SECURITY IN THE SMART GRID R E B E C C A VA N DY K E
MY BACKGROUND • Masters student in ECE department with focus in Communication Systems – BS in Electrical and Computer Engineering with a minor in Computer Science • Completed two summer internships with Public Service Electric & Gas, a major utility company in New Jersey – Summer 2016: Worked in protective relaying group automating grid protections – Summer 2017: Supported project management group in deployment of in-house MPLS communication network
G R I D O V E R V I E W
SCADA: SUPERVISORY CONTROL AND DATA ACQUISITION
THE STATE OF THE INDUSTRY • Utility systems are old – Were not designed with the modern internet in mind • Speed is key to utility operations, so more and more management is being handled by computers • Since 2003, inter-utility communication has improved – Grid management more centralized • Recent cyberattacks on critical infrastructure have raised alarms – Potential threat to national security
“INDUSTROYER” • In 2016, the capital of Ukraine was deprived of power following a cyberattack • Attack is credited to a piece of software dubbed “ Industroyer ” • Capable of using multiple industrial control protocols • IC protocols typically assume trust, no handshaking • Modular and adaptable
• Reliability • Compatibility with legacy systems SPECIFIC REQUIREMENTS • Low overhead/latency OF SMART GRID • Low cost • Widely distributed
Security- Oriented Cloud • Describes methodology for cloud based SCADA metering data only Platform for • Neglects key industry concerns about SOA-Based security ACADEMIC SCADA RESEARCH ON SMARTGRIDS Bolt-On Security • Evaluates a recently released secure Extensions for authentication extension of a standard Industrial industrial control protocol • Rules for determining object payload length Control System are complicated, which increases attack Protocols: A surface due to potential programmer error Case Study of • Authors favor a simpler, more layered approach DNP3 SAv5
Efficient Secure Group Communications for SCADA • Compares performance of a variety of key- management systems designed for SCADA ACADEMIC • Support for broadcasting and multicasting; • Minimize number of keys to be stored in an RESEARCH RTU • Need for a key update mechanism. (CONT’D) Cyber-physical attacks and defences in the smart grid: a survey • Addresses the relationship between cyber and physical vulnerabilities • Key junctions
THE COLLABORATION: SSP-21 • Automatak consultancy is being funded by a consortium of California utilities to develop a new standard for secure SCADA communication • Protocol agnostic “bump in the wire”/”bump in the stack” • Trust based on public key infrastructure managed by asset owner • Strongly emphasizes simplicity Request Handshake Begin • All messages authenticated, encryption optional Reply Handshake Begin • Cryptographic layer based on simplified Session Data with n==0 implementation of Noise Session Data with n==0
CONCLUSIONS • Many possibilities for securing grid communications exist, but threats remain until consensus is achieved – Interconnectedness and redundancy in power grid – More cooperation between providers improves reliability, but threatens security • Main obstacles to a secure smart grid are legislative and economic – Political forces effectively discourage utilities from communicating about cyber threats • The most successful research efforts recognize how infrastructure systems differ from typical cybersecurity applications
REFERENCES 1. Cherepanov, A. and Lipovsky, R. (2017). Industroyer: Biggest threat to industrial control systems since Stuxnet . [online] WeLiveSecurity. Available at: https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial- control-systems-since-stuxnet/ [Accessed 1 Dec. 2017]. 2. Choi, D., Lee, S., Won, D. and Kim, S. (2010). Efficient Secure Group Communications for SCADA. IEEE Transactions on Power Delivery , 25(2), pp.714-722. 3. Crain, J. and Bratus, S. (2015). Bolt-On Security Extensions for Industrial Control System Protocols: A Case Study of DNP3 SAv5. IEEE Security & Privacy , 13(3), pp.74-79. 4. He, H. and Yan, J. (2016). Cyber-physical attacks and defences in the smart grid: a survey. IET Cyber-Physical Systems: Theory & Applications , 1(1), pp.13-27. 5. Mackay, M., Baker, T. and Al-Yasiri, A. (2012). Security-oriented cloud computing platform for critical infrastructures. Computer Law & Security Review , 28(6), pp.679-686. 6. SSP-21 Specification (GitHub link provided upon request)
Recommend
More recommend
