Improving Cyber-Security Improving Cyber-Security through ...
10 NOVEMBER 2017 Cyber Security and Data...
Transcript of 10 NOVEMBER 2017 Cyber Security and Data...
10 NOVEMBER 2017
Cyber Security and Data Analytics CAPER IAB Meeting Session V – Power System Data Applications
K. Eric Harper, Senior Principal Scientist, ABB US Corporate Research
What does it mean?
Cyber Security
November 28, 2017
NERC CIP?
“Measures taken to protect power and automation systems against unauthorized
access, attacks, disruption or loss.”
Cyber Security Back to the basics
Security is about awareness, policy and process
Ignore compliance - at least at first
– Focus on risk mitigation and management
– Assess your maturity model and then improve
There is no such thing as 100% security
– Actors and threats constantly changing
– Deploy Defense in Depth
• Deter, Detect and Delay the bad guys
– Security does not come for free
Vulnerabilities in protection and control systems
The growing impact of cyber security
November 28, 2017 Slide 6
0
50
100
150
200
250
300
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015*
12.5% 87.5%
Since 2010 vulnerabilities in control system are increasing. “Never touch a running system” methodology does not work anymore
ICS (SCADA/DCS) disclosures per year
2015 incidents Ukraine - • BlackEnergy1 APT • Verizon Data Breach
Germany - • Steel mill
Poland - • Major airport
19 189 ICS Vulnerabilities
Cultural: Enterprise IT vs. Control Systems A different set of challenges – Education and Teamwork
Enterprise IT Control Systems
Primary object
under
protection
Information Physical process
Primary risk
impact
Information disclosure,
financial
Safety, health,
environment, financial
Main security
objective Confidentiality Availability
Security focus Central Servers (fast CPU, lots of memory, …)
Distributed System (possibly limited resources)
Availability
requirements
95 – 99% (accept. downtime/year: 18.25 - 3.65
days)
99.9 – 99.999% (accept. downtime/year: 8.76 hrs –
5.25 minutes)
Problem
response
Reboot,
patching/upgrade,
isolation
Fault tolerance, online
repair
Air gap is not the solution
Enablement of the information flow is critical for today and tomorrow’s success in proactive wide area applications
Balance between Reliability and Security
November 28, 2017 Slide 8
Challenges
Reliability Security
Communications Infrastructure
Power System Reliability
Critical Infrastructure
Protection (CIP)
Unauthorized access or attack
The growing impact of cyber security
November 28, 2017 Slide 9
IEC 61850 / Station bus
Station LAN
Engineering
Workstation
Computer
HMI
Network Control
Center
Maintenance
Center
Firewall
VPN
Router
Gateway
GPS
Time Server
Physical Security perimeter
Electronic Security perimeter
Data storm by a
Faulty Device
Network disturbance, malware,
Cyber attacks
Unauthorized
Person
Unauthorized
Person
Infected
Notebook
Infected
Mobile
data
storage
USB
– Legal and illegal penetration and hacking tools are freely available today
– Penetration testing software
– Vulnerability Scanner
– Network discovery and security auditing
– Internet of Things (IoT)
The increasing risks
Distributed. Collaborative. Cyber- and Physics-Based
CODEF Security Features
November 28, 2017 Slide 10
• Distributed intelligence between substation intelligent electronic devices (IEDs)
• Collaborative mechanism for detecting cyber attacks
• Domain based cyber security layer for electrical substations and intelligent electronic devices (IEDs)
• Additional cyber-layer for enhanced security
CODEF Technical Approach
November 28, 2017 Slide 11
Use physics to block malicious cyber attacks
• Detect and block malicious attempts to control circuit breakers and malicious device configuration settings
• Reinforce existing solutions and provide another security layer in case of breach of IT security layer
Layering a communication networks physically and/or logically can considerably improves network security
Cyber Security Layered Architecture
November 28, 2017
Grid Automation
Enterprise Network Network Control Center Maintenance Center
Service PC
www.
Remote Support
Secure SW/FW
Multi – technology based operational utility core network
Core network element PDH, SDH Optical,
MPLS, L2 optical / el. Radio; Wi-Fi, PLC
Any Substation, Control-Center; Power-Plant down to private consumer
DMZ
Individual User Accounts
Removable Media
Access
Disable Ports /
services
Malware Protection
Patch management
Firewall
Secure
Communication
Local security logging
Central security logging /Account Management
IDS
USB
SDM 600
Redundant & reliable clock & time distribution (not only GPS)
Challenges and changes utilities face
November 28, 2017 Slide 14
Performance Exceed Meet or beat
Aging infrastructure
Nearly 70% of the transformers in the US are more than 25 years old1
Aging workforce
40% of the workforce at America’s electric and natural gas utilities will be eligible for retirement in the next five years6
Reliability
Up to 55% reduction in unexpected failures with predictive maintenance solutions2
Spending justification
Companies investing in IoT-based operational sensing and cognitive-based situational awareness will see 30% improvements in the cycle times of impacted critical processes5
Cyber security
Through 2018, 50% of IoT device manufacturers will not be able to address threats from weak authentication practices7
Distributed energy
By 2020, 2.5 GW of electricity will be generated by 20% of Fortune 500 companies, which will wholesale their distributed energy resource excess power through utility-independent subsidiaries4
Asset information everywhere
25 billion devices (not counting smartphones, tablets or computers) will be connected to the IoT by 20203
1 Harris Williams & Co. | 2 ARC Advisory Group, November 2014 | 3 Gartner. Predicts 2016: Unexpected Implications Arising From the Internet of Things. December 2015 | 4 IDC FutureScape: Worldwide Utilities 2017 Predictions | 5 IDC Energy IDC FutureScape: Worldwide Digital Transformation 2017 Predictions | 6 APPA | 7 Gartner. Predicts 2016: Unexpected Implications Arising From the Internet of Things. December 2015
Risk Avoid Manage
Cost Minimize Optimize
1905 1940 1969 1982 1983 1994 2002 2004 2010 2011 2014 2015
ABB installs first Power Line
Communication (PLC) and protection Signaling Equipment
ABB introduces first SCADA and network
management systems
ABB launches Micro-processor
based relays
ABB introduces EMS, GMS and DMS
applications
ABB introduces first computer based
substation control system
First redundant RTU supporting Ethernet
communication (RTU500 series)
First NCIT installations in ABB substation automation systems
ABB pioneers Wide Area Monitoring System (WAMS)
Between 2010 – 2011 ABB acquires Ventyx &
Mincom
ABB’s first IEC 61850-9-2 digital
substation installation - Loganlea, Australia
ABB introduces worlds first Asset
Health Center solution
100,000th RTU sold
ABB sells its 100,000th
Relion® 670 unit
ABB sells its 10,000th
MicroSCADA Pro license
ABB’s first electro-mechanical relays introduced
IEC founded ABB is a leading member
ABB introduces COMBIFLEX® electronic relays
ABB’s first optical FOX link installed on HV lines with integrated teleprotection
ABB develops integrated protection and control
First distributed busbar protection – REB500
ABB’s first fully integrated analog and digital Power Line Communication (PLC)
ABB introduces the Relion® family of IEC 61850 compliant relays and compliant substation automation systems
ABB Commissions 1st IEC 61850 (multi vendor) SA System Laufenberg, CH.
ABB acquires Tropos Wireless Networks
National Grid Saudi Arabia partners with ABB to introduce IEC 61850 Substation Automation Systems
ABB launches it’s pioneering Standalone merging unit - SAM600
ABB leading the world since 1905
Grid Automation Timeline
2016
ABB’s first digital substation in the UK
ABB partners with Microsoft’s Azure Cloud based platform to launch ABB Ability
ABB launches it’s pioneering Microgrid enabling product - PowerStore Battery
ABB recognized for the world’s first conformance tested system engineering tools
28 November 2017 Slide 15
2017
ABB invests in Enbala Power Networks to co-develop cutting-edge grid software
ABB Ability Digital Substation & Asset Health Center launched at ABB Customer World
Shift from a conventional to a digital substation
Digital Substation
November 28, 2017 Slide 16
Customer Values
– Lower OPEX for operators
– Health and safety
– Less and smaller control cubicles
– Linear NCIT / no saturation
– Less cabling
– Less material
– Shorter cycle times
– Smaller foot-print
– Future proof thanks to IEC 61850
Conventional Substation Digital Substation
CT & VT
Station local or remote HMI with
asset management
Primary components stand alone Small foot-print: Integration
Digital Substation For higher reliability in operation and efficiency in fleet service
November 28, 2017
Data capture
Product information
Plant/Substation information
Data
Data
X X X X X X
X X X
X
Signals from sensors
Off line maintenance, field testing and
product data
Product level analysis and storage of
data
Product specific fingerprint
Diagnosis and visual risk status information of
equipment at plant level X Other
equipment
Expert systems Fleet health
Guide for optimized selective fleet maintenance planning based on risks versus importance of assets
Decision
Need for operational improvement steers analytics from descriptive to predictive
Evolution of digital business and analytics
November 28, 2017 Slide 18
Action
Decision automation
Decision support
Descriptive What happened?
Diagnostic Why did it happen?
Predictive What will happen?
Prescriptive What should I do?
Data
Analytics Human input
ABB analytics portfolio
Source: Gartner (February 2015)
“Utility-izing” data
What does this mean for utilities?
November 28, 2017 Slide 19
With the continued deployment of intelligent equipment, utilities can collect and analyze far more data than ever before
This data can be utilized to identify the most critical assets for repair and replace decisions, thereby reducing operations and maintenance spending
For example, predictive maintenance can save up to 10x more than corrective maintenance and can mitigate catastrophic failures that can cost as much as $25 million
10x
A fleet-wide analytics platform to improve processes through risk-based optimization
ABB Ability™ Asset Health Center™
November 28, 2017 Slide 20
Continuous optimization and improvement
All data sources: •Sensors •Historian •Databases •EAM
Advanced operational business intelligence
Enterprise asset and work management
Statistical models (Azure Machine Learning)
Expert models (ABB, third party)
One source of IT/OT truth means better decision-making and improved execution
Benefits
November 28, 2017 Slide 21
Identify risks early so they can be reliably resolved or mitigated
Enable risk-optimized maintenance schedules
Make more informed long-term investment decisions
Facilitate the adoption of accepted industry standards such as ISO
Quickly establish an asset performance management solution that grows with you
Replace time-based maintenance with condition-based maintenance for cost-effective reliability
Business is driving the push towards digitalization with the reward of improved operations, lower costs and increased agility. Digitalization will help:
US transmission owner
Case study
November 28, 2017 Slide 22
Territory in multiple states
Millions of customers
10’s of thousand miles of electric
transmission lines
100’s of thousand miles of electric
distribution line
8,800 transformers
20,000 breakers
3,300 batteries
Prevented at least one major transformer failure in the first year!
18% Transformers over
years old 60
33% Transformers over
years old 50
Potential annual savings
November 28, 2017 Slide 23
8% O&M +3 years Optimized maintenance strategy
Capital replacement & deferred depreciation
Increased life of assets
Overtime costs
Safety Environmental Regulatory
2%
Risk 4% O&M Optimized labor
millions