Accelerating Grid ModernizationMore information available on SGIP.org

Securing Networked Infrastructure for the Energy Sector

November 13, 2014

Accelerating Grid ModernizationMore information available on SGIP.org

INTRODUCTION

Tanya Brewer, Senior Information Technology ResearcherNational Institute of Standards & Technology (NIST)SGIP Smart Grid Cybersecurity Committee (SGCC)

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

Smart Grid Interoperability Panelorchestrates the work

behind power gridmodernization

Accelerating Grid ModernizationMore information available on SGIP.org

• Optimizes resources and time• Avoids proprietary vendor lock-in• Helps build technology roadmaps• Simplifies decision making

SGIP Reduces Risks and Costs

SGIP is a collaborative, transparent, and trusted forum to share standards

information and practical, hands-on knowledge about deployments from

industry experts.

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

Agenda

• Introduction Tanya Brewer• Main Presentation Jim McCarthy• Q&A• Closing Tanya Brewer

This meeting, and all SGIP activities, are governed by SGIP By-laws and policies - Intellectual Property Rights Policy and Antitrust Policy.

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

Securing Networked Infrastructure for the Energy SectorJim McCarthyNational Cybersecurity Center of Excellence

SGIP Webinar November 13, 2014

Accelerating Grid ModernizationMore information available on SGIP.org

ABOUT THE NCCOE

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

8

STRATEGY

Vision

‣ A secure cyber infrastructure that inspires technological innovation and fosters economic growth

Mission

‣ Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

9

TENETS

Standards-based

Modular

Usable

Repeatable

Open and transparent

Commercially available

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

10

APPROACH

We seek problems that are:

‣ Broadly relevant

‣ Technology-based

‣ Addressable with multiple commercially available technologies

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

11

REFERENCE DESIGNS

Use cases

‣ Sector-specific challenges

‣ Identified through industry engagement

Building blocks

‣ Technology-specific challenges

‣ Identified through public engagement

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

12

MODEL

Engage‣ Work with community of interest to define problem

Explore‣ Map security characteristics to standards, controls and best practices

‣ Circulate drafts and incorporate feedback

Partner‣ Invite technology vendors to collaborate in our labs

Build‣ Collaborate on design components

‣ Incorporate feedback from experts in technology community

Show‣ Demonstrate reference designs

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

13

MODEL

Form small communityof interest

Provide input andfeedback to NCCoE

Expandcommunityof interest

Submit feedback on use cases to

NCCoE

Offer insightson use cases

CommunityOf Interest

Support deployment, revision and maintenance of products as part of the

practice guide

Collaborate to develop reference designs

Evangelize on behalf of reference design and practice guide

Deploy, test and provide feedback on the reference design

Provide regular feedback on use case builds

TechnologyPartners Submit letters

of interest

Speak at sector-

specific events

Work withCOI to identify cybersecurity challenges

Hostsector-specific

workshop

Review & circulate

pre-release use cases

Revise & publish

draft use cases

Revise use cases &

invite participation

from technology

partners

Receivetechnology

partners letters

of interest

Demonstrate reference designs

Discussimprovements &

modifications

Publish reference

design and practice guide

Develop composed reference

design

Formbuild

teamsSign

CRADAsHost

partner day

Accelerating Grid ModernizationMore information available on SGIP.org

14

CORE PARTNERS

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

IDENTITY AND ACCESS MANAGEMENT

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

16

OVERVIEW

Goals

‣ Authenticate individuals and systems

‣ Enforce authorization control policies

‣ Unify IdAM services

‣ Protect generation, transmission and distribution

Business value

‣ Reduce costs

‣ Increase efficiency

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

17

DESIRED SOLUTION CHARACTERISTICS

‣ Authentication

‣ Authorization

‣ Access control

‣ Federation

‣ Provisioning

‣ Do not break the grid

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

18

EXAMPLE COMPONENT LIST

‣ Services for authenticating and authorizing users based on identity, role, third-party affiliation (e.g., federation) or other attributes (e.g., attribute based access control)

‣ Services for authenticating and authorizing devices

‣ Identity and access governance capability that translates human-readable access needs into machine-readable authorizations

‣ Services for whitelisting applications

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

19

EXAMPLE COMPONENT LIST

‣ ICS equipment, such as remote terminal units (RTUs), programmable logic controllers (PLCs) and relays, along with associated software and communications equipment (e.g., radios, encryptors)

‣ Physical access control devices that use standard communication interfaces

‣ Security incident and event management (SIEM) or log analysis software for monitoring access management events

‣ “Bump-in-the-wire” devices for augmenting OT with authentication, authorization, access control, encrypted communication and logging capabilities

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

20

SILOS

IT network OT network Physical system

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

21

THE IT-OT DIVIDE

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

22

COLLABORATORS

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

NEXT STEPS

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

24

NEXT STEPS

NCCoE: ‣ Finalize build architecture

Users and other interested parties: ‣ Participate in a use case community of interest

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

SITUATIONAL AWARENESS

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

26

OVERVIEW

Goals

‣ Improve OT availability

‣ Unify visibility across silos

‣ Detect anomalous conditions and remediate them

‣ Investigate events leading to anomalies and share findings

Business value

‣ Improves ability to detect security breaches or anomalous behavior

‣ Increases probability that investigations of attacks or anomalous system behavior will reach successful conclusions

‣ Improves accountability and traceability

‣ Simplifies regulatory compliance

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

27

DESIRED SOLUTION CHARACTERISTICS

‣ Data visualization and analysis capabilities that help dispatchers and security analysts view control system behavior and network and physical security events as a cohesive whole

‣ Analysis and correlation capabilities that help dispatchers and security analysts understand and identify security events and predict how those events might affect control system operation

‣ Scalability sufficient to meet the needs of a large metropolitan utility

‣ Mechanisms that ensure the accuracy and integrity of data collected from remote facilities

‣ Ability to collect logs, traffic and operational data from a variety of sources including servers, ICS equipment, networking equipment, security appliances, issue tracking systems and mobile devices

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

28

DESIRED SOLUTION CHARACTERISTICS

‣ Ability to allow dispatchers and security analysts to easily automate common and repetitive investigative tasks

‣ Built-in information sharing capabilities that allow dispatchers and security analysts to easily share and acquire new threat indicators, correlation rules, mitigations and investigative techniques

‣ Customizable interfaces that allow users to tailor the system to meet specific business needs

‣ Automated report generation to aid utilities in demonstrating compliance with relevant standards

‣ Intuitive user interfaces that are appropriate for utility dispatchers with limited network security expertise or security analysts with limited expertise in electric power

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

29

EXAMPLE COMPONENT LIST

‣ ICS equipment, such as RTUs, PLCs and relays, along with associated software and communications equipment (e.g., radios, encryptors)

‣ SIEM or log analysis software‣ “Bump-in-the-wire” devices for augmenting OT with encrypted

communication and logging capabilities‣ Software for collecting, analyzing, visualizing and storing

operational control data (e.g., historians, outage management systems, distribution management systems, human-machine interfaces)

‣ Products that ensure the integrity and accuracy of data collected from remote facilities

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

NEXT STEPS

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

31

NEXT STEPS

NCCoE: ‣ Invite vendors to submit letters of interest that will result in CRADAs

Users and other interested parties: ‣ Participate in a use case community of interest

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

Next

energy_nccoe@nist.gov240-314-6800

9600 Gudelsky DriveRockville, MD 20850

http://nccoe.nist.gov

Accelerating Grid ModernizationMore information available on SGIP.org

QUESTIONS?

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

Cybersecurity Update• Cloud Computing Considerations in the Smart Grid has now

been published for SGIP Members to view and download.– http://members.sgip.org/apps/org/workgroup/sgip-

mmc/download.php/5953/latest– Available to public in February 2015.

• Other resources at SGIP.org/Publications– Framework for Improving Critical Infrastructure Cybersecurity

Core Mapping to National Institute of Standards and Technology (NIST) Interagency Report (IR) 7628 Exclusive to Members

– Cybersecurity User's Guide (NISTIR 7628) - Smart Grid Cyber Security Implementation Guidelines 30 pages

• Information on the SGIP Smart Grid Cybersecurity Committee may be found at SGIP.org/SGCC

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

SGIP Reminders• Next week on November 20: Another Free Webinar – “What’s

New with the Interoperability Process Reference Manual?” and the Smart Grid Testing & Certification Committee

• December 8-9: Winter Members Meeting in Portland– Conference on Transactive Energy also in Portland that week.

• Webinars & Publications on SGIP.org under “Information Knowledge Base”

• Stay in Touch– Twitter: @SGIPNews– Join our LinkedIn Group: https://www.linkedin.com/groups/Smart-

Grid-Interoperability-Panel-SGIP-4145498– Sign up for SGIP Newsletter, The Conductor

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector

Accelerating Grid ModernizationMore information available on SGIP.org

THANK YOU FOR YOUR PARTICIPATION

A FOLLOW-UP EMAIL WILL BE SENT WITH LINK TO RECORDING AND SUPPORTING MATERIALS

Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector