PointView presentation for Grid-Interop 2009 by Venkat Pothamsetty
PointView presentation for Grid-Interop 2009 by Venkat Pothamsetty
PointView presentation for Grid-Interop 2009 by Venkat Pothamsetty
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Smart <strong>Grid</strong> Cyber Security and Resilience<br />
Smart <strong>Grid</strong> Cyber Security and Resilience<br />
Leveraging an Intelligent and <strong>Interop</strong>erable<br />
Communications Fabric to enable End-to-End<br />
<strong>Grid</strong> Security<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Building a Security Architecture<br />
Building a Smart <strong>Grid</strong> Architecture<br />
Security Requirements and Threat Analysis<br />
Building a Security Framework<br />
Building Security En<strong>for</strong>cement at Places in the Network<br />
Substation Control Center WAN …<br />
Over all Security Architecture<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Building Secure Smart <strong>Grid</strong><br />
Architecture<br />
Comprehensive and Systematic Look at How Smart <strong>Grid</strong><br />
Impacts Every Utility Function is Necessary<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Smart <strong>Grid</strong> Architecture has to Consider all Use Case<br />
Requirements and Corresponding Interdependencies<br />
Service<br />
Provider<br />
Operations<br />
<strong>Grid</strong> Control<br />
Center<br />
Market<br />
Operations<br />
Transmission<br />
Operations<br />
Bulk<br />
Generation<br />
Operations<br />
Distribution<br />
Operations<br />
DER<br />
integration<br />
Consumer<br />
Operations<br />
Smart <strong>Grid</strong><br />
Architecture<br />
Work<strong>for</strong>ce<br />
Effectiveness<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Architecture Principles that Smart <strong>Grid</strong><br />
Must Adhere To<br />
Support <strong>for</strong> various classes of service<br />
Universality <strong>for</strong> device connectivity and types of<br />
connections, density of devices<br />
Security<br />
Manageability<br />
Modular Evolution over decades<br />
<strong>Interop</strong>erable (Hardware, Software)<br />
Standards Based<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Smart <strong>Grid</strong> Architecture Methodology<br />
Business Priority Development Use Case Development Use Case Analysis<br />
Requirements Analysis<br />
Architecture Development<br />
Consumer<br />
Asset Analysis<br />
Bandwidth<br />
Network<br />
Architecture<br />
Scenario Analysis<br />
Security<br />
Security<br />
Architecture<br />
Distribution<br />
Requirements<br />
Analysis<br />
Storage<br />
Data<br />
Architecture<br />
Management<br />
Application<br />
Architecture<br />
Generation<br />
Management<br />
Architecture<br />
Service<br />
Provider<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Cisco Smart <strong>Grid</strong> Use Cases<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Comprehensive and Systematic Analysis of<br />
Communication Requirements is Half the Job<br />
Requirement<br />
Influencing Parameters<br />
Requirement<br />
Influencing Parameters<br />
Bandwidth<br />
Quality of Service<br />
Peak packet rate<br />
Size of packets<br />
Data Latency(serialization, distance<br />
delay)<br />
Scalability<br />
Number of devices<br />
Size of packets<br />
Multicast<br />
Network management<br />
Security<br />
Server/client transaction delay<br />
Reliable delivery<br />
Deliverability in order<br />
Frequency of packets<br />
Confidentiality<br />
Integrity<br />
Non repudiation<br />
Authentication<br />
Authorization<br />
Segmentation<br />
Availability<br />
Data Management<br />
Network architecture(routing<br />
protocols, HW speed, stateful<br />
processes)<br />
Uptime<br />
Device Redundancy<br />
Communication Redundancy<br />
Data Reliability/Accuracy<br />
Network monitoring<br />
Failure tolerance<br />
Backup<br />
Accounting<br />
Logging<br />
Privacy<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Smart <strong>Grid</strong> Security<br />
Requirements, threat<br />
analysis<br />
Adaptation of IT Security Principles to Smart <strong>Grid</strong> is the<br />
Key<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Security Properties <strong>for</strong> Architecture<br />
Segmentation<br />
•Segmentation <strong>for</strong><br />
isolation<br />
•Segmentation of<br />
classes of service<br />
Management<br />
•Single click deployment<br />
of policies<br />
•Secure provisioning<br />
and deployment of<br />
devices<br />
Visibility<br />
•Automatic filtering<br />
and escalation of<br />
incidents<br />
•Single view incident<br />
reporting<br />
Access Control<br />
•Role based access<br />
control of users and<br />
devices into networks<br />
•Role based command<br />
level filtering<br />
Intrusion<br />
Prevention<br />
•Definition and<br />
deployment of<br />
Abnormal events in<br />
Smart <strong>Grid</strong><br />
Attack<br />
Mitigation<br />
•Infrastructure to<br />
prevent traditional<br />
attacks<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Smart <strong>Grid</strong> Security<br />
Framework<br />
A Security Framework Based on Security Properties,<br />
Agnostic to Devices, Protocols<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
<strong>Grid</strong> Security Solution Components<br />
Data<br />
Center<br />
Security<br />
Generation<br />
plant<br />
Security<br />
Access and Identity<br />
Management<br />
Security<br />
Management and<br />
Monitoring<br />
Physical Security<br />
WAN<br />
Security<br />
Substation<br />
Security<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Access and Identity Management<br />
•Solution Components<br />
• Standalone identity management and<br />
access control framework<br />
• Authentication/Authorization<br />
• Policy DB<br />
• Access Control<br />
• Local<br />
• Remote<br />
• Utility specific custom rules<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Security Management<br />
• Centralized management <strong>by</strong> a head-end device<br />
• Auto discovery<br />
• Change management<br />
• Config management<br />
• Separate management domain network<br />
• Out-of-band management<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Security Management and Logging<br />
• Alarm Management<br />
– Manage alarms from all network<br />
devices and modules<br />
– Log all access attempts (successful and<br />
failed)<br />
• Intrusion Detection<br />
– IPS functionality inside the domains<br />
and control center<br />
– Correlation with associated traffic<br />
streams that flowed through the<br />
firewall and intrusion detection<br />
devices<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Smart <strong>Grid</strong> Security<br />
Architectures<br />
Substation<br />
Control Center<br />
Core<br />
NAN<br />
Overall<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Smart <strong>Grid</strong> and Substation Characteristics<br />
Network Characteristics<br />
Protocols<br />
Media<br />
Top of the mind issues<br />
Internal – Network <strong>for</strong> high<br />
speed messages<br />
External – Network <strong>for</strong><br />
reliability and security<br />
requirements<br />
GOOSE, 61850, 60870, DNP<br />
Serial (<strong>for</strong> legacy devices)<br />
Optical (from substation gateway to<br />
IEDs)<br />
Ethernet (outside and the rest)<br />
Wireless (rarely seen)<br />
Segregation, availability<br />
Transmission, Generation CCs fall under NERC CIP<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
NERC CIP Solutions at Substations and<br />
PSP<br />
Edge Router<br />
Control Centers<br />
Strong Electronic Security Perimeter<br />
with IOS FW<br />
MPLS and VRFs in the core<br />
segmentation of CIP traffic<br />
ESP E<br />
ESP Router<br />
Zone 1 Zone 2<br />
IDS detects and<br />
alarms <strong>for</strong> malware<br />
Centralized logging of<br />
failed logins, device health<br />
checks, IDS logs from all<br />
network devices (CIP 005<br />
R3)<br />
Access Control<br />
solutions <strong>for</strong> Physical<br />
Security)<br />
Transmission Control Center<br />
ACS<br />
Corporate<br />
Authentication and<br />
authorization of users<br />
entering into Smart <strong>Grid</strong><br />
functions<br />
SCADA<br />
Control<br />
Network<br />
EMS<br />
Config manager<br />
Firewall<br />
Reporting System<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Smart <strong>Grid</strong> and Control Center<br />
Characteristics<br />
Different types of control<br />
centers<br />
Protocols<br />
Devices<br />
Top of the mind issues<br />
Transmission, Distribution,<br />
Generation, Consumer<br />
Modbus,Lonworks, DNP<br />
Transmission: EMS, AMS<br />
Distribution: DMS, GIS, PQS<br />
Generation: SCADA Master, AMS<br />
Consumer: CIS, MDMS<br />
Segregation, remote access,<br />
availability<br />
Transmission, Generation CCs fall under NERC CIP<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Data Center Design<br />
Transmission<br />
Applications<br />
CORE<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
SCADA Firewall – Substation and DNP3<br />
Scenario<br />
<strong>Grid</strong> Control Center<br />
SRC – SCADA Master<br />
Destination – Sub IED 1<br />
Command - DNP3 Read<br />
Action – Allowed<br />
Location – ESP Router<br />
Transmission Sub<br />
IP – SCADA Master<br />
Destination – Sub IED 2<br />
Command – DNP3 Write<br />
Action - Denied<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
SCADA Firewall – Generation Plant Scenario<br />
Bulk Generation Plant<br />
SRC – PLC A<br />
DST – PLC B<br />
Command - Modbus Read<br />
Action – Allowed<br />
Location – ASA<br />
SRC –HMI A<br />
DST – PLC A<br />
Command – Modbus Write<br />
Action – Denied<br />
Location - ASA<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Core Network Characteristics<br />
Key network characteristics<br />
Protocols and Technologies<br />
Access Networks<br />
Top of the mind issues<br />
Varying access network<br />
characteristics<br />
Less visibility into access<br />
HSRP, OSPF,MPLS<br />
Neighborhood area network<br />
Substation network<br />
Renewable generation networks<br />
Control center networks<br />
Availability,<br />
Redundancy,Scalability,<br />
Core does not fall under NERC CIP<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
MPLS L3 VPN + VRF-Lite and DMVPN<br />
Network Perspectives<br />
Enterprise Perspective – Per-VRF L3 Routing Internally, Private L3 Routing to SP<br />
DMVPN – L3 Routing (per-vrf)<br />
OSPF/IP FIB<br />
.10 CE - A<br />
CE - A .10<br />
.20<br />
10.1.1.0/24<br />
CE - B<br />
OSPF (2) OSPF (2)<br />
IP/MPLS Core<br />
PE<br />
P<br />
PE<br />
10.1.2.0/24<br />
CE - B<br />
.20<br />
10.2.1.0/24<br />
10.2.2.0/24<br />
LDP<br />
LDP<br />
OSPF<br />
mp-BGP<br />
OSPF<br />
Global FIB<br />
Label FIB (LFIB)<br />
VPN FIB (VRF)<br />
Service Provider Perspective – MPLS Switching and Enterprise IP (L3) Routing<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Security Architecture<br />
En<strong>for</strong>cement<br />
Point<br />
Authentication<br />
En<strong>for</strong>cement<br />
Point<br />
En<strong>for</strong>cement<br />
Point<br />
Segmentation<br />
Authentication/<br />
Authorization<br />
En<strong>for</strong>cement<br />
Point<br />
VRF Lite<br />
Confientiality/<br />
Integrity<br />
Availability<br />
VRF Lite<br />
Local Access<br />
(1X)<br />
Authentication<br />
En<strong>for</strong>cement<br />
Point<br />
VRFs<br />
MPLS<br />
Authentication<br />
Visibility<br />
Device<br />
Hardening<br />
En<strong>for</strong>cement<br />
Point<br />
VLANs<br />
Authentication<br />
En<strong>for</strong>cement<br />
Point<br />
Local Access<br />
(1X)<br />
VRF Lite<br />
En<strong>for</strong>cement<br />
Point<br />
Reporting and<br />
Visualization<br />
Policy DB<br />
Segmentation<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>
Questions ??<br />
<strong>Grid</strong>-<strong>Interop</strong> <strong>2009</strong>