securing networked infrastructure for the energy sector
TRANSCRIPT
Accelerating Grid ModernizationMore information available on SGIP.org
Securing Networked Infrastructure for the Energy Sector
November 13, 2014
Accelerating Grid ModernizationMore information available on SGIP.org
INTRODUCTION
Tanya Brewer, Senior Information Technology ResearcherNational Institute of Standards & Technology (NIST)SGIP Smart Grid Cybersecurity Committee (SGCC)
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
Smart Grid Interoperability Panelorchestrates the work
behind power gridmodernization
Accelerating Grid ModernizationMore information available on SGIP.org
• Optimizes resources and time• Avoids proprietary vendor lock-in• Helps build technology roadmaps• Simplifies decision making
SGIP Reduces Risks and Costs
SGIP is a collaborative, transparent, and trusted forum to share standards
information and practical, hands-on knowledge about deployments from
industry experts.
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
Agenda
• Introduction Tanya Brewer• Main Presentation Jim McCarthy• Q&A• Closing Tanya Brewer
This meeting, and all SGIP activities, are governed by SGIP By-laws and policies - Intellectual Property Rights Policy and Antitrust Policy.
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
Securing Networked Infrastructure for the Energy SectorJim McCarthyNational Cybersecurity Center of Excellence
SGIP Webinar November 13, 2014
Accelerating Grid ModernizationMore information available on SGIP.org
ABOUT THE NCCOE
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
8
STRATEGY
Vision
‣ A secure cyber infrastructure that inspires technological innovation and fosters economic growth
Mission
‣ Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
9
TENETS
Standards-based
Modular
Usable
Repeatable
Open and transparent
Commercially available
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
10
APPROACH
We seek problems that are:
‣ Broadly relevant
‣ Technology-based
‣ Addressable with multiple commercially available technologies
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
11
REFERENCE DESIGNS
Use cases
‣ Sector-specific challenges
‣ Identified through industry engagement
Building blocks
‣ Technology-specific challenges
‣ Identified through public engagement
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
12
MODEL
Engage‣ Work with community of interest to define problem
Explore‣ Map security characteristics to standards, controls and best practices
‣ Circulate drafts and incorporate feedback
Partner‣ Invite technology vendors to collaborate in our labs
Build‣ Collaborate on design components
‣ Incorporate feedback from experts in technology community
Show‣ Demonstrate reference designs
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
13
MODEL
Form small communityof interest
Provide input andfeedback to NCCoE
Expandcommunityof interest
Submit feedback on use cases to
NCCoE
Offer insightson use cases
CommunityOf Interest
Support deployment, revision and maintenance of products as part of the
practice guide
Collaborate to develop reference designs
Evangelize on behalf of reference design and practice guide
Deploy, test and provide feedback on the reference design
Provide regular feedback on use case builds
TechnologyPartners Submit letters
of interest
Speak at sector-
specific events
Work withCOI to identify cybersecurity challenges
Hostsector-specific
workshop
Review & circulate
pre-release use cases
Revise & publish
draft use cases
Revise use cases &
invite participation
from technology
partners
Receivetechnology
partners letters
of interest
Demonstrate reference designs
Discussimprovements &
modifications
Publish reference
design and practice guide
Develop composed reference
design
Formbuild
teamsSign
CRADAsHost
partner day
Accelerating Grid ModernizationMore information available on SGIP.org
14
CORE PARTNERS
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
IDENTITY AND ACCESS MANAGEMENT
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
16
OVERVIEW
Goals
‣ Authenticate individuals and systems
‣ Enforce authorization control policies
‣ Unify IdAM services
‣ Protect generation, transmission and distribution
Business value
‣ Reduce costs
‣ Increase efficiency
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
17
DESIRED SOLUTION CHARACTERISTICS
‣ Authentication
‣ Authorization
‣ Access control
‣ Federation
‣ Provisioning
‣ Do not break the grid
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
18
EXAMPLE COMPONENT LIST
‣ Services for authenticating and authorizing users based on identity, role, third-party affiliation (e.g., federation) or other attributes (e.g., attribute based access control)
‣ Services for authenticating and authorizing devices
‣ Identity and access governance capability that translates human-readable access needs into machine-readable authorizations
‣ Services for whitelisting applications
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
19
EXAMPLE COMPONENT LIST
‣ ICS equipment, such as remote terminal units (RTUs), programmable logic controllers (PLCs) and relays, along with associated software and communications equipment (e.g., radios, encryptors)
‣ Physical access control devices that use standard communication interfaces
‣ Security incident and event management (SIEM) or log analysis software for monitoring access management events
‣ “Bump-in-the-wire” devices for augmenting OT with authentication, authorization, access control, encrypted communication and logging capabilities
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
20
SILOS
IT network OT network Physical system
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
21
THE IT-OT DIVIDE
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
22
COLLABORATORS
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
NEXT STEPS
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
24
NEXT STEPS
NCCoE: ‣ Finalize build architecture
Users and other interested parties: ‣ Participate in a use case community of interest
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
SITUATIONAL AWARENESS
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
26
OVERVIEW
Goals
‣ Improve OT availability
‣ Unify visibility across silos
‣ Detect anomalous conditions and remediate them
‣ Investigate events leading to anomalies and share findings
Business value
‣ Improves ability to detect security breaches or anomalous behavior
‣ Increases probability that investigations of attacks or anomalous system behavior will reach successful conclusions
‣ Improves accountability and traceability
‣ Simplifies regulatory compliance
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
27
DESIRED SOLUTION CHARACTERISTICS
‣ Data visualization and analysis capabilities that help dispatchers and security analysts view control system behavior and network and physical security events as a cohesive whole
‣ Analysis and correlation capabilities that help dispatchers and security analysts understand and identify security events and predict how those events might affect control system operation
‣ Scalability sufficient to meet the needs of a large metropolitan utility
‣ Mechanisms that ensure the accuracy and integrity of data collected from remote facilities
‣ Ability to collect logs, traffic and operational data from a variety of sources including servers, ICS equipment, networking equipment, security appliances, issue tracking systems and mobile devices
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
28
DESIRED SOLUTION CHARACTERISTICS
‣ Ability to allow dispatchers and security analysts to easily automate common and repetitive investigative tasks
‣ Built-in information sharing capabilities that allow dispatchers and security analysts to easily share and acquire new threat indicators, correlation rules, mitigations and investigative techniques
‣ Customizable interfaces that allow users to tailor the system to meet specific business needs
‣ Automated report generation to aid utilities in demonstrating compliance with relevant standards
‣ Intuitive user interfaces that are appropriate for utility dispatchers with limited network security expertise or security analysts with limited expertise in electric power
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
29
EXAMPLE COMPONENT LIST
‣ ICS equipment, such as RTUs, PLCs and relays, along with associated software and communications equipment (e.g., radios, encryptors)
‣ SIEM or log analysis software‣ “Bump-in-the-wire” devices for augmenting OT with encrypted
communication and logging capabilities‣ Software for collecting, analyzing, visualizing and storing
operational control data (e.g., historians, outage management systems, distribution management systems, human-machine interfaces)
‣ Products that ensure the integrity and accuracy of data collected from remote facilities
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
NEXT STEPS
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
31
NEXT STEPS
NCCoE: ‣ Invite vendors to submit letters of interest that will result in CRADAs
Users and other interested parties: ‣ Participate in a use case community of interest
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
Next
9600 Gudelsky DriveRockville, MD 20850
http://nccoe.nist.gov
Accelerating Grid ModernizationMore information available on SGIP.org
QUESTIONS?
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
Cybersecurity Update• Cloud Computing Considerations in the Smart Grid has now
been published for SGIP Members to view and download.– http://members.sgip.org/apps/org/workgroup/sgip-
mmc/download.php/5953/latest– Available to public in February 2015.
• Other resources at SGIP.org/Publications– Framework for Improving Critical Infrastructure Cybersecurity
Core Mapping to National Institute of Standards and Technology (NIST) Interagency Report (IR) 7628 Exclusive to Members
– Cybersecurity User's Guide (NISTIR 7628) - Smart Grid Cyber Security Implementation Guidelines 30 pages
• Information on the SGIP Smart Grid Cybersecurity Committee may be found at SGIP.org/SGCC
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
SGIP Reminders• Next week on November 20: Another Free Webinar – “What’s
New with the Interoperability Process Reference Manual?” and the Smart Grid Testing & Certification Committee
• December 8-9: Winter Members Meeting in Portland– Conference on Transactive Energy also in Portland that week.
• Webinars & Publications on SGIP.org under “Information Knowledge Base”
• Stay in Touch– Twitter: @SGIPNews– Join our LinkedIn Group: https://www.linkedin.com/groups/Smart-
Grid-Interoperability-Panel-SGIP-4145498– Sign up for SGIP Newsletter, The Conductor
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector
Accelerating Grid ModernizationMore information available on SGIP.org
THANK YOU FOR YOUR PARTICIPATION
A FOLLOW-UP EMAIL WILL BE SENT WITH LINK TO RECORDING AND SUPPORTING MATERIALS
Nov. 13, 2014 Securing Networked Infrastructure for the Energy Sector