1 / 18

Four Layers of Smart Grid Security

Four Layers of Smart Grid Security. Session: Energy Cybersecurity II. Ernie Hayden CISSP CEH Managing Principal – Critical Infrastructure Protection/Cyber Security Verizon Risk Team Feb 13, 2013. Today’s Agenda. Smart Grid Security: Who’s Worried and Why? “Layers” of Concern

ewan
Download Presentation

Four Layers of Smart Grid Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Four Layers of Smart Grid Security Session: Energy Cybersecurity II Ernie Hayden CISSP CEH Managing Principal – Critical Infrastructure Protection/Cyber Security Verizon Risk Team Feb 13, 2013

  2. Today’s Agenda • Smart Grid Security: Who’s Worried and Why? • “Layers” of Concern • Physical Layer • Cyber Layer • Privacy Layer • Storage Layer • Just What To Do? • Question & Answer

  3. History of Verizon Security Practice

  4. Who is Worried About Smart Grid Security?High-Level Security Concerns from Global Agencies • Acknowledged by: • European Network and Information Security Agency (ENISA) • National Institute of Standards and Technology (NIST) • North American Electric Reliability Corporation (NERC) • Department of Homeland Security (DHS) • Department of Energy (DOE) • Federal Energy Regulatory Commission (FERC) • Government Accountability Office (GAO) • Selected Nations and US State Public Utility Commissions

  5. DOE and NIST Concerns • Increasing Complexity of the Grid • Interconnected Networks Can Introduce Common Vulnerabilities • Increasing Vulnerabilities to Communications • Introduction of Malicious Software • Increased Number of Entry Points and Paths for Potential Adversaries to Exploit • Potential for Compromise of Data Confidentiality, Including Breach of Customer Privacy

  6. Who Said Anything About Complexity?

  7. “LAYERS” OF CONCERN

  8. Physical Layer Security • Natural Disasters • Snow Storms • Hurricanes • Solar Flares • Geomagnetic Storms • Earthquakes • Flooding • Volcanoes • Recognize that Location of the Smart Grid Components Can Be Affected by the Surrounding Environment • US Case – Overheating Meters

  9. Cyber Layer Security • The Biggest Opportunity for Trouble • “The Last Mile” Issues • Remember – Added Complexity Causes Concerns

  10. “Last Mile” • Broadband Power Line Systems • Power Line Carrier Systems • Public Switched Telephone Network (PSTN) • Cat5/6 Network Connection • Radio Frequency • WiMax • ZigBee • 6LoWPAN • 802.11x • Cellular (CDMA/EVDO, GSM, LTE)

  11. 99.9999% Cyber Attacks • Remember C I A • Confidentiality Attacks • Reading, “Sniffing” the data • Integrity Attacks • Changing the Data • Availability Attacks • Denial of Service – Prevent Use of Service

  12. Privacy Attacks http://www.dora.state.co.us/puc/DocketsDecisions/DocketFilings/09I-593EG/09I-593EG_Spring2009Report-SmartGridPrivacy.pdf

  13. Privacy Attacks (2) • Very Emotional Discussion • State of California • Smart Grid and IOU’s • Theoretical Impacts • But…Demographic Data has Value http://www.baystatetech.org/graphics/major-app.jpg

  14. Today’s Environment The Future Smart Grid Analog Meters or Simple Digital Meters Manually Read or Use “Drive By” Reading “Smart” Digital Meters & “Smart” Sensors Read Monthly (or Less Frequently) Automatic Reading Minimal Data Accumulation Read Every ~15 Minutes or More Frequently Simple Data Fields – KWH Used Since Last Reading “Data Avalanche!” – Numerous Data Fields and Classes Used with Permission – E N Hayden Microsoft Clip Art Online Microsoft Clip Art Online Microsoft Clip Art Online www.smartgridnews.com Storage

  15. Is it a Data Avalanche? Tsunami? • Lux Research: Utilities Manage 9x Current Data if Go to Smart Grid (Boston: Jan 26, 2011) • Types of Data from Smart Meters • Broadcast Data • Billing Interval Data • Detailed Consumption Data • Aggregate Statistical Data • Predictions • Prediction for U.S. by 2019  100M Meters  100 Petabytes generated during the next 10 years (West Coast Utility) • Utilities spent $356M on Smart Grid data analytics tools in 2010  $4.2B in 2015 (Pike Research) • 300 TB per year of meter data by 2012 (SoutheastU.S. Utility) (as of 2011) http://obiblog.files.wordpress.com/2008/08/data-pic.jpg 1 Petabyte is 1000 Terabytes!

  16. What To Do? • #1: Start with the NISTIR 7628 and ENISA • #2: Begin with Security in Mind • #3: Work with Your Meter Vendors • #4: Establish Incident Response Team and Practice • #5: Include Security Experts in Design, Build and Operate Phases • #6: Have a Dedicated Security Team for SG • #7: Monitor Regulations Affecting the SG • #8: Ensure Code Includes Security (Ref: OWASP) • #9: Beware of Remote Connections • #10: Ultimate Job: Protect the Data!

  17. QUESTIONS? OBSERVATIONS?

  18. THANK YOU! Ernie Hayden CISSP CEHManaging PrincipalCritical Infrastructure Protection/Cyber Security Verizon Risk Team+1 206-458-8761ernie.hayden@verizon.com

More Related