Cyber Resiliency of Energy Systems:Designing for Tomorrow

while Taking Action Today Moreno Carullo

IEC TC 57 WG15 memberCo-founder and CTO, Nozomi Networks

March 12th 2019, Vienna Security Week

About IEC TC57 WG15 About Nozomi Networks

2

LONG-TERM CONTRIBUTION TO WG15June 2015

FOUNDED IN SWITZERLANDOctober 2013

GROUNDED IN RESEARCHFounders conducted PhD research on SCADA

Security/Malware and Artificial Intelligence

CREATED TO ADDRESS MARKET NEEDFounder worked in a large oil & gas company that

lacked visibility and control over its ICS/OT environment, needed a solution

Formed in early 2000s by an ad hoc groupworking to address cyber security issues inside TC57

121 members from 21 countries3 face-to-face meetings per year

MISSION & DUTIESUndertake the development of standards and/or

technical reports on end-to-end security issues of TC57 systems

Energy Infrastructure: Cyberattacks Are Increasing

3

The Ukraine’s Power Outage Was a Cyber Attack 18 Jan. 2017A power blackout in Kiev was caused by a cyber attack, investigators try to trace other potentially infected computers.

Hackers halt plant operations in watershed cyberattack15 Dec. 2017 Schneider confirmed that an incident occurred and that it issued a security alert to users of Triconex, which cyber experts said is widely used in the energy industry, including nuclear facilities, and oil and gas plants.

GreyEnergy: One of The Most Dangerous Threat Actors17 Oct. 2018ESET research identifies malware successor to BlackEnergy, being used to target energy and other critical infrastructure.

The Global Risk Report 2019Jan. 2019Cyberattacks to critical infrastructure are a top five global risk.

Energy Infrastructure: Cyber Security is Challenging

4

Technical Challenges

• More and more connectivity with other systems

• Large geographic areas

• High number of physical assets

• Communications are complex

• Systems are not secure by design

o Lack of authentication, encryption, robustness...

People and Process Challenges

• Shortage of cyber security skills

• Immature cyber security processes

• Intelligent Electronic Devices (IED) - Programmable Logic Controllers (PLC) or Remote Terminal Units (RTU) are low computational computers built for control physical components as valves, pumps, motors, etc.

• They use unsecure communication protocols that suffer from:

• This is part of an insecure ecosystem

Energy Infrastructure: Insecure by Design?

5

o Lack of authenticationo Lack of encryptiono Backdoors

o Buffer overflow

o Stemming from airgap of OTo Different priorities (e.g availability vs confidentiality)

What Do We Need to Protect?

6

Bulk GeneratingStation

Step-Up Transformer

DistributionSubstation

TransmissionSubstation

DistributionSubstation

DistributionSubstation

Commercial

Industrial Commercial

Gas Turbine

RecipEngine

Cogeneration

RecipEngine

Fuel cell

Micro-turbine

Flywheel

Residential

Photovoltaics

Batteries

Residential EMS

Control Center

Data network Users

2. Information Infrastructure

1.Power Infrastructure

… but how can we do security today,if we can’t see what’s happening on

energy system networks?

Today: Insecure Systems Can Be Secured and Monitored

8

Architecture and SegregationThe IEC 62443 family of standards help secure

today’s systems.

Awareness and TrainingOrganizations can improve their cyber security

culture and processes.

Technology exists now to address• Visibility: What do I have in my information

Infrastructure?

• Monitoring: How are my infrastructure assets

behaving?

• Vulnerability Assessment: Are my assets up-to-

date and free of vulnerabilities?

Tomorrow: End-to-End Security-by-Design

9

The goal of the IEC 62351 family of standards is to provide a secure-by-design system.

Operator Station IEDs

• Authentication of the systems, devices, and applications that are sending and receiving data

• Authorization for interactions such as viewing, reading, writing, controlling, creating, deleting

• Data integrity of all interactions and information within the systems

END TO END SECURITY GOALS

• Accountability ensures that an entity cannot deny having received or acted upon a message

• Availability of the interactions can range from milliseconds to hours or days

• Confidentiality is usually required for financial, market, corporate, or private data

Tomorrow: End-to-End Security-by-Design (continued)

10

Tomorrow: How We Enact Cyber Security Will Change

11

Everything we do today will

remain tomorrow. But we need

to change our focus.

Shift from just “looking for the

bad guys” to “let’s ensure

that security-by-design is

working well.”

Bulk GeneratingStation

Step-Up Transformer

DistributionSubstation

TransmissionSubstation

DistributionSubstation

DistributionSubstation

Commercial

Industrial Commercial

Gas Turbine

RecipEngine

Cogeneration

RecipEngine

Fuel cell

Micro-turbine

Flywheel

Residential

Photovoltaics

Batteries

Residential EMS

Control Center

Data network Users

2. Information Infrastructure

1.Power Infrastructure

12

Moreno has a Ph.D. in Artificial Intelligence and is an expert in

industrial cyber security. He is adept at managing technical teams

with a focus on quality and flexibility to deliver innovative

products.

Moreno is also a member of Electrosuisse, the Swiss National

IEC committee, and is an active TC57 WG15 group member.MORENO CARULLO

CTO and Co-FounderNozomi Networks moreno.carullo@nozominetworks.com

About Moreno Carullo

Operational VisibilitySuperior Asset Discovery and Real-time Network

Monitoring

ICS Cyber SecurityThe Best ICS Threat Detection

Multinational Deployments Most Distributed Global Installations

One Solution Delivers

Thank Youwww.nozominetworks.com