Presentation is loading. Please wait.

Presentation is loading. Please wait.

STRIDE to a secure Smart Grid in a hybrid cloud

Published byAshlynn Lindsey Modified over 6 years ago

Similar presentations

Presentation on theme: "STRIDE to a secure Smart Grid in a hybrid cloud"— Presentation transcript:

1 STRIDE to a secure Smart Grid in a hybrid cloud
Bojan Jelacic*, Daniela Rosic*, Imre Lendák*, Marina Stanojevic*, Sebastijan Stoja* *Faculty of technical sciences, University of Novi Sad, Serbia CyberICPS 2017 Oslo,

2 Overview Problem Definition Smart Grid ICS Architecture
Risk Management Risk Analysis Migration to the Cloud Conclusion CyberICPS 2017 Oslo,

3 Problem definition Number of electricity consumers is continuously increasing. Existing energy networks are not able to supply this increasing demand without significant investments in infrastructure and automated computer systems. The migration to a computing cloud is a considerable challenge, both because of multiple decade-long reliance on closed and utility-owned computing resources and its possible impact on information security. This paper presents an migration proposal in witch current level of information security is preserved. CyberICPS 2017 Oslo,

4 Smart Grid ICS Architecture
CyberICPS 2017 Oslo,

5 SCADA Subsystem Collects data from IEDs in order to monitor and control system OMS – component responsible for restoration of power NMS – component responsible for storing and providing access to a static network model of the power system. Contains information about the connectivity of the network EMS – performs calculations on the transmission and sub-transmission levels DMS – executes various analytical calculations on the subsystem for electricity distribution The Historian collects and records all changes in the system WOM – manages the work orders MDM – works with smart meters CyberICPS 2017 Oslo,

6 Criteria for Impact Levels
Risk Management Criteria for Impact Levels CyberICPS 2017 Oslo,

7 Criteria for Likelihood Levels
Risk Management Criteria for Likelihood Levels CyberICPS 2017 Oslo,

8 Risk Management Risk matrix CyberICPS 2017 Oslo, 8

9 Risk Analysis Security assessment of Smart Grid ICS components is performed by Microsoft’s Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege (STRIDE) methodology. Impact for each Smart Grid component is assessed and graded with one of the following levels: Low (L), Medium (M) and High (H). The likelihood is determined with one of the following levels: Very Likely (V), Moderate (M) and Rare (R). The risk (R) is determined according to the risk matrix. CyberICPS 2017 Oslo,

10 Analysis of DMS and EMS T  Energy/Distribution Management System I L R S Using another user’s credentials can lead to unwanted calculation performing. If that user has high privilege, it can be dangerous. These subsystems are medium exposed to external systems and internet.The threat-source is highly motivated.  M M Modification of data in the topology analysis and other calculations such as state estimation, load flow, short circuit calculation and other, can significantly affect the final results and system operations and could cause failure in these real time operations. DMS and EMS also uses measurements from SCADA, which integrity is very important. These subsystems are medium exposed to external systems and internet.The threat-source is highly motivated. Each method inside EMS/DMS component has importance in functioning of the whole system, and in providing valid results. Repudiation of their execution is unacceptable.This subsystem is medium exposed to external systems and internet.The threat-source is motivated. Violation of confidentiality represents a less risky scenario in regard to integrity and availability because DMS and EMSdataaren’t interesting in read only mode.This subsystem is medium exposed to external systems and internet.The threat-source is lacks motivated. D Practice has shown that the availability of SCADA is more critical.Violation of EMS availability can cause bad operations, but compared to SCADA, it doesn’t have same importance.Similarly to EMS, availability of DMS is important, but not as in SCADA. These subsystems are medium exposed to external systems and internet.The threat-source is highly motivated. E If unprivileged user gains high privileges in EMS/DMS unnecessary functions and other unwanted operations could be performed. These subsystems are medium exposed to external systems and internet. The threat-source is highly motivated. CyberICPS 2017 Oslo,

11 Migration to the Cloud Hybrid cloud is a composition of private and public/community cloud infrastructures that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability. Components should be deployed in the private cloud if their violation can lead to destroying the whole system, losing of human life, damaging to equipment or financial costs and the degree of risk is high. Otherwise, components should be moved to the community cloud. CyberICPS 2017 Oslo,

12 Proposed migration scenario
Secure Smart Grid on a hybrid cloud CyberICPS 2017 Oslo,

13 Conclusions & future work
Based on the results of the risk assessment, an optimal Smart Grid ICS cloud migration scenario was proposed. Future Work: Introduce other measures of the Smart Grid ICS, e.g. factoring in the cost of the necessary computing and storage capacities, the cost of IT departments maintaining the data centers. Focus on STRIDE analysis of the business and process subsystem. CyberICPS 2017 Oslo,

14 Summary This paper presents an STRIDE analysis of Smart Grid ICS.
Aim was to identify the common elements of a Smart Grid ICS, perform their security assessment and based on that propose a migration scenario to a hybrid computing cloud. Key requirement while creating the proposed architecture was to maintain the existing level of information system security. In the proposed architecture, the components whose violation can lead to destroying the whole system, losing of human life, damaging to equipment or financial costs are deployed in the private cloud. Otherwise in the community cloud. CyberICPS 2017 Oslo,

15 CyberICPS 2017 Oslo,

Download ppt "STRIDE to a secure Smart Grid in a hybrid cloud"

Similar presentations

VSE Corporation Proprietary Information

VSE Corporation Proprietary Information
Washington DC October 2012 A Vision for an Advanced Supervision and Control System for the Electric Grid Ramón A. León XM S.A. E.S.P Colombia.

Washington DC October 2012 A Vision for an Advanced Supervision and Control System for the Electric Grid Ramón A. León XM S.A. E.S.P Colombia.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
CLOUD COMPUTING AN OVERVIEW & QUALITY OF SERVICE Hamzeh Khazaei University of Manitoba Department of Computer Science Jan 28, 2010.

CLOUD COMPUTING AN OVERVIEW & QUALITY OF SERVICE Hamzeh Khazaei University of Manitoba Department of Computer Science Jan 28, 2010.
Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.

Future Work Needed Kenneth Wade Najim Yaqubie. Outline 1.Model is simple 2.Too many assumptions 3.Conflicting internal architectures 4.Security Challenges.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Whiteboard Message for Cloud Computing Answering End user questions in 5 minutes with a white board 1.What is Cloud Computing? 2.How does Cloud computing.

Whiteboard Message for Cloud Computing Answering End user questions in 5 minutes with a white board 1.What is Cloud Computing? 2.How does Cloud computing.
SUSTAINABLE ENERGY REGULATION AND POLICY-MAKING FOR AFRICA Module 11 Renewable Energy Module 11: DISTRIBUTED GENERATION: OPTIONS AND APPROACHES.

SUSTAINABLE ENERGY REGULATION AND POLICY-MAKING FOR AFRICA Module 11 Renewable Energy Module 11: DISTRIBUTED GENERATION: OPTIONS AND APPROACHES.
© 2011 Infotech Enterprises. All Rights Reserved We deliver Global Engineering Solutions. Efficiently.August 8, 2015 Infotech Service Offerings Rajnish.

© 2011 Infotech Enterprises. All Rights Reserved We deliver Global Engineering Solutions. Efficiently.August 8, 2015 Infotech Service Offerings Rajnish.
ACTION PROPOSAL FOR FLYWHEEL ENERGY TECHNOLOGY Enhance future grid reliability, interoperability, & extreme event protection In 20 years, the flywheel.

ACTION PROPOSAL FOR FLYWHEEL ENERGY TECHNOLOGY Enhance future grid reliability, interoperability, & extreme event protection In 20 years, the flywheel.
Applying the Distribution System in Grid Restoration/NERC CIP-014 Risk Assessment Srijib Mukherjee, Ph.D., P.E. UC Synergetic.

Applying the Distribution System in Grid Restoration/NERC CIP-014 Risk Assessment Srijib Mukherjee, Ph.D., P.E. UC Synergetic.
4-th International Conference for Confidence and Security in the Information Society Mikhail Senatorov Andrey Shcherbakov Trusted information and telecommunication.

4-th International Conference for Confidence and Security in the Information Society Mikhail Senatorov Andrey Shcherbakov Trusted information and telecommunication.
The Smart Grid Enabling Energy Efficiency and Demand Response Clark W

The Smart Grid Enabling Energy Efficiency and Demand Response Clark W
IT Infrastructure Chap 1: Definition

IT Infrastructure Chap 1: Definition
Security Architecture

Security Architecture
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Model-Centric Smart Grid for Big Data

Model-Centric Smart Grid for Big Data
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
1 © A. Kwasinski, 2015 Cyber Physical Power Systems Fall 2015 Security.

1 © A. Kwasinski, 2015 Cyber Physical Power Systems Fall 2015 Security.

Similar presentations

Ads by Google