1 / 24

Enhancing System Reliability and Improving Cybersecurity Awareness through Visualization

Enhancing System Reliability and Improving Cybersecurity Awareness through Visualization. Nathan Wallace, Kevin Johnson June 20 th 10:30AM. Engineering a Safer, Secure, and Reliable Grid. 2006. 2015. Licensed Engineering Firm Substation Engineering Relay/ SCADA /Communication

neron
Download Presentation

Enhancing System Reliability and Improving Cybersecurity Awareness through Visualization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhancing System Reliability and Improving Cybersecurity Awareness through Visualization Nathan Wallace, Kevin Johnson June 20th 10:30AM

  2. Engineering a Safer, Secure, and Reliable Grid 2006 2015 • Licensed Engineering Firm • Substation Engineering • Relay/SCADA/Communication • T&D Line Engineering • EPC/Design-Build/Turnkey • Project Development • Licensed Engineering Firm • Cyber Design Engineering • Risk Assessments • Vulnerability/Patch Management • Cybersecurity Research • Integrated and Customized Solutions

  3. VigilantGrid / Demo Use Cases • Use-Case 1: Successful RTU HMI Login • Use-Case 2: Failed RTU HMI Login • Use-Case 3: Failed Login Relay Front Panel • Use-Case 4: Relay Settings Change • Use-Case 5: Physical Security – • Active Port Detection Relay • Use-Case 6: Physical Security – Light Sensor VigilantGrid USE CASES

  4. VigilantGrid Integrated Solution

  5. Asset Management • Site Monitoring – provides a visual overview and map of all connected assets across the operating environment. Operators are alerted regarding issues related to Cybersecurity Events and Operational Events. • Device Monitoring – provides for a visual overview of connected IEDs related to system vulnerabilities, firmware status and patch management. Security Information and Event Management (SIEM) • The SIEM module monitors events and provides information related to events according to the severity of the event and the criticality of the action required. • These types of events may include Cybersecurity events categorized such as: General, Emergency, Alerts, Critical, Error, Warnings, Notices, and Informational. Bridging The IT/OT Divide

  6. Grid Monitoring • The Grid module allows for grid events such as breaker trips and fault event records to be viewed and analyzed within VigilantGrid including data related to the specific relay settings. This information is used to determine why a fault was triggered and if the relay mis-operated. Reporting • Provides user friendly searchable interface to manage assets by device type and site location. • Provides information in pre-configured and customizable formats to facilitate event and asset reporting to management and for regulatory compliance. Annunciation • Provides Real-time Web Based visualization, of actionable Cyber and Grid related events to mitigate their impact on the power grid. Bridging The IT/OT Divide

  7. VigilantGrid Landing Page

  8. Asset Site Icons Transmission Sub Distribution Sub Site Map Asset Classification Power Plant Solar Site Wind Site Battery Storage Transformer Pole Top - AMI

  9. Security Information and Event Management (SIEM)

  10. Customized Tiled Annunciator Panel

  11. Fault Analysis Relay Settings Review

  12. Site Asset Map Drill Down Details Asset Type Icon with expanded view Wheel. Current icons include: • Transmission Station • Distribution Station • Generation • Solar / Wind • Battery Storage • Pole / Switch Second Level – Expanded View

  13. Site Device Detail Communication Status Heart Beat Device Heart Beat to show Last Comm from Device

  14. Searchable Reporting Structure Device Heart Beat to show Last Comm from Device

  15. Searchable Reporting Structure Example of Search Menu hierarchy. Assets can be searched by Site Content, Device Population, SIEM Event. Additionally drill downs for advanced search functions include: Vendor, Type, Model. There is also third level Filter. Device Heart Beat to show Last Comm from Device

  16. Install Location 1: In the Cloud Protected Private Cloud Feeder Circuits SITES Distributed Energy Resources VigilantGrid Deployment Examples D&T Substations Engineers Maintenance Power Plants Security Control Centers Compliance

  17. Install Location 2: On-Site Feeder Circuits Distributed Energy Resources VigilantGrid Deployment Examples D&T Substations SITES Power Plants Control Centers

  18. Protected Private Cloud WAN Router Data Diode VigilantGrid Demo Rack Switch WAN SEL-3530 RTAC RTU SEL-351 Protection Relay SEL-3622 Security Gateway ME

  19. Use-Case 1: Successful RTU HMI Login Engineer Protected Private Cloud Diode VigilantGrid Demo Use-Cases Relay RTU Gateway NERC-CIP Use-Case 2: Failed RTU HMI Login Remote Hacker or Malicious Insider Protected Private Cloud Diode Relay RTU Gateway NERC-CIP

  20. Use-Case 3: Failed Login Relay Front Panel Protected Private Cloud Diode VigilantGrid Demo Use-Cases RTU Gateway NERC-CIP Use-Case 4: Relay Settings Change Protected Private Cloud Diode RTU Gateway NERC-CIP

  21. Use-Case 5: Physical Security – Active Port Detection Relay Protected Private Cloud Diode VigilantGrid Demo Use-Cases RTU Gateway NERC-CIP Use-Case 6: Physical Security – Light Sensor Protected Private Cloud Diode NERC-CIP

  22. LIVE DEMO VigilantGrid Demo Use-Cases

  23. VigilantGrid Integrated Approach

  24. ENGINEERING POWER-FUL SOLUTIONS ENGINEERING A SAFER, SECURE, AND RELIABLE GRID Kevin D. Johnson Nathan Wallace, P hD, CSSA kevin.johnson@ampirical.com c: 570-498-4409 nwallace@cybirical.com c: 318-730-9302

More Related