Leveraging Computational GridTechnologies for Building a

Secure and ManageablePower Grid

Himanshu Khurana, Maifi Khan, and Von WelchNCSA, University of Illinois

HICSS 2007, Hawaii

Computational and Power Grids

• Seamless flow of computation• Advanced data and IT resource

management

Computational Grid (C-Grid) Power Grid (P-Grid)

• Seamless flow of power• Rapidly expanding IT infrastructure• Increasing data generation and

consumption• Research questions: can we

leverage C-Grid technologies– Security– Data and resource management

Outline

• Qualitative framework for gauging extent of leverage

• Case Studies– I: Protecting ICCP communications– II: Protecting connected resources from cyber attacks– III: Credentialing for emergency communications

Extent of Leverage

• Conceptual– Inspires approach to solution– E.g., architecture and system design

• System Policy– Policies that capture desirable properties are applicable– E.g., policies for access control, communication systems

• Formats, Algorithms and Protocols– Data formats, processing algorithms, standards are applicable– E.g., XML/Web Services

• Implemented Tools– Developed tools can be used as is

• Hindered in part by legacy P-Grid systems

Data and Resource Security

• Increasing data and IT resources lead to challenges in– Protection and security of data– Protection and security of resources

• Such security– Ensures sensitivity, availability, trustworthiness– Requires policies, mechanisms– Must address cyber attacks, yet provide needed functionality

• Scalable policies and mechanisms requires– Federated approach where organizations agree on

• Identity and access management systems

Case-Study I: Protecting ICCP Communications

• TASE.2/ICCP provides communication between controlcenters– IEC recommends use of TLS to provide security

• TLS requires a Public Key Infrastructure (PKI) and keymanagement– Key compromise can lead to data eavesdropping, modification,

and forging

• Similar requirement in C-Grid– Scientists access clusters from vulnerable desktops

• Solution that can be leveraged– MyProxy credential repository combined with Proxy

Certificates and SSH modifications

Solution Overview and Analysis

• Analysis– Conceptual: design for key management– System policy: policies for protecting keys, integration with communication

channels– Format: Proxy certificate profile and standards

MyProxyserver

Credentialrepository

Retrieve proxy

Store credential

Proxy delegation overprivate TLS channel

MyProxyclient

ICCPclient

ICCPclient

ICCP Traffic

(proxy keys)

Case-Study II: Security Incidence Response

• Trend: Expanding IT infrastructure for P-Grid– High-bandwidth networks, high-performance compute and storage– Spans multiple autonomous domains (ISOs/CAs)

• NERC has taken first steps towards ensuring security– Baseline requirements for intra-domain security

• Imminent future need: security coordinator and process for P-Grid widesecurity– Similar need observed and addressed in C-Grid

• Challenges– Federated nature where organizations share legal and administrative

responsibilities– Complex policy questions; e.g., who informs and responds to incidents?

C-Grid Approach

• Develop Operational SecurityArchitecture– Organizational boundaries and

security perimeters– Tools, technologies, and

mechanisms; e.g., intrusiondetection

– Risk analysis

• Develop Agreements– Baseline operational security

document– Incident handling and response

procedures document

• Develop ImplementationIntegration Plan– Budgets and estimates of staff

and training needs– Timelines– Periodic audit drills– Operational maintenance plan

• Establish a Security Coordinator– Comprises representative

individuals– Specifies the above documents

and obtain agreements– Guide and control changes

• Analysis– Conceptual: drives need and approach– System policy: policies for sharing incident data

Case-Study III: Credentialing for Emergencies

• Motivation– Emergencies can be caused by attacks and failures

• E.g., multiple component failure beyond N-1 reliability design– Timely resolution of emergencies prevents cascading failures

• E.g., August 2003 blackout– Primary requirement: access to relevant information

• Mandated by NERC/DOE report

• Challenges– Develop mechanisms for timely information dissemination– Ensure trustworthiness of information– Enable access control and audit

• Approach– Leverage P-Grid hierarchy and relationships– Leverage C-Grid PKI tools

Approach

• A Credentialing System that ensure timeliness,trustworthiness and access control

– Obtain information via hierarchical data exchange• Leverage Power Grid hierarchy• Use ISOs for information dissemination

– Certify information at ISOs• ISO validates data• ISO signs data

– Distribute information using short lived PKI credentials• Eliminates need to revocation, tools• Leverages existing authentication mechanisms• Utilizes experiences with deployed Computational Grids

Solution

• ISOs obtain “extra” information fromControl Areas on a regular basis– E.g., SCADA data

• ISOs validate, store and protect data– E.g., using state estimators,

databases

• In an “emergency” situation users obtainPKI credentials– E.g., from trusted Certificate

Authorities using passwords

• ISOs allow access to and audit use of“extra” information based on credentials

• Analysis– Formats: PKI tools and standards

Control AreaOperator

(Browser)

TCIP ISO

CertificateAuthority

Database

(Relevant Data)

Obtain credentialsand access datasecurely duringemergencies

PublicData

Web Server

CredentialProtected

Data

Questions?