![Page 1: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/1.jpg)
![Page 2: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/2.jpg)
Cybersecurity and
the Smart Utility
Branndon Kelley Chief Information Officer
![Page 3: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/3.jpg)
Fast Facts: American
Municipal Power • Wholesale power supplier and services provide for
132 municipal electric systems in 9 states and service more than 637,000 customers.
• AMP members receive their power supply from a diversified resource mix that includes wholesale power purchases and energy produced utilizing fossil fuels and renewable resources.
• Focused on sustainability and increased use of renewable generation resources with plans to add more than 300 MW of new hydro capacity to the region.
![Page 4: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/4.jpg)
History of AMP
• Founded in 1971 with the purpose to provide the generation, transmission, and distribution of electric power and energy to its members at lower costs. This purpose is served by: – Joint ownership of electric facilities
– Pooled buying power in energy markets
– Pursuing additional means of generating, transmitting and distributing electric power and energy
• Original members were all located in Ohio (AMP-Ohio). Name changed in 2009 to AMP.
![Page 5: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/5.jpg)
1800s - Early days of
electricity
• Systems small and
localized
• Generation built close
to the end user
• Limited transmission
capabilities
The Pearl Street Station in New
York City
![Page 6: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/6.jpg)
1900s – Establishment of The Modern Grid
AEP 765kV transmission
tower in Virginia
Prairie State Energy
Campus in Illinois
• Began in the late 1800s.
• Transmission lines make it possible to separate generation from the end user by many miles.
• More complex system but benefits outweigh challenges
![Page 7: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/7.jpg)
1990s & 2000s
• 1992 - De-regulation
• Residential customer begins installing
their own generation
Rooftop Solar
• Even more complex
systems.
![Page 8: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/8.jpg)
Future – The Smart Grid
• Many types and
sources of
generation
• Millions of
hackable utility
connected
devices
![Page 9: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/9.jpg)
Evolution of the Utility
![Page 10: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/10.jpg)
Smart Grid = Smart Utility
Smart controls on distribution poles
Microgrids and energy reduction
Solar & Advanced Metering (AMI)
Sensors on Assets in Power Plants
![Page 11: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/11.jpg)
Smart Utility – Power Generation
• Distributed control systems & automation reduce the number
of people it takes to run a power plant.
• Sensors and system provide data for pro-active maintenance
to take place and reduce unnecessary maintenance.
• All resulting in safer facilities and less forced outages.
![Page 12: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/12.jpg)
Smart Utility – T & D
• SCADA system allow for better monitoring of the grid and
identification of issues.
• Automated reclosers provides for better detection and
interruption of momentary faults
• All resulting in faster restoration during weather events and
more efficient system maintenance.
![Page 13: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/13.jpg)
Smart Utility – Micro Grids
• Can operate with the main grid or independently as an
electrical island
• Locally controlled systems
• Often contain multiple generation types with battery storage
![Page 14: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/14.jpg)
• Current State of
CyberSecurity
![Page 15: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/15.jpg)
Latest in the News
![Page 16: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/16.jpg)
Threat Vectors
• Physical Attacks
• Malware - Viruses/Exploits
• Phishing Attacks & Social Engineering
– Targeted Attacks to Extract Information
• Advanced Persistent Threats
– Well planned
– Often Nation State or Organization Sponsored
![Page 17: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/17.jpg)
Top target roles – Spear Phishing
Symantec Internet Security Threat Report – April 2015, Volume 20
![Page 18: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/18.jpg)
Vulnerabilities in ICS
![Page 19: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/19.jpg)
The Structure of an Advanced Persistent Threat
Source: Dell Secureworks
![Page 20: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/20.jpg)
Smart Enablement Cyber Risk
• Generation Example
• Attackers gain access to an unnamed plant’s office network
through a targeted malicious email
• Attacker’s are ultimately able to cross over into the production
network.
• The plant’s control systems are breached which results in an
incident where a turbine could not be shut down in the regular way
and the turbine was in an undefined condition which resulted in
massive damage to the whole system
![Page 21: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/21.jpg)
Smart Enablement Cyber Risk
• Distribution Example
X X X
X
X
X X
X X
![Page 22: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/22.jpg)
Smart Enablement Cyber Risk
• In the Home Example
Water Heater Thermostat
![Page 23: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/23.jpg)
Connected utility and security can
co-exist.
• Must create a culture of cyber security
• Leveraging best practices for Physical and Cyber Security is key
• Standards do exist for implementing effective cyber security
– SANS 20 Critical Security Controls
– NIST Cybersecurity Framework
![Page 24: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/24.jpg)
Physical Security Best Practices
• Review/Confirm security procedures and regular inspection of facilities
• Provide Security Training and awareness for staff
• Hold Security Briefings for key personnel
• Limit Access to Facilities and Systems to authorized personnel only
• Security Badges and Electronic Security Systems
• Procedures to prevent tailgating and unauthorized entry to facilities
![Page 25: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/25.jpg)
Cyber Security Best Practices
• Adopt a Framework (SANS, NIST)
• Cyber Security Training
• Penetration Tests & Vulnerability Assessments
• Tabletop exercises
• Restrict Physical Access to IT Devices/Networks
• Practice Incident Response
![Page 26: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/26.jpg)
Cyber Security Incident Response
• Take a not “if” but “when” approach
• Drill incident response and include
executive management.
• Reviewed layered defense strategy to
identify defense points.
![Page 27: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/27.jpg)
Cyber Security Systems
• Firewalls, Intrusion Prevention Systems, and
Web Filters
• Sandboxing - Advanced Persistent Threats
• Endpoint based Protection and Whitelisting
– Traditional Antivirus is becoming less effective
• Network Access Control Systems
• Multi-Factor Authentication
• Separated Networks with Layered Defenses
![Page 28: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/28.jpg)
Air Gapping is becoming more difficult
• USB drive plugged in
• Engineering laptop plugged in
• Researchers are discovering ways to bridge air gaps with cell phones
• IT and OT personnel have to work together to secure systems at all layers instead of creating a hardened outer perimeter with a weak inner network.
![Page 29: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/29.jpg)
Defense in Depth / Layered Security
• Originally a military strategy that seeks to delay, rather
than prevent, the advance of an attacker by yielding
space in order to buy time.
• Test defenses with Red Team vs Blue Team Exercises
Source: NERC
![Page 30: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/30.jpg)
30
Redefining AMP’s Strategy
What we know…
• The utility industry business is increasing its use of technology - in
the business, in field equipment, and by customers
• Our member municipalities have an emerging need
– Skill & talent not locally available
• Our operations are becoming more vulnerable to attack
– Cybersecurity engineering is of paramount importance
Members have recognized AMP’s ability to effectively
manage bulk power purchases, generation facilities
and power supply contracts
• AMP’s Board has identified the need to support members in their
adoption of technology in their operations
![Page 31: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/31.jpg)
Redefining AMP’s Strategy
One of the eight teams is focused on technology
enablement - “Hosted Solutions"
• AMP members are evaluating many technologies in the
distribution and customer operations parts of the business
• Vendors, distributors, and independent providers have identified
the need within small municipal utility operators
• The term – “Hosted Solutions” – is reflective of what the
marketplace refers to these services
– Vendors providing these services to individual members
![Page 32: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/32.jpg)
AMP’s Smart Grid Program Project launched on January 6, 2015
• Focus on simplifying AMI adoption for AMP members
• Recognize variability among member’s requirements
Pilot member utilities’ benefits
• Aggregating purchasing of equipment
• Mitigating the risks associated with local deployment of major
technology components like Meter Data Management Systems
• Support business case & financial modeling
• Assistance with presentations to leadership, where required
• Provide collateral material for customer communications
![Page 33: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/33.jpg)
Program Leadership • Under supervision of AMP Chief Technology Officer,
Jared Price.
– Has been with AMP since 2011
– Has responsibility for Overall IT Enterprise Architecture, SCADA
and plant systems across AMP’s generation portfolio
– 10+ years of experience in infrastructure management, project
management, and enterprise architecture across multiple
industries including banking & finance, healthcare, education,
and utilities.
– Holds Global Industrial Cyber Security Professional Certification
(GICSP), #178
• Also retain a Smart Grid Consultant / Owner’s engineer
with 30+ years of large utility experience.
![Page 34: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/34.jpg)
Program Overview • AMP will host the back-end AMI and Meter Data
Management System (MDMS) for individual
member utilities.
• AMP Will provide staffing and expertise to run
these systems.
• RFI and RFP process to major systems vendors
earlier this year.
• Pilot member committee helped in shaping the
program.
• Go live planned in early 2016
![Page 35: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/35.jpg)
Member Business Drivers • Address aging meter assets and meter reading
equipment
• Improve customer service
• Support for emerging needs – rates, distributed
generation
• Leverage join action to gain lowest possible cost
• Defer to AMP (vs. Vendor) management of
technology
![Page 36: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/36.jpg)
Current State - HHMR
Billing
System
• Manual meter reading process
• Aging meters, handheld equipment
• Support for new rates
• “Smart grid” platform & customer expectations
![Page 37: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/37.jpg)
Advanced Metering Evolution - AMR
Meters
Meters replaced with “One-Way” RF System;
Reading with “drive by” equipment
• Improves efficiency (less estimates, lockouts)
• Continued shortcomings on advanced rates,
smart grid capabilities, & customer expectations
Billing
System
![Page 38: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/38.jpg)
AMP Advanced Metering Solution - AMI
Back Office Infrastructure
MDM Customer
Portal
Utility
Portal Outage
viewer
AMP Managed Systems
Wireless
Network
AMI
Head-End Field
Infrastructure
Billing
System
Meters
Utility Systems
![Page 39: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/39.jpg)
AMI Solution Security • AMP is able to leverage Cyber Security defenses and
best practices with the deployment and management of
this solutions
– Many of our members do not have the expertise to do
this on their own
• AMP is also able to leverage trusted partners that have a
forward thinking approach to cyber security like Kevin
Goodman and Bluebridge networks. AMP will host this
system like many other critical systems within the
Bluebridge datacenter.
![Page 40: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/40.jpg)
References http://www.engin.umich.edu/college/about/news/stories/2011/may/living-off-the-grid-smart-grids-are-current-
technology-at-its-best
Living off the grid: smart grids are current technology at its best
By Marilyn Tsao
http://www.gereports.com/every-electron-gets-byte-digital-power-plant-makes-electricity-smart/
Every Electron Gets A Byte: Digital Power Plant Makes Electricity Smart
By Tomas Kellner
http://www.scmagazine.com/cyberattacks-costing-big-business-big-
bucks/article/443982/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SCMagazineHo
me+(SC+Magazine)
Cyberattacks costing big business big bucks
By Dough Olenick (SC Magazine)
http://www.infosecurity-magazine.com/news/dow-jones-hacked-affecting/
Dow Jones Hacked, Affecting Thousands
By Tara Seals (Infosecurity Magazine)
Workshop: Building a Utility Customer Digital Engagement Program
By Chet Geschickter (Gartner Symposium ITXPO 2015)
![Page 41: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/41.jpg)
References (continued…) http://www.infosecurity-magazine.com/news/dow-jones-hacked-affecting/
Dow Jones Hacked, Affecting Thousands
By Tara Seals (Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/uks-nuclear-industry-at-risk-of/
UK’s Nuclear Industry at Risk of Major Cyber-Attack
Phil Muncaster (Infosecurity Magazine)
https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_GA-internet-security-threat-report-
volume-20-2015-social_v2.pdf
Symantec Internet Security Threat Report – April 2015, Volume 20
http://blogs.wsj.com/cio/2014/12/18/cyberattack-on-german-iron-plant-causes-widespread-damage-report/
Wall Street Journal (Dec 18, 2014) - Cyberattack on German Iron Plant Causes ‘Widespread Damage’:
Report
http://www.nist.gov/cyberframework/index.cfm
NIST Cyber Security Framework
http://www.sans.org/critical-security-controls/control/20
SANS Critical Security Control: 20
![Page 42: Branndon Kelley Keynote on Cybersecurity and the Smart Utility](https://reader031.vdocument.in/reader031/viewer/2022030307/58e936fe1a28ab84768b4d73/html5/thumbnails/42.jpg)
THANKS!