security by design in smart grids a need to rethink ict in power system controls

Geneva, Switzerland, 15-16 September 2014

Security by Design in Smart GridsA Need to Rethink ICT in Power System Controls

Carsten Strunge,Senior Development Engineer,

[email protected]

ITU Workshop on “ICT Security Standardizationfor Developing Countries”

(Geneva, Switzerland, 15-16 September 2014)


2

The Challenge of Balancing Wind Power and Electricity Consumption

2012

2035

Approx. 30 pct. of classic demand

Approx. 75 pct. of classic demand Approx. 140 pct. of classic demand

2050 (scale 1:1)

The Challenge toUtilization Renewabel Power

Geneva, Switzerland, 15-16 September 2014 3

50,0 Hz

49,5 Hz

50,5 Hz

Power production Consumption

New paradigm: More load must follow production. Not just locally, but cross boarder

* Local balancing should only be for congestion management.

The Challenge of the Changing Power System


SC

HVDC

NO/SEHVDC

NL

HVAC

DE

HVAC

SE

400 kV

10 kV

0,4 kV

SVC

150 kV

60 kV

http://www.google.dk/imgres?imgurl=http://www.risho.co.jp/english/product/products3/limiting/img/limiting_back.jpg&imgrefurl=http://www.risho.co.jp/english/product/products3/limiting/index.html&usg=__25asKXS32wSpRk61NT4YaQEramk=&h=185&w=200&sz=30&hl=da&start=99&zoom=1&tbnid=-aqBNeTiAomf9M:&tbnh=96&tbnw=104&ei=s4WJTov5Lqz44QSw5Yy-Dw&prev=/search?q=reactor+coil+drawing&start=84&hl=da&sa=N&gbv=2&tbm=isch&itbs=1







The Generalized Stakeholder and Domain Model (from NIST)


Service Udbydere

Third-PartyProvider

UtilityProvider

Driftsovervågning

RTO/ISO Ops

Transmission Distribution

Distribution Transmission Forbruger / Prosumer

Produktion

Marked

DemandResponse

CIS

EnergyServicesInterface

Meter

CustomerEquipment

Aggregator

Billing

ElectricVehicle

Others

Plant Control System

Home / BuildingManager

Premises Networks

DataCollector

Internet /e-Business

EnterpriseBus

Wide AreaNetworks

Field AreaNetworks

SubstationLANs

MarketServicesInterface

Aktører

Domæne

Gateway Aktør

Datanetværk

Kommunikations linje

Kommunikationslinje skifter ejer / domæne

DistributionSCADA

Metering System

Internet /e-Business

TransmissionSCADA

Retail Energy

Provider

EnterpriseBus

EnterpriseBus

RTOSCADA

Appliances

CustomerEMS

ISO/RTO Participant

ElectricStorage

Distributed Generation

Thermostat

SubstationDevice

ElectricStorage

Substation Controller

Retailer / Wholesaler

DMS

Generators

EMS

FieldDevice

AggregatorWAMS

AssetMgmt

MDMS

EMSCIS

Billing

EnergyMarket

Clearinghouse

Distributed Generation

Substation Controller

What is the problem?

Internet is chosen as carrier of data (economy)Internet does no longer offer secure communication

But it can be secured by:Ensuring authenticitet (”user identification”)Securing data in motion (by encription)Securing data at rest (on devices level)Building security into control processes

And it is necessary to continuously monitor the entire system (both Electric Power and ICT)


What is Security by Design in Smart Grid?

Security and robustness in data exchange

X.509, PKIRBAC, IEC61850 and SecureMMS, CIM and “SecureCIM”

Secure and robust data storage

Access to data at the sourceRoll Based Access Controls (RBAC) at source

Secure and robust data processing

Semi-offline controls though exchange of schedulesDistributed controls with clear client-server relations

Secure and robust fall-back schemes

Detection of abnormal behaviorSegmentation and isolation of “infected” processes and ICT-networksFall-back conceptsGeneva, Switzerland, 15-16 September 2014 7

To have information security thought into the power system control concepts.

Basic Elements in the Smart Grid Control Loop and Client-Server Relation


Control1(Client agent)

Communication Communication

Control2(Other clients)

Control box w. RBAC

(Agent or Gateway)

Sensor Actuator(Server)

Power System

Status for availibility

Control and information

data

data

Elements in the Smart Grid Control Loop - Prosumer Relation


DSO Voltage andEmergency

controls (SCADA)

Communication(Fiber, PLC, GPRS, ?)

Communication(Internet)

Market AktorCommercial Operation

(Aggregator)

Control box w. RBAC(Agent or Gateway)

Sensor

Meter

ActuatorDER, CHP

HP, EVetc.

Power System

Status for availibility

Control and information

Energy ogonline power

E.g. via AMR/AMI

data

data

Local Technical VPP and Commercial VPP in Smart Grid


ControlTekniskVPP

(Agent)

Market actor AComVPP

Market actor BComVPP

10/0,4 kV

Communication

(Internet)

AMI/AMR

Tech + ComA + ComB Tech + ComA Tech + ComA + ComB Tech + ComA

Proof of Concept Demonstration


CHPCOMproject

Combined Heat and Power Communication

CHPCOM

Secure IEC 61850 based Information Exchange in a Danish Context

http://www.energinet.dk/

http://www.eurisco.dk/index.php

CHPCOM– is testing standards to make assets Smart Grid Ready

12

DSO/DNO

Balance responsible

Flexibility Market AggregatorTechnical control

Generator

CHP plantControl

Power sale

Power buy

~

Internet

Accumulator

Electric Boiler Power Market

TSO

Data

MeasurementMeasurement

International data exchange standard IEC 61850

Secured according to IEC 62351

Supply of services

Local resources to balance the local grid

Market control

Measurement

Dat

a

Measurement

New

District heat

Solar heat

See: www.chpcom.dk (not yet available in English)

http://www.chpcom.dk/

http://www.nordpoolspot.com/

http://chpcom.dk.linux81.curanetserver.dk/

CHPCOM –Role Based Access Control


IEC 61850 Server

CHPCOM RBAC unitincl. IP-Firewall

Internet

IEC62351-4 SecureMMS from SISCO

IEC62351-8 RBAC from EURISCO


http://www.google.dk/url?sa=i&rct=j&q=fit+pc+2+i&source=images&cd=&docid=n-xR1Z7BNnFniM&tbnid=Th-Fa2TvHhmwgM:&ved=0CAUQjRw&url=http://www.yawarra.com.au/news-2010.php&ei=KFYkUrTJNoqz0QWfyICwAw&bvm=bv.51495398,d.d2k&psig=AFQjCNHu7RBwBAky3EudC_iQ_zhFeQA5qg&ust=1378199438486409

http://www.google.dk/url?sa=i&rct=j&q=openBSD+osi+layer&source=images&cd=&cad=rja&docid=GYs52D5R5DP7MM&tbnid=rtxzD8UL_YnkUM:&ved=0CAUQjRw&url=http://www.benzedrine.cx/pf.html&ei=NWUkUrT2K--Y1AW3jIHIAQ&bvm=bv.51495398,d.d2k&psig=AFQjCNHXDapVwWulhZzoTkjTBp_67SnWcQ&ust=1378203274713252

http://www.google.dk/url?sa=i&rct=j&q=openssh&source=images&cd=&cad=rja&docid=zJrqg0Qa3Eu_SM&tbnid=08wxbJ6abd0Q5M:&ved=0CAUQjRw&url=http://www.openssh.org/&ei=bmUkUtXhIKHC0QX3lIDACw&bvm=bv.51495398,d.d2k&psig=AFQjCNHCHmLpoeiHnqCmUbuMT8ZYHjOuDg&ust=1378203352846702

http://www.google.dk/url?sa=i&rct=j&q=openSSL&source=images&cd=&cad=rja&docid=eRigDAwMn31LZM&tbnid=GC3NlUqgirEUqM:&ved=0CAUQjRw&url=http://www.opensslfoundation.com/download.html&ei=omUkUuXqKKS40QWM54DwBw&bvm=bv.51495398,d.d2k&psig=AFQjCNHD0Vb-J9K6evlP0dOzONGQIM6XRg&ust=1378203423643737

http://www.google.dk/url?sa=i&rct=j&q=nginx&source=images&cd=&cad=rja&docid=6Qxp1_OZyqi46M&tbnid=D1FdjsmOFAyOXM:&ved=0CAUQjRw&url=http://www.modsecurity.org/projects/modsecurity/nginx/&ei=FWYkUtiyGq-k0AW7-IDAAw&bvm=bv.51495398,d.d2k&psig=AFQjCNFpSlWs0eijSNmtFWoysfjPGd4xkw&ust=1378203526992015

http://www.google.dk/url?sa=i&rct=j&q=openVPN&source=images&cd=&cad=rja&docid=4IQu4DtjKd7d2M&tbnid=aJ0PvdKNRH7w0M:&ved=0CAUQjRw&url=http://blog.milford.io/2011/02/setting-up-an-openvpn-client-for-ubuntudebianmint-cli-edition/&ei=U2YkUo3oJsSU0QXbm4DYCw&psig=AFQjCNG13nHA7j5PFnY0CAKao49CxfJXmg&ust=1378203588952981

RBAC structure in IEC 62351-8 - Whitelisting, Roles and Rights


SubjectPerson/system whitelisted and identified by X.509 based certificate, whishes access to a resource

Example

Roles

Rights

Operations

Objects

Roles define basic user rights

Rights defines access to specific functions

Functions can conduct specific actions at resource

Resource read or write data DCIP1.EngCtl.ctlVal

Start engine #1

Write

Egon Olsen

BRP Operator

IEC TS 62351-8

IEC 62351-8 also applies to IEC TC57 CIM-standards


The CHPCOM data flow


RBAC

s/MMS s/MMS

61850 GW

61850 DB

SCADA DB

RTU

MMS

SCADA

s/MMS

SecureMMSGateway

SCADA

SCADA fronten

d

MMS

INTERNETFirewall

PKIComponents

CHPCOM Information Security Activities

Implementation ofPKI-elementsX.509 certificates with encoded rolesAutomated certificate handlingSecureMMSIEC 62351-8 RBAC gateway

Security Analysis PKI policies. Clients and Servers policies for installation and secure management.

StandardisationFeedback to basic X.509 standard (ITU-T SG17) with specific Smart Grid requirements;Feedback to IEC 62351 (TC57 WG15) on SecureMMS and RBAC implementation

Identify legislative needsIdentify the legislative requirements in Denmark.Dialog with key stakeholders.



Conclusions and RecommendationsWhat we found Smart Grid needs from ITU-T

Automated machine2machine solutions e.g. for certificate renewal

Local certificate whitelists

Strong processes for initial certificate “bootstraping”

Multiple associated parallel PKI

E.g. Smart Grid-PKI, Smart Meter-PKI, EV-PKI, etc.

And not least a good cooperation between ITU-T and IEC TC57.


17

security by design in smart grids a need to rethink ict in power system controls

Documents

encriptionsecuring data

data exchangex

electric power

power system control

robust data storageaccess

changing power systemgeneva

smart gridgeneva

smart gridsa