siemens corporate design powerpoint-templates · rsa breach diginotar apt targeted attacks ......
TRANSCRIPT
Cyber Security –
An industrial View on the Interplay of
Standards, Regulations, and Guidelines
on the Example of the Digital Grid
Darmstadt, January 11th, 2017
Siemens Corporate Technology Unrestricted © Siemens AG 2017
Page 2
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Outline
Cyber security implications for the Digital Grid A birds eye view on standardization, guidelines and regulation
Deep dive examples
• Security parameter management • Securing the substation process bus (GOOSE) • Integration of decentralized energy resources (DER)
Application examples & Conclusions
Introduction
2
3
4
5
1
Page 3
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Our milestones –
Across 170 years of history
1866
Dynamo
1816-1892
Company founder, visionary and inventor
1847
Pointer telegraph
1925
Electrification of Ireland with hydropower
1975
High-voltage direct-current (HVDC) transmission
2010
TIA Portal for automation
2016
MindSphere introduced as the digitalization platform for all industries
2012
Field testing of world's largest rotor at an offshore wind farm
1983
Magnetic resonance tomograph
1959
SIMATIC controller
Werner von Siemens Siemens innovations over 168 years
1 Introduction
Page 4
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Our innovative power in figures –
Siemens as a whole and Corporate Technology
1 In fiscal 2016 2 Centers of Knowledge Interchange
€4.7 billion 33,000
7,500 3,500
€ €
9 16
3 Employee figures: Status Sept. 30, 2016
Corporate Technology –
our competence center
for innovation and
business excellence3
400 1,600
University cooperations –
our knowledge edge
Expenditures for research and development
Inventions and patents –
securing our future
Expenditures for R&D in fiscal 2016 R&D employees1
inventions1 patent applications CKI universities2
principal partner universities
patent experts
7,400 4,800 employees worldwide
software developers
researchers
1
Page 5
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Our organization –
Corporate Technology at a glance
Corporate Technology (CT) CTO – Dr. Roland Busch
Business Excellence and
Quality Management
‒ Project Business@Siemens
‒ Quality Management
‒ Operational Excellence
Corporate
Intellectual Property
‒ Protection, use and defense of
intellectual property
‒ Patent and brand protection law
Development
and Digital Platforms
‒ Competence center for horizontal
and vertical product-and-system
integration as well as software,
firmware, and hardware
engineering
Research in Digitalization
and Automation
‒ Research activities covering all
relevant areas in digitalization
and automation for Siemens
next47
‒ Promoting disruptive ideas and
driving new technologies for
Siemens
‒ Exploiting the next step of digital
intelligence in innovation fields
University Relations
‒ Global access to the academic
world
‒ Top positioning in terms of
university cooperations
Technology and
Innovation Management
‒ Siemens’ technology and
innovation agenda
‒ Standardization, positioning
regarding research policy
‒ Provision of publications relating
to R&D
Research in Energy
and Electronics
‒ Research activities relating to
energy and electrification,
electronic, new materials and
innovative manufacturing
methods
1
Page 6
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Our industrial society confesses a growing demand for IT-Security
IT Security trends are determined by drivers such as
• Changes in industrial infrastructures (Digitalization)
• Increasing use of networked embedded systems
• Increasing device-to-device communication
• Need to manage intellectual property
and changing boundary conditions
• Increasing international organized crime
• Privacy
• Compliance enforcement
• Cyber war fare
• Cloud/Virtualization
• Data mining and smart data analytics
• Smart mobile devices
• ….
1
Page 7
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Increasing intelligence and open communication
drive security requirements in various industrial environments
Building Automation Digital Energy Grid
Factory Automation Urban Infrastructures
Mobility Systems
Process Automation
2 Cyber security implications for the Digital Grid
Page 8
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
The threat level is rising –
Attackers are targeting critical infrastructures
Evolution of attacker motives, vulnerabilities and exploits
Hacking against physical assets Politics and Critical
Infrastructure
Cybercrime and Financial
Interests The Age of Computerworms
Code Red Slammer Blaster Zeus SpyEye Rustock Aurora Nitro Stuxnet
"Hacking for fun" "Hacking for money" "Hacking for political and
economic gains" States Criminals
Hobbyists Organized Criminals Hacktivists
State sponsored Actors Terrorists Activists
Backdoors Worms
Anti-Virus
Hackers
BlackHat Viruses
Responsible Disclosure
Credit Card Fraud
Botnets Banker Trojans
Phishing
SPAM Adware
WebSite Hacking
Anonymous SCADA
RSA Breach DigiNotar
APT
Targeted Attacks
Sony Hack
Cyber war
Hacking against
critical infrastructure
Identity theft
# of published exploits
# of new malware samples
# of published vulnerabilities
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Da
ta s
ourc
es:
IBM
X-F
orc
e T
rend
and
Ris
k R
epo
rt
HP
Cyb
er
Ris
k R
epo
rt
Sym
ante
c In
telli
gen
ce
Re
po
rt
Major loss of privacy
"Gläserner Bürger im Netz"
Ransomware
2
Page 9
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
What makes security in the Digital Grid so important?
So
urc
e: IC
S R
epo
rt: Y
ear
in r
evie
w 2
01
5
Nu
mb
ers
re
pre
se
nt re
sp
on
se
s o
ut
of 29
5 p
art
icip
an
ts.
Security incidents can affect target solution
and connected (critical) assets
Cyber Security ensures reliable operation of
critical infrastructures like the Digital Grid
• Performance degradation
• Loss of system availability & control
• Loss of privacy
• Capturing, modification or loss of data
• Reputation (company image)
• Environmental impact
• Financial loss
• Loss of health/life
The Energy Sector
is a Prime Target !
2
Page 10
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Digital Grid systems vs. Office IT – Protection targets for security
Lifetime 3-5 years Lifetime up to 20 years and more
Digital Grid Systems:
Protection of generation, transmission, and distribution
Office IT:
Protection of IT-Infrastructure
2
Page 11
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Digital Grid systems and Office IT have
different management & operational characteristics
Regular / scheduled
Medium, delays accepted
Scheduled and mandated
High (for IT Service Centers)
Common / widely used
3-5 years
Slow
Very high
Increasing
Very much varying
Uncommon, hard to deploy, white listing
Up to 20 years
Delays accepted Can be critical
IT- Infrastructure Generation, transmission, distribution
Application of patches
Availability requirement
Security testing / audit
Physical Security
Anti-virus
Component Lifetime
Real time requirement
Protection target for security
Office IT Digital Grid
2
Page 12
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Digital Grid systems and Office IT have
different functional security requirements
“Office“ security concepts and solutions are not directly applicable for Digital Grid systems
High
Medium
Medium, delays accepted
Medium
Low – medium
High
24 x 365 x …
Medium to High
High Increasing
Confidentiality (Data)
Integrity (Data)
Availability / Reliability (System)
Non-Repudiation
Security Standards Existing Under development, regulation
Office IT Digital Grid
Security Awareness
2
Page 13
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Digital Grid systems as critical infrastructure have an influence on safety
Security-by-Design is different from Safety-by-Design
Humans / Environment
Technical System
Safety
Prevention of threats to humans and
environment caused by technical
systems
IT Security
Prevention of consequences of threats
to a system (intentionally) caused by
humans and/or environment
Technical System
Humans / Environment
Despite different design goals, the interrelationship between of IT-security and safety, needs to
be obeyed during system design to prevent consequences of accidental and intentional threats.
2
Page 14
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Digital Grid – a critical infrastructure
Power system value chain and use case examples
Transmission Rail & Microgrids Distribution Generation Consumer / Prosumer
High Voltage
≥ 100kV
Transmission
Substation
Medium Voltage
20kV … 100kV
Low Voltage
≤ 400V
Distribution
Substation
Power Quality Monitoring
Network Optimization
Substation Automation
Inter Control Center Communication
Remote Maintenance and Service
DER Integration (Metering & Control)
Remote Services
Connecting Electric Vehicles to the Charging Infrastructure
2
Page 15
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Bay
Parallel wiring
Fault recorder
Protection
RTU
Mimic board
Ancient past
Parallel wiring
1st generation:
Standard cabling
Recent past
Other bays
Serial connection
Parallel wiring
Bay
Substation controller
HMI
2nd generation: Point-to-point
connections since 1985 ...
Changes to substation automation and protection over time
Evolving threat landscape (tomorrow today...)
3rd generation: Digital Substation with Ethernet, Serial, and IP
connections
Local HMI Substation Controller
IEDs, field devices
Field Level
Firewall
Remote AccessControl Center
Untrusted Network
Terminal Server
Application Servers
Operation Level
Station Level
Field Level
DMZ
2
Page 16
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Digital Grid masterplan architecture
Digitalization
Smart
transmission
Smart
distribution
Smart
consumption
and microgrids
Enterprise IT
IVR GIS Network planning
Asset management
WMS/mobile Weather Forecasting Web portals CIS/CRM Billing
Enterprise Service Bus
Market driven applications Grid control applications CIM
Cloud enabled Applications
Global Interoperability: IEC 61850 & 60870, DNP3, OpenADR, DLMS, …
Cyb
er
Se
cu
rity
Electrification
Automation
CIM – Common Information Model (IEC 61970)
2
Page 17
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Cyber Security is a an integral part of Digital Grids
to ensure reliable operation
Digitalization
Smart
transmission
Smart
distribution
Smart
consumption
and microgrids
Enterprise IT
IVR GIS Network planning
Asset management
WMS/mobile Weather Forecasting Web portals CIS/CRM Billing
Enterprise Service Bus
Market driven applications Grid control applications CIM
Cloud enabled Applications
Global Interoperability: IEC 61850 & 60870, DNP3, OpenADR, DLMS, …
Cyb
er
Se
cu
rity
Electrification
Automation
CIM – Common Information Model (IEC 61970) Appropriate security
2
Page 18
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Typical data exchanged in Digital Grid applications and their security impact
Information asset Description, potential content Security relation to
Customer ID and
location data Customer name, identification number, schedule information, location data customer privacy
Meter Data Meter readings that allow calculation of the quantity of electricity consumed or supplied over a time
period and may be used for controlling energy loads but also for interactions with an electricity market. system control and billing
Control
Commands
Actions requested by one component of other components via control commands. These commands
may also include Inquiries, Alarms, Events, and Notifications.
system stability and reliability
and also safety
Configuration Data
Configuration data (system operational settings and security credentials but also thresholds for alarms,
task schedules, policies, grouping information, etc.) influence the behavior of a component and may
need to be updated remotely.
system stability and reliability
and also safety
Time, Clock
Setting
Time is used in records sent to other entities. Phasor measurement directly relates to system control
actions. Moreover, time is also needed to use tariff information optimally. It is also used in security
protocols, e.g., when verifying the validity of using certificates.
system control (stability and
reliability and also safety) and
billing
Access Control
Policies
Components need to determine whether a communication partner is entitled to send and receive
commands and data. Such policies may consist of lists of permitted communication partners, their
credentials, and their roles.
system control and influences
system stability, reliability, and
also safety
Firmware,
Software, and
Drivers
Software packages installed in components may be updated remotely. Updates may be provided by the
utility (e.g., for charge spot firmware), the car manufacturer, or another OEM. Their correctness is critical
for the functioning of these components.
system stability and reliability
and also safety
Tariff Data Utilities or other energy providers may inform consumers of new or temporary tariffs as a basis for
purchase decisions.
customer privacy and also
competition
2
Page 19
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Based on NIST
Cyber Security
Framework
Tech-
nology
People Process
Detect Rapid identification of the occurrence
of a cyber security related event.
Identify Understanding the business context,
the resources that support critical functions
and the related cyber security risks.
Protect Protection of critical infrastructure service,
e.g., energy supply by safeguarding the
overall system.
Recover
Creating plans for resilience and restoration
of any capabilities or services that were
impaired due to a cyber security related event.
Respond
Taking action against detected cyber
security related events. Supports the ability
to contain the impact of a potential event.
How to provide appropriate security?
Cyber security needs a holistic methodology
2
Page 20
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Security activities (according to “Security by Design with CMMI® for Development”)
Defining & Maintaining secure products and solutions
requires an accompanying lifecycle process
Plan Realize Define Operate
Security
Objectives &
Business Impact
Security
Requirements
Secure Supplier &
Component
Selection
Secure
Configuration &
Hardening
Security Services
and Support
Security
Threat & Risk
Analysis
Secure
Architecture &
Design
Secure Coding
Security Incident
& Vulnerability
Management
Security
Testing
2
Page 21
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Evaluation of the risk from security threats to products, solutions or services
as one starting point for the derivation of security requirements
Intended operational environment
Risk level
Impact
categories
Likelihood rating
Impact rating
Product / solution
Asset
Threat
Attacker
(adversarial / accidental)
Likelihood
Imp
act
• Threat and risk analysis to
• identify security weaknesses and
vulnerabilities
• analyze threats that might exploit
these weaknesses or vulnerabilities
• evaluate of resulting risks.
Supports
• derivation of counter measures
• check the effectiveness of planned or
implemented counter measures.
• Different methods exists, e.g.,
• SGIS Toolbox
• NIST Guide for Risk Assessments
• Cyber Security Capability Model
• BSI -Standard 100-3 Risikoanalyse
Safety, Availability, Legal and Contractual Requirements , Intellectual Property, Repudiation
2
Page 22
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Managing cyber security in Digital Grids through
Guidelines / Standards / Regulation
Smart Energy Grid
Coordination Group
SGAM – Smart Grid
Architecture Model
with integrated
security
Note: the stated organizations and standards are just examples and are not complete
• IEC 62351 Security for power systems
management and information exchange
• IEC 62443 Security in Industrial Process
Measurement, Control and Automation
• ISO/IEC 15118 Secure Vehicle to Grid
communication
• ISO 27001 – Information Security
Management (ISMS) - Requirements
• ISO 27002 – ISMS Code of Practice
• ISO 27019 – SMS for systems used
in the energy utility industry on the
basis of ISO/IEC 27002
Smart Grid Interoperability Panel,
Cyber Security WG
NIST IR 7628
Cyber Security
Framework
• Critical
Infrastructure
Protection
CIP 001-014
• Critical
Infrastructure
Protection,
Certification and
Key Measures
BDEW White Paper
Requirements for
Secure Control and
Telecommunication
Systems
• IEEE 1686 – Intelligent Electronic
Devices Cyber Security Capabilities
• IEEE 1588 –Precision Clock
Synchronization Protocol for
Networked Measurement and
Control Systems
• IT Security Act
• BNetzA Security
Catalogue
• Executive Order
EO 13636
Improving Critical
3 A birds eye view on standardization, guidelines and regulation
Page 23
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Digital Grid security involves vendors, integrators, and operators
• Standards have different
importance for
• Product and system vendor
• Integrator
• Operator
as they target
• specific technical means
ensuring interoperability
• procedural requirements
• addressing risk based
security requirements
• auditablity of actions
3
Page 24
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Standards and Regulations
ISO/IEC 270xx Series – Information Security Management System (ISMS)
Vocabulary
standard
Requirement
standards
Guideline
standards
Sector-specific
guidline
standard
ISM
S F
am
ily o
f sta
nd
ard
s
27000
Overview and vocabulary
27001
ISMS – Requirements
27006
Requirements for bodies providing audit
and certification of ISMS
27002
Code of practice for information
security controls
27005
Information security risk management
27003
ISMS – Implementation guidance 27007
Guidline for ISMS auditing
27004
ISMS – Measurement
27019
ISMS – Guidelines based on ISO/IEC
27002 for process control systems
specific to the energy utility industry
Addresses specifically
• Security Policies
• Organization and information security
• Human Resource Security
• Asset Management
• Access Control
• Cryptography
• Physical and Environmental Security
• Operations Security
• Communications Security
• System and Application
• Supplier Relationship
• Incident Management
• Business Continuity
• Compliance
Domain specific standards augment
ISO 27002 according to the target
environment
270xx
…
Page 25
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Information Security Management – Application of the ISO 270xx series
targets Digital Grid specific security controls in ISO 27019
Communication Network
Scope of
ISO27011
• Home Automation • Smart Appliances • E-Mobility • Industry • Controllable Loads • Small scale generation
• Marketplace Applications • Billing / Contracts • Energy Services
Market & Services
Smart Grid
Nodes
Scope of
ISO 27002
• Generation • Storage • Transmission • Distribution
Scope of
ISO TR 27019
Energy Control Systems
• ISO TR 27019 targets
• Process control systems [..] for controlling and monitoring the
generation, transmission, storage and distribution of electric
power, gas and heat in combination with the control of
supporting processes
• Augments ISO 27002, examples:
• Physical security
• Control centers and PCS equipment rooms
• Peripheral sites, e.g. substations or distributed
storage and generation sites
• Communications and operations management
• Treatment of potential insecure legacy systems
• Malware protection and patch management for critical systems
• Securing process control data communication
• Access control
• Special requirements for group accounts,
session timeouts etc.
Page 26
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
IEC 62443 a framework specifying security requirements for industrial
automation control systems (IACS)
• Addresses organizational
and technical requirements
• Supports purpose fit
security solutions by
supporting security
features with different
strength
• Used for certification of
security processes and
security capabilities of the
solution
IACS environment / project specific
Independent of IACS environment
develops control systems
designs and
deploys
operates and
maintains
is the base for
Control System as a combination of components
Host
devices Network
components Applications Embedded
devices
develops components Product Supplier
System Integrator
Asset Owner
Operator
Industrial Automation and Control System
(IACS)
+
Operational policies and procedures
Automation solution
Basic Process Control System
(BPCS)
Safety Instrumented System (SIS)
Complementary Hardware and
Software
Maintenance policies and procedures
Hard coded passwords
Elevation of privileges
Default passwords not
changed
Temporary accounts not
deleted
Non confidential passwords
Passwords not renewed
Invalid accounts not deleted
Example: User Identification and Authentication
Every
part
icip
an
t can
cre
ate
weakn
esses
Page 27
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
• Addresses
• Operator
• Integrator
• Product Supplier
• in terms of
• processes and
• security capabilities
• and allows for
• certification
IEC 62443 addresses the complete value chain from product to service
Page 28
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
IEC 62443 as standard for industrial security enables a graded security
approach to achieve appropriate protection
3-3 System
Security Req.
2-4 Req. for
IACS Supplier
Page 30
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Core communication standards for Digital Grids
IEC TC57 reference architecture with domain-specific cyber security
Back Office Market System
EMS Apps.
DMS Apps.
SCADA
Communication Bus
RTUs Substation
Automation Systems
Protection, Control, Metering
Switchgear, Transformers,
Instrumental Transformers
IEC 61970 IEC 61968
IEC 61970
IEC 60870-6
TASE.2/ICCP
IEC
60
87
0-5
-10
2
60
87
0-5
-10
1/1
04
S
S-C
C
IEC
61
85
0
IEC
62
32
5
IEC
61
96
8
SS-SS
IEC 61850
DER Generator
IEC 61850-90-7, 8, 9, 10, 15
DER Storage
IEC
61
85
0-7
-42
0 IE
C 6
18
50-7
-41
0
IEE
E 1
81
5 (
DN
P3)
IEC 62351
Cybersecurity
Control Center A
Distributed Energy
Resources (DER)
Control Center B
Hydroelectric/ Gas
Turbine Power Plants
Substations / Field Devices
GOOSE, SV
IEC 61850
IEC 60870-5-103 IEC 61850
PMUs
IEC 61850-
90-5
IEC 61850
Turbine and
electric systems
Hydro systems
Electric Vehicle IEC 61970 / 61968 Common Information Model (CIM)
IEC 62325 Market Communication using CIM
IEC 61850 Substation, Distribution, DER Automation
IEC 60870 Telecontrol Protocols (serial/TCP)
IEC 62351 Security for Power Systems
Page 31
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Cyber security in Digital Grids
IEC 62351 provides technical security measures and guidelines
Security means defined for
Authentication and
authorization (RBAC)
Secure IP- based and serial
communication
Secure application level
exchanges
Security monitoring and
eventing
Test case definition
Guidelines for applying
specific security measures
by utilizing or profiling
existing standards and
recommendations
Page 32
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Security has to be suitable for the addressed environment
Since security is not just a technical
solution, which can be incorporated
transparently, we need to consider how
humans can get along with this issue.
This needs, especially for automation
environments, actions for:
awareness trainings
help people to understand security
measures and processes
provide user friendly interfaces and
processes
Awareness and Acceptance
Page 33
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Mutual trust based on X.509 key material –
A key element in power system security
4
• Key material in terms of certificates and corresponding private keys as well as the
managing infrastructure has been standardized by the ITU-T in X.509. It was also
published by the IETF as RFC 5280.
• Bases on a key pair, for which the public key has been certified by a trusted third party.
• The certificate binds the identity of the owner to the public key.
• A certificate has a limited lifetime.
Comparable with :
Subject Entity’s unique name
Validity Period of validity
Serial Number 12345
Subject Public Key
Extensions Extended Information
Issuer Name of the trust center
Signature Signature of trust center
Certificate has one corresponding private key. Its secrecy has to be protected separately. P
riva
te
Pu
blic
Public Key Certificate
Deep Dive Examples: Security parameter management
A trusted party certifies the
connection of an entity
identifier and public key Cryptography
connects the
public and the
private key
The entity protects its
private key against
unauthorized usage by
secure storage
entity's
identity
entity
goal
private
key
public
key
Page 34
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Handling of X.509 key material through a Public Key Infrastructure (PKI)
Registration & Enrollment Certification & Revocation Distribution & Fetching
Enrollment
• manual
• automated (SCEP, EST, CMP, CMC)
Revocation
• manual (CRL)
• automated (CRL, OCSP, SCVP)
Fetching
• manual (configuration)
• automated (LDAP, HTTP)
Realization examples
Registration
Authority (RA)
Local Registration
Authority (LRA)
Certification Authority (CA)
Key Generation
Revocation Lists
Key Distribution
Repository / Public Directory
(L)RA
Note: Key generation is
ideally done on devices Registration per ID card
through the applying person
Registration of a device series or
single devices through the vendor
4
Page 35
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Security bootstrapping requires procedural and technical means
and needs to be considered during product design and commissioning
Offline parameter distribution
Engineering tools with security
parameter sets directly
connected to the device or via a
separate network
In-band parameter distribution
Distribution using the same
communication channels as used
during regular operation, based
on pre-configured device
identifiers, manufacturer installed
security credentials or even
liaison devices.
Out-of-band parameter distribution
Separate logical communication
channel used to configure security
parameter. Devices may already
possess a cryptographic credential,
which can be provided by the device
manufacturer.
Security parameter are the base
to ensure appropriate protection
of communication between
different entities as well as
services like licensing or anti
counterfeiting.
Setting up security parameter
securely is crucial!
4
Page 36
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Application of security parameter on the example of Role Based Access
Control (RBAC) for operator and maintainer in power system management
IEC 62351-8 Role-based access control for power system management
There are two mappings to be configured by an administrator:
• Subject-to-role
• Role-to-right
4
Page 37
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Considering the embedding environment during the design of security
measures is essential – Example GOOSE
Wiring with IEC 61850
Conventional Wiring
Conventional wiring is replaced by Ethernet based communication using IEC 61850 with
Generic Object Oriented Substation Events (GOOSE) and Sample Values (SV)
Control model mechanism in which any format of data (status, value) is grouped into a data
set and transmitted as set of substation events, such as commands, alarms, or indications.
Usage of multicast transfer (device local subscription for events)
Security requirement: source authentication and message integrity
First solution approach
Digital signatures of the messages by the sender
Verification at subscriber / receiver site
BUT
High performance requirements, e.g., sample rate of 80 samples per cycle
sums up to 4000 packets per second for the common frequency of 50 Hz
Field test have shown that the performance of typical field devices does not
cope with the signature generation and verification
Local HMI Substation Controller
IEDs, field devices
Field Level
Firewall
Terminal Server
Application Servers
Station Level
Field Level
DMZ
4 Deep Dive Examples: Securing the substation process bus (GOOSE)
Page 38
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Considering the embedding environment during the design of security
measures is essential – Example GOOSE (cont.)
Different cryptographic techniques
to achieve
authentication,
data integrity, and
data confidentiality
These techniques differs in
applicable use cases
performance
implementation (HW/SW)
bootstrapping and impact on
deployment environment
connected processes for key
lifecycle handling
…
4
Data
Confidentiality
Data Integrity,
Data Origin
Authentication
Entity/Source
Authentication
One Way Functions
(Hash)
Symmetric
Encryption
Asymmetric
Encryption
Symmetric
Authentication
Asymmetric
Authentication
Key Transport / Key Establishment
MAC: Message
Authentication Code
Digital
Signatures
Page 39
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Considering the embedding environment during the design of security
measures is essential – Example GOOSE (cont.)
Second solution approach: Group security
Rely on entity certificates and digital signatures for the initial key
management and utilize symmetric key for integrity protection in
operational phase
Key Management based on Group Domain of Interpretation
(GDOI, RFC 6407)
IED authenticate towards KDC using IED specific certificates
and corresponding private keys
Integrity protection by using keyed hashes or symmetric
algorithms in MAC mode (e.g., AES-GMAC)
Copes with performance requirements
Source authentication during KDC subscription phase
Communication cannot traced back to an individual IED
KDC
Key Distribution Center (KDC)
• configured data stream related IED access list
• generates data stream related (group) keys GK
• may by collocated with a distinct IED
SUBSCRIBE
{IED-IDA, Stream-ID, CertA} SigA
PUBLISH
{Stream-ID, Key-ID, GK, Lifetime} CertA
IED A IED B
SUBSCRIBE
{IED-IDB, Stream-ID, CertB} SigB
PUBLISH
{Stream-ID, Key-ID, GK, Lifetime} CertB
Group
Data Exchange
MAC with GK
4
Page 40
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Integration of Distributed Energy Resources (DER) into Grid Control
via XMPP influences security requirements
Starting point power system automaton using IEC 61850
Support time critical and non-critical transmissions also over public networks
Utilize existing IEC 61850 data and communication model from substation
automation domain
4 Deep Dive Examples: Integration of decentralized energy resources (DER)
Local HMI Substation Controller
IEDs, field devices
Field Level
Firewall
Remote AccessControl Center
Untrusted Network
Terminal Server
Application Servers
Operation Level
Station Level
Field Level
DMZ
Enhancements through DER integration
XMPP as transport selected (in contrast to TCP/IP)
Data transmitted in XML encoded format instead
of ASN.1
Support of service discovery and presence monitoring
Firewall friendly necessary on application layer
Security enhancements of existing standard necessary as
Trust model has changed compared to substation automation:
DER is in control of the DER owner
XMPP Server may be operated by a 3rd party
access to end-to-end data not always wanted!
Currently applied hop-to-hop security through TLS not sufficient
End-to-end security necessary on application layer
Page 41
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Integration of Distributed Energy Resources (DER)
into Grid Control via XMPP
Mutual end-to-middle authentication, session integrity and confidentiality
of XMPP client – XMPP server or XMPP server – XMPP server
communication: Utilize TLS as specified in RFC 6120 for XMPP with the
TLS profile defined in IEC 62351-3
End-to-end authentication and message integrity on application layer
using the MMS secure session concept defined in IEC 62351-4:
Signed Diffie Hellman Key Agreement and application of negotiated key in
MAC calculation and /or data encryption
Intermediate Node
Se
ss
ion
In
itia
te
InitiateRequest enhanced with token signed
Control Field Device / DER
InitiateResponse enhanced with token signed
Request enhanced with token MAC protected
Response enhanced with token MAC protected
...
Calculation of session master key based DHSecret based on dhSet parameter
and derivation of separate keys for integrity and confidentiality protection
MMS Messages Crypto
Token SIG/
MAC TC
P
IP
(P)
S
4
Page 42
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Application of standards and guidelines
Enhancing IEDs in digital substations with cyber security
Secure communication (mutual authentication and encryption)
between Engineering (DIGSI5) and the IED (SIPROTEC 5) Secure maintenance
Patch management
Antivirus compatibility Connection password according to
Regulations and Standards
Recording of access attempts in a non-volatile security
log and IEC 61850 messaging
Confirmation codes for
safety-critical operations
Product Hardening
Independent testing
Secure development
Digitally signed firmware
Separation of process and
management communication
Internal firewall
Crypto-chip for secure information storage
5 Application Example & Conclusions
Page 43
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Application of standards and guidelines: The transition from digital
substations to secure digital substation addresses multiple aspects
Digital Substation
Secure Digital Substation
5
Page 44
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Siemens Cyber Security Framework –
Defined security measures covering all security aspects
5
Organizational
Preparedness
Secure
Development
Secure Integration
and Service
Vulnerability and
Incident Handling
Secure System
Architecture System Hardening
Access Control
and Account
Management
Security Logging &
Monitoring
Malware
Protection
Backup and
Restore
Secure Remote
Access
Data Protection
and Integrity
Privacy Security Patch
Management
Organizational Security & Processes
People, Policies, Processes, Governance
Products & Systems
Common security technologies need to be
implemented and contribute to the overall
secure architecture
Energy Management uses these security measures
to define security controls based on identified risks
Page 45
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Conclusions
Machine-2-Machine connectivity down to field devices is a major driver for the Digital Grid
The threat level for critical infrastructures like the Digital Grid is rising and requires appropriate means
Cyber security has been acknowledged as prerequisite for limiting risks in and to support a reliable Digital Grid
Standardization and guideline activities support the alignment of approaches and supports interoperability
Regulation fosters adoption of security by domain specific requirements (e.g., German IT-Security Law)
Security-by-Design is essential to provide appropriate security features from the ground
Cyber security needs a holistic approach – collaboration between vendors, integrators and operators;
taking into account people, processes, and products in the specific domain
Still, some challenges remain, like the migration from existing more closed environment to an open
environment featuring appropriate cyber security measures
5
Page 46
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
References and further reading
General Introduction Material to Digital Grids (Examples)
European Task Force SG EG on Functionalities, Regulatory Requirements, Roles and Responsibilities
European SG-CG on (Reference Architecture, Set of Standards, Processes, Security, Interoperability)
Smart Grid Introduction from the US Department of Energy
NIST Framework and Roadmap for Interoperability Standards Version 2
Efficient Energy Automation with the IEC 61850 Standard – Application Examples
Smart Grid Standards Map from IEC
J. Weiss: Protecting Industrial Control Systems from Electronic Threats, ISBN-10: 1606501976 (2010)
Lars T. Berger, Krzysztof Iniewski: Smart Grid Communications, ISBN: 978-1-1180-0439-5 (2012)
Page 47
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
References and further reading (cont.)
Security related standards & guidelines (examples)
European Smart Grid Information Security Report
NIST IR 7628: Guidelines for Smart Grid Cyber Security, Overview, Volume 1, Volume 2, Volume 3
BDEW Whitepaper: Requirements for Secure Control and Telecommunication Systems
White Paper on IEC 62351 (Security for Energy Automation Networks)
Cyber Security in Energy Management, (extract from Siemens power engineering guide) 2016
NIST SP 800-31r1: Guide for conducting Risk Assessments, 2012
Cybersecurity Capability Maturity Model (C2M2) from DoE, 2015
Best practice & guidelines
• Kryptographische Verfahren: Empfehlungen und Schlüssellängen, TR-02102-1, BSI, February 2016
• Comparison of recommendations, continuously updated
• ISO JTC1 SC27 Standing Document 12, Assessment of Cryptographic Techniques, 2014
• Algorithmenkatalog BNetzA, 2016
Page 48
Unrestricted © Siemens AG 2017
11.01.2017 Siemens Corporate Technology
Contact Information
Siemens AG
Steffen Fries
Principal Key Expert
CT RDA ITS
Otto-Hahn-Ring 6
81739 Munich
Germany
Internet
siemens.com/corporate-technology
Digital Grid
siemens.com/digitalgrid