1 / 13

Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

COMMUNICATION & DATA SECURITY. Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210. Mature phase 7-10 years. Integration electric vehicles (EV). Demand Response. Integration of PHEV. Emerging phase 3-7 years. Energy storage. Islanding. Piloting Islanding and energy storage.

arlais
Download Presentation

Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COMMUNICATION & DATA SECURITY Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  2. Mature phase7-10 years • Integration electric vehicles (EV) Demand Response • Integration of PHEV Emerging phase3-7 years • Energy storage • Islanding Piloting Islanding and energy storage Smart (MV) substation Initial phase1-3 years • LV monitoring & control Integration of small scale generation • AMI integration with DMS • Environmental friendly equipment Implemented • Distribution Automation • Smart Meters for billing SmartGridsEvolution Smart Grid Evolution (Nordic view) Time Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  3. Cyber Security priority in Vattenfall • Cyber security is a natural part of Security / Safety, and will be treated like this. • We still need to work hard to raise the priority in everyday business, because of the new threat scenarios that are not widely understood by line managers. Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  4. New threat scenarios with Smart Grid 1 • Introduction of intelligent control and connectivity between different domains; e.g. customer, markets, service provider, operation, generation, transmission and distribution • “Partial upgrades”: Long term usage of legacy assets is a competence challenge and thus a security threat • Huge amount of devices with homogeneous technology, e.g. Smart Meters, can be affected by a single disruption by bug or cyber attack Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  5. New threat scenarios with Smart Grid 2 • Larger scale communication network with exploding amount of controllable objects in the network • Smart Grids mean less investment to copper and more to intelligence in the grid. We are operating closer to maximum performance, so we are more vulnerable to “copper failures” Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  6. Critical technologies of a Smart Grid need special consideration • Low voltage protection and control • Smart Metering infrastructure (compliance / certification of the meters / communication) • Large scale wind power connectivity and controllability • Smart Grid security should not be thought just from technical perspective. We need to analyze and plan it at least from IT, customer, society and personal integrity perspectives Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  7. Wireless or Wired communication? • We use more and more wireless communication • In-house access to Smart Meters and single remote components in the network is (or will soon be) connected wirelessly. • There are plenty of bus and hardwired solutions in a substation that will remain wired in near future. • Wireless will not replace physical connections 100%, but will be used increasingly, thus specific care in compliance is needed. Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  8. Public networks • With the increasing cost pressure from regulators, it is seldom possible to build private physical networks, unless the fiber communication infrastructure is already built • Utilizing the public networks in a secure way is often a key to success in a cost balanced way Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  9. Risks of the new communication technologies 1 • Use of insecure legacy devices • Larger scale communication network • Increasing technical complexity • "Security by obscurity" security culture background • Few aligned common standards • Interconnected networks can introduce common vulnerabilities Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  10. Risks of the new communication technologies 2 • Lacking physical access restriction to, for example, field devices, meters, etc. • Exposure of critical infrastructure due to connectivity reasons • Introduction of new technologies and protocols • Exposure of sensitive customer data • Huge amount of devices with homogeneous technology, e.g. Smart Meters, which could be affected by a single disruption • Higher complexity due to greater interconnectivity even to non-trusted partners Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  11. Mitigation strategies • Active participation in standards development • Clear roadmap of replacing legacy devices / transparency • Compliance to privacy and integrity requirements in the different legal environments • Awareness • Cooperation with different vendors to identify and implement security measures in new technology • In general transparency and control (knowing what is out there) Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  12. Implementation • Low hanging fruits • Zone model: separation and defense in depth principle • Organizational responsibility, awareness • Business continuity planning • Concentrate on risk mitigation, not only intrusion prevention • Harder to implement, but needed • Standardization: Security in protocols (authentication, encryption), hardening, etc. • Finding “good enough”, cost efficient solution, i.e. taking the business needs and restrictions into account Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

  13. Questions? Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210

More Related