Transcript Slides
Cyber Security of Smart Grid Systems Vittal S. Rao Texas Tech University [email protected] May 1, 2015 Sponsors of Research Projects National Science Foundation Northrop Grumman Corporation American Electric Power Alstom Wind Power Ball Aerospace Corporation Networked Infrastructure Systems Objectives To develop real-time capabilities to detect, assess, analyze and mitigate cyber threats To enhance resilient dynamics in networked systems for natural or man made disasters. To develop decentralized security for complex systems Infrastructure Systems Smart Grid Energy Systems Oil and Gas Pipeline Systems Critical Manufacturing Systems Intelligent Transportation Systems Military Systems Communication Systems Background Information • Protection of critical physical infrastructure from cyber threats presents different challenges than standard cyber security practices. Conversely, while reliability and fault tolerance are well-developed areas of traditional systems engineering, probabilistic failure models do not suffice to capture the complexity of intelligent adversaries with undetermined capabilities and motives. However, critical physical infrastructure systems offer opportunities for powerful approaches to security, since they include a major physical component that must obey natural laws. • It is well known that standard cybersecurity practices developed by the information technology (IT) communities are inadequate to the challenges of networked engineering systems, due to real-time performance and uninterrupted service requirements, direct impact on human health and safety, a large base of vulnerable legacy hardware and software, and the culture gap between the engineering and IT communities. Background Information (continued) • Referring to the fact that physical systems can be modeled using well-understood physical laws, Department of Homeland Security (DHS) Best Practices state that “The deterministic nature of the engineering systems can greatly improve the granularity of the signatures, because rogue or malicious behavior from an attacker may require actions that would be well beyond expected behavior levels.” The active cyber defense of engineering systems can be enhanced using the power of dynamical models of networked systems. Information Security Key Concepts: (1) The CIA triad (confidentiality, integrity and availability) (2) Risk Management: Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization. Vulnerability: is a weakness that could be used to endanger or cause harm to an informational asset. Threat: is anything (manmade or act of nature) that has the potential to cause harm. Impact: is a loss of availability, integrity, and confidentiality, other losses (lost income, loss of life, loss of real property) Mitigation of Risks: Administrative controls, logical controls, Physical controls 7 Differences IT Security Infrastructure Security Highest priority: Confidentiality Information Assurance Architecture and Design for Security Access Control Network Security Highest priority: Real-time performance Legacy Systems High Availability Dynamic deployment and control of sensors Ability to detect attacks and provide attribution based on physical models Threats Against Cyber Physical Systems Denial of service (DoS) attacks Attacks against open ports and services Attempt to change device settings Attempt to inject malicious data Attempt to change control settings Attempt to place a man-in-the-middle(MITM) between physical systems. 9 Cyber Security of Critical Infrastructures • Assessment and monitoring of risk • Development and integration of protective measures • Detection of intrusion and implementation of response strategies • Enhancement of security methods Intro-Efforts for securing SCADA systems • IT perspective: “Obscurity Principle”. • Control Engineering perspective:“reliability” . • Very few researchers have investigated how malicious attacks affect the estimation and control algorithms, and ultimately, how attacks affect the physical world Smart Grid Energy Systems • Integration of ‘Electrical Infrastructure’ with ‘Intelligence Infrastructure’ • Smart Sensors, Protective Relays and Control Devices • On-Line Equipment Monitoring • Communications Infrastructure • New Operating Models and Algorithms • Real-Time Simulation and Contingency Analysis • Improved Operator Visualization Techniques • Interconnection Codes and Standards • Cyber Security Smart Grid Energy Systems Enables Active Consumer Participation Accommodates all Generation and Storage Options Enables New Products, Services, and Markets Provides Power Quality for the Digital Economy Optimize Asset Utilization and Operates Efficiently Anticipates and Responds to System Disturbances (Self-heals) Operates Resiliently Against Attack and Natural Disaster Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011” Intrusion Detection Methods Anomaly detection: Statistical models (Discrete Wavelet Transform) Machine learning and data mining techniques Specification-based methods Information-theoretic measures Misuse detection: Rule-based language Abstraction-based intrusion detection State transition analysis tool kit Colored Petri automata 15 Types of Stealth Attacks Game-Theoretic approaches for addressing following stealth attacks: • Surge Attacks • Bias Attacks • Geometric Attacks TTU Real Time Simulator State Estimation Techniques • Facilitate accurate and monitoring of operational quantities in dynamical systems. • Provide a real time data base of the system and will provide information to analyze contingencies and determine required corrective actions. • Broadens the capabilities of SCADA control systems. Conclusions • • • • • • • • • • Emphasis on Cyber Physical Systems Importance of Secure Critical Infrastructure Systems Multidisciplinary Research Approaches Real Time Detection Methods Complex Systems and Big Data (Data Analytics) Significant Shortage of Professionals Academic Programs Development of Test Beds Next Big Thing!! [Internet of Things] THANKS for YOUR ATTENTION 19