Information and IT Security
for
Power System Operation
Göran Ericsson and Kun Zhu
Agenda
• Introduction of Svenska Kraftnät - Swedish National Grid Company
• R&D activities in Sweden
- Collaboration between SvK, KTH and FOI(Swedish Denfence Research Agency)
- Viking project
• Conclusion
3
Missions (in brief)
• Provide transmission of power on the national grid level in compliance with security, efficiency and environmental requirements
• To perform the system operator function for electricity and natural gas cost-efficiently
• To promote an open Swedish, Nordic and European market for
electricity and natural gas
• To ensure a robust nationwide supply of electricity
Research Collaboration within Sweden
• Vulnerability scanning
- Detection and false alarms - Remediation
• Reflections from a Cyber Defense Exercise
- How reliable is the Common Vulnerability Scoring System?
- Expert assessment of the probability of successful remote code execution attacks
- How good are experts and different prediction models?
Vulnerability Scanning
• Purpose: to identify and evaluate possible vulnerabilities of the IT systems based vulnerability scanning tools
Vulnerability Scanning Project
• How does it work?
• Network scanning
• Vulnerability scanning
• Vulnerability analysis
Scanner
Hello, what services and operating systems are you guys running?
I am 172.18.1.3, Windows XP SP2, unpatched, with file sharing and remote desktop enabled
Vulnerability Scanning Project
• How does it work?
• Network scanning
• Vulnerability scanning
• Vulnerability analysis
Scanner Hmm.. XP SP2 without patches… There are 17 vulnerabilitites that are applicable.
Vulnerability Scanning Project
• How does it work?
• Network scanning
• Vulnerability scanning
• Vulnerability analysis
Scanner
Do you have default
passwords or any other silly configuration flaws?
My password is ”password”, it is handy as no one forgets it!
Vulnerability Scanning Project
• How does it work?
• Network scanning
• Vulnerability scanning
• Vulnerability analysis
Vulnerability Scanning Project
0 10 20 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 70 80 90 100 % Detect ion % False Alarm Unauthenticated scans Nessus Qualys NeXpose SAINT McAfee AVDS Patchlink scan 0 10 20 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 70 80 90 100 % Detect ion % False Alarm Authenticated scans Nessus Qualys NeXpose SAINT McAfee AVDS Patchlink scanVulnerability Scanning Project
0 10 20 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 70 80 90 100 % Remedi a tio n % Detection Unauthenticated scans Nessus Qualys NeXpose SAINT McAfee AVDS Patchlink scan 0 10 20 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 70 80 90 100 % Remedi a tio n % Detection Authenticated scans Nessus Qualys NeXpose SAINT McAfee AVDS Patchlink scan• Automated security scanning needs to be complemeted through other efforts…
5884 pages
report …
Presentation for EPCC 2011, 2011-05-25
Cyber Denfense Exercise
•
Does the vulnerability level of a system affect
the time needed to compromise the system?
•
Vulnerabilities can be measured through the
Common Vulnerability Scoring System (CVSS)
- Scale from 0 – 10
• 15 system-level vulnerability metrics are tested to see if any metric displayed a relation to the time needed to compromise the systems
- Drawn from literature (9 metrics) and models used by the industry (6 metrics).
Cyber Denfense Exercise
• TTC: Time from start of attack (measured through the first alarm from the intrusion detection system Snort) until successful
compromise of that host.
Snort t1 = 1400.3 sec
t2 = 3000.2 sec TTC = t2 – t1
Research in cyber security so far…
Cyber Defense Exercise
• Statistics for the best model…
Research in cyber security so far…
Cyber Defense Exercise
• A more detailed security estimation model is needed!
H. Holm, M. Ekstedt and D. Andersson “Empirical
analysis of system-level vulnerability metrics through
actual attacks” submitted to IEEE Trans on
Dependable and Secure Computing.
Viking Project
• VIKING stands for Vital Infrastructure, Networks, Information and Control Systems Management
• EU financed Framework 7 Collaborative STREP Project and is part of themes 4, ICT, and 10, Security.
• Between 2008-11-01 and 2011-10-31
• To investigate the vulnerability of SCADA systems and the cost of cyber attacks on society
• A consortium of industrial and academic partners - KTH, Stockholm - ETH, Zurich - University of Maryland - E.ON - ABB - Astron Informatics - MML www.vikingproject.eu
VIKING
From security requirements
to societal costs
Attack
SCADA system
Power network
Societal cost
Attack Inventory System Architecture Vulnerability ModelsSCADA functionality manipulation: State Estimator, AGC
Virtual city/citizen simulator
Virtual T&D network simulator
Cyber-security from SvK perspective
• It is of paramount importance to take security into consideration in the procurement phase of new system for power grid operation and control
- Architecture: is the system are composed by different zones with security concerns?
- Security mechanism
- Authorization: third party access
• The same security concern should be shared with other critical infrastructures in society, such as water, gas and transportations.
Questions?
Presentation for EPCC 2011, 2011-05-25