power system cybersecurity: threats, challenges, and barriers
TRANSCRIPT
![Page 1: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/1.jpg)
Power System Cybersecurity Threats, Challenges, and Barriers
NathanWallace,PhD,CSSACybersecurityResearchEngineer
05Jan.2017
![Page 2: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/2.jpg)
PersonalBackground
Volunteering:
EEIntern
Dra$ing
EEIntern
Protec.onSe0ngs&Config
AssociateEngineer
TransmissionSystemProtec.on
ResearchAssociate VisiHngLecturer
StaffEngineer CybersecurityResearcher
![Page 3: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/3.jpg)
Overview
• WhyStateofAffairs:Grid&CyberspaceCybersecurity=>SafetyMisconcep.ons&Challenges
• WhatarewemissingCyberawaredevicesandsystems
80–95%oftheGrid’s
CyberAssetsFallOutsideNERC-CIP
80–90%oftheGrid’s
CyberAssetsareOutsideNERC-CIP
MostViolated:NERC-CIP
&NERC-PRC
![Page 4: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/4.jpg)
Security:“Thefacetofreliabilitythatrelatestothedegreeofcertaintythatarelayorrelaysystemwillnotoperateincorrectly.”cyberdeviceor
Na.onStates
Hackers
Vendors
Inten.onalInsider
AccidentInsider
Misconfigura.onCyberSecurity
Cybersecurity=Physical+EMI+Digital[Compu.ng&Communica.ons]
![Page 5: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/5.jpg)
TwoInfrastructures
Residen.al IndustrialCommercial
GeneraHon Transmission
DistribuHon
• Physical• Cyber
ControlCenter
Distribu.onControlCenter
RTOs/ISO
![Page 6: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/6.jpg)
![Page 7: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/7.jpg)
2016TechExpo:Virtualrealityusedtofixasteamturbinethat’slocatedhoursaway.
![Page 8: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/8.jpg)
StateofAffairs:TheGrid
MonitoringPoints ControlPoint
Markets OperaHons ServiceProvider
GeneraHon
Transmission DistribuHon
Customer
![Page 9: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/9.jpg)
![Page 10: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/10.jpg)
StateofAffairs:TheGrid
Communica.on
CYBER
NortheastOutage2003
ArizonaOutage2007
FPLOutage2008
UkraineAXack2016
LoadLost 61,800MW 400MW 4,300MW 230,000Customers
Intent Uninten.onal Uninten.onal Uninten.onal Inten.onal
CyberCaused Yes Yes Yes Yes
Computa.onal
![Page 11: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/11.jpg)
“Ourexpecta.onsisthatthemodernizedelectricitygridwillbe100to1000.meslargerthantheInternet” –CISCOVP
AdvancedMetering
ElectricVehicles
DistributedGenera.on
GridModerniza.on
Distribu.onAutoma.on
StateofAffairs:TheGrid‘GridofThings’
![Page 12: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/12.jpg)
StateofAffairsCyberspacehmp://map.ipviking.com/
• Avgpriceper0-Day:• Avgnumberofdays0-dayremainsprivate:
• Avgnumberofdays.llpatchisissued:
• Avgofnewlycreatedmalwareperday:• Avgdwell.me.lldetec.on:
USD$40,000-$160,000
151days
300,000
205days
120days
![Page 13: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/13.jpg)
StateofAffairsCyberspace&Cyberwar
“Global Cyber Weapon Market Expected to Reach USD 522 billion in 2021.”
-GlobalNewswire,2015TransparencyMarketResearchReport
![Page 14: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/14.jpg)
Cybersecurity=>Safety
21LinesofCodeAuroraGeneratorTest
![Page 15: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/15.jpg)
Distribu.onSystemOperator
VirtualPowerPlant
Cybersecurity=>Safety
![Page 16: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/16.jpg)
CommonMisconcepHons
• Wearenotatarget.
• Minimumsecurityneeded,wearelowimpact.
• WearenotconnectedtotheInternet.
Ipviking,Shodan,ICS-CERT,ForeignFTPservers
Ukraine,ChangingStandards,StateRegula.ons
Stuxnet,Repor.ngcapacitytoRTO,Firewalls
Challenges
![Page 17: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/17.jpg)
MisconcepHon:Wearenotatarget. Ipviking,
![Page 18: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/18.jpg)
MisconcepHon:Wearenotatarget. Ipviking,Shodan,
![Page 19: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/19.jpg)
MisconcepHon:Wearenotatarget. Ipviking,Shodan,ICS-CERT,
0
50
100
150
200
250
300
350
2012 2013 2014 2015
Incide
nts
![Page 20: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/20.jpg)
MisconcepHon:Wearenotatarget. Ipviking,Shodan,ICS-CERT,
• Passwords,electricaldrawings,communica.ondrawings(IP,Protocols),etc• Fileserverscontainedmaliciouscode
71Genera.onPlants
~20,000FilesGenera.on,Transmission,
Distribu.onSystems“FromNewYorktoCalifornia”
Source:APInves.ga.on:USPowerGridVulnerabletoForeignHacks.Dec.21,2015
“Digitalcluespointedtoforeignhackers.”
Sevenfile(FTP)serverswithnoauthoriza.on
FTPservers
![Page 21: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/21.jpg)
MisconcepHon:Minimumsecurityneeded,wearelowimpact. Ukraine,
30Sta.onsDe-energized
• 7110kVsta.ons• 2335kVsta.ons• ~3to6hrstore-energize• 230,000customersimpacted• Telephonedenialofservice• Breached6monthsprior• Alteredfirmwareatsubsta.ons
“Wewereblinded”
Dec232015
ControlCenterOperator
Source:E-ISAC.AnalysisoftheCyberAmackontheUkrainianPowerGrid.March18,2016
![Page 22: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/22.jpg)
MisconcepHon:Minimumsecurityneeded,wearelowimpact. Ukraine,ChangingStandards,
NERCPhysical
Securityv3
Voluntary Mandatory
2000MetcalfAmack
Ukraine
2015Dec
2013Apr
StuxnetDiscovered
20101stIEEE
Substa.onSecStandard
2002
EnergyPolicyAct
2005
2005
NERCupdatesAssetID
CIP-002v4
2010
FERCdesignates
NERCasERO
2007
FERCApprovesAssetID
CIP-002v4
2012 2015
NERCEffec.veAssetID
CIP-002v5.1
2017
FERCtoApprove
NERCCIPv7
‘CodemovesfasterthanPolicy’
![Page 23: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/23.jpg)
MisconcepHon:Minimumsecurityneeded,wearelowimpact. Ukraine,ChangingStandards,StateRegula.ons
![Page 24: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/24.jpg)
MisconcepHon:WearenotconnectedtotheInternet.
Stuxnet,
![Page 25: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/25.jpg)
MisconcepHon:WearenotconnectedtotheInternet.
Stuxnet, Repor.ngCapacitytoRTO,
![Page 26: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/26.jpg)
MisconcepHon:WearenotconnectedtotheInternet.
Stuxnet,Repor.ngCapacitytoRTO, Firewall
Aug13th2016,accidentalreleaseof0-dayvulnerabili.eskeptbyaGovt.(Cisco,Juniper,etc.)
![Page 27: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/27.jpg)
Challenges NoLongerCanSetItandForgetIt
![Page 28: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/28.jpg)
ChallengesCybersecurity:Who’sResponsibilityisit?
ITDept. OTDept.
t
- So$waretodeterminehowpowerflowsandwhenbreakersopen/closes- Apache,Telnet,SSH,MySQL,FTP,LDAP,EmbeddedLinux,Windows,etc.- VirtualPowerPlantsandprotec.onrelays,so$waredefinednetworking
![Page 29: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/29.jpg)
Challenges ComplexityandAge
PowerGridSpaceSta.on
VS
TVIntegratedCircuit
• Ageisphysicalandhasvisualindicators
• Ageisanabstrac.onandexistsinso$ware
![Page 30: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/30.jpg)
Challenges VendorConfusion/SalesPitchesExample1:Installsmartmeterto‘side-stepcybersecurityrequirements’Issue:Howarethevaluesbeingusedwhenreceived…
Example2:
Issue:So$wareandprotocolshaveatendencytobecome vulnerableover.me.(Poodle,Heartbleed,Shellshock,etc)
![Page 31: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/31.jpg)
Whatarewemissing
![Page 32: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/32.jpg)
Exhibit 4.1.1 Strategies for Achieving Energy Delivery Systems Cybersecurity
Vision: By2020,resilientenergydeliverysystemsaredesigned,installed,operated,andmaintainedtosurviveacyberincidentwhilesustainingcri.calfunc.ons.
Strategies: BuildCultureofSecurity
AssesandMonitorRisk
Protec.veMeasurestoReduceRisk
ManageIncidents
SustainSecurityImprovements
Near-term (0–3 years) By 2013
Mid-term (4–7 years) By 2017
Long-term (8–10 years) By 2020
![Page 33: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/33.jpg)
Exhibit 4.1.1 Strategies for Achieving Energy Delivery Systems Cybersecurity
Vision: By2020,resilientenergydeliverysystemsaredesigned,installed,operated,andmaintainedtosurviveacyberincidentwhilesustainingcri.calfunc.ons.
Near-term (0–3 years) By 2013
3.1 Capabilities to evaluate the robustness and survivability of platforms, systems, networks, and systems
Strategies: BuildCultureofSecurity
AssesandMonitorRisk
Protec.veMeasurestoReduceRisk
ManageIncidents
SustainSecurityImprovements
![Page 34: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/34.jpg)
Exhibit 4.1.1 Strategies for Achieving Energy Delivery Systems Cybersecurity
Vision: By2020,resilientenergydeliverysystemsaredesigned,installed,operated,andmaintainedtosurviveacyberincidentwhilesustainingcri.calfunc.ons.
Near-term (0–3 years) By 2013
4.1 Tools to identify cyber events across all levels of energy delivery system networks 4.2 Tools to support and implement cyber attack response decision making for the human operator
Strategies: BuildCultureofSecurity
AssesandMonitorRisk
Protec.veMeasurestoReduceRisk
ManageIncidents
SustainSecurityImprovements
![Page 35: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/35.jpg)
Exhibit 4.1.1 Strategies for Achieving Energy Delivery Systems Cybersecurity
Vision: By2020,resilientenergydeliverysystemsaredesigned,installed,operated,andmaintainedtosurviveacyberincidentwhilesustainingcri.calfunc.ons.
4.4Real-.meforensicscapabili.es4.5Cybereventdetec.ontoolsthatevolvewiththedynamicthreatlandscape
Strategies: BuildCultureofSecurity
AssesandMonitorRisk
Protec.veMeasurestoReduceRisk
ManageIncidents
SustainSecurityImprovements
Mid-term (4–7 years) By 2017
![Page 36: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/36.jpg)
Exhibit 4.1.1 Strategies for Achieving Energy Delivery Systems Cybersecurity
Vision: By2020,resilientenergydeliverysystemsaredesigned,installed,operated,andmaintainedtosurviveacyberincidentwhilesustainingcri.calfunc.ons.
Strategies: BuildCultureofSecurity
AssesandMonitorRisk
Protec.veMeasurestoReduceRisk
ManageIncidents
SustainSecurityImprovements
2.3Toolsforreal-.mesecuritystatemonitoringandriskassessmentofallenergydeliverysystemarchitecturelevelsandacrosscyber-physicaldomains.
Long-term (8–10 years) By 2020
![Page 37: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/37.jpg)
Exhibit 4.1.1 Strategies for Achieving Energy Delivery Systems Cybersecurity
Vision: By2020,resilientenergydeliverysystemsaredesigned,installed,operated,andmaintainedtosurviveacyberincidentwhilesustainingcri.calfunc.ons.
Strategies: BuildCultureofSecurity
AssesandMonitorRisk
Protec.veMeasurestoReduceRisk
ManageIncidents
SustainSecurityImprovements
4.7Capabili.esforautomatedresponsetocyberincidents.
Long-term (8–10 years) By 2020
![Page 38: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/38.jpg)
BusinessLayer
Life-CycleManagementLayer
OperaHonsLayer
PhysicalLayer
Cyber-PhysicalLayer
Requirements Regula.ons Incen.ves
Design Upgrades Ops Disposal
Design
Sensors
Compu.ngPlaxorm
Models
PowerSystemState
Controller
Monitor ControlDisposal
Current New
Models
Cyber Phys.CPS
Phys.Econ.
Whatarewemissing
![Page 39: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/39.jpg)
CyberInfrastructure(ComputaHon&CommunicaHon)
ProtecHonandControl
Detec.on,Processing,Manipula.on
PhysicalInfrastructure(FlowofPower)
Inputs:Currents,Voltages,Impedance,Status(open,close,lockout)
Output:Open/CloseBkr,+/-Vars,
Inputs:Topology,trafficflows,deeppacketinspec.on,communica.onstate,stateofphysicalpowersystem
Output:NOTHING!
Whatarewemissing
![Page 41: Power System Cybersecurity: Threats, Challenges, and Barriers](https://reader034.vdocument.in/reader034/viewer/2022042600/589a1e451a28ab2a678b620b/html5/thumbnails/41.jpg)
IEEE Computer Society New Orleans Chapter
MeeHngIdeas
MeeHngLocaHons
TakeourSurveyWhatareyourInterestsandIdeas?
The scope of the Computer Society shall encompass all aspects of theory, design, practice, and application relating to computer and information
processing science and technology.
hXp://sites.ieee.org/neworleans/cs-survey/