1 / 35

Security in the Power Grid

NERC. North American Electric Reliability Corporation (NERC)Provides standards for power system operation, as well as monitoring and enforcement of these standards. NERC CIP. Critical Infrastructure Protection (CIP)Systems vital to national or regional security, includes utilities, transportati

geri
Download Presentation

Security in the Power Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Security in the Power Grid Brandon Schmidt Burns & McDonnell T&D Telecommunications and Network Engineering Department MattMatt

    2. NERC North American Electric Reliability Corporation (NERC) Provides standards for power system operation, as well as monitoring and enforcement of these standards

    3. NERC CIP Critical Infrastructure Protection (CIP) Systems vital to national or regional security, includes utilities, transportation, emergency services, communications NERC CIP Oversees cyber and physical security of the bulk power system for North America

    4. Eight CIP Standards CIP-002: Critical Cyber Asset Identification CIP-003: Security Management Controls CIP-004: Personnel and Training CIP-005: Electronic Security Perimeter(s) CIP-006: Physical Security CIP-007: Systems Security Management CIP-008: Incident Reporting and Response Planning CIP-009: Recovery Plans for Critical Cyber Assets CIP-001 Sabotage Reporting – Not considered part of the Cyber Security StandardsCIP-001 Sabotage Reporting – Not considered part of the Cyber Security Standards

    5. The Intent of the CIP Standards “… is to ensure that all entities responsible for the reliability of the Bulk Electric Systems in North America identify and protect Critical Cyber Assets that control or could impact the reliability of the Bulk Electric Systems.”

    6. What a T&D Engineer Needs to Know What are the asset classifications How to protect each class of asset Why any station we design should meet these standards, even if it is not required Why implementing security is a good business practice MattMatt

    7. Type of Assets and the Protection Required (CIP-002) Critical Asset Cyber Asset Protected Cyber Asset Critical Cyber Asset MattMatt

    8. Type of Assets and the Protection Required (CIP-002) Criteria are individually utility determined Develop a list of Cyber Assets and classification Revaluate once per calendar year

    9. How to Determine Cyber Asset Classification? Items to Consider Provide essential services Generate critical data Identify threat level if unprotected Determine scale of impact MattMatt

    10. Typical Asset Classifications Critical Cyber Assets Electronic Relay RTU HMI Substation Automation Systems System Wide DA Applications (>300 MW) Protected Cyber Assets Firewalls, Switches, Routers Phone Line Security Devices Card Access and Video Surveillance Systems JaradJarad

    11. Typical Asset Classifications (Cont.) Cyber Assets Digital Fault Recorder Sequence of Event Recorder Transformer or Bushing Monitor Revenue Meter Telephones SONET or TDM Multiplexers JaradJarad

    12. Any questions about Critical Assets vs. Cyber Assets?

    13. How to Protect Yourself Electronic Security Perimeter (ESP CIP-005) All critical or protected cyber assets must reside within in an ESP Non protected or critical assets can reside within the ESP but they are subject to the same access, patching, and logging requirements as a Critical Asset. JaradJarad

    14. Electronic Security Perimeter (ESP) Routable Protocols Ethernet and IP Secured with a firewall, authentication server, logging server Non Routable Dial-up Phone line switch with security Serial In-line encryption device Today NERC does not require security for dedicated point to point services MattMatt

    15. How to Protect Yourself Physical Security perimeter (PSP CIP-006) All ESP should be within a PSP JaradJarad

    16. Physical Security Perimeter (PSP) Define according to NERC Six-walled box must contain all protected and critical cyber assets OSI Layer 3 (routable protocols) must use an Auditable Access System and an Intrusion Detection System MattMatt

    17. Physical Security Perimeter (PSP) Define according to NERC A physical security perimeter is not intended to make the site more hardened but to let you know when the perimeter has been compromised MattMatt

    18. What is an Auditable Access System? Could be a guard with a sign in procedure Could be an access log sheet (though not recommended) Preferred Card Access System Cyber Key JaradJarad

    19. What is an Intrusion Detection System? Security Alarm System Motion Detectors Door Switches Video Monitoring Cameras Recorders Motion Detection JaradJarad

    20. Why Do Routable Protocols Require Physical Security? Routable protocols allow remote access Access to one point may allow access to entire network NERC wants to mitigate this risk MattMatt

    21. What Does a T&D Engineer Need to Keep in Mind? Don’t extend IP networks with control capabilities outside the PSP If it is not a protected or critical assets, then keep it out of the ESP Devices that do not fall within the ESP can be within the PSP Matt Matt

    22. What Does a T&D Engineer Need to Keep in Mind? All of these regulations fundamentally want to ensure that all control messages are authenticated and authorized The operating company knows what is going on inside of its electronic devices Following these standards adds little to the cost of initial construction Matt Matt

    23. Any questions?

    24. 61850 Cheaper – Better – Faster? Does It Violate NERC CIP? Inside the control house? NO Process buss into the yard? NO Control buss into the yard? Still up for debate Definitive clarification from NERC still outstanding Violates the IP out of the PSP principal Technically possible if each cabinet is a PSP All communications between PSPs are secured MACSec 802.1ae MattMatt

    25. Violation Examples Bulk Power Substation 500/230/138/13-kV station had three control houses with two attached generating stations Station service was protected with a LAN connected recloser on a pole outside of the substation fence All control house LANs were interconnected to allow DFR connectivity Generating Station Remote water intake 13 miles away from plant without a security system PLC pump control connected via PBX phone extension to Balance of Plant control system. Pump PLC dials plant to report problems Bulk Power Stations USB wireless modem connected to an SEL 2020 to facilitate settings work MattMatt

    26. What to Show on an ESP Drawing DO All Phone Lines All Leased and Private Communications Lines All Cyber Assets

    27. What to Show on an ESP Drawing DON’T IP Address Phone Numbers DNP Address Username/Passwords

    28. ESP Dial-Up Substation (Example) JaradJarad

    29. ESP IP Substation (Example) JaradJarad

    30. Procedures that Might Affect Substation Engineering Procedures that affect substation design: Document Control (CIP-007) Some drawings need to be securely stored and transmitted Configurations, IP address, passwords Unescorted access to the site (CIP-004) Have background check and NERC training if entering sites after connected (this might include commissioning) JaradJarad

    31. Procedures (Cont.) Information Transmittal (CIP-007) Files should be transmitted securely Postal Mail – Tracked and signed for E-mail – Signed and Encrypted FTP – Encrypted Document Management System (Document Locator) often provides required security JaradJarad

    32. Audits and Violations Audit Process Violation Levels Low Moderate High Severe JaradJarad

    33. Fines Fines $1,000: Minor offense, easily correctible $1,000,000: Egregious dereliction to the intent of the CIP Standards Removing IP and replacing with serial has been deemed a circumvention of the intent of the standard (fine amount undetermined) JaradJarad

    34. Any questions?

    35. Selection Flowchart MattMatt

More Related