350 likes | 655 Views
NERC. North American Electric Reliability Corporation (NERC)Provides standards for power system operation, as well as monitoring and enforcement of these standards. NERC CIP. Critical Infrastructure Protection (CIP)Systems vital to national or regional security, includes utilities, transportati
E N D
1. Security in the Power Grid Brandon Schmidt
Burns & McDonnell
T&D Telecommunications and
Network Engineering Department MattMatt
2. NERC
North American Electric Reliability Corporation (NERC)
Provides standards for power system operation, as well as monitoring and enforcement of these standards
3. NERC CIP
Critical Infrastructure Protection (CIP)
Systems vital to national or regional security, includes utilities, transportation, emergency services, communications
NERC CIP
Oversees cyber and physical security of the bulk power system for North America
4. Eight CIP Standards CIP-002: Critical Cyber Asset Identification
CIP-003: Security Management Controls
CIP-004: Personnel and Training
CIP-005: Electronic Security Perimeter(s)
CIP-006: Physical Security
CIP-007: Systems Security Management
CIP-008: Incident Reporting and Response
Planning
CIP-009: Recovery Plans for Critical Cyber Assets CIP-001 Sabotage Reporting – Not considered part of the Cyber Security StandardsCIP-001 Sabotage Reporting – Not considered part of the Cyber Security Standards
5. The Intent of the CIP Standards
“… is to ensure that all entities responsible for the reliability of the Bulk Electric Systems in North America identify and protect Critical Cyber Assets that control or could impact the reliability of the Bulk Electric Systems.”
6. What a T&D Engineer Needs to Know What are the asset classifications
How to protect each class of asset
Why any station we design should meet these standards, even if it is not required
Why implementing security is a good business practice MattMatt
7. Type of Assets and the Protection Required (CIP-002) Critical Asset
Cyber Asset
Protected Cyber Asset
Critical Cyber Asset MattMatt
8. Type of Assets and the Protection Required (CIP-002) Criteria are individually utility determined
Develop a list of Cyber Assets and classification
Revaluate once per calendar year
9. How to Determine Cyber Asset Classification? Items to Consider
Provide essential services
Generate critical data
Identify threat level if unprotected
Determine scale of impact MattMatt
10. Typical Asset Classifications Critical Cyber Assets
Electronic Relay
RTU
HMI
Substation Automation Systems
System Wide DA Applications (>300 MW)
Protected Cyber Assets
Firewalls, Switches, Routers
Phone Line Security Devices
Card Access and Video Surveillance Systems JaradJarad
11. Typical Asset Classifications (Cont.) Cyber Assets
Digital Fault Recorder
Sequence of Event Recorder
Transformer or Bushing Monitor
Revenue Meter
Telephones
SONET or TDM Multiplexers JaradJarad
12. Any questions about
Critical Assets vs. Cyber Assets?
13. How to Protect Yourself Electronic Security Perimeter
(ESP CIP-005)
All critical or protected cyber assets must reside within in an ESP
Non protected or critical assets can reside within the ESP but they are subject to the same access, patching, and logging requirements as a Critical Asset. JaradJarad
14. Electronic Security Perimeter (ESP) Routable Protocols
Ethernet and IP
Secured with a firewall, authentication server, logging server
Non Routable
Dial-up
Phone line switch with security
Serial
In-line encryption device
Today NERC does not require security for dedicated point to point services MattMatt
15. How to Protect Yourself Physical Security perimeter
(PSP CIP-006)
All ESP should be within a PSP JaradJarad
16. Physical Security Perimeter (PSP) Define according to NERC
Six-walled box must contain all protected and critical cyber assets
OSI Layer 3 (routable protocols) must use an Auditable Access System and an Intrusion Detection System MattMatt
17. Physical Security Perimeter (PSP) Define according to NERC
A physical security perimeter is not intended to make the site more hardened but to let you know when the perimeter has been compromised MattMatt
18. What is an Auditable Access System? Could be a guard with a sign in procedure
Could be an access log sheet (though not recommended)
Preferred
Card Access System
Cyber Key JaradJarad
19. What is an Intrusion Detection System? Security Alarm System
Motion Detectors
Door Switches
Video Monitoring
Cameras
Recorders
Motion Detection JaradJarad
20. Why Do Routable Protocols Require Physical Security? Routable protocols allow remote access
Access to one point may allow access to entire network
NERC wants to mitigate this risk MattMatt
21. What Does a T&D Engineer Need to Keep in Mind? Don’t extend IP networks with control capabilities outside the PSP
If it is not a protected or critical assets, then keep it out of the ESP
Devices that do not fall within the ESP can be within the PSP Matt
Matt
22. What Does a T&D Engineer Need to Keep in Mind? All of these regulations fundamentally want to ensure that all control messages are authenticated and authorized
The operating company knows what is going on inside of its electronic devices
Following these standards adds little to the cost of initial construction Matt
Matt
23. Any questions?
24. 61850 Cheaper – Better – Faster? Does It Violate NERC CIP? Inside the control house? NO
Process buss into the yard? NO
Control buss into the yard?
Still up for debate
Definitive clarification from NERC still outstanding
Violates the IP out of the PSP principal
Technically possible if each cabinet is a PSP
All communications between PSPs are secured
MACSec 802.1ae MattMatt
25. Violation Examples Bulk Power Substation
500/230/138/13-kV station had three control houses with two attached generating stations
Station service was protected with a LAN connected recloser on a pole outside of the substation fence
All control house LANs were interconnected to allow DFR connectivity
Generating Station
Remote water intake 13 miles away from plant without a security system
PLC pump control connected via PBX phone extension to Balance of Plant control system. Pump PLC dials plant to report problems
Bulk Power Stations
USB wireless modem connected to an SEL 2020 to facilitate settings work MattMatt
26. What to Show on an ESP Drawing DO
All Phone Lines
All Leased and Private Communications Lines
All Cyber Assets
27. What to Show on an ESP Drawing DON’T
IP Address
Phone Numbers
DNP Address
Username/Passwords
28. ESP Dial-Up Substation (Example) JaradJarad
29. ESP IP Substation (Example) JaradJarad
30. Procedures that Might Affect Substation Engineering Procedures that affect substation design:
Document Control (CIP-007)
Some drawings need to be securely stored and transmitted
Configurations, IP address, passwords
Unescorted access to the site (CIP-004)
Have background check and NERC training if entering sites after connected (this might include commissioning) JaradJarad
31. Procedures (Cont.) Information Transmittal (CIP-007)
Files should be transmitted securely
Postal Mail – Tracked and signed for
E-mail – Signed and Encrypted
FTP – Encrypted
Document Management System (Document Locator) often provides required security JaradJarad
32. Audits and Violations Audit Process
Violation Levels
Low
Moderate
High
Severe JaradJarad
33. Fines Fines
$1,000: Minor offense, easily correctible
$1,000,000: Egregious dereliction to the intent of the CIP Standards
Removing IP and replacing with serial has been deemed a circumvention of the intent of the standard (fine amount undetermined) JaradJarad
34. Any questions?
35. Selection Flowchart MattMatt