Document Sample
Frances_Cleveland Powered By Docstoc
					                     Smart Grid Cyber Security:
                     Support from Power System
                     SCADA and EMS

                                Frances Cleveland

Consulting International
                    Cyber Security and the Smart Grid –
                           Why is it important?
                                                  What caused the
                                                  Power Equipment Failures?
                                                  Mistakes by People?

                                                  Information Flow Design Flaws?
                                              What does this blackout have to do
                                               with Security? And Information
                                             Flow Design Flaws? Are those Smart
                                                    Grid Security Issues?
                                        Yes, given how dependent the Smart
                                          Grid has (and will increasingly)
     What is this picture?             become on information, “All Hazards”
   August 14, 2003 Northeast Blackout – security mandates the need for a
             (enhanced photo)             reliable and secure information
                                                    infrastructure April 29, 2011
Xanthus Consulting International 2
      What is Security? Some Key Concepts
      1.   For power systems, keeping the lights on is the primary focus. Therefore the key
           security requirements are Availability and Integrity, not Confidentiality (AIC,
           not CIA)
      2.   Encryption, by itself, does not provide security.
      3.   Security threats can be deliberate attacks OR inadvertent mistakes, failures,
           and natural disasters.
      4.   The most dangerous “attacker” is a disgruntled employee who knows exactly
           where the weaknesses are the easiest to breach and could cause the worst
      5.   Security solutions must be end-to-end to avoid “man-in-the-middle” attacks or
           failed equipment from causing denial of service
      6.   Security solutions must be layered, so that if one layer is breached, the next will
           be there. Security is only as strong as its weakest link.
      7.   Security will ALWAYS be breached at some time – there is no perfect security
           solution. Security must always be planned around that eventuality.
      8.   Security measures must balance the cost of security against the potential
           impact of a security breach

Xanthus Consulting International                3                                         April 29, 2011
         To maintain power system reliability, need to
         manage both the Power System Infrastructure
         and its supporting Information Infrastructure
                   1.Power System Infrastructure

                                                                                                                                                 Planners & Engineers

           Central Generating                 Step-Up
           Station                          Transformer
                                                         2. Communications and Information Infrastructure

                                                 Distribution                Receiving                       Distribution
  Control Center                                 Substation         Gas
                                                                             Station                         Substation                           Cogeneration

              Micro-                                                                Distribution
             turbine                                                                Substation

                               Photovoltaic systems                                                                                               Commercial
                                                                Diesel                                                      Fuel
                                                                Engine                                                       cell

                        Storage                                                                                                                             Wind Power

                                                                                                Industrial                          Commercial

Xanthus Consulting International                                             4                                                                             April 29, 2011
      Traditional “IT” Security Measures Cannot Meet All Power
      System Security Requirements

      • Two key security issues for utilities are power system
        reliability and legacy equipment:
          – Power systems must continue to operate as reliably as
            possible even during a security attack.
          – It is financially and logistically impractical to replace older
            power system equipment just to add security measures.
      • Layered security is critical not only to prevent security attacks, but
        also to detect actual security breaches, to survive during a security
        attack, and to log all events associated with the attack.
         – Most traditional “IT” security measures, although able to
            prevent and/or detect security attacks, cannot directly help
            power systems to continue operating.
         – For legacy systems and for non-critical, compute-
            constrained equipment, compensating methods may need to
            be used in place of these traditional “IT” security measures.

Xanthus Consulting International       5                                April 29, 2011
      Use of Power System SCADA and Energy
      Management Systems for Certain Security Solutions
      • One method for addressing these problems is to use existing
        power system management technologies as a valid and very
        powerful method of security management, particularly for
        detecting, coping with, and logging security events.
         – Add sensors, intelligent controllers, and intrusion-detection
           devices on “critical” equipment
         – Utilize and expand existing SCADA systems to monitor these
           additional security-related devices
         – Expand the SCADA system to monitor judiciously selected
           power system information from AMI systems.
         – Expand Power Flow analysis functions to assess
           anomalous power system behaviors such as unexpected shifts
           of load and generation patterns, and abnormal power flow
           contingency analysis results to identify unexpected situations.

Xanthus Consulting International     6                                April 29, 2011
      Energy Market Clearinghouse                       2         Aggregators and Energy                                    Energy Service
                                                                  Market-based Providers                                      Providers

                                   Markets                                                                                        Service Provider

                                                            Transmission                             34        Collectors        33    Sensors
          ISO/RTO                        1                  SCADA/EMS
                                                                                     36     RTUs
                                                3                          24        9      IEDs          35        Distributed Intelligence
                               4                                                                                          Capabilities
                                      23                     SCADA                            Geographic                          Metering &
  Distribution Field                                                                          Information                          Billing
   Crews, Mobile                                    8                                        System AM/FM
                                                                                21                                                         29
     Computing                                                  14                                                 5
                                                                                                                                 AMI Headend
                                 DMS power system                                             Customer
      7                          modeling functions:                 25                                            19
                  13                                                            22         Information Sys
                                DOMA, VVWS, FLIR,
                                                                                                                            31        20 Distribution
                                CA, MFR, OMS, WMS
     Distribution                                                                                                                AMI Network
                                    26                                          27
                                                 16            Load                                                                Metering
                       Distribution                                                  18                                30
                                                            Management                                                                                  11
                       Engineering                            System
                                                                                           Customer                                              ESI/
                                                                Operations                                                                      Gatewa
Distribution Grid Management Use Cases: Logical
Interfaces Used by NIST for Security Assessments                                                   32                                 10
DOMA: Distribution Operations Model & Analysis MFR: Multi-Feeder Reconnection
VVWS: Volt-Var-Watt
                                                                                          Customer appliances, DER, PEV,
                                               OMS: Outage Management System
Xanthus ConsultingRestoration
FLIR: Fault Location, Isolation, International                           7
                                               WMS: Work Management System                       Electric Storage                           Customer
                                                                                                                                           April 29, 2011

                           Frances Cleveland

Consulting International