Rhode Island Convention Center • Providence, Rhode Island
NAVY SmartShore Pilot
Track 4 Session 5
Jeff JohnsonNaval District Washington
August 10 2016
Energy Exchange: Federal Sustainability for the Next Decade
Session Agenda
– US Navy, Initial Energy Strategy– NDW Goals– The new cyber threat landscape ‐ hacker trends, techniques and
technologies– Common critical network vulnerabilities– NDW approach to cyber security– System Capabilities– Summary and conclusions
2
Energy Exchange: Federal Sustainability for the Next Decade
NDW Footprint*– Joint Base Anacostia Bolling (DC)– NAS Patuxent River (MD)– NSA Annapolis (MD)– NSA Bethesda (MD)– NSA South Potomac (VA)– NSA Washington (DC)
– Total Plant Replacement Value (PRV): $14B– Operations & Maintenance Budget: $500M/yr– Reimbursable Budget: $15M/yr
3
Naval District Washington
Geographically located in multiple states to address interstate utility regulatory issues
25,652 acres 3,129 buildings 2,822 non‐building structures 1,029 utilities locations 10 runways
6 hangers 44 piers‐wharfs 3 small arms training 21 small boats
Energy Exchange: Federal Sustainability for the Next Decade4
Navy Smart Energy Strategy 2012
Energy Exchange: Federal Sustainability for the Next Decade
• Aging infrastructure with deferred and declining investments for facilities sustainment & emergency management operations
– Deferred maintenance of buildings and building systems – Lack of resources to collect and maintain authoritative data– Reduced funding for programs and projects
• Increased risk from:– Commercial grid and perimeter vulnerabilities– Threats of cyber attacks (internal and external)– Growing incidence of natural and manmade disasters
• Increased pressure to reduce– Cuts to national defense budget– Aggressive Federal and DoD mandates
What is the Shore Baseline?
Compelling Need for Change
Pressure to reduce costs
Increased Risk
Aging Infrastructure
How will shore installation management be maintained & funded over their lifecycle to achieve intended benefits?
Energy Exchange: Federal Sustainability for the Next Decade
Establishing a secure critical infrastructure environment for efficient shore operations
REQUIREMENTS– Compliance with DoD and Federal mandates
– Efficiency savings through automation
– Optimization of operations and processes
– Safe & Reliable operations
– Share information between stakeholders
– Connect equipment over an IP network
– Utilize Standards Based (and Legacy) protocols
– Enhance Public Safety operations
– Protect Critical infrastructure
6
CONCERNS– Unauthorized external access to networks
and systems– Loss of command & control or data integrity– Loss or degradation of system availability– Malware infection manipulating operations– Cyber‐attack causing physical impact– Reputation loss due to publicized vulnerabilities or attacks– Intentional misuse of systems or control causing physical
impacts– Cyber security attacks impacting normal operations
NDW Operational Goals
Energy Exchange: Federal Sustainability for the Next Decade7
NDW Technology Insertion
Dahlgren Ops Investments
ATFP Program
AMI Program
OPNAV NDW Smart Grid Pilot Program
CNIC Energy
ProgramESTCP* Program
NDW Utilities Ops Investments
• Availability of Data for Facility and Utility Mgmt
• Establish basewide DDC system
• Command and Control (C2)
• Virtual Perimeter Monitoring System (VPMS)
• RDC• Gates• PSNet
• Measure Energy Consumption (2200 of 3129 bldgs in NDW)
• Business Process Re-engineering: People, Processes , Technology
• Accredited Architecture
• Benchmark • MAXIMO Pilot
• 40 FY12 eSRMprojects including:• Connect locations
with existing DDC/SCADA
• Re-commissioning• Building Envelope• HVAC, etc.
• Cognitive Energy Mgmt System
• Steam Trap Monitoring
• Chiller Optimization
• Adv. Demand Response
• First Fuels
•Plant Consolidation (Networking) –FY14•DDC & SCADA Projects –FY13&14•SteamDecentralization MILCON
Reduced FTE and improvedcustomer service; trend analysis and maintenance mitigations
Initial architecture established for secure command and control enabling mission assurance. Ability to reduce FTE and utilize data-based decisions
Smart metersallow multiple commodity consumption data at 15 min intervals; power factor and wave capture data allows improved quality
Capabilitytemplates & roadmap; Industry products meeting DoD technology gaps; Cyber security & mission assurance; Lessons learned for enterprise solutions
Cyber compliance;Integrated systems deployment for optimal C2 and active facility and utility mgmt
NDW Pilot has been identified as ideal testbed for private industry partnerships due foundational approach leading to data availability
Currently benchmarked at serveral sites; projects allow region wide deployment with proven ROI
Energy Exchange: Federal Sustainability for the Next Decade
Disgruntled ex-employee hacks into the water system and floods the community of sewage.
INSIDER ATTACKMaroochy Water System - 2010
The Conficker worm infected the control network causing an instability in the communications.
ENTERPRISE INFECTION“Unnamed” Steel Mill - 2011
Hackers disrupted networks to access automation equipment resulted in massive damage.
INSIDER ATTACK“Unnamed” Steel Mill, Germany - 2014
SHODAN discovered over 21,000 miss-configured building automation systems.
MISS-CONFIGUREGoogle HQ, Wharf - 2013
The attackers backed their way into network by compromising a 3rd-party vendor to steal data.
BACKDOOR ATTACKTarget Retail Stores - 2013
Stuxnet infected the air-gapped control network bypassing causing damage to centrifuge.
.
SCADA MALWARENatanz Nuclear Facility ‐ 2010
WHAT’S NEXT?
Networks infected with the Shamoon virus erased information causing enterprise network outages.
ENTERPRISE ATTACKSaudi Aramco & RasGas - 2012
A team used a penetration test on PLCs to realize how badly vulnerable their SCADA/ICS were .
PLC ATTACKProject Basecamp - 2012
Iranian hackers tried to open flood gates. Was this a dress rehearsal for something bigger?
BACKDOOR ATTACKNew York Dam - 2013
Left 225,000 customers in the dark. 1st successful cyber attack to knock a power grid offline.
.
SCADA ATTACKUkraine Utilities - 2015
Hack accessed hundreds of PLCs used to manipulate control applications altering chemicals.
PLC ATTACKKemuri Water Company - 2016
What are the Threat Vectors?
Energy Exchange: Federal Sustainability for the Next Decade
• Nation states• Criminals• Activists• Employees• Children!
A World Full of Hackers Various Motivations• Money• Political protest• Environmental activism
• Espionage• Retaliation• Job security• Fun
Unintentional DisastersAn attacker/ user doesn’t even know what they are doing to cause a huge impact
Admiral Michael Rogers, Director NSA & US Cyber Command
“… China along with ‘one or two’ other countries have the capability to successfully launch a cyber‐attack that could shut down the electric grid in parts of the United States”.
NSA Director testimony to Congress, Nov. 2014
9
Who are the Actors?
Energy Exchange: Federal Sustainability for the Next Decade
Boundary Protections• Firewalls• Network Intrusion Detection• DMZ/Proxy Servers
Endpoint Protections Host intrusion detection/prevention
(anti‐virus/firewall/application white‐listing)
Policy enforcement Configuration management Device connection management Data transfer management External alerting & reporting
Pre‐Stuxnet Protection• Firewalls• DMZ/Proxy Servers• Air Gaps
Post‐Stuxnet Protections: Anti‐virus on PCs & Servers Firewalls / data‐diodes Configuration/patch management Secure Middleware Panels
(Energyguard and NAE(S)
Protocol monitoring capability for ICS systems via endpoint protection for legacy devices
I.T. vs. O.T. Approaches to Cyber Security
NDW Technical Approach
Energy Exchange: Federal Sustainability for the Next Decade
• An enterprise‐grade industrial control system– Integrates disparate multi‐vendor systems into a local, regional and national
system– Provides a secure enclave for ICS management while ensuring no access to
legacy unsecure PLC devices
• Improved base operations– Remote monitoring and control of HVAC, lighting, building access, water, waste
water, steam and power systems– Consolidated regional energy performance data for analysis and demand
response
• Enhanced critical infrastructure protection– Virtual Monitoring System ‐ A “virtual” fence that detects and alerts when
intruders enter restricted areas – Enhanced monitoring providing real‐time access to deployed sensors for
command & control / assessment– Secure wireless network for mobile and fixed sites
• Solutions validated by Independent Agencies
• NAVY Utility Management Control System (NUMCS )– Maintain the Pilot Edge based security capabilities while migrating from SSSPN
• NAVFAC SMARTGRID RFP will provide Advanced Analytics Capabilities
11
ICS Solution Overview
Energy Exchange: Federal Sustainability for the Next Decade12
Shore Operations Center (ShOC)
Alarms / Alerts on Emergencies Regional Dispatch Center (RDC)
Alarms / Alerts on Building & Utility Operations Public Works Department (PWD)
Quality Assurance on Shore Operations: Contract Execution, Maintenance Support; Event Close-out, etc. Public Works Department, Regional Dispatch Center
Trouble Calls and Service Requests from Installation personnel to the Regional Desk Public Works Department
Shore Integrator
Shore Facilities Engineering Command
Shore Operations Center
Energy Exchange: Federal Sustainability for the Next Decade
Trouble Call Reported
Maximo Ticket Created
ICS Alarm on Building System
Coordinates with Operator
System Requires Service
If HVAC related
QA/QC forTicket Closeout
Active Facility Management Workflow
13
Facilities and Energy Operations Center (FEOC)
Energy Exchange: Federal Sustainability for the Next Decade
Sensor Management Suite (SMS Team)
Emergency Call or Fire Alarm Received in Regional Dispatch Center (RDC)
Dispatch First Responders
orCreate Remedy
Ticket
Notify Regional Operation Center (ROC) and Installation Emergency Operations Center
(EOC) per CONOPS
Virtual Perimeter Monitoring System
Emergency Management Workflow
14
Sensor Management and Emergency Dispatch
Energy Exchange: Federal Sustainability for the Next Decade
Occupancy ModeStatic PressureSupply Fan SpeedZone Temp
Re-Programming Date – 24 Dec 2014
Re-tuning via controls programming reduced AHU Run Time by 12 hours on weekdays and 16 hours on weekends
Re-tuning Building extends lifecycle of building equipment
Service Area:• West Side• Floors 1,2,&3
Unit:• 12k CFM• 7.5 HP Supply• 15 HP Return
Sustainment Improvement ExampleAir Handler Unit #1
15
NDW Technology Insertion
Energy Exchange: Federal Sustainability for the Next Decade
0
500
1,000
1,500
2,000
2,500
Meter Data (kWh) Average Weekends_Holidays
Daily Meter Data (kWh)Daily Average 1,975
New Daily Average 1,284 ∆‐691 kWhAverage Daily
16
Energy Analysis ExampleBuilding Electrical Meter Data
Re-tuning Buildings saves Energy
Energy Exchange: Federal Sustainability for the Next Decade
• Projects Execution for Cyber and Operations is “Easier” than continuous monitoring of deployed systems
• Loss of funding for Public Works funds impacts the ability to repair systems (ROI is predicated on fixing systems)
• Cyber Security and Continuous Monitoring provides a opportunity for additional continuous monitoring and operations of Facility and Utility Infrastructure
• NAVFAC FEOC CONOPS development is an move towards active facility management
• Network and System continuous monitoring helps with system reliability and reduces Operational and Cyber Risk
• NAVFAC RFP addresses the “big data” advanced analytics gap and provides additional tools for system operation and energy savings.
Lessons Learned
Energy Exchange: Federal Sustainability for the Next Decade18
Present and Future
Wired/ Wireless InfrastuctureNetwork AssetsVideo Cameras
Direct Digital ControlsAlarm Systems
ELMR
Quick Reaction Force SecuritySensor Based Enclaving
Demand response every 15 minutes based Market Conditions
Condition Based Recurring MaintenanceDynamic Equipment/Fire Response Integration
Instantaneous Access Restrictions
Smart Shore 1.0Systems consolidated onto the same platform
Smart Shore X.0Advanced applications and operating procedures
leveraging integrated system data
18
Integrated Systems and CONOPS for the SHORE
Top Related