PointView presentation for Grid-Interop 2009 by Venkat Pothamsetty

Smart Grid Cyber Security and Resilience
Smart Grid Cyber Security and Resilience
Leveraging an Intelligent and Interoperable
Communications Fabric to enable End-to-End
Grid Security
Grid-Interop 2009

Building a Security Architecture
Building a Smart Grid Architecture
Security Requirements and Threat Analysis
Building a Security Framework
Building Security Enforcement at Places in the Network
Substation Control Center WAN …
Over all Security Architecture
Grid-Interop 2009

Building Secure Smart Grid
Architecture
Comprehensive and Systematic Look at How Smart Grid
Impacts Every Utility Function is Necessary
Grid-Interop 2009

Smart Grid Architecture has to Consider all Use Case
Requirements and Corresponding Interdependencies
Service
Provider
Operations
Grid Control
Center
Market
Operations
Transmission
Operations
Bulk
Generation
Operations
Distribution
Operations
DER
integration
Consumer
Operations
Smart Grid
Architecture
Workforce
Effectiveness
Grid-Interop 2009

Architecture Principles that Smart Grid
Must Adhere To
Support for various classes of service
Universality for device connectivity and types of
connections, density of devices
Security
Manageability
Modular Evolution over decades
Interoperable (Hardware, Software)
Standards Based
Grid-Interop 2009

Smart Grid Architecture Methodology
Business Priority Development Use Case Development Use Case Analysis
Requirements Analysis
Architecture Development
Consumer
Asset Analysis
Bandwidth
Network
Architecture
Scenario Analysis
Security
Security
Architecture
Distribution
Requirements
Analysis
Storage
Data
Architecture
Management
Application
Architecture
Generation
Management
Architecture
Service
Provider
Grid-Interop 2009

Cisco Smart Grid Use Cases
Grid-Interop 2009

Comprehensive and Systematic Analysis of
Communication Requirements is Half the Job
Requirement
Influencing Parameters
Requirement
Influencing Parameters
Bandwidth
Quality of Service
Peak packet rate
Size of packets
Data Latency(serialization, distance
delay)
Scalability
Number of devices
Size of packets
Multicast
Network management
Security
Server/client transaction delay
Reliable delivery
Deliverability in order
Frequency of packets
Confidentiality
Integrity
Non repudiation
Authentication
Authorization
Segmentation
Availability
Data Management
Network architecture(routing
protocols, HW speed, stateful
processes)
Uptime
Device Redundancy
Communication Redundancy
Data Reliability/Accuracy
Network monitoring
Failure tolerance
Backup
Accounting
Logging
Privacy
Grid-Interop 2009

Smart Grid Security
Requirements, threat
analysis
Adaptation of IT Security Principles to Smart Grid is the
Key
Grid-Interop 2009

Security Properties for Architecture
Segmentation
•Segmentation for
isolation
•Segmentation of
classes of service
Management
•Single click deployment
of policies
•Secure provisioning
and deployment of
devices
Visibility
•Automatic filtering
and escalation of
incidents
•Single view incident
reporting
Access Control
•Role based access
control of users and
devices into networks
•Role based command
level filtering
Intrusion
Prevention
•Definition and
deployment of
Abnormal events in
Smart Grid
Attack
Mitigation
•Infrastructure to
prevent traditional
attacks
Grid-Interop 2009

Smart Grid Security
Framework
A Security Framework Based on Security Properties,
Agnostic to Devices, Protocols
Grid-Interop 2009

Grid Security Solution Components
Data
Center
Security
Generation
plant
Security
Access and Identity
Management
Security
Management and
Monitoring
Physical Security
WAN
Security
Substation
Security
Grid-Interop 2009

Access and Identity Management
•Solution Components
• Standalone identity management and
access control framework
• Authentication/Authorization
• Policy DB
• Access Control
• Local
• Remote
• Utility specific custom rules
Grid-Interop 2009

Security Management
• Centralized management by a head-end device
• Auto discovery
• Change management
• Config management
• Separate management domain network
• Out-of-band management
Grid-Interop 2009

Security Management and Logging
• Alarm Management
– Manage alarms from all network
devices and modules
– Log all access attempts (successful and
failed)
• Intrusion Detection
– IPS functionality inside the domains
and control center
– Correlation with associated traffic
streams that flowed through the
firewall and intrusion detection
devices
Grid-Interop 2009

Smart Grid Security
Architectures
Substation
Control Center
Core
NAN
Overall
Grid-Interop 2009

Smart Grid and Substation Characteristics
Network Characteristics
Protocols
Media
Top of the mind issues
Internal – Network for high
speed messages
External – Network for
reliability and security
requirements
GOOSE, 61850, 60870, DNP
Serial (for legacy devices)
Optical (from substation gateway to
IEDs)
Ethernet (outside and the rest)
Wireless (rarely seen)
Segregation, availability
Transmission, Generation CCs fall under NERC CIP
Grid-Interop 2009

NERC CIP Solutions at Substations and
PSP
Edge Router
Control Centers
Strong Electronic Security Perimeter
with IOS FW
MPLS and VRFs in the core
segmentation of CIP traffic
ESP E
ESP Router
Zone 1 Zone 2
IDS detects and
alarms for malware
Centralized logging of
failed logins, device health
checks, IDS logs from all
network devices (CIP 005
R3)
Access Control
solutions for Physical
Security)
Transmission Control Center
ACS
Corporate
Authentication and
authorization of users
entering into Smart Grid
functions
SCADA
Control
Network
EMS
Config manager
Firewall
Reporting System
Grid-Interop 2009

Smart Grid and Control Center
Characteristics
Different types of control
centers
Protocols
Devices
Top of the mind issues
Transmission, Distribution,
Generation, Consumer
Modbus,Lonworks, DNP
Transmission: EMS, AMS
Distribution: DMS, GIS, PQS
Generation: SCADA Master, AMS
Consumer: CIS, MDMS
Segregation, remote access,
availability
Transmission, Generation CCs fall under NERC CIP
Grid-Interop 2009

Data Center Design
Transmission
Applications
CORE
Grid-Interop 2009

SCADA Firewall – Substation and DNP3
Scenario
Grid Control Center
SRC – SCADA Master
Destination – Sub IED 1
Command - DNP3 Read
Action – Allowed
Location – ESP Router
Transmission Sub
IP – SCADA Master
Destination – Sub IED 2
Command – DNP3 Write
Action - Denied
Grid-Interop 2009

SCADA Firewall – Generation Plant Scenario
Bulk Generation Plant
SRC – PLC A
DST – PLC B
Command - Modbus Read
Action – Allowed
Location – ASA
SRC –HMI A
DST – PLC A
Command – Modbus Write
Action – Denied
Location - ASA
Grid-Interop 2009

Core Network Characteristics
Key network characteristics
Protocols and Technologies
Access Networks
Top of the mind issues
Varying access network
characteristics
Less visibility into access
HSRP, OSPF,MPLS
Neighborhood area network
Substation network
Renewable generation networks
Control center networks
Availability,
Redundancy,Scalability,
Core does not fall under NERC CIP
Grid-Interop 2009

MPLS L3 VPN + VRF-Lite and DMVPN
Network Perspectives
Enterprise Perspective – Per-VRF L3 Routing Internally, Private L3 Routing to SP
DMVPN – L3 Routing (per-vrf)
OSPF/IP FIB
.10 CE - A
CE - A .10
.20
10.1.1.0/24
CE - B
OSPF (2) OSPF (2)
IP/MPLS Core
PE
P
PE
10.1.2.0/24
CE - B
.20
10.2.1.0/24
10.2.2.0/24
LDP
LDP
OSPF
mp-BGP
OSPF
Global FIB
Label FIB (LFIB)
VPN FIB (VRF)
Service Provider Perspective – MPLS Switching and Enterprise IP (L3) Routing
Grid-Interop 2009

Security Architecture
Enforcement
Point
Authentication
Enforcement
Point
Enforcement
Point
Segmentation
Authentication/
Authorization
Enforcement
Point
VRF Lite
Confientiality/
Integrity
Availability
VRF Lite
Local Access
(1X)
Authentication
Enforcement
Point
VRFs
MPLS
Authentication
Visibility
Device
Hardening
Enforcement
Point
VLANs
Authentication
Enforcement
Point
Local Access
(1X)
VRF Lite
Enforcement
Point
Reporting and
Visualization
Policy DB
Segmentation
Grid-Interop 2009

Questions ??
Grid-Interop 2009