2005 EPRI PowerPoint Templateproceedings.ndia.org/jsem2007/Kropp.pdf · Why is securing SCADA...

Securing SCADA

Thomas KroppManager, Security ProgramsPower Delivery and Markets

2© 2007 Electric Power Research Institute, Inc. All rights reserved.JSEM - 24 May 2007

Agenda

• What is SCADA?

• What is the issue?

• Difficulties in securing SCADA

• Current work on improving security

• Mitigation techniques


Supervisory Control and Data Acquisition (SCADA)

• A computer control system used in real time to monitor and control one or more remote facilities. The system collects data and/or sends control instructions, either automatically or by operators at other locations. SCADA is used to control facilities in industries such as telecommunications, water and waste control, energy, oil and gas refining, and transportation.

Congress of Chairs Glossary, PCS Forumhttps://www.pcsforum.org/


Distributed Control Systems (DCS)

• A type of plant automation system similar to a SCADA system, except that a DCS is usually employed in factories and is located within a more confined area. It uses a high-speed communications medium, which is usually a separate wire (network) from the plant LAN. A significant amount of a closed loop control is present in the system

• In a control system, refers to control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit.

Congress of Chairs Glossary, PCS Forumhttps://www.pcsforum.org/


SCADA Graphical Example

Energy flow is controlled by SCADA


What is the Goal?

The bulk electricity system must evolve if it is to support the digital society of the 21st century.

AutomationSecure communicationsEnergy Efficiency


Issue: Old & New Electricity Infrastructures

Generation Companies

Customers

UtilityTrans. System Operator

Scheduling Coordinators / Power Exchange

Power Marketers

OLD NEW

Customers

Distribution Company

Distribution

Transmission

Generation

Open Access has created a need to make plant and grid data residing in real-time systems available to grid operators and power marketers

Power Company


Connectivity – what was

Generation Plant

Transmission Substation

Distribution Substation

Control Center

Residential

Commercial

Industrial

Pow

er F

low

Control Center

Corporate Office

ABC Electric Company


Connectivity – what is

Generation Plant

Transmission Substation

Distribution Substation

Control Center

Residential, Commercial, Industrial

Pow

er F

low

Control Center

System Operator

Corporate Office

Corporate Office

A Generation Company

B Transmission Company

C Distribution Company

Control Center Corporate Office


Two Infrastructures must be managed not just one

Central GeneratingStation

Step-Up Transformer

DistributionSubstation

ReceivingStation



Commercial

Industrial Commercial

Gas Turbine

RecipEngine

Cogeneration

RecipEngine

Fuel cell

Micro-turbine

Flywheel

Residential

Photovoltaics

Batteries

Residential Data Concentrator

Control Center

Data network Users

2. Distributed Computing Infrastructure

1.Power Infrastructure


Future Energy Delivery System will have a Supporting Distributed Computing System

Power Market Operator

Information Network

Information flow

Electron flow

Owner / Operator


Issue: Demand and Supply

• Infrastructure expansion has not kept up with demand: Generation & transmission capacity margins are shrinking (California: less than 4% margin in summer 2006)

• Transition to competition is increasing demands, – Power Transactions have increased dramatically– Grid capacity is limited– Power Disturbances cost customers $120 billion/yr.

• Many distribution systems have not been updated with current technology

• Distributed resources are the new wave; how do we connect them to the grid?


Other Issues

• Internet crime is increasing– Organized crime has learned how to profit over the

Internet (FBI, NSA, SANS)• The Electricity Industry is now competitive rather than

cooperative (Energy Market) potential industrial espionage

• SCADA has moved to standard Operating Systems (Windows, Linux, Unix)

• SCADA is connected to the Internet (business drivers)• Too much information is too readily available


SCADA versus Enterprise IT

Confidentiality

IntegrityIntegrity

Availability

Availability Confidentiality

Corporate IT Priorities Operational Priorities

Impo

rtanc

e


SCADA versus Corporate IT –Availability

• In an IT environment, we shut down the system to protect the data if an attack is effective

• In an electric power operations environment, we must keep the power flowing even if our communications and control systems are attacked effectively

• IT systems can suffer a significant delay so that security can be updated (malware signatures, system patches)

• Operational systems have low or no tolerance for such delays


Why is securing SCADA difficult?

• There are many legacy systems still in use– Designed for efficiency– Originally air gapped from other networks– Security was not a concern

• Security is not yet ‘internalized’ into the electric power operations culture– Safety and reliability are the priorities– Very few staff understand both security and SCADA

• “Chicken and Egg” syndrome– Vendors haven’t offered security– Customers haven’t asked for it This is changing


Why is securing SCADA difficult?

• Many SCADA networks are not high-speed– Updating anti-virus signatures and validating installed

applications can cause unacceptable delays in network availability

• SCADA systems require constant availability– Patching cannot require a re-boot

• Applications are specialized– Patches must be tested by both the application vendor

and by the utility• Communications traffic is specialized

– Rules to filter standard IT traffic aren’t effective in SCADA


What is being done – Common Requirements

• SCADA and Control Systems Procurement Project– Multi-State Information Sharing and Analysis Center

MS-ISAC– established in March 2006– joint effort among public and private sectors– develop common procurement language that can be

used by everyone.• Goal

– federal, state and local asset owners and regulators come together using these procurement requirements

– maximize the collective buying power to help ensure that security is integrated into SCADA systems.


What is being done – Security Testing and Awareness

• DOE National Labs (DOE and DHS funded)– Testing SCADA vendor products for security– Analyzing security of energy management networks– Strong vendor-Government cooperation

• National SCADA Test Bed (NSTB)– Four DOE Labs and NIST– Large scale effort to improve SCADA security

• Control Systems Cyber Security Vendors Forum– Facilitated by DHS– Safe environment to share security issues


What is being done – Security Standards

• NIST – Process Control Systems Requirements Forum– Protection Profiles

• AGA (American Gas Association)CIGRE (Conseil International des Grand Réseaux

Électriques)IEC (Commission Electrotechnique Internationale)IEEEISA– Communication security standards and procedures for

SCADA and Control systems

There is a danger of conflicting standards


What is being done – coordinate standards

• PCS Forum– Facilitated by DHS– Large umbrella organization– Organized into Interest Groups and Working Groups

• Most active WG: Congress of Chairs– Forum for standards organizations to coordinate– First effort = combined glossary (AGA, ANSI, API,

CIGRE, IEC, IEEE, ISA, ISO, NIST)


What is being done – coordinate research

• Roadmap to Secure Control Systems in the Energy Sector

– Facilitated by DOE– Four Goals

1. Measure and assess security posture2. Develop and integrate protective measures3. Detect intrusion and implement response strategies4. Sustain security improvements

– 2, 5, and 10 year target within each goal• Example (goal 1) by 2015, Energy asset owners will be able

to perform fully automated security state monitoring of their control system networks with real-time remediation


What is being done –(selected efforts)

• Vendors are developing new systems and considering security at the outset

• NERC (North American Reliability Corporation) provides security standards and guidelines

• EPRI manages R&D programs to enhance SCADA security– Evaluate broad-band communications in Energy

Management Networks (vulnerabilities and mitigations)– Securing perimeters for “critical cyber assets”– Technical reports on how to mitigate vulnerabilities in

current deployments


Conclusions

• Legacy SCADA systems are not secure and are difficult to secure

• There is not yet an ingrained security culture in the electric industry

• There is a roadmap in place for the path forward• Vendors, Government, Researchers are contributing• The industry is aware of the problems and is making

progress


References

• What’s wrong with the Electric Grid; The Industrial Physicisthttp://www.aip.org/tip/INPHFA/vol-9/iss-5/p8.html: – Good introduction to the North American Grid and power flow– Bias against deregulation and the energy market

• Multi-State Information Sharing and Analysis Center MS-ISAC (http://www.msisac.org/scada/)

• PCS Forum (https://www.pcsforum.org/)

• Roadmap to Secure Control Systems in the Energy Sector– Document: http://www.controlsystemsroadmap.net/– Intereactive: https://www.pcsforum.org/roadmap/

http://www.aip.org/tip/INPHFA/vol-9/iss-5/p8.html

http://www.msisac.org/scada/)

https://www.pcsforum.org/)

http://www.controlsystemsroadmap.net/

https://www.pcsforum.org/roadmap/


Questions (and, possibly, answers)

2005 EPRI PowerPoint Templateproceedings.ndia.org/jsem2007/Kropp.pdf · Why is securing SCADA...

Documents

Transcript of 2005 EPRI PowerPoint Templateproceedings.ndia.org/jsem2007/Kropp.pdf · Why is securing SCADA...