10 NOVEMBER 2017 Cyber Security and Data...

10 NOVEMBER 2017

Cyber Security and Data Analytics CAPER IAB Meeting Session V – Power System Data Applications

K. Eric Harper, Senior Principal Scientist, ABB US Corporate Research

CODEF video

Cybersecurity

Data and Analytics

Questions

Agenda

What does it mean?

Cyber Security

November 28, 2017

NERC CIP?

“Measures taken to protect power and automation systems against unauthorized

access, attacks, disruption or loss.”

Cyber Security Back to the basics

Security is about awareness, policy and process

Ignore compliance - at least at first

– Focus on risk mitigation and management

– Assess your maturity model and then improve

There is no such thing as 100% security

– Actors and threats constantly changing

– Deploy Defense in Depth

• Deter, Detect and Delay the bad guys

– Security does not come for free

Vulnerabilities in protection and control systems

The growing impact of cyber security

November 28, 2017 Slide 6

0

50

100

150

200

250

300

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015*

12.5% 87.5%

Since 2010 vulnerabilities in control system are increasing. “Never touch a running system” methodology does not work anymore

ICS (SCADA/DCS) disclosures per year

2015 incidents Ukraine - • BlackEnergy1 APT • Verizon Data Breach

Germany - • Steel mill

Poland - • Major airport

19 189 ICS Vulnerabilities

Cultural: Enterprise IT vs. Control Systems A different set of challenges – Education and Teamwork

Enterprise IT Control Systems

Primary object

under

protection

Information Physical process

Primary risk

impact

Information disclosure,

financial

Safety, health,

environment, financial

Main security

objective Confidentiality Availability

Security focus Central Servers (fast CPU, lots of memory, …)

Distributed System (possibly limited resources)

Availability

requirements

95 – 99% (accept. downtime/year: 18.25 - 3.65

days)

99.9 – 99.999% (accept. downtime/year: 8.76 hrs –

5.25 minutes)

Problem

response

Reboot,

patching/upgrade,

isolation

Fault tolerance, online

repair

Air gap is not the solution

Enablement of the information flow is critical for today and tomorrow’s success in proactive wide area applications

Balance between Reliability and Security


Challenges

Reliability Security

Communications Infrastructure

Power System Reliability

Critical Infrastructure

Protection (CIP)

Unauthorized access or attack

The growing impact of cyber security


IEC 61850 / Station bus

Station LAN

Engineering

Workstation

Computer

HMI

Network Control

Center

Maintenance

Center

Firewall

VPN

Router

Gateway

GPS

Time Server

Physical Security perimeter

Electronic Security perimeter

Data storm by a

Faulty Device

Network disturbance, malware,

Cyber attacks

Unauthorized

Person

Unauthorized

Person

Infected

Notebook

Infected

Mobile

data

storage

USB

– Legal and illegal penetration and hacking tools are freely available today

– Penetration testing software

– Vulnerability Scanner

– Network discovery and security auditing

– Internet of Things (IoT)

The increasing risks

Distributed. Collaborative. Cyber- and Physics-Based

CODEF Security Features


• Distributed intelligence between substation intelligent electronic devices (IEDs)

• Collaborative mechanism for detecting cyber attacks

• Domain based cyber security layer for electrical substations and intelligent electronic devices (IEDs)

• Additional cyber-layer for enhanced security

CODEF Technical Approach


Use physics to block malicious cyber attacks

• Detect and block malicious attempts to control circuit breakers and malicious device configuration settings

• Reinforce existing solutions and provide another security layer in case of breach of IT security layer

Layering a communication networks physically and/or logically can considerably improves network security

Cyber Security Layered Architecture

November 28, 2017

Grid Automation

Enterprise Network Network Control Center Maintenance Center

Service PC

www.

Remote Support

Secure SW/FW

Multi – technology based operational utility core network

Core network element PDH, SDH Optical,

MPLS, L2 optical / el. Radio; Wi-Fi, PLC

Any Substation, Control-Center; Power-Plant down to private consumer

DMZ

Individual User Accounts

Removable Media

Access

Disable Ports /

services

Malware Protection

Patch management

Firewall

Secure

Communication

Local security logging

Central security logging /Account Management

IDS

USB

SDM 600

Redundant & reliable clock & time distribution (not only GPS)

Cybersecurity

Data and Analytics

Questions

Agenda

Challenges and changes utilities face


Performance Exceed Meet or beat

Aging infrastructure

Nearly 70% of the transformers in the US are more than 25 years old1

Aging workforce

40% of the workforce at America’s electric and natural gas utilities will be eligible for retirement in the next five years6

Reliability

Up to 55% reduction in unexpected failures with predictive maintenance solutions2

Spending justification

Companies investing in IoT-based operational sensing and cognitive-based situational awareness will see 30% improvements in the cycle times of impacted critical processes5

Cyber security

Through 2018, 50% of IoT device manufacturers will not be able to address threats from weak authentication practices7

Distributed energy

By 2020, 2.5 GW of electricity will be generated by 20% of Fortune 500 companies, which will wholesale their distributed energy resource excess power through utility-independent subsidiaries4

Asset information everywhere

25 billion devices (not counting smartphones, tablets or computers) will be connected to the IoT by 20203

1 Harris Williams & Co. | 2 ARC Advisory Group, November 2014 | 3 Gartner. Predicts 2016: Unexpected Implications Arising From the Internet of Things. December 2015 | 4 IDC FutureScape: Worldwide Utilities 2017 Predictions | 5 IDC Energy IDC FutureScape: Worldwide Digital Transformation 2017 Predictions | 6 APPA | 7 Gartner. Predicts 2016: Unexpected Implications Arising From the Internet of Things. December 2015

Risk Avoid Manage

Cost Minimize Optimize

1905 1940 1969 1982 1983 1994 2002 2004 2010 2011 2014 2015

ABB installs first Power Line

Communication (PLC) and protection Signaling Equipment

ABB introduces first SCADA and network

management systems

ABB launches Micro-processor

based relays

ABB introduces EMS, GMS and DMS

applications

ABB introduces first computer based

substation control system

First redundant RTU supporting Ethernet

communication (RTU500 series)

First NCIT installations in ABB substation automation systems

ABB pioneers Wide Area Monitoring System (WAMS)

Between 2010 – 2011 ABB acquires Ventyx &

Mincom

ABB’s first IEC 61850-9-2 digital

substation installation - Loganlea, Australia

ABB introduces worlds first Asset

Health Center solution

100,000th RTU sold

ABB sells its 100,000th

Relion® 670 unit

ABB sells its 10,000th

MicroSCADA Pro license

ABB’s first electro-mechanical relays introduced

IEC founded ABB is a leading member

ABB introduces COMBIFLEX® electronic relays

ABB’s first optical FOX link installed on HV lines with integrated teleprotection

ABB develops integrated protection and control

First distributed busbar protection – REB500

ABB’s first fully integrated analog and digital Power Line Communication (PLC)

ABB introduces the Relion® family of IEC 61850 compliant relays and compliant substation automation systems

ABB Commissions 1st IEC 61850 (multi vendor) SA System Laufenberg, CH.

ABB acquires Tropos Wireless Networks

National Grid Saudi Arabia partners with ABB to introduce IEC 61850 Substation Automation Systems

ABB launches it’s pioneering Standalone merging unit - SAM600

ABB leading the world since 1905

Grid Automation Timeline

2016

ABB’s first digital substation in the UK

ABB partners with Microsoft’s Azure Cloud based platform to launch ABB Ability

ABB launches it’s pioneering Microgrid enabling product - PowerStore Battery

ABB recognized for the world’s first conformance tested system engineering tools

28 November 2017 Slide 15

2017

ABB invests in Enbala Power Networks to co-develop cutting-edge grid software

ABB Ability Digital Substation & Asset Health Center launched at ABB Customer World

Shift from a conventional to a digital substation

Digital Substation


Customer Values

– Lower OPEX for operators

– Health and safety

– Less and smaller control cubicles

– Linear NCIT / no saturation

– Less cabling

– Less material

– Shorter cycle times

– Smaller foot-print

– Future proof thanks to IEC 61850

Conventional Substation Digital Substation

CT & VT

Station local or remote HMI with

asset management

Primary components stand alone Small foot-print: Integration

Digital Substation For higher reliability in operation and efficiency in fleet service

November 28, 2017

Data capture

Product information

Plant/Substation information

Data

Data

X X X X X X

X X X

X

Signals from sensors

Off line maintenance, field testing and

product data

Product level analysis and storage of

data

Product specific fingerprint

Diagnosis and visual risk status information of

equipment at plant level X Other

equipment

Expert systems Fleet health

Guide for optimized selective fleet maintenance planning based on risks versus importance of assets

Decision

Need for operational improvement steers analytics from descriptive to predictive

Evolution of digital business and analytics


Action

Decision automation

Decision support

Descriptive What happened?

Diagnostic Why did it happen?

Predictive What will happen?

Prescriptive What should I do?

Data

Analytics Human input

ABB analytics portfolio

Source: Gartner (February 2015)

“Utility-izing” data

What does this mean for utilities?


With the continued deployment of intelligent equipment, utilities can collect and analyze far more data than ever before

This data can be utilized to identify the most critical assets for repair and replace decisions, thereby reducing operations and maintenance spending

For example, predictive maintenance can save up to 10x more than corrective maintenance and can mitigate catastrophic failures that can cost as much as $25 million

10x

A fleet-wide analytics platform to improve processes through risk-based optimization

ABB Ability™ Asset Health Center™


Continuous optimization and improvement

All data sources: •Sensors •Historian •Databases •EAM

Advanced operational business intelligence

Enterprise asset and work management

Statistical models (Azure Machine Learning)

Expert models (ABB, third party)

One source of IT/OT truth means better decision-making and improved execution

Benefits


Identify risks early so they can be reliably resolved or mitigated

Enable risk-optimized maintenance schedules

Make more informed long-term investment decisions

Facilitate the adoption of accepted industry standards such as ISO

Quickly establish an asset performance management solution that grows with you

Replace time-based maintenance with condition-based maintenance for cost-effective reliability

Business is driving the push towards digitalization with the reward of improved operations, lower costs and increased agility. Digitalization will help:

US transmission owner

Case study


Territory in multiple states

Millions of customers

10’s of thousand miles of electric

transmission lines

100’s of thousand miles of electric

distribution line

8,800 transformers

20,000 breakers

3,300 batteries

Prevented at least one major transformer failure in the first year!

18% Transformers over

years old 60

33% Transformers over

years old 50

Potential annual savings


8% O&M +3 years Optimized maintenance strategy

Capital replacement & deferred depreciation

Increased life of assets

Overtime costs

Safety Environmental Regulatory

2%

Risk 4% O&M Optimized labor

millions

Cybersecurity

Data and Analytics

Questions

Agenda

10 NOVEMBER 2017 Cyber Security and Data...

Documents

Transcript of 10 NOVEMBER 2017 Cyber Security and Data...