SlideShare a Scribd company logo

Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity

Leonardo ENERGY
Leonardo ENERGY

The document discusses technical approaches to enhance cybersecurity for smart grids, focusing on the challenges, risk management strategies, and best practices to protect energy systems from cyber threats. It emphasizes the need for structured risk assessments, regional cooperation, and capacity building to address vulnerabilities effectively. Case studies illustrate real-world scenarios like advanced metering infrastructure and ransomware attacks to underline the importance of robust security measures in interconnected energy networks.

Technology
1 of 34
Downloaded 24 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Cybersecurity for Smart Grids: Technical Approaches to Improve Cybersecurity Presentation by Cyril W. Draffin, Jr. Project Advisor, MIT Energy Initiative Stefano Bracco Knowledge Manager, Agency for the Cooperation of Energy Regulators David Batz Security and Business Continuity, Edison Electric Institute International Energy Agency’s International Smart Grid Action Network (ISGAN) Academy – 2nd Cybersecurity Webinar 11 September 2017 1
ISGAN in a nutshell International Smart Grid Action Network TCP (ISGAN) ‘Strategic platform to support high-level government attention and action for the accelerated development and deployment of smarter, cleaner electricity grids around the world’  An initiative of the Clean Energy Ministerial (CEM)  Organized as the Implementing Agreement for a Co-Operative Programme on Smart Grids (ISGAN) The CEM is the only multilateral forum dedicated exclusively to the advancement of clean energy technologies and related policies. ISGAN is the only global government-to-government forum on smart grids 2
Geography of ISGAN 3 Swedish Energy Agency Commonwealth Scientific and Industrial Research Organization Government of Canada Norwegian Ministry of Petroleum and Energy New Energy and Industrial Technology Development Organization (NEDO) Sustainable Energy Authority of Ireland Government of Belgium Forschungszentrum Jülich GmbH Government of the Netherlands, Ministry of Economic Affairs, Agriculture and Innovation Union Fenosa Distribucion Government of Austria Government of France Swiss Federal Office of Energy Government of Korea European Commission South African National Energy Development Institute Energy Market Authority, Singapore Government of India MOP, NSGM, POWER GRID, CPRI Government of Mexico U.S. Department of Energy Ricerca sul Sistema Energetico (RSE S.p.A.) Contracting Parties: 25 Invited: Malaysia Expression of Interest: UAE Ministry of Science and Technology Department of High and New Technology Development and Industrialization Russian Energy Agency Tekes (Finnish Funding Agency for Technology and Innovation) Danish Energy Agency
Activities of ISGAN 4 For more information, please visit: o ISGAN: www.iea-isgan.org
Topics for Cybersecurity for Smart Grids Webinar #2: Technical Approaches to Improve Cybersecurity 1. Cybersecurity Challenges 2. Cybersecurity Approach and Best Practices 3. Case Studies 4. Cyber Professionals 5. Regulatory and Legal Constraints of architecting smart grids in a secure way 6. Measures of Success 7. Conclusions 5
Market and Technology • Smart Grid and digital evolution • Highly inter-connected platforms with a number of actuators and sensors (with wide geographical area) • Decision-making delegated to machines (Distributed Control Systems) • New intelligent control devices which have to cooperate with old control devices (which are not easy to replace) • Changing business models with more actors involved • Distributed Energy Resources, with renewable resources that have intermittent behaviour, with multiple ownerships and cybersecurity practices • Demand changes, dynamic pricing and need for inclusion of new actors (for example “prosumers” and aggregators) with impact on electricity systems Electricity Market Challenges affecting Cybersecurity Cybersecurity Challenges 6
Management • Evolving cyber threats • Hacking groups trying to find vulnerabilities embedded in the existing security measures, and seeking undiscovered vulnerabilities of control systems • Potential role of nation states • Potential national or cross-border impact of attacks and incidents, related to the “weakest link problem” • Existing governance versus best practices • Agility important-- impossible to predict what will happen • Forensics methods and technologies (applicable to standard IT systems and their security measures) may not work as well on Operational systems • How much cybersecurity expenditures are sufficient?-- cost of cybersecurity Management Challenges affecting Cybersecurity Cybersecurity Challenges 7
Cybersecurity Approaches • Threat and risk management system  Pursue a harmonized, structured and comprehensive way to identify operators of essential services for the energy sector at regional level  Structured risk analysis and risk treatment plan specific for the highly interdependent European and US energy sectors  Cyber security maturity framework  Regional cooperation on cyber security topics  Control and secure disclosure of vulnerabilities and incidents affecting the energy sector in its crucial role • Effective cyber response framework  Define and implement a cyber response and coordination framework  Implement and strengthen regional cooperation for efficient handling of cyber emergencies when energy is involved and affected  Improve cyber resilience in the energy sector • Build-up adequate capacity and competences  Build competences  Provide knowledge, including frameworks and best practices  Promote research Cybersecurity Approaches 8
A maturity model is a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline. Model content typically exemplifies best practices and may incorporate standards or other codes of practice of the discipline. It provides a benchmark against which an organization can evaluate the current level of capability of its practices, processes, and methods and set goals and priorities for improvement. When a model is widely used in a particular industry (and assessment results are shared), organizations can benchmark their performance against other organizations. An industry can determine how well it is performing overall by examining the capability of its member organizations. Maturity Model Cybersecurity Approaches 9
10 Domains In Maturity Model: Logical grouping of cybersecurity practices • Risk Management • Asset, Change, and Configuration Management • Identity and Access Management • Threat and Vulnerability Management • Situational Awareness • Information Sharing and Communications • Event and Incident Response, Continuity of Operations • Supply Chain and External Dependencies Management • Workforce Management • Cybersecurity Program Management Cybersecurity Approaches 10
Information Technology and Operations Technology Systems Cybersecurity Approaches 11 Information Technology 1. Confidentiality (most important) 2. Integrity 3. Availability versus------------------------------------------------------------------------------------------- Confidentiality (most important) Integrity Availability Availability (most important) Integrity Confidentiality Operations Technology 1. Availability (most important) 2. Integrity 3. Confidentiality
How the European Commission Clean Energy Package acknowledges Cybersecurity • The legislative proposals put emphasis on smarter and more efficient management of the grid, by using digital technologies and the flexibility of consumers and their electrical appliances • Innovation is at the core of the package, from renewable energy legislation, to energy efficiency and the new market design proposals • The package acknowledges the importance of cyber security for the energy sector, and the need to duly assess cyber-risks and their possible impact on the security of supply. • It proposes the adoption of measures to prevent and mitigate the risks identified as well as the adaption of technical rules for electricity (i.e. a Network Code) on cyber-security. 12 Cybersecurity Approaches
Energy Expert Cyber Security Platform (EECSP)- Expert Group 13 10 cyber security challenges in the energy sector (reference: EECSP Report) Electricity Oil Gas Nuclear 1 Grid stability in a cross-border interconnected energy network. x x x 2 Protection concepts reflecting current threats and risks. x x x x 3 Handling of cyber-attacks within the EU. x x x x 4 Effects by cyber-attacks not fully considered in the design rules of an existing power grid or nuclear facility x x 5 Introduction of new highly interconnected technologies and services. x x 6 Outsourcing of infrastructures and services. x x x 7 Integrity of components used in energy systems. x x x 8 Increased interdependency among market players. x 9 Availability of resources and their competences. x x x x 10 Constraints imposed by cyber security measures in contrast to real-time/availability requirements. x x x Cybersecurity Approaches
Present Coverage In European Union Regulation 14 Strategy and Legislation Strategy papers • EU Cyber Security Strategy • Digital Single Market Strategy • 50 national cyber security strategies Legislation with focus on cyber security for critical infrastructure providers • Network and Information Security (NIS) Directive • European Programme for Critical Infrastructure Protection (EPCIP) Directive • Contractual Public-Private Partnership Legislation with focus on security of supply • Security of Supply (SoS) Directive • Security of Gas Supply Regulation Legislation with focus on data protection and privacy • General Data Protection Regulation (GDPR) • Data Protection Impact Assessment (DPIA) Template Cybersecurity Approaches
Strategic Priorities (European perspective) 15 Strategic Priorities Strategic Areas Areas of Actions I Set-up an effective threat and risk management system European threat and risk landscape and treatment 1. Identification of provider of essential services for the energy sector at EUlevel. 2. Risk analysis and treatment. 3. Framework of rules for a regional cooperation. 4. EU framework for vulnerabilities disclosure for the energy sector. Identification of provider of essential services Best practice and information exchange Forster international collaboration II Set-up an effective cyber defence framework Cyber response framework 5. Define and implement cyber response framework and coordination. 6. Implement and strengthen the regional cooperation for emergency handling Crisis management III Continuously improve cyber resilience European cyber security maturity framework 7. Establish a European cyber security maturity framework for energy. 8. Establish a cPPP for supply chain integrity 9. Foster European and international collaboration Supply chain integrity framework for components Best practice and information exchange Awareness campaign from top level EU institutions IV Build-up the required capacity and competences Capacity & competence build-up 10. Capacity and competence build-up. Cybersecurity Approaches
Core European documents under review in 2017-2018 • EU Cyber Security Strategy is under review • German EU Strategy and others were reviewed in 2016 • Others strategies expected as a result of the NIS (Network and Information Security) Directive 16 Cybersecurity Approaches
Best Practices • No comprehensive best practices, but: – Big TSOs and DSOs are already applying existing standards that may be helpful (e.g. ISO 27000 Series and NERC CIP) – BSI is a reference in Germany (https://www.bsi.bund.de) – ANSSI (The French CIIP Framework - https://www.ssi.gouv.fr/en/cybersecurity-in-france/ciip-in- france/) in France with two different approaches – ENISA is working hard at EU Level with a number of publications every year: most of them provide recommendations and analysis at EU Level, and are complemented by the work done by DG ENERGY and DG JRC of the European Commission. 17 Cybersecurity Approaches
Case Study 1 – Advanced Metering Infrastructure Background The Advanced Metering Infrastructure (AMI) is now being rapidly deployed throughout the power grid, and is an enabling technology for smart grid. Identifying the attack surface is a necessary step in achieving cyber security in smart grids and AMI. Source: https://arxiv.org/ftp/arxiv/papers/1607/1607.04811.pdf Case Studies An attacker may target an AMI in several ways, which may result in several/different risks for the operator involved. Main potential objectives for such an attack: • Intelligence gathering; • Infecting the target AMI systems; • AMI exploitation (use for profit); • AMI exfiltration (transfer of data); • Maintaining control on this capability on short, medium, long run. Needed definition: cyber attack surface can be defined by the methods an environment or a system can be attacked by an adversary to introduce or retrieve data from that environment or system. Analysis 18
Case Study 1 – Advanced Metering Infrastructure (continued) Analysis  Surface is composed of:  Smart Meters  IR Port  Internal Link  Firmware  Micro Controller  Radio  AMI Information and Communication Network  Smart Meter Data Collector – SMDCs  Similar to Smart Meters  AMI-Head End  Interface with the Utility Infrastructure  Outage Management Systems (Restoration capability)  Energy Management System (Dispatch and monitoring)  Master Data Management Systems  Corporate WAN  Protocols and Software  Weak Encryption keys  Smart Energy Profile 2.0  KillerBee to hack AMI  Many attacks possible on 3G/4G/LTE Case Studies 19
Possible Counter-measures • Create closed and proprietary security solutions; • Use Open Standards and architect things in a way that “red points” will be green (or removed from the list); • Interim measure is to analyse existing devices, to identify the surface, and to mitigate the risks. Global Smart Grid Federation’s Smart Meter Security Survey, August 2016 http://www.globalsmartgridfederation.org/wp-content/uploads/2016/08/smart_meter_security_survey.pdf http://ics.sans.org/media/IT-OT-Convergence-NexDefense-Whitepaper.pdf Cyber Attack Surface Analysis of Advanced Metering Infrastructure AMI Surface https://arxiv.org/ftp/arxiv/papers/1607/1607.04811.pdf https://www.sans.org/reading-room/whitepapers/forensics/forensic-analysis-industrial-control-systems- 36277 Proof-of-concept ransomware locks up the PLCs that control power plants http://www.cap.gatech.edu/plcransomware.pdf Case Studies 20 Case Study 1 – Advanced Metering Infrastructure (continued)
Case Study 2 – Process and Tool Adoption- toward a secure and resilient power distribution grid Background The tight interaction of the control applications with communication networks and physical components, such as sensors and actuators in a complex cyber-physical system, is of paramount importance in order to assure that the system can be introduced in a working environment and can provide the certain level in respect to new risks deriving from new components tools and processes. In this respect more work has to be done to establish, well before the adoption, how “secure” is a system in respect to the already existing and established operations, and if a change in operations can impact the security of the system. Source: http://ieeexplore.ieee.org/document/7778800/ Case Studies 21
Case Study 2 – Process and Tool Adoption- toward a secure and resilient power distribution grid (continued) Analysis In the DERs, local controls are capable to keep grid voltage in a certain range. Additional central controllers may implement high-level objectives such as loss minimization or minimum generator shedding. While most of the systems are robust enough to overcome issues such as a weak communication channel, there is no assurance of non vulnerability to cyber-attacks. In this context we have to consider that technical protection measures can be of two kinds: • ICT Security Measures (e.g. Firewall, IDP, Authentication) • System/control-theoretic measures (e.g. model-based attack/fault detection and isolation, robust control strategies that maintain closed-loop stability and performance guarantees) Several recommendations are already in place. Attacks spans Data Integrity, DoS (Denial of Service), Delay Attacks. Findings • A workbench to assure and test that all possible technical measures are taken into consideration is still needed, but a comprehensive tool is not available. • This must be part of the tasks of a control engineer when developing similar systems, who needs to apply a more holistic approach to the engineering phase of similar tools. Case Studies 22
Case Study 2 – Process and Tool Adoption- toward a secure and resilient power distribution grid (continued) Counter-measures • Security by design is the first advice. • ICT Measures and control theoretic protection measures have to work together to properly address risks which may be hidden to a preliminary analysis. • Should be a “mantra” for the procurement of new equipment. • Same analysis must be performed when an interconnected ICT or control theoretic protection measure is affected by any change. Case Studies 23
Case Study 3 – Ransomware / Wipers for Industrial Control Systems Background Georgia Institute of Technology released an academic paper on use of a cross-vendor Ransomware worm working on Programmable Logic Controllers (PLCs). Due to a weak authentication, attacker is capable to lock out an administrator, installing a logical bomb. Conficker and Stuxnet used MS08-067. It is not impossible that a virus for ICS will use MS17-010 as WannaCry/WannaCrypt did. In this case we may face safety/critical shutdown, or worse. “US-CERT released the following documents that contain in-depth technical analysis on the Petya malware, as well as indicators of compromise and additional recommendations for mitigation….. The following product vendors have proactively issued notifications with recommendations for users regarding the Petya ransomware (ICS-CERT will update the list of vendors that have released customer notifications as additional information becomes available):” Source: http://www.cap.gatech.edu/plcransomware.pdf http://iiot-world.com/cybersecurity/the-impact-of-wannacry-on-industrial-control-systems-ics/ https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01C Case Studies 24
Case Study 3 – Ransomware / Wipers for Industrial Control Systems (continued) Analysis Ransomware (including WannaCry used in 2017) is a typical extortion crime on a company, instead on a (more common) population of potential targets. • To implement a similar attack in practice, you will need still to use a “Trojan horse” to inject the Ransomware. • The Georgia Institute of Technology paper describes the side effects: profit, which in normal circumstances would be Population*Value-Cost, in this case will be difficult to estimate. In Smart Grids, where data are imperative to continue business, the damage may be huge, and the restoration may be difficult if not properly addressed in existing procedure at any level of the company. • Collateral damages may include downtime, Equipment Health, Human Safety. • The negotiation phase may be particularly lengthy as the financial values may be extremely high and the legal consequences may be extremely severe for the company, in case it would be found guilty. On NotPetya (used in 2017) there were several abilities put in a single worm, that can shut down operating systems, and “wipe” away information in data bases. Case Studies 25
Case Study 3 – Ransomware / Wipers for Industrial Control Systems (continued) Counter-measures • End-point security • Network security (including backups of all configurations) • Adoption of proper policies, including software updates • Proper selection and management of contractors, and proper hand-over if your ITs and OTs are managed by a Third Party • Safeguards to protect information assets related to IT and OT equipment • Strict control on change management and supply chain • Isolate or protect vulnerable embedded systems that cannot be patched from potential network exploitation • Locate control system networks and devices behind firewalls, and isolate them from the business network • Engagement with regional / national defence agencies Case Studies 26
Cybersecurity Professionals Basic Skills • Sound knowledge of IT and OT; • In depth knowledge of the Security Domains (including physical security); • Being able to analyse emerging threats in complex and interconnected infrastructures with limited or partial inputs, and without being able to stop operations; • Both high level and low level knowledge (processes and protocols). Possible certifications • Several in the field of cyber security (e.g. CISSP, CEH, others at different levels); • Smart Grid Maturity Model Navigator is example of a good start for specific field related certifications (http://www.sei.cmu.edu/training/P109.cfm) Advantages of certification • Baseline on knowledge for network operators recognised and accepted by all; • Trust among operators and their own staff; • As in aviation, rules in case of crises are known and common to all the community; • Staff can be recognised as part of a community system. For the future If we certify equipment which can operate on smart grids, why not to certify people? A schema has to be developed. To make fast progress, there is a need for: o Training o Awareness campaigns in the sector o Extensive cooperation to identify core skills and methods Professionals 27
Regulatory and Legal Constraints in European Union  Smart Grids may be based on Best Available Techniques and BREF (BAT Reference Document); This is very much depending on the regulation; Right now it is just a reccomendation  Nation States, such as Germany and France, have very stringent requirements (Catalogue of IT security requirements under section 11(1a) of the Energy Act) Regulatory Constraints Electricity and gas network operators are required to implement a minimum level of IT security. The core requirement is the establishment of an information security management system (ISMS) with certification to DIN ISO/IEC 27001 by 31 January 2018. https://www.bundesnetzagentur.de/EN/Areas/Energy/Companies/SecurityOfSup ply/ITSecurity/ITSecurity_node.html 28
Regulatory and Legal Constraints in European Union (continued)  GDPR will be applicable as from 25 May 2018 – It is already having an impact on Smart Grid decisions (e.g. Time of retrieval of the information from Smart Meters)  There is a general need to coordinate National Efforts and European Efforts  When dealing with Standards, International efforts are needed to make sure that standards and/or local legislations will not collide, jeopardising the efforts of the communities producing standards and of the international communities regulating the cyberspace (having a standard which issues technical rules but doesn’t take into consideration GDPR or NIS Directive may be counterproductive) 29 Regulatory Constraints
Regulatory and Legal Constraints in United States  Regulatory and legal constraints of architecting smart grids in a secure way  Bulk Electric System at a Federal level (1) vs. distribution controlled by U.S. States/Territories (56) 30 Regulatory Constraints
Measures of Success for Cybersecurity for Smart Grids  Smart Grids that are secure, reliable and protect customer data and information require:  Engagement with National and International Authorities that can play an important role in regulating, enforcing, monitoring and protecting the grids from emerging risks.  Effective response plans to recover from cyber incidents or attacks are completed and understood Measures of Success 31
Conclusions • Smart Grids will grow in size and achieve higher levels of efficiency through the adoption of new intelligent devices (including Internet of Things, and use of the Cloud) • Cyber threats will continue • Technical risk management work has to be done – Efficient methods and processes needed to speed up the mitigation of all cybersecurity challenges, using appropriate standards and best practices, using an iterative approach to improvement – Understand the issues and the full risk landscape (use Computer Security Incident Response Teams and the implementation of European NIS Directive) – Operators should think about Maturity Models to evaluate the status of their cybersecurity preparedness. • Cooperation needed between institutional, regulatory, research, and market actors—both nationally and internationally – Report when things do not work as expected • Cybersecurity for energy is an essential investment for the future of our civil society – Cybersecurity for energy has to be addressed in the short, medium, and long term – We have a chance to mitigate risks through the adoption of proper actions Security is your responsibility 32
Questions & Comments Contacts: Cyril Draffin Email: draffin@alum.mit.edu Stefano Bracco Email: Stefano.BRACCO@acer.europa.eu David Batz Email: dbatz@eei.org Cyril W. Draffin, Jr. MIT Energy Initiative, E19-307 77 Massachusetts Avenue Cambridge, Massachusetts, 02139-4307, USA Stefano Bracco Agency for the Cooperation of Energy Regulators Trg Republike, 3 - TR3 12/20 SI-1000 – Ljubljana, Slovenia David Batz Edison Electric Institute 701 Pennsylvania Avenue, NW Washington, DC , 20004-2696, USA ISGAN Academy coordination: Institute for Research in Technology Comillas Pontifical University Santa Cruz de Marcenado 26 28015 Madrid, Spain International Energy Agency’s (IEA) International Smart Grid Action Network (ISGAN) Academy – 2nd Cybersecurity Webinar Cybersecurity for Smart Grids: Technical Approaches to Improve Cybersecurity 33
34 This recorded cybersecurity webinar and previous webinars are available at ISGAN Academy platform: http://www.leonardo-energy.org/resources/1070/isgan-academy-58ec8d2e7b9b0 ISGAN Academy Webinars • Jeju Island Smart Grid Project (in Korea) • Reference Network Models (tools for large scale distribution network planning) • TSO Reliability Management: a probabilistic approach for better balance between reliability & costs (GARPUR project, Europe) • Integration of RES in power systems: transmission networks issues (Renewable Energy Sources) • Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybersecurity (1st Cybersecurity Webinar; 28 June 2017)

More Related Content

What's hot (20)

PDF
HOME-AUTOMATION-SYSTEM-USING-INTERNET-OF-THINGS.pdf
KanagarajanSwamiappa
 
PPTX
Sources of IoT (JNTUK - UNIT 1)
FabMinds
 
PPTX
Introduction to Wireless Communication
Dilum Bandara
 
PPTX
ppt on Smart Grid
agr_vandana30
 
PPTX
Components of IOT Implementation
Aashiq Ahamed N
 
PPTX
CYBER SECURITY IN THE SMART GRID
Siva Sasthri
 
PPTX
smart Home security
Arvind Narayanan
 
PPT
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
University of Southern California
 
DOCX
Data Acquisition System
Priyanka Goswami
 
PPTX
IoT for Healthcare
SenZations Summer School
 
PPTX
Cyber security for smart grid
Krithika Muthusubramanian
 
PDF
IBM Watson Internet of Things: Introducing Digital Twin
IBM Internet of Things
 
PDF
Cyber-security of smart grids
Hamza AlBzoor
 
PPTX
IoT - IT 423 ppt
Mhae Lyn
 
PPT
Iot
RaheemUnnisa1
 
PPTX
Lte Presentation.Ppt
vaimalik
 
DOCX
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
PPTX
Zigbee technology ppt
ijaranjani
 
PPTX
Millimeter Wave mobile communications for 5g cellular
raghubraghu
 
PPTX
Wireless communication
Darshan Maru
 
HOME-AUTOMATION-SYSTEM-USING-INTERNET-OF-THINGS.pdf
KanagarajanSwamiappa
 
Sources of IoT (JNTUK - UNIT 1)
FabMinds
 
Introduction to Wireless Communication
Dilum Bandara
 
ppt on Smart Grid
agr_vandana30
 
Components of IOT Implementation
Aashiq Ahamed N
 
CYBER SECURITY IN THE SMART GRID
Siva Sasthri
 
smart Home security
Arvind Narayanan
 
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
University of Southern California
 
Data Acquisition System
Priyanka Goswami
 
IoT for Healthcare
SenZations Summer School
 
Cyber security for smart grid
Krithika Muthusubramanian
 
IBM Watson Internet of Things: Introducing Digital Twin
IBM Internet of Things
 
Cyber-security of smart grids
Hamza AlBzoor
 
IoT - IT 423 ppt
Mhae Lyn
 
Iot
RaheemUnnisa1
 
Lte Presentation.Ppt
vaimalik
 
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Zigbee technology ppt
ijaranjani
 
Millimeter Wave mobile communications for 5g cellular
raghubraghu
 
Wireless communication
Darshan Maru
 

Similar to Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity (20)

PPTX
Cyber security of power grid
P K Agarwal
 
PDF
Cybersecurity of powergrid
Rajesh Sawale
 
PPTX
Cyber-Security-for-Smart-Grid bbbb .pptx
periiteeedept2
 
PDF
Cyber security white paper final PMD 12_28_16
Dave Darnell
 
PDF
SMi Group's 5th annual European Smart Grid Cyber Security conference
Dale Butler
 
PDF
SMi Group's Smart Grid Cyber Security 2019 conference
Dale Butler
 
PDF
Smart grid cyber
Dale Butler
 
PPTX
Cybersecurity Presentation at WVONGA spring meeting 2018
Jack Shaffer
 
PDF
Critical Infrastructure and Cyber Security: trends and challenges
Community Protection Forum
 
PDF
European smart grid cyber and scada security
Yulia Rotar
 
PDF
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
Dale Butler
 
PPS
02 ibm security for smart grids
IBM Italia Web Team
 
PPTX
CSO Magazine Confab 2013 Atlanta - Cyber Security
Phil Agcaoili
 
PPTX
ppt_cyber.pptx
NIRAJSINGH339856
 
PDF
Cyber security of critical infrastructure
NIRAJSINGH339856
 
PDF
Standards based security for energy utilities
Nirmal Thaliyil
 
PDF
Biznesa infrastruktūras un datu drošības juridiskie aspekti
ebuc
 
PDF
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
George Wainblat
 
PDF
Securing Networked Infrastructure for the Energy Sector
Smart Grid Interoperability Panel
 
PDF
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Cyber security of power grid
P K Agarwal
 
Cybersecurity of powergrid
Rajesh Sawale
 
Cyber-Security-for-Smart-Grid bbbb .pptx
periiteeedept2
 
Cyber security white paper final PMD 12_28_16
Dave Darnell
 
SMi Group's 5th annual European Smart Grid Cyber Security conference
Dale Butler
 
SMi Group's Smart Grid Cyber Security 2019 conference
Dale Butler
 
Smart grid cyber
Dale Butler
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Jack Shaffer
 
Critical Infrastructure and Cyber Security: trends and challenges
Community Protection Forum
 
European smart grid cyber and scada security
Yulia Rotar
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
Dale Butler
 
02 ibm security for smart grids
IBM Italia Web Team
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
Phil Agcaoili
 
ppt_cyber.pptx
NIRAJSINGH339856
 
Cyber security of critical infrastructure
NIRAJSINGH339856
 
Standards based security for energy utilities
Nirmal Thaliyil
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
ebuc
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
George Wainblat
 
Securing Networked Infrastructure for the Energy Sector
Smart Grid Interoperability Panel
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Ad

More from Leonardo ENERGY (20)

PDF
A new generation of instruments and tools to monitor buildings performance
Leonardo ENERGY
 
PDF
Addressing the Energy Efficiency First Principle in a National Energy and Cli...
Leonardo ENERGY
 
PDF
Auctions for energy efficiency and the experience of renewables
Leonardo ENERGY
 
PDF
Energy efficiency first – retrofitting the building stock final
Leonardo ENERGY
 
PDF
How auction design affects the financing of renewable energy projects
Leonardo ENERGY
 
PDF
Energy Efficiency Funds in Europe (updated)
Leonardo ENERGY
 
PDF
Energy Efficiency Funds in Europe
Leonardo ENERGY
 
PDF
Five actions fit for 55: streamlining energy savings calculations
Leonardo ENERGY
 
PDF
Recent energy efficiency trends in the EU
Leonardo ENERGY
 
PDF
Energy and mobility poverty: Will the Social Climate Fund be enough to delive...
Leonardo ENERGY
 
PDF
Does the EU Emission Trading Scheme ETS Promote Energy Efficiency?
Leonardo ENERGY
 
PPTX
Energy efficiency, structural change and energy savings in the manufacturing ...
Leonardo ENERGY
 
PPTX
Energy Sufficiency Indicators and Policies (Lea Gynther, Motiva)
Leonardo ENERGY
 
PDF
The Super-efficient Equipment and Appliance Deployment (SEAD) Initiative Prod...
Leonardo ENERGY
 
PDF
Modelling and optimisation of electric motors with hairpin windings
Leonardo ENERGY
 
PDF
Casting zero porosity rotors
Leonardo ENERGY
 
PDF
Direct coil cooling through hollow wire
Leonardo ENERGY
 
PDF
Motor renovation - Potential savings and views from various EU Member States
Leonardo ENERGY
 
PDF
The need for an updated European Motor Study - key findings from the 2021 US...
Leonardo ENERGY
 
PDF
Efficient motor systems for a Net Zero world, by Conrad U. Brunner - Impact E...
Leonardo ENERGY
 
A new generation of instruments and tools to monitor buildings performance
Leonardo ENERGY
 
Addressing the Energy Efficiency First Principle in a National Energy and Cli...
Leonardo ENERGY
 
Auctions for energy efficiency and the experience of renewables
Leonardo ENERGY
 
Energy efficiency first – retrofitting the building stock final
Leonardo ENERGY
 
How auction design affects the financing of renewable energy projects
Leonardo ENERGY
 
Energy Efficiency Funds in Europe (updated)
Leonardo ENERGY
 
Energy Efficiency Funds in Europe
Leonardo ENERGY
 
Five actions fit for 55: streamlining energy savings calculations
Leonardo ENERGY
 
Recent energy efficiency trends in the EU
Leonardo ENERGY
 
Energy and mobility poverty: Will the Social Climate Fund be enough to delive...
Leonardo ENERGY
 
Does the EU Emission Trading Scheme ETS Promote Energy Efficiency?
Leonardo ENERGY
 
Energy efficiency, structural change and energy savings in the manufacturing ...
Leonardo ENERGY
 
Energy Sufficiency Indicators and Policies (Lea Gynther, Motiva)
Leonardo ENERGY
 
The Super-efficient Equipment and Appliance Deployment (SEAD) Initiative Prod...
Leonardo ENERGY
 
Modelling and optimisation of electric motors with hairpin windings
Leonardo ENERGY
 
Casting zero porosity rotors
Leonardo ENERGY
 
Direct coil cooling through hollow wire
Leonardo ENERGY
 
Motor renovation - Potential savings and views from various EU Member States
Leonardo ENERGY
 
The need for an updated European Motor Study - key findings from the 2021 US...
Leonardo ENERGY
 
Efficient motor systems for a Net Zero world, by Conrad U. Brunner - Impact E...
Leonardo ENERGY
 
Ad

Recently uploaded (20)

PDF
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Complete Network Protection with Real-Time Security
L4RGINDIA
 
PDF
Wojciech Ciemski for Top Cyber News MAGAZINE. June 2025
Dr. Ludmila Morozova-Buss
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
PPT
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PPTX
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PDF
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Complete Network Protection with Real-Time Security
L4RGINDIA
 
Wojciech Ciemski for Top Cyber News MAGAZINE. June 2025
Dr. Ludmila Morozova-Buss
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 

Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity

  • 1. Cybersecurity for Smart Grids: Technical Approaches to Improve Cybersecurity Presentation by Cyril W. Draffin, Jr. Project Advisor, MIT Energy Initiative Stefano Bracco Knowledge Manager, Agency for the Cooperation of Energy Regulators David Batz Security and Business Continuity, Edison Electric Institute International Energy Agency’s International Smart Grid Action Network (ISGAN) Academy – 2nd Cybersecurity Webinar 11 September 2017 1
  • 2. ISGAN in a nutshell International Smart Grid Action Network TCP (ISGAN) ‘Strategic platform to support high-level government attention and action for the accelerated development and deployment of smarter, cleaner electricity grids around the world’  An initiative of the Clean Energy Ministerial (CEM)  Organized as the Implementing Agreement for a Co-Operative Programme on Smart Grids (ISGAN) The CEM is the only multilateral forum dedicated exclusively to the advancement of clean energy technologies and related policies. ISGAN is the only global government-to-government forum on smart grids 2
  • 3. Geography of ISGAN 3 Swedish Energy Agency Commonwealth Scientific and Industrial Research Organization Government of Canada Norwegian Ministry of Petroleum and Energy New Energy and Industrial Technology Development Organization (NEDO) Sustainable Energy Authority of Ireland Government of Belgium Forschungszentrum Jülich GmbH Government of the Netherlands, Ministry of Economic Affairs, Agriculture and Innovation Union Fenosa Distribucion Government of Austria Government of France Swiss Federal Office of Energy Government of Korea European Commission South African National Energy Development Institute Energy Market Authority, Singapore Government of India MOP, NSGM, POWER GRID, CPRI Government of Mexico U.S. Department of Energy Ricerca sul Sistema Energetico (RSE S.p.A.) Contracting Parties: 25 Invited: Malaysia Expression of Interest: UAE Ministry of Science and Technology Department of High and New Technology Development and Industrialization Russian Energy Agency Tekes (Finnish Funding Agency for Technology and Innovation) Danish Energy Agency
  • 4. Activities of ISGAN 4 For more information, please visit: o ISGAN: www.iea-isgan.org
  • 5. Topics for Cybersecurity for Smart Grids Webinar #2: Technical Approaches to Improve Cybersecurity 1. Cybersecurity Challenges 2. Cybersecurity Approach and Best Practices 3. Case Studies 4. Cyber Professionals 5. Regulatory and Legal Constraints of architecting smart grids in a secure way 6. Measures of Success 7. Conclusions 5
  • 6. Market and Technology • Smart Grid and digital evolution • Highly inter-connected platforms with a number of actuators and sensors (with wide geographical area) • Decision-making delegated to machines (Distributed Control Systems) • New intelligent control devices which have to cooperate with old control devices (which are not easy to replace) • Changing business models with more actors involved • Distributed Energy Resources, with renewable resources that have intermittent behaviour, with multiple ownerships and cybersecurity practices • Demand changes, dynamic pricing and need for inclusion of new actors (for example “prosumers” and aggregators) with impact on electricity systems Electricity Market Challenges affecting Cybersecurity Cybersecurity Challenges 6
  • 7. Management • Evolving cyber threats • Hacking groups trying to find vulnerabilities embedded in the existing security measures, and seeking undiscovered vulnerabilities of control systems • Potential role of nation states • Potential national or cross-border impact of attacks and incidents, related to the “weakest link problem” • Existing governance versus best practices • Agility important-- impossible to predict what will happen • Forensics methods and technologies (applicable to standard IT systems and their security measures) may not work as well on Operational systems • How much cybersecurity expenditures are sufficient?-- cost of cybersecurity Management Challenges affecting Cybersecurity Cybersecurity Challenges 7
  • 8. Cybersecurity Approaches • Threat and risk management system  Pursue a harmonized, structured and comprehensive way to identify operators of essential services for the energy sector at regional level  Structured risk analysis and risk treatment plan specific for the highly interdependent European and US energy sectors  Cyber security maturity framework  Regional cooperation on cyber security topics  Control and secure disclosure of vulnerabilities and incidents affecting the energy sector in its crucial role • Effective cyber response framework  Define and implement a cyber response and coordination framework  Implement and strengthen regional cooperation for efficient handling of cyber emergencies when energy is involved and affected  Improve cyber resilience in the energy sector • Build-up adequate capacity and competences  Build competences  Provide knowledge, including frameworks and best practices  Promote research Cybersecurity Approaches 8
  • 9. A maturity model is a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline. Model content typically exemplifies best practices and may incorporate standards or other codes of practice of the discipline. It provides a benchmark against which an organization can evaluate the current level of capability of its practices, processes, and methods and set goals and priorities for improvement. When a model is widely used in a particular industry (and assessment results are shared), organizations can benchmark their performance against other organizations. An industry can determine how well it is performing overall by examining the capability of its member organizations. Maturity Model Cybersecurity Approaches 9
  • 10. 10 Domains In Maturity Model: Logical grouping of cybersecurity practices • Risk Management • Asset, Change, and Configuration Management • Identity and Access Management • Threat and Vulnerability Management • Situational Awareness • Information Sharing and Communications • Event and Incident Response, Continuity of Operations • Supply Chain and External Dependencies Management • Workforce Management • Cybersecurity Program Management Cybersecurity Approaches 10
  • 11. Information Technology and Operations Technology Systems Cybersecurity Approaches 11 Information Technology 1. Confidentiality (most important) 2. Integrity 3. Availability versus------------------------------------------------------------------------------------------- Confidentiality (most important) Integrity Availability Availability (most important) Integrity Confidentiality Operations Technology 1. Availability (most important) 2. Integrity 3. Confidentiality
  • 12. How the European Commission Clean Energy Package acknowledges Cybersecurity • The legislative proposals put emphasis on smarter and more efficient management of the grid, by using digital technologies and the flexibility of consumers and their electrical appliances • Innovation is at the core of the package, from renewable energy legislation, to energy efficiency and the new market design proposals • The package acknowledges the importance of cyber security for the energy sector, and the need to duly assess cyber-risks and their possible impact on the security of supply. • It proposes the adoption of measures to prevent and mitigate the risks identified as well as the adaption of technical rules for electricity (i.e. a Network Code) on cyber-security. 12 Cybersecurity Approaches
  • 13. Energy Expert Cyber Security Platform (EECSP)- Expert Group 13 10 cyber security challenges in the energy sector (reference: EECSP Report) Electricity Oil Gas Nuclear 1 Grid stability in a cross-border interconnected energy network. x x x 2 Protection concepts reflecting current threats and risks. x x x x 3 Handling of cyber-attacks within the EU. x x x x 4 Effects by cyber-attacks not fully considered in the design rules of an existing power grid or nuclear facility x x 5 Introduction of new highly interconnected technologies and services. x x 6 Outsourcing of infrastructures and services. x x x 7 Integrity of components used in energy systems. x x x 8 Increased interdependency among market players. x 9 Availability of resources and their competences. x x x x 10 Constraints imposed by cyber security measures in contrast to real-time/availability requirements. x x x Cybersecurity Approaches
  • 14. Present Coverage In European Union Regulation 14 Strategy and Legislation Strategy papers • EU Cyber Security Strategy • Digital Single Market Strategy • 50 national cyber security strategies Legislation with focus on cyber security for critical infrastructure providers • Network and Information Security (NIS) Directive • European Programme for Critical Infrastructure Protection (EPCIP) Directive • Contractual Public-Private Partnership Legislation with focus on security of supply • Security of Supply (SoS) Directive • Security of Gas Supply Regulation Legislation with focus on data protection and privacy • General Data Protection Regulation (GDPR) • Data Protection Impact Assessment (DPIA) Template Cybersecurity Approaches
  • 15. Strategic Priorities (European perspective) 15 Strategic Priorities Strategic Areas Areas of Actions I Set-up an effective threat and risk management system European threat and risk landscape and treatment 1. Identification of provider of essential services for the energy sector at EUlevel. 2. Risk analysis and treatment. 3. Framework of rules for a regional cooperation. 4. EU framework for vulnerabilities disclosure for the energy sector. Identification of provider of essential services Best practice and information exchange Forster international collaboration II Set-up an effective cyber defence framework Cyber response framework 5. Define and implement cyber response framework and coordination. 6. Implement and strengthen the regional cooperation for emergency handling Crisis management III Continuously improve cyber resilience European cyber security maturity framework 7. Establish a European cyber security maturity framework for energy. 8. Establish a cPPP for supply chain integrity 9. Foster European and international collaboration Supply chain integrity framework for components Best practice and information exchange Awareness campaign from top level EU institutions IV Build-up the required capacity and competences Capacity & competence build-up 10. Capacity and competence build-up. Cybersecurity Approaches
  • 16. Core European documents under review in 2017-2018 • EU Cyber Security Strategy is under review • German EU Strategy and others were reviewed in 2016 • Others strategies expected as a result of the NIS (Network and Information Security) Directive 16 Cybersecurity Approaches
  • 17. Best Practices • No comprehensive best practices, but: – Big TSOs and DSOs are already applying existing standards that may be helpful (e.g. ISO 27000 Series and NERC CIP) – BSI is a reference in Germany (https://www.bsi.bund.de) – ANSSI (The French CIIP Framework - https://www.ssi.gouv.fr/en/cybersecurity-in-france/ciip-in- france/) in France with two different approaches – ENISA is working hard at EU Level with a number of publications every year: most of them provide recommendations and analysis at EU Level, and are complemented by the work done by DG ENERGY and DG JRC of the European Commission. 17 Cybersecurity Approaches
  • 18. Case Study 1 – Advanced Metering Infrastructure Background The Advanced Metering Infrastructure (AMI) is now being rapidly deployed throughout the power grid, and is an enabling technology for smart grid. Identifying the attack surface is a necessary step in achieving cyber security in smart grids and AMI. Source: https://arxiv.org/ftp/arxiv/papers/1607/1607.04811.pdf Case Studies An attacker may target an AMI in several ways, which may result in several/different risks for the operator involved. Main potential objectives for such an attack: • Intelligence gathering; • Infecting the target AMI systems; • AMI exploitation (use for profit); • AMI exfiltration (transfer of data); • Maintaining control on this capability on short, medium, long run. Needed definition: cyber attack surface can be defined by the methods an environment or a system can be attacked by an adversary to introduce or retrieve data from that environment or system. Analysis 18
  • 19. Case Study 1 – Advanced Metering Infrastructure (continued) Analysis  Surface is composed of:  Smart Meters  IR Port  Internal Link  Firmware  Micro Controller  Radio  AMI Information and Communication Network  Smart Meter Data Collector – SMDCs  Similar to Smart Meters  AMI-Head End  Interface with the Utility Infrastructure  Outage Management Systems (Restoration capability)  Energy Management System (Dispatch and monitoring)  Master Data Management Systems  Corporate WAN  Protocols and Software  Weak Encryption keys  Smart Energy Profile 2.0  KillerBee to hack AMI  Many attacks possible on 3G/4G/LTE Case Studies 19
  • 20. Possible Counter-measures • Create closed and proprietary security solutions; • Use Open Standards and architect things in a way that “red points” will be green (or removed from the list); • Interim measure is to analyse existing devices, to identify the surface, and to mitigate the risks. Global Smart Grid Federation’s Smart Meter Security Survey, August 2016 http://www.globalsmartgridfederation.org/wp-content/uploads/2016/08/smart_meter_security_survey.pdf http://ics.sans.org/media/IT-OT-Convergence-NexDefense-Whitepaper.pdf Cyber Attack Surface Analysis of Advanced Metering Infrastructure AMI Surface https://arxiv.org/ftp/arxiv/papers/1607/1607.04811.pdf https://www.sans.org/reading-room/whitepapers/forensics/forensic-analysis-industrial-control-systems- 36277 Proof-of-concept ransomware locks up the PLCs that control power plants http://www.cap.gatech.edu/plcransomware.pdf Case Studies 20 Case Study 1 – Advanced Metering Infrastructure (continued)
  • 21. Case Study 2 – Process and Tool Adoption- toward a secure and resilient power distribution grid Background The tight interaction of the control applications with communication networks and physical components, such as sensors and actuators in a complex cyber-physical system, is of paramount importance in order to assure that the system can be introduced in a working environment and can provide the certain level in respect to new risks deriving from new components tools and processes. In this respect more work has to be done to establish, well before the adoption, how “secure” is a system in respect to the already existing and established operations, and if a change in operations can impact the security of the system. Source: http://ieeexplore.ieee.org/document/7778800/ Case Studies 21
  • 22. Case Study 2 – Process and Tool Adoption- toward a secure and resilient power distribution grid (continued) Analysis In the DERs, local controls are capable to keep grid voltage in a certain range. Additional central controllers may implement high-level objectives such as loss minimization or minimum generator shedding. While most of the systems are robust enough to overcome issues such as a weak communication channel, there is no assurance of non vulnerability to cyber-attacks. In this context we have to consider that technical protection measures can be of two kinds: • ICT Security Measures (e.g. Firewall, IDP, Authentication) • System/control-theoretic measures (e.g. model-based attack/fault detection and isolation, robust control strategies that maintain closed-loop stability and performance guarantees) Several recommendations are already in place. Attacks spans Data Integrity, DoS (Denial of Service), Delay Attacks. Findings • A workbench to assure and test that all possible technical measures are taken into consideration is still needed, but a comprehensive tool is not available. • This must be part of the tasks of a control engineer when developing similar systems, who needs to apply a more holistic approach to the engineering phase of similar tools. Case Studies 22
  • 23. Case Study 2 – Process and Tool Adoption- toward a secure and resilient power distribution grid (continued) Counter-measures • Security by design is the first advice. • ICT Measures and control theoretic protection measures have to work together to properly address risks which may be hidden to a preliminary analysis. • Should be a “mantra” for the procurement of new equipment. • Same analysis must be performed when an interconnected ICT or control theoretic protection measure is affected by any change. Case Studies 23
  • 24. Case Study 3 – Ransomware / Wipers for Industrial Control Systems Background Georgia Institute of Technology released an academic paper on use of a cross-vendor Ransomware worm working on Programmable Logic Controllers (PLCs). Due to a weak authentication, attacker is capable to lock out an administrator, installing a logical bomb. Conficker and Stuxnet used MS08-067. It is not impossible that a virus for ICS will use MS17-010 as WannaCry/WannaCrypt did. In this case we may face safety/critical shutdown, or worse. “US-CERT released the following documents that contain in-depth technical analysis on the Petya malware, as well as indicators of compromise and additional recommendations for mitigation….. The following product vendors have proactively issued notifications with recommendations for users regarding the Petya ransomware (ICS-CERT will update the list of vendors that have released customer notifications as additional information becomes available):” Source: http://www.cap.gatech.edu/plcransomware.pdf http://iiot-world.com/cybersecurity/the-impact-of-wannacry-on-industrial-control-systems-ics/ https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01C Case Studies 24
  • 25. Case Study 3 – Ransomware / Wipers for Industrial Control Systems (continued) Analysis Ransomware (including WannaCry used in 2017) is a typical extortion crime on a company, instead on a (more common) population of potential targets. • To implement a similar attack in practice, you will need still to use a “Trojan horse” to inject the Ransomware. • The Georgia Institute of Technology paper describes the side effects: profit, which in normal circumstances would be Population*Value-Cost, in this case will be difficult to estimate. In Smart Grids, where data are imperative to continue business, the damage may be huge, and the restoration may be difficult if not properly addressed in existing procedure at any level of the company. • Collateral damages may include downtime, Equipment Health, Human Safety. • The negotiation phase may be particularly lengthy as the financial values may be extremely high and the legal consequences may be extremely severe for the company, in case it would be found guilty. On NotPetya (used in 2017) there were several abilities put in a single worm, that can shut down operating systems, and “wipe” away information in data bases. Case Studies 25
  • 26. Case Study 3 – Ransomware / Wipers for Industrial Control Systems (continued) Counter-measures • End-point security • Network security (including backups of all configurations) • Adoption of proper policies, including software updates • Proper selection and management of contractors, and proper hand-over if your ITs and OTs are managed by a Third Party • Safeguards to protect information assets related to IT and OT equipment • Strict control on change management and supply chain • Isolate or protect vulnerable embedded systems that cannot be patched from potential network exploitation • Locate control system networks and devices behind firewalls, and isolate them from the business network • Engagement with regional / national defence agencies Case Studies 26
  • 27. Cybersecurity Professionals Basic Skills • Sound knowledge of IT and OT; • In depth knowledge of the Security Domains (including physical security); • Being able to analyse emerging threats in complex and interconnected infrastructures with limited or partial inputs, and without being able to stop operations; • Both high level and low level knowledge (processes and protocols). Possible certifications • Several in the field of cyber security (e.g. CISSP, CEH, others at different levels); • Smart Grid Maturity Model Navigator is example of a good start for specific field related certifications (http://www.sei.cmu.edu/training/P109.cfm) Advantages of certification • Baseline on knowledge for network operators recognised and accepted by all; • Trust among operators and their own staff; • As in aviation, rules in case of crises are known and common to all the community; • Staff can be recognised as part of a community system. For the future If we certify equipment which can operate on smart grids, why not to certify people? A schema has to be developed. To make fast progress, there is a need for: o Training o Awareness campaigns in the sector o Extensive cooperation to identify core skills and methods Professionals 27
  • 28. Regulatory and Legal Constraints in European Union  Smart Grids may be based on Best Available Techniques and BREF (BAT Reference Document); This is very much depending on the regulation; Right now it is just a reccomendation  Nation States, such as Germany and France, have very stringent requirements (Catalogue of IT security requirements under section 11(1a) of the Energy Act) Regulatory Constraints Electricity and gas network operators are required to implement a minimum level of IT security. The core requirement is the establishment of an information security management system (ISMS) with certification to DIN ISO/IEC 27001 by 31 January 2018. https://www.bundesnetzagentur.de/EN/Areas/Energy/Companies/SecurityOfSup ply/ITSecurity/ITSecurity_node.html 28
  • 29. Regulatory and Legal Constraints in European Union (continued)  GDPR will be applicable as from 25 May 2018 – It is already having an impact on Smart Grid decisions (e.g. Time of retrieval of the information from Smart Meters)  There is a general need to coordinate National Efforts and European Efforts  When dealing with Standards, International efforts are needed to make sure that standards and/or local legislations will not collide, jeopardising the efforts of the communities producing standards and of the international communities regulating the cyberspace (having a standard which issues technical rules but doesn’t take into consideration GDPR or NIS Directive may be counterproductive) 29 Regulatory Constraints
  • 30. Regulatory and Legal Constraints in United States  Regulatory and legal constraints of architecting smart grids in a secure way  Bulk Electric System at a Federal level (1) vs. distribution controlled by U.S. States/Territories (56) 30 Regulatory Constraints
  • 31. Measures of Success for Cybersecurity for Smart Grids  Smart Grids that are secure, reliable and protect customer data and information require:  Engagement with National and International Authorities that can play an important role in regulating, enforcing, monitoring and protecting the grids from emerging risks.  Effective response plans to recover from cyber incidents or attacks are completed and understood Measures of Success 31
  • 32. Conclusions • Smart Grids will grow in size and achieve higher levels of efficiency through the adoption of new intelligent devices (including Internet of Things, and use of the Cloud) • Cyber threats will continue • Technical risk management work has to be done – Efficient methods and processes needed to speed up the mitigation of all cybersecurity challenges, using appropriate standards and best practices, using an iterative approach to improvement – Understand the issues and the full risk landscape (use Computer Security Incident Response Teams and the implementation of European NIS Directive) – Operators should think about Maturity Models to evaluate the status of their cybersecurity preparedness. • Cooperation needed between institutional, regulatory, research, and market actors—both nationally and internationally – Report when things do not work as expected • Cybersecurity for energy is an essential investment for the future of our civil society – Cybersecurity for energy has to be addressed in the short, medium, and long term – We have a chance to mitigate risks through the adoption of proper actions Security is your responsibility 32
  • 33. Questions & Comments Contacts: Cyril Draffin Email: [email protected] Stefano Bracco Email: [email protected] David Batz Email: [email protected] Cyril W. Draffin, Jr. MIT Energy Initiative, E19-307 77 Massachusetts Avenue Cambridge, Massachusetts, 02139-4307, USA Stefano Bracco Agency for the Cooperation of Energy Regulators Trg Republike, 3 - TR3 12/20 SI-1000 – Ljubljana, Slovenia David Batz Edison Electric Institute 701 Pennsylvania Avenue, NW Washington, DC , 20004-2696, USA ISGAN Academy coordination: Institute for Research in Technology Comillas Pontifical University Santa Cruz de Marcenado 26 28015 Madrid, Spain International Energy Agency’s (IEA) International Smart Grid Action Network (ISGAN) Academy – 2nd Cybersecurity Webinar Cybersecurity for Smart Grids: Technical Approaches to Improve Cybersecurity 33
  • 34. 34 This recorded cybersecurity webinar and previous webinars are available at ISGAN Academy platform: http://www.leonardo-energy.org/resources/1070/isgan-academy-58ec8d2e7b9b0 ISGAN Academy Webinars • Jeju Island Smart Grid Project (in Korea) • Reference Network Models (tools for large scale distribution network planning) • TSO Reliability Management: a probabilistic approach for better balance between reliability & costs (GARPUR project, Europe) • Integration of RES in power systems: transmission networks issues (Renewable Energy Sources) • Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybersecurity (1st Cybersecurity Webinar; 28 June 2017)