2005 epri powerpoint templateproceedings.ndia.org/jsem2007/kropp.pdf · why is securing scada...
TRANSCRIPT
Securing SCADA
Thomas KroppManager, Security ProgramsPower Delivery and Markets
2© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Agenda
• What is SCADA?
• What is the issue?
• Difficulties in securing SCADA
• Current work on improving security
• Mitigation techniques
3© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Supervisory Control and Data Acquisition (SCADA)
• A computer control system used in real time to monitor and control one or more remote facilities. The system collects data and/or sends control instructions, either automatically or by operators at other locations. SCADA is used to control facilities in industries such as telecommunications, water and waste control, energy, oil and gas refining, and transportation.
Congress of Chairs Glossary, PCS Forumhttps://www.pcsforum.org/
4© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Distributed Control Systems (DCS)
• A type of plant automation system similar to a SCADA system, except that a DCS is usually employed in factories and is located within a more confined area. It uses a high-speed communications medium, which is usually a separate wire (network) from the plant LAN. A significant amount of a closed loop control is present in the system
• In a control system, refers to control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit.
Congress of Chairs Glossary, PCS Forumhttps://www.pcsforum.org/
5© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
SCADA Graphical Example
Energy flow is controlled by SCADA
6© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
What is the Goal?
The bulk electricity system must evolve if it is to support the digital society of the 21st century.
AutomationSecure communicationsEnergy Efficiency
7© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Issue: Old & New Electricity Infrastructures
Generation Companies
Customers
UtilityTrans. System Operator
Scheduling Coordinators / Power Exchange
Power Marketers
OLD NEW
Customers
Distribution Company
Distribution
Transmission
Generation
Open Access has created a need to make plant and grid data residing in real-time systems available to grid operators and power marketers
Power Company
8© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Connectivity – what was
Generation Plant
Transmission Substation
Distribution Substation
Control Center
Residential
Commercial
Industrial
Pow
er F
low
Control Center
Corporate Office
ABC Electric Company
9© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Connectivity – what is
Generation Plant
Transmission Substation
Distribution Substation
Control Center
Residential, Commercial, Industrial
Pow
er F
low
Control Center
System Operator
Corporate Office
Corporate Office
A Generation Company
B Transmission Company
C Distribution Company
Control Center Corporate Office
10© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Two Infrastructures must be managed not just one
Central GeneratingStation
Step-Up Transformer
DistributionSubstation
ReceivingStation
DistributionSubstation
DistributionSubstation
Commercial
Industrial Commercial
Gas Turbine
RecipEngine
Cogeneration
RecipEngine
Fuel cell
Micro-turbine
Flywheel
Residential
Photovoltaics
Batteries
Residential Data Concentrator
Control Center
Data network Users
2. Distributed Computing Infrastructure
1.Power Infrastructure
11© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Future Energy Delivery System will have a Supporting Distributed Computing System
Power Market Operator
Information Network
Information flow
Electron flow
Owner / Operator
12© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Issue: Demand and Supply
• Infrastructure expansion has not kept up with demand: Generation & transmission capacity margins are shrinking (California: less than 4% margin in summer 2006)
• Transition to competition is increasing demands, – Power Transactions have increased dramatically– Grid capacity is limited– Power Disturbances cost customers $120 billion/yr.
• Many distribution systems have not been updated with current technology
• Distributed resources are the new wave; how do we connect them to the grid?
13© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Other Issues
• Internet crime is increasing– Organized crime has learned how to profit over the
Internet (FBI, NSA, SANS)• The Electricity Industry is now competitive rather than
cooperative (Energy Market) potential industrial espionage
• SCADA has moved to standard Operating Systems (Windows, Linux, Unix)
• SCADA is connected to the Internet (business drivers)• Too much information is too readily available
14© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
SCADA versus Enterprise IT
Confidentiality
IntegrityIntegrity
Availability
Availability Confidentiality
Corporate IT Priorities Operational Priorities
Impo
rtanc
e
15© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
SCADA versus Corporate IT –Availability
• In an IT environment, we shut down the system to protect the data if an attack is effective
• In an electric power operations environment, we must keep the power flowing even if our communications and control systems are attacked effectively
• IT systems can suffer a significant delay so that security can be updated (malware signatures, system patches)
• Operational systems have low or no tolerance for such delays
16© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Why is securing SCADA difficult?
• There are many legacy systems still in use– Designed for efficiency– Originally air gapped from other networks– Security was not a concern
• Security is not yet ‘internalized’ into the electric power operations culture– Safety and reliability are the priorities– Very few staff understand both security and SCADA
• “Chicken and Egg” syndrome– Vendors haven’t offered security– Customers haven’t asked for it This is changing
17© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Why is securing SCADA difficult?
• Many SCADA networks are not high-speed– Updating anti-virus signatures and validating installed
applications can cause unacceptable delays in network availability
• SCADA systems require constant availability– Patching cannot require a re-boot
• Applications are specialized– Patches must be tested by both the application vendor
and by the utility• Communications traffic is specialized
– Rules to filter standard IT traffic aren’t effective in SCADA
18© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
What is being done – Common Requirements
• SCADA and Control Systems Procurement Project– Multi-State Information Sharing and Analysis Center
MS-ISAC– established in March 2006– joint effort among public and private sectors– develop common procurement language that can be
used by everyone.• Goal
– federal, state and local asset owners and regulators come together using these procurement requirements
– maximize the collective buying power to help ensure that security is integrated into SCADA systems.
19© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
What is being done – Security Testing and Awareness
• DOE National Labs (DOE and DHS funded)– Testing SCADA vendor products for security– Analyzing security of energy management networks– Strong vendor-Government cooperation
• National SCADA Test Bed (NSTB)– Four DOE Labs and NIST– Large scale effort to improve SCADA security
• Control Systems Cyber Security Vendors Forum– Facilitated by DHS– Safe environment to share security issues
20© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
What is being done – Security Standards
• NIST – Process Control Systems Requirements Forum– Protection Profiles
• AGA (American Gas Association)CIGRE (Conseil International des Grand Réseaux
Électriques)IEC (Commission Electrotechnique Internationale)IEEEISA– Communication security standards and procedures for
SCADA and Control systems
There is a danger of conflicting standards
21© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
What is being done – coordinate standards
• PCS Forum– Facilitated by DHS– Large umbrella organization– Organized into Interest Groups and Working Groups
• Most active WG: Congress of Chairs– Forum for standards organizations to coordinate– First effort = combined glossary (AGA, ANSI, API,
CIGRE, IEC, IEEE, ISA, ISO, NIST)
22© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
What is being done – coordinate research
• Roadmap to Secure Control Systems in the Energy Sector
– Facilitated by DOE– Four Goals
1. Measure and assess security posture2. Develop and integrate protective measures3. Detect intrusion and implement response strategies4. Sustain security improvements
– 2, 5, and 10 year target within each goal• Example (goal 1) by 2015, Energy asset owners will be able
to perform fully automated security state monitoring of their control system networks with real-time remediation
23© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
What is being done –(selected efforts)
• Vendors are developing new systems and considering security at the outset
• NERC (North American Reliability Corporation) provides security standards and guidelines
• EPRI manages R&D programs to enhance SCADA security– Evaluate broad-band communications in Energy
Management Networks (vulnerabilities and mitigations)– Securing perimeters for “critical cyber assets”– Technical reports on how to mitigate vulnerabilities in
current deployments
24© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Conclusions
• Legacy SCADA systems are not secure and are difficult to secure
• There is not yet an ingrained security culture in the electric industry
• There is a roadmap in place for the path forward• Vendors, Government, Researchers are contributing• The industry is aware of the problems and is making
progress
25© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
References
• What’s wrong with the Electric Grid; The Industrial Physicisthttp://www.aip.org/tip/INPHFA/vol-9/iss-5/p8.html: – Good introduction to the North American Grid and power flow– Bias against deregulation and the energy market
• Multi-State Information Sharing and Analysis Center MS-ISAC (http://www.msisac.org/scada/)
• PCS Forum (https://www.pcsforum.org/)
• Roadmap to Secure Control Systems in the Energy Sector– Document: http://www.controlsystemsroadmap.net/– Intereactive: https://www.pcsforum.org/roadmap/
26© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007
Questions (and, possibly, answers)