1 / 37

Securing the Smart Grid

Securing the Smart Grid. All Is Not Quiet on the Digital Front Richard Clarke on why the U.S. is dangerously ill prepared to defend us from a cyberwar . by Jessica Ramirez April 21, 2010 Richard Clarke, the former federal anti-terrorism czar was quoted as saying,

mabyn
Download Presentation

Securing the Smart Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Securing the Smart Grid

  2. All Is Not Quiet on the Digital Front Richard Clarke on why the U.S. is dangerously ill prepared to defend us from a cyberwar. by Jessica Ramirez April 21, 2010 Richard Clarke, the former federal anti-terrorism czar was quoted as saying, "The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet. They've been able to do it every time they have tried......Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures.".

  3. June 2, 2010 By Larry Karisny Vint Serf "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet." Smart Grid Security, Ground Zero for Cyber Security

  4. Security Pros Question Deployment of Smart Meters By Kim Zetter Email Author March 4, 2010 | “The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian.

  5. Who Owns Smart-Grid Security? December 8, 2010 By Larry Karisny Bob Lockhart is an industry analyst with Pike Research, which just released a study of smart-grid security. “We security experts call Stuxnet state-of-the-art because we arrogantly think we know everything that’s happening, but we don’t. The Stuxnet code and attack could be three years old -- that’s two iterations of Moore’s Law. If true, then things probably have already gotten much worse than we understand. We’re just blissfully ignorant of how bad.”

  6. Smart Grid Security: Generally Speaking, the World Doesn't End January 24, 2011 By Larry Karisny An interview with Andy Bochman, energy security lead IBM Software Group/Rational, and editor of the Smart Grid Security Blog. “The grid is so large and so complex that it doesn't take a Nostradamus to predict successful attacks on it in any coming year, especially as one of the primary enablers of new smart grid functionality involves massively interconnecting systems that were previously protected, at least in part, by their isolation.”

  7. National Security Agency, and commander of the new US Cyber Command, General Keith Alexander. “If you think of our nation, our financial system, our power grids – all of that resides on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial systems.” Deputy Secretary of Defense William Lynnwrote in a recent issue of Foreign Affairs that some “100 foreign intelligence organizations are trying to hack into the digital networks that undergird US military operations” and that some “already have the capacity to disrupt US information systems.” Homeland Security Secretary Janet Napolitano said “Cyberspace is fundamentally a civilian space, and government has a role to help protect it.” Scientists Decry Cyberwar as Governments RespondFriday, January 21, 2011Contributed By:Dan Dieterle

  8. Why the Demand Side of the Smart Grid first?

  9. Smart Grid Network Topology

  10. The first of 13 pages of awarded smart meter grants

  11. Will security issues stifle smart grid investment? November 18, 2010 at 4:47 PM by Larry Karisny With billions of dollars of public and private smart grid investment in place and billions more in forecasted network hardware and software shipments, will enthusiasm for the smart grid be dampened by security concerns? Current smart meter deployment trends and reported security breaches point towards that possibility. A recent Pike Research report entitled “Smart Grid: 10 Trends to Watch 2011 and Beyond” maintains that “security will become the top smart grid concern”.

  12. Too Much to Gain to Stop the Smart Grid

  13. Smart Grid Security a Start of a Big Opportunity Critical Infrastructure Transportation Utilities Public Safety City Services Power Grid

  14. A Whole New Security Industry is Started

  15. A lot of networks connecting to networks

  16. Power Grid Networks and Data Collect is Different

  17. What's a SCADA?

  18. Securing Specialized Legacy

  19. Lots of guidelines and oversight

  20. Private Sector Disagreement on Smart Grid Security Wi-Fi Alliance fires back at GE endorsement of ZigBee December 21, 2010 | Iris Kuo Earlier this month, GE officially endorsed ZigBee as the wireless standard of choice for smart appliances in a white paper, but the Wi-Fi guys aren’t having any of it. The Wi-Fi Alliance released a statement yesterday denouncing the white paper as “flawed” and “inaccurate.” Though their response isn’t exactly a surprise, their counterargument merit a look.

  21. Public Sector Disagreement on Smart Grid Security CybersecurityGAO finds critical shortfalls in cyber security guidelines for smart grid Published 19 January 2011 The GAO issued a report that found critical shortfalls in the proposed guidelines for modernizing the smart grid; the proposed guidelines, released by NIST and the FERC, contained several shortcomings that would leave the nation’s security grid vulnerable to cyber attack; "missing pieces" in the guideline include a lack of metrics to evaluate cyber security, no enforcement mechanisms, and no coordination of disjointed oversight bodies; NIST and FERC agreed with the findings and is moving to address them in their next set of guidelines

  22. Three directions in network security Carrier Layered Security Layer 2 Security Embedded Security

  23. Grid Net Layered Security Platform

  24. Following the Standards

  25. Grid Net Layered Security Model Multi-level, multi-layer security: key features 1. Meter energizes, self-authenticates * Device security via EAP/TLS, IPSec, IKE, unique digital signature, and hardware-enforced code signing * WiMAX PKMv2 (EAP/TLS over RADIUS) * X.509 Certificate, PKI system, and AAA Server 2. Meter authenticated, authorized by 4G broadband network * EAP-based authentication * AES-CCM-based authenticated encryption * CMAC and HMAC based control message protection schemes 3. Meter authenticated, authorized by PolicyNet * Identity and AAA Services (ITU, IETF) * Certificate Authority w PKI * AAA Server (RADIUS, EAP/TLS) 4. Secure Smart Grid system connection established 5. End-to-end data encryption and transmission * Cipher Block Chaining Message Authentication Code Protocol (CCMP) * IPSEC/GRE, TLS, GMPLS * Traffic Engineering: DiffServ, RSVP

  26. Carrier Agnostic Security Legacy

  27. Military Grade Layer 2 Encryption Securing wireless Local Area Network interconnections with Layer 2 encryption By Juan Asenjo Thales e-Security Enabling military and civilian government operations to dynamically interconnect Local Area Networks (LANs), wireless technologies are a lifesaver in environments where wired connections are cost-prohibitive or just not practical. However, transmitting sensitive information over the airwaves presents security challenges including passive attacks and active attacks. Enter Layer 2 encryption, which can effectively thwart these security challenges. (U.S. Air Force photo by Senior Airman Julianne Showalter)

  28. The Advantages of Layer 2 Encryption Layer 2 encryption is the industry’s first Wireless Firewall. Like a firewall, it supports policy filters to control what services users can access on a network and provide an audit trail. It protects data in-transit for WiFi, WiMax, Mesh, 3G, 4G, Zigbee or LANs Like a VPN, it provides encrypted network access for users via a client Better than a firewall or a VPN because it is Layer-2, with performance and simplicity advantages over IPsec or SSL FIPS 140-2 certified strong AES encryption Offers best-of-breed wireless security: strong encryption, authentication and access Control comparable to WPA2-Enterprise, even on legacy WiFi with no security or weak security like WEP Makes the network unsniffable. Improves any network topology by adding blanket end-to-end encryption

  29. Embedded Security

  30. Embedded device security is designed to secure all aspects of any connected device, computer or service. They are built on a common architecture and share a common cryptographic code base. * Minimal latency * Low power consumption * Low memory * Minimal code size * Suitable for both hardware and software * Authenticated Encryption * Single key for both encryption and authentication * Word based (16-bit) Embedded Security, Securing Internet Things

  31. Smart Grid Security is Just Starting with a Long Road Ahead

  32. Secure as you go

  33. Did we forget the Power Company?

  34. Smart Grid Security Conclusions Find your security problems before they find you. Address most crucial security issues first. Do grid upgrades adding security as you go. Use what works now with a path to future proofing. Agency guidelines are just that guidelines. Certifications are good but bring in house and test. Look for high end but simple security solutions Bring in security professionals and shut the door Smart Grid Security will be soon know as the best in security

  35. Question and Comments Larry Karisny lkarisny@projectsafety.org

More Related