation of the Smart Grid  The IT and telecommunication sectors will be more directly involved

9 Smart Grid Cyber Security Strategy  Establishment of a cyber security coordination task group (CSCTG)  Over 130 participants  Have established several sub-working groups  Vulnerability Class analysis  Bottom-Up assessment  Use Case analysis  Standards/requirements assessment  Weekly telecon  Separate page on the Smart Grid Twiki 9

10  The strategy…  Selection of use cases with cyber security considerations  Performance of a risk assessment of the Smart Grid, including assessing vulnerabilities, threats and impacts  Development of a security architecture linked to the Smart Grid conceptual architecture  Identification of cyber security requirements and risk mitigation measures to provide adequate protection  The final product  A set of recommended cyber security requirements Smart Grid Cyber Security Strategy (2) 10

11 Low Hanging Fruit Standards  Could have security requirements relevant to one or more aspects of the smart grid  Directly Relevant to Smart Grid  NERC CIP , Cyber Security  IEEE 1686, IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities  AMI-SEC System Security Requirements  OpenHAN SRS  IEC 62351, Power System Control and Associated Communications - Data and Communication Security, Parts

12 Low Hanging Fruit Standards (2)  Could have security requirements relevant to one or more aspects of the smart grid (cont.)  Control Systems and close corollary  ANSI/ISA-99, Manufacturing and Control Systems Security, Parts 1 and 2  NIST SP800-53, Recommended Security Controls for Federal Information Systems  NIST SP800-82, DRAFT Guide to Industrial Control Systems (ICS) Security  DHS Procurement Language for Control Systems  ISA SP100, Wireless Standards

13 Preliminary List of Requirements  Identification and authentication  To provide unambiguous reference to system entities  Access control to protect critical information  Integrity  To ensure that the modification of data or commands is detected  Confidentiality to protect sensitive information, including  Personally identifiable information (PII)  Business identifiable information (BII)  Availability to ensure that  Intentional attacks, unintentional events, and natural disasters do not disrupt the entire Smart Grid or result in cascading effects

14 Preliminary List of Requirements (2)  Techniques and technologies for isolating and repairing compromised components of the Smart Grid.  Auditing to monitor changes to the Smart Grid

15 Contacts  URL for the CSCTG Twiki site: sggrid/bin/view/SmartGrid/CyberSecurityCTG sggrid/bin/view/SmartGrid/CyberSecurityCTG  Lead: Annabelle Lee  Phone:   BB: