1. 1. Remote Monitoring and Control of Substations Where do RMAC, NERC, FERC, and CIP5 Collide? Dwight Linn CEO FAE Telecom
2. 2. NERC CIP Regulations: Framing the Discussion How does this impact my utility? What is the minimum I need to do? What are other utilities doing? What are the industry best practices? Where is my investment best spent? How will the CIP evolve? How can I take advantage of the new regulations?
3. 3. U. S. Electric Grid: Current Condition 150,000 Substations Electric grid soft spot Critical impact Relatively easy impact Large number of targets Long lead time to replace Difficult to repair Highly interconnected Diagram courtesy of Congressional Research Service. Sources: GIS data from Platts, HSIP Gold 2013 (Ventyx), and ESRI.
4. 4. Common Vulnerabilities
5. 5. The Evolution of Critical Infrastructure Protection Requirements External Threat Profiles Social Engineering Physical Attack Non-Compliance Fines Cyber Attack Utility Systems People Facilities Processes Technology Internal Threat Profiles Disgruntled Staff Sabotage Reputation Data Manipulation Responding requires planned and coordinated efforts across the organization
6. 6. Spirit and Intent of NERC CIP Protect, deter potential threats to utility facilities, substations, and control centers that if rendered inoperable or severely damaged could result in widespread instability, uncontrolled separation, or cascading failures within an interconnection
7. 7. Related Definitions BES Cyber Asset: Within 15 minutes of its required operation, misoperation, or nonoperation, adversely impacts one or more facilities, systems, or equipment. Affects the reliable operation of the Bulk Electric System Each BES Cyber Asset is included in one or more BES Cyber Systems. BES Cyber System: One or more BES Cyber Assets Logically grouped Perform one or more reliability tasks
8. 8. Related Definitions Control Center: One or more facilities hosting operating personnel that monitor and control the BES in realtime: A Reliability Coordinator A Balancing Authority A Transmission Operator for Transmission Facilities at two or more locations A Generation Operator for generation Facilities at two or more locations
9. 9. Reality of Current Environment Diversity and Amount of Equipment at the Remote Site Complexity at the Remote Site Avoid Outages Restore Outages Do More with Less Disaster Preparedness Theft Prevention Network Security Managing Costs NERC/FERC/CIP
10. 10. FAE methods Life Cycle Management Overview Physical Design Construct Code Testing Requirements Logical Design Feasibility SupportDeploymentTraining
11. 11. NETWORK ARCHITECTURE MATTERS Start with the Physical layer first For Fiber based- DWDM/CWDM and SONET Rings Metro/Regional CoreNetwork Core Access Network OC-192 to OC-768 OC-48 to OC-192 OC-3 to OC-48 Network Criteria for Next Generation Networks Continuous Bandwidth Growth from IP traffic Upgrade without Service Interruption all parts Gradual Investment Scale cost with Demand Network Convergence on Triple Play- Voice,Video, Data
12. 12. 22 of data ARCHITECTURE MATTERS TO DATA FLOW Clear traffic demarcation: IT SCADA Substation Automation Trac Isolation Troubleshooting easier More precise Moves/Adds/Changes standardized Services/Applications scale Optimal route selection More deterministic Load balancing more eective Clustering of resources and performance simplied
13. 13. ARCHITECTURE MATTERS TO SEC OPS CIP007 Methods, processes, and procedures Ensure changes to systems and assets within an ESP do not weaken security Compliance requirements Readily mapped Audited Clearly dene ESP entry and exit points Uniform network transport services like encryption, Remote Access for ESP devices Identiable Controllable
14. 14. HOW ARCHITECTURE HELPS COMPLIANCE CIP-010 Conguration Change Management New standard with both new and relocated requirements Baseline congurations Pre-change testing Conguration monitoring
15. 15. Network and Operations under control? Data leakage still happens! Hard to control drive-by HD photography Partner projects may be completed, what happens to project data? Even well-intentioned information usage can be a problem
16. 16. Distributed Intelligence Resides at the site Collects and processes information Notify/Reports status To multiple management systems To appropriate person by email or text Makes decisions Takes action Reports network performance/availability User access audit trail Network security
17. 17. Summary Regulations newly issued have evolved over years of increased emphasis on protecting critical infrastructure. Effectively meeting the regulations is more than just checking a box requires a careful consideration of how to implement an appropriate level of protection. No utility can ensure 100% protection. Plan to deter threats Mitigate vulnerabilities Minimize consequences. A measured, programmatic approach The most effective response to meeting CIP requirements will involve many different areas of your operation.
18. 18. Thank you Questions? Dwight Linn DwightL@FAETelecom.com Booth 235 Expo