Transcript Slides

Cyber Security of Smart Grid
Systems
Vittal S. Rao
Texas Tech University
[email protected]
May 1, 2015
Sponsors of Research Projects
 National Science Foundation
Northrop Grumman Corporation
American Electric Power
Alstom Wind Power
Ball Aerospace Corporation
Networked Infrastructure Systems
Objectives
 To develop real-time
capabilities to detect,
assess, analyze and mitigate
cyber threats
 To enhance resilient
dynamics in networked
systems for natural or man
made disasters.
 To develop decentralized
security for complex
systems
Infrastructure Systems
 Smart Grid Energy Systems
 Oil and Gas Pipeline
Systems
 Critical Manufacturing
Systems
 Intelligent Transportation
Systems
 Military Systems
 Communication Systems
Background Information
• Protection of critical physical infrastructure from cyber threats
presents different challenges than standard cyber security practices.
Conversely, while reliability and fault tolerance are well-developed
areas of traditional systems engineering, probabilistic failure models
do not suffice to capture the complexity of intelligent adversaries
with undetermined capabilities and motives. However, critical
physical infrastructure systems offer opportunities for powerful
approaches to security, since they include a major physical
component that must obey natural laws.
• It is well known that standard cybersecurity practices developed by
the information technology (IT) communities are inadequate to the
challenges of networked engineering systems, due to real-time
performance and uninterrupted service requirements, direct impact
on human health and safety, a large base of vulnerable legacy
hardware and software, and the culture gap between the
engineering and IT communities.
Background Information (continued)
• Referring to the fact that physical systems can be
modeled using well-understood physical laws,
Department of Homeland Security (DHS) Best Practices
state that “The deterministic nature of the engineering
systems can greatly improve the granularity of the
signatures, because rogue or malicious behavior from an
attacker may require actions that would be well beyond
expected behavior levels.” The active cyber defense of
engineering systems can be enhanced using the power
of dynamical models of networked systems.
Information Security
Key Concepts:
(1) The CIA triad (confidentiality, integrity and availability)
(2) Risk Management: Risk management is the process of
identifying vulnerabilities and threats to the information resources used
by an organization in achieving business objectives, and deciding
what countermeasures, if any, to take in reducing risk to an acceptable
level, based on the value of the information resource to the organization.
Vulnerability: is a weakness that could be used to endanger or cause
harm to an informational asset.
Threat: is anything (manmade or act of nature) that has the potential to
cause harm.
Impact: is a loss of availability, integrity, and confidentiality, other losses
(lost income, loss of life, loss of real property)
Mitigation of Risks: Administrative controls, logical controls, Physical
controls
7
Differences
IT Security
Infrastructure Security
 Highest priority:
Confidentiality
 Information Assurance
 Architecture and Design for
Security
 Access Control
 Network Security
 Highest priority: Real-time
performance
 Legacy Systems
 High Availability
 Dynamic deployment and
control of sensors
 Ability to detect attacks and
provide attribution based
on physical models
Threats Against Cyber Physical Systems
 Denial of service (DoS) attacks
 Attacks against open ports and services
 Attempt to change device settings
 Attempt to inject malicious data
 Attempt to change control settings
 Attempt to place a man-in-the-middle(MITM) between
physical systems.
9
Cyber Security of Critical Infrastructures
• Assessment and monitoring of risk
• Development and integration of protective
measures
• Detection of intrusion and implementation of
response strategies
• Enhancement of security methods
Intro-Efforts for securing SCADA systems
• IT perspective: “Obscurity Principle”.
• Control Engineering perspective:“reliability” .
• Very few researchers have investigated how
malicious attacks affect the estimation and
control algorithms, and ultimately, how
attacks affect the physical world
Smart Grid Energy Systems
• Integration of ‘Electrical Infrastructure’ with
‘Intelligence Infrastructure’
• Smart Sensors, Protective Relays and Control
Devices
• On-Line Equipment Monitoring
• Communications Infrastructure
• New Operating Models and Algorithms
• Real-Time Simulation and Contingency Analysis
• Improved Operator Visualization Techniques
• Interconnection Codes and Standards
• Cyber Security
Smart Grid Energy Systems
 Enables Active Consumer Participation
 Accommodates all Generation and Storage
Options
 Enables New Products, Services, and Markets
 Provides Power Quality for the Digital Economy
 Optimize Asset Utilization and Operates
Efficiently
 Anticipates and Responds to System
Disturbances (Self-heals)
 Operates Resiliently Against Attack and Natural
Disaster
Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011”
Intrusion Detection Methods
Anomaly detection:

Statistical models (Discrete Wavelet Transform)

Machine learning and data mining techniques

Specification-based methods

Information-theoretic measures
Misuse detection:

Rule-based language

Abstraction-based intrusion detection

State transition analysis tool kit

Colored Petri automata
15
Types of Stealth Attacks
Game-Theoretic approaches for addressing
following stealth attacks:
• Surge Attacks
• Bias Attacks
• Geometric Attacks
TTU Real Time Simulator
State Estimation Techniques
• Facilitate accurate and monitoring of
operational quantities in dynamical systems.
• Provide a real time data base of the system
and will provide information to analyze
contingencies and determine required
corrective actions.
• Broadens the capabilities of SCADA control
systems.
Conclusions
•
•
•
•
•
•
•
•
•
•
Emphasis on Cyber Physical Systems
Importance of Secure Critical Infrastructure Systems
Multidisciplinary Research Approaches
Real Time Detection Methods
Complex Systems and Big Data (Data Analytics)
Significant Shortage of Professionals
Academic Programs
Development of Test Beds
Next Big Thing!! [Internet of Things]
THANKS for YOUR ATTENTION
19