Network Security in Power Systems
-
Upload
bookreaderau -
Category
Documents
-
view
219 -
download
0
Transcript of Network Security in Power Systems
-
8/6/2019 Network Security in Power Systems
1/23
Network Security inNetwork Security inPower SystemsPower Systems
Maja Knezev and Zarko DjekicMaja Knezev and Zarko Djekic
-
8/6/2019 Network Security in Power Systems
2/23
OutlineOutline
nn IntroductionIntroduction
nn Protection controlProtection control
nn
EMS, SCADA, RTU, PLCEMS, SCADA, RTU, PLC
nn Attacks using power systemAttacks using power system
nn VulnerabilitiesVulnerabilities
nn SolutionSolutionnn ConclusionConclusion
-
8/6/2019 Network Security in Power Systems
3/23
IntroductionIntroduction
Generator User
nn Providing electrical energy in the power system at aProviding electrical energy in the power system at aminimal cost with a due respect to safety andminimal cost with a due respect to safety andreliability.reliability.
-
8/6/2019 Network Security in Power Systems
4/23
Protective controlProtective control
nn Protective relays are designed to respond toProtective relays are designed to respond to
system faults such as short circuits.system faults such as short circuits.
Transmission relaying must locate and isolate aTransmission relaying must locate and isolate a
fault with a sufficient speed to preserve stability,fault with a sufficient speed to preserve stability,
to reduce fault damage and to minimize theto reduce fault damage and to minimize the
impact on the rest of the system.impact on the rest of the system.
-
8/6/2019 Network Security in Power Systems
5/23
Generator
Load
Generator
Load
Load
Transmission Network
Protective Relay
Circuit Breaker
nn Relays should respond when fault occurs butRelays should respond when fault occurs but
they should not respond in any other situationthey should not respond in any other situation
-
8/6/2019 Network Security in Power Systems
6/23
EMS(Energy Management System)EMS(Energy Management System)
nn CONSISTS OF computers, display devices , software,CONSISTS OF computers, display devices , software,
communication channels and remote terminal units thatcommunication channels and remote terminal units that
are connected to RTUs, control actuators in powerare connected to RTUs, control actuators in power
plants and substations.plants and substations.nn PURPOSE: to manage the production, purchase,PURPOSE: to manage the production, purchase,
transmission, distribution and sale of electrical energy intransmission, distribution and sale of electrical energy in
the power system. It provides status of huge area tothe power system. It provides status of huge area to
operator who makes decisions and it is capable ofoperator who makes decisions and it is capable of
making decisions automatically by itself.making decisions automatically by itself.
-
8/6/2019 Network Security in Power Systems
7/23
System Control And Data AcquisitionSystem Control And Data Acquisition
SCADASCADAnn CONSISTS OF one or more computers with appropriateCONSISTS OF one or more computers with appropriate
applications software connected by a communicationsapplications software connected by a communicationssystem to a number of RTUs placed at various locations tosystem to a number of RTUs placed at various locations tocollect data. Communication protocols differ fromcollect data. Communication protocols differ from
substation to substation.substation to substation.
nn PURPOSE: provides three critical functionsPURPOSE: provides three critical functions
--Data AcquisitionData Acquisition
--Supervisory controlSupervisory control--Alarm Display and ControlAlarm Display and Control
--Supports operator control of remote (or local) equipmentSupports operator control of remote (or local) equipment
-
8/6/2019 Network Security in Power Systems
8/23
nn RTU(Remote Terminal Unit)RTU(Remote Terminal Unit)
RTUs are microprocessor based computersRTUs are microprocessor based computers
which contain ADC and DAC, digital inputs forwhich contain ADC and DAC, digital inputs forstatus and digital output for control.status and digital output for control.
nn PCL (Programmable Logic Controller)PCL (Programmable Logic Controller)
PCLs have extended I/ O and control outputsPCLs have extended I/ O and control outputscan be controlled by software residing in PLC ascan be controlled by software residing in PLC aswell as via remote commands from a SCADA.well as via remote commands from a SCADA.The PLC user can make changes in the softwareThe PLC user can make changes in the software
without major hardware or software changes.without major hardware or software changes.
nn Both have many real time communication linksBoth have many real time communication linksinside and outside the substation or plantsinside and outside the substation or plants
-
8/6/2019 Network Security in Power Systems
9/23
Attacks using power systemAttacks using power system
nn Attacks upon the power systemAttacks upon the power systemAttacking two substations simultaneously in order to cause aAttacking two substations simultaneously in order to cause ablack outblack out
nn Attacks by the power systemAttacks by the power system
Using dangerous nature of power plants for generatingUsing dangerous nature of power plants for generatingattack (chemical, biological agents)attack (chemical, biological agents)
nn Attacks through the power systemAttacks through the power system
Using some installations of the power system to attack civilUsing some installations of the power system to attack civilinfrastructure. For example by coupling an electromagneticinfrastructure. For example by coupling an electromagneticpulse through the grid computer and telecommunicationspulse through the grid computer and telecommunications
infrastructure could be damagedinfrastructure could be damaged
-
8/6/2019 Network Security in Power Systems
10/23
SCADA system attacks
n On the Ohio Davis-Besse nuclear power plant processcomputer, a 2003 Slammer worm attack, which disableda nuclear safety monitoring system over five hours
n A wireless link to the SCADA system for the
Queensland, Australia, Maroochy Shire sewage controlsystem in 2000 was exploited by one Vitek Boden. Thisattack caused millions of gallons of sewage to bedumped into Maroochy waterways over a four-monthperiod.
n Security consultant Paul Blomgren and his associateswere hired to assess SCADA vulnerabilities at a largesouthwestern power utility, they were able to penetratethe power stations operational control network andcomputer systems through wireless connections fromlaptops in a vehicle parked outside of the plant.
-
8/6/2019 Network Security in Power Systems
11/23
SCADA/ EMS vulnerabilitiesSCADA/ EMS vulnerabilities
nn N etwork ArchitectureNetwork Architecture vulnerabilitiesvulnerabilities
nn Physical connection vulnerabilitiesPhysical connection vulnerabilities
nn RTUs and IDEs vulnerabilitiesRTUs and IDEs vulnerabilities
nn Protocol vulnerabilitiesProtocol vulnerabilities
-
8/6/2019 Network Security in Power Systems
12/23
Network ArchitectureNetwork Architecture
vulnerabilitiesvulnerabilities
nn 20 years ago20 years ago -- separated Administrative andseparated Administrative and
Control networksControl networks
nn Today networks are tightly coupledToday networks are tightly couplednn Connection between SCADA and otherConnection between SCADA and other
corporate networks are not protected bycorporate networks are not protected by
strong access controlsstrong access controls
-
8/6/2019 Network Security in Power Systems
13/23
Physical connectionsPhysical connections
vulnerabilitiesvulnerabilities
nn Internet connection between remote devicesInternet connection between remote devices
and control center in order to avoid moreand control center in order to avoid more
expensive private linesexpensive private linesnn Wireless connectionsWireless connections
nn Dial up telephone linesDial up telephone lines
-
8/6/2019 Network Security in Power Systems
14/23
RTUs and IDEsRTUs and IDEs vulnerabilitiesvulnerabilities
nn Physical securityPhysical security
nn Many RTUs and IDEs have no passwordMany RTUs and IDEs have no password
protectionprotection
nn Many actuators (breakers, pumps) have itsMany actuators (breakers, pumps) have its
own network connectionown network connection
-
8/6/2019 Network Security in Power Systems
15/23
Protocol vulnerabilitiesProtocol vulnerabilities
nn Many plainMany plain--text SCADA protocols aretext SCADA protocols are
developed for private serial networks in 60sdeveloped for private serial networks in 60s
and 70sand 70s and today they have been adapted
to function over TCP/ IP (MODBUS,FIELDBUS, DNP3)
n Standard wireless protocols vulnerabilitiesvulnerabilities
(IEEE 802.11b)(IEEE 802.11b)
-
8/6/2019 Network Security in Power Systems
16/23
SolutionsSolutions
Physical network insulationPhysical network insulation
nn Separate intranet (SCADA/ EMS) networkSeparate intranet (SCADA/ EMS) network
and external network physicallyand external network physically
X
X X
Ref. [5]Ref. [5]
-
8/6/2019 Network Security in Power Systems
17/23
Firewall TechniqueFirewall Techniquenn
FirewallsFirewalls -- between enterprise network and Internetbetween enterprise network and Internetnn IntrawallsIntrawalls -- betweenbetween enterprise and process control network
N ISCC, BCIT ; Firewall Deployment for SCADA and ProcessControl N etworks, February 2005
Ref. [9]Ref. [9]
-
8/6/2019 Network Security in Power Systems
18/23
Physical connectionsPhysical connections
nn Private linesPrivate lines
nn Dial back modemsDial back modems
nn
Private wireless protocolsPrivate wireless protocolsnn VPN (Virtual private network)VPN (Virtual private network)
--IPsecIPsec
--PPTP (PointPPTP (Point--toto--Point Tunneling Protocol)Point Tunneling Protocol)
-
8/6/2019 Network Security in Power Systems
19/23
RTUs and IDEsRTUs and IDEs
nn Assure physical security of all remote sitesAssure physical security of all remote sites
connected to networkconnected to network
nn Do not allow live network access point atDo not allow live network access point at
remote, unguarded sitesremote, unguarded sites
nn Disable all necessary connections to RTUs,Disable all necessary connections to RTUs,
IDEs and actuatorsIDEs and actuators
nn Update firmwareUpdate firmware
-
8/6/2019 Network Security in Power Systems
20/23
RTUs and IDEsRTUs and IDEs
nn Interface between network and devicesInterface between network and devices
-
8/6/2019 Network Security in Power Systems
21/23
Security PoliciesSecurity Policies
nn Password policyPassword policy
nn Identification and Authentication of UsersIdentification and Authentication of Users
nn
Secure ESecure E--mail (PGP, PEM)mail (PGP, PEM)nn Intrusion detectionIntrusion detection
nn System RedundancySystem Redundancy
nn System Backup and Recovery planSystem Backup and Recovery plan
-
8/6/2019 Network Security in Power Systems
22/23
ConclusionConclusion
nn SCADA/ EMS networks were initially designed toSCADA/ EMS networks were initially designed to
maximize functionality and reliability, with littlemaximize functionality and reliability, with little
attention paid to securityattention paid to security
nn SCADA/ EMS networks can be very vulnerable andSCADA/ EMS networks can be very vulnerable andthat could result huge consequence to public safetythat could result huge consequence to public safety
and disruptions in the nations critical infrastructure.and disruptions in the nations critical infrastructure.
nn N o unique and entire solutionNo unique and entire solution every network isevery network is
different and requires custom solutiondifferent and requires custom solution
-
8/6/2019 Network Security in Power Systems
23/23
ReferencesReferences
n [1]Ronald L. Krutz; Securing SCADA Systems; Wiley Publishing, Inc. 2006
n [2]George D. Jelatis, Information Security Primer, EPRI 2000
n [3]21 Steps to Improve Cyber Security of SCADA Networks, President' s CriticalInfrastructure Protection Board , U.S. Dept. of Energy, 2002
n [4]A.Creery, E.J.Byres,Industrial Cybersecurity for Power System and
SCADA,IE EE Paper N o. PCIC-2005-34n [5]M.T.O. Amanullah, A. Kalam,A. Zayegh, Network Security Vulnerabilities
in SCADA and E MS, IEEE/ PES 2005
n [6]Yongli Zhu, Baoyi Wang, Shaomin Zhang; The Analysis and Design ofNetwork and Information Security of Electric Power System, IEEE/ PE S 2005
n [7]Gran N. Ericsson, On Requirements Specifications for a Power System
Communications System, IEEE TRANSACTIONS ON POWER DELIVERY,VOL. 20, NO. 2, APRIL 2005
n [8]Alan S. Brown, SCADA vs. the H ackers, Mechanical Engineering Dec. 2002
n [9]N ISCC, BCIT ; Firewall Deployment for SCADA and Process ControlN etworks, February 2005