Cyber Security for the Smart Grid Peter D. Vickery Executive Vice President

2. What is the Smart Grid? a concept ... a vision of many many things interacting in complex ways sharing information to manage energy more efficiently power + information But How Complex Could It Be?????

3. Smart Grid NIST diagram?

4. Must Not Forget About Security!

6. Intense Media Visibility on Cyber Security

7. Cyber Security Regulatory Requirements

8. NERC CIP Compliance Requirements no direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnectedno direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnected

9. DE-FOA-0000058 Cyber Security Requirements $4.3B stimulus funding grant proposals were required to cover cyber security grant winners must provide DOE with a detailed cyber security plan with 30 days comprehensive approach to cyber security must include: A lifecycle approach to security Mitigation of vulnerabilities across utility infrastructure Support for smart grid cyber security standards

11. Technology Evolution at the bottom, PLCs are usually connected to sensors and controllers by automation networks such as HART, Fieldbus, Profibus, or increasingly by Ethernet although one process control vendor already offering IPV6 wireless on battery-powered sensors next level of network consists of ICS master and systems used for operating and managing the ICS next level of network provides advanced applications, such as optimization and gateways to the enterprise network Adoption of COTS (Commercial-Off-The-Shelf) technologies Operating systems�Windows, WinCE, various embedded RTOSes Applications�Databases, web servers, web browsers, etc. IT protocols�HTTP, SMTP, FTP, DCOM, XML, SNMP, etc. COTS software and systems have more capabilities and are cheaper than proprietary systems, and do not leave vendors stranded on out-of-date technology Connectivity of ICS to enterprise LAN Improved business visibility, business process efficiency: eg. supply chain management, production scheduling, order tracking, and fault monitoring (optimize part and supply sourcing, schedule production to better meet business requirements and avoid contract penalties) Remote access to control center and field devices: eg. remote diagnosis and repair, reduction of personnel at remote sites Adoption of IP Networking Common in higher level networks, gaining in lower levels Many legacy protocols wrapped in TCP or UDP Most new industrial devices have Ethernet ports IP penetrating into lower levels of ICS networks due to greater performance, lower cost, more capabilities than proprietary networks Ease of connectivity to other systems Greater performance Lower cost Interoperability Future proofing rate at which these trends are progressing varies between ICS and process control and between control center, communications, and field devices at the bottom, PLCs are usually connected to sensors and controllers by automation networks such as HART, Fieldbus, Profibus, or increasingly by Ethernet although one process control vendor already offering IPV6 wireless on battery-powered sensors next level of network consists of ICS master and systems used for operating and managing the ICS next level of network provides advanced applications, such as optimization and gateways to the enterprise network Adoption of COTS (Commercial-Off-The-Shelf) technologies Operating systems�Windows, WinCE, various embedded RTOSes Applications�Databases, web servers, web browsers, etc. IT protocols�HTTP, SMTP, FTP, DCOM, XML, SNMP, etc. COTS software and systems have more capabilities and are cheaper than proprietary systems, and do not leave vendors stranded on out-of-date technology Connectivity of ICS to enterprise LAN Improved business visibility, business process efficiency: eg. supply chain management, production scheduling, order tracking, and fault monitoring (optimize part and supply sourcing, schedule production to better meet business requirements and avoid contract penalties) Remote access to control center and field devices: eg. remote diagnosis and repair, reduction of personnel at remote sites Adoption of IP Networking Common in higher level networks, gaining in lower levels Many legacy protocols wrapped in TCP or UDP Most new industrial devices have Ethernet ports IP penetrating into lower levels of ICS networks due to greater performance, lower cost, more capabilities than proprietary networks Ease of connectivity to other systems Greater performance Lower cost Interoperability Future proofing rate at which these trends are progressing varies between ICS and process control and between control center, communications, and field devices

12. Security Vulnerabilities in Operational Systems COTS + IP + connectivity = many security vulnerabilities All of those of Enterprise networks and more

13. Intra-System Vulnerabilities

14. Inter-System Vulnerabilities

15. What Are The Most Likely Attacks? malware impairing operations no human behind the attack no awareness that victim is a utility malware exploited for extortion targeted at insecure enterprises with significant ability to pay dormant malware activated some day in the future terrorists, nation states hacker attacks against US power system terrorists, nation states combined cyber/physical attack insiders

17. About N-Dimension Solutions no direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnectedno direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnected

18. Industry Leading Partners no direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnectedno direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnected

19. Selected Partner of the APPA no direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnectedno direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnected

20. N-Dimension�s Products and Services

21. N-Dimension�s Assessment Services Cyber security assessments specifically designed for Utility operating environments � generation, transmission, distribution Developed as a repeatable and scalable practice based on the NERC CIP standards and best practices such as ISO and NIST Deliverables include current state assessment, gap to standards, prioritized recommendations, high level solution design, and solution quotation Deep domain knowledge of cyber security in Utility operations and proven methodology provides great value to clients Positioning: Asset Reliability and Protection NERC CIP Compliance Smart Grid Solution

22. Design Recommendations

24. Holistic Approach to Cyber Security

25. Lifecycle Approach to Cyber Security

26. Defense in Depth Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Interior Security Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711, IEC 62351 NAC Scanning Monitoring Management Processes There is no silver bullet! not crunchy on the outside, soft and chewy on the inside Scanning � port scanning, vulnerability scanning, arp scanning, wifi scanningThere is no silver bullet! not crunchy on the outside, soft and chewy on the inside Scanning � port scanning, vulnerability scanning, arp scanning, wifi scanning

28. N-Dimension Solutions Products

30. n-Platform Modular Design GUI and CLI are all most customers need be concerned withGUI and CLI are all most customers need be concerned with

31. n-Platform Cyber Security Features Gateway Functions: Firewall with NAT Anti-Virus Proxy Filter Site-to-site VPN Remote-access VPN Network Access Control DNS server DHCP server Serial SCADA VPN (P1711) VLANs In development: ICCP VPN User Access Control Monitoring Functions: Routing Limited Firewall SCADA IDS Port Scan Vulnerability Scan Availability Monitor Performance Monitor Infrastructure: NTP server SSH, HTTPS administration Comprehensive Logging & Reporting Email & E-Pager Alerting SCADA Integration LDAP & AD user management

32. Graphical User Interface

33. NERC CIP Compliance Reporting

34. SCADA Security Monitoring

35. SCADA IDS Drill-Down

37. Perimeter Defense-in-Depth

38. DMZ Design Principles DMZ contains non-critical sacrificial systems Multiple functional security sub-zones Traffic between sub-zones undergoes firewall & IPS (or IDS) DMZ is only path in/out of Control Zone Default deny for all firewall interfaces Minimal direct traffic across DMZ No common ports between outside & inside No control traffic to outside Highly limited outbound traffic No connections initiated from DMZ into Control Zone Emergency disconnect at inside or outside No network management from outside Cryptographic VPN and Firewall to all 3rd party connections no direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnectedno direct traffic + no common ports stops worms like slammer sub-zones and limited communication slows infection spread and makes network mapping by attackers more difficult control, DMZ independence requires domain servers, AAA, etc. in both zones guest NAC since enterprise zone may not do NAC DMZ independent of Enterprise and Control Zones to allow remediation while disconnected

39. Interior Defense-in-Depth

40. Central Log and Event Management

42. N-Dimension Smart Grid ASP ASP Multi-Company Support strict isolation between data of different companies integration with network monitoring tools via SNMP one n-Central can support 500+ clients

43. ASP Service Description

44. ASP Service Program Benefits