• No results found

Smart Substation Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Smart Substation Security"

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

Smart Substation Security

SmartSec Europe 2014 Amsterdam 29/01/2014

(2)

Agenda

Context Elia

Introduction to the substation environment in Elia

Security design and measures in the substation

(3)

Among the five largest transmission system operators in Europe

Frontrunner in grid integration of

renewables since incorporation in 2001

Listed on Stock Exchange since 2005

1,950 employees

380 kV and 220kV (down to 30kV in Be)

870 substations

Fully unbundled

World experience in RES integration

About the Elia Group

(4)

About Elia Belgium

Customers:

130 direct customers (connected to ELIA’s net)

Over 25 Distribution System Operators…

1.250 employees

11 sites in Belgium

800 HV Substations

Network :

Mostly owned or leased Cu, Fo

 Some Leased Lines (local telecom provider)  Tests with satellite communication

(5)

General Concept : Defence in Depth

“Defense in depth“ principle: Security threats are not mitigated by a single counter measure only but by implementing several complementary security techniques at multiple levels

(6)

What has changed the world (of the substations)?

Point to point connections

Old Access network technology with TDM, SDH

Low bandwidth needs

No online access needs to information

Only telephony needed

Assets maintained locally and limited information about their state

A lot of interaction between devices

Need for IP and more mainstream technologies (MPLS)

High bandwidth needs

Technicians on the field need online access to office space

online access to information

Assets maintained remotely from a normal PC

(7)
(8)

Today : connections based on IEC104 (IP)

(9)
(10)

Steps in the design exercise with impact on security

Step 1

• inventory of data flows and protocols and their criticality

Step 2

• Architectural design of network and channels (VPN/VLAN)

Step 3

• cyber risk identification and mitigation (acceptance or compensating controls

)

(11)

NEEDS

GENERALITY – DATA FLOWS

 Remote-reading & data management : Metering, power quality files

 Remote-monitoring :

equipment status (alarms, events, …)  Remote-maintenance:

action on equipment (parameterization, …)  Remote-control :

action on HV substation (RTU)

(12)

Some results of this excercise

LAN and WAN high level design Hub and spoke model Jumpserver (gateway functionality) Network authentication and port security in the substation

(13)

LAN and WAN high level design

SAS LAN based on 2 physical independent LANs

 GLAN for “general applications” of HV substation

 SLAN for “protection, control and automation” => IEC61850 (> 2018)Why ?

 High cyber-security level protection = segregation  General applications require mediumand low level

performances and are not critical for protection & control of HV Substation  Protection, control and automation applications require

high level performances and are critical for protection & control of HV substation

SASLAN

SLAN GLAN

(14)

LAN and WAN high level design

GLAN

SBUSLAN

Router WAN

Switch LAN

Switch LAN Router WAN

SCADA

Firewall VPN tunnels Office network VLAN VLAN VLAN VLAN VLAN VLAN IP/MPLS WAN

 Network Management SBUS-LAN and G-LAN  Telephony

 Data ELIA/Wifi and guest wifi  Data Elia wired

 Videosurveillance, access control

 SBUS-LAN Electricity Management (RTU, …)

(15)

LAN and WAN high level design

IP address plan reflecting functional communication planes

Allows easy configuration of firewalls based on L3 IP address

Configuration based on L2 MAC addresses is not manageable

(16)

Hub and spoke model

Substation Substation 1 WAN IP/MPLS Central firewall substation 2

X

+ Manageability

+ “Easy“ to change technology + Logging

- Agree to possibly lose a complete substation - Single point of failure ?

(17)

Jumpserver : Access to devices in the substation

Substation GLAN SBUSLAN WAN Substationgateway/ Jumpserver Router Router switch switch Office LAN access to applications based on Active Directory groups

(18)

Network authentication and port security

First choice : network authentication 802.1x (mostly GLAN)

Second choice : port security (based on MAC)

(19)

Specific constraints in TSO world

Long lifetime of “electricity” assets

We don’t trust the embedded security features for the moment and choose to

bolt on security where possible

Harsh environment (ruggedized equipment)

mainstream security equipment is not always suited

Long decision process with European Tender for frame

agreements

Not easy to make quick choices (long time between writing a tender and decision)

Availability is still number 1 priority for some devices

(20)

What’s still on our roadmap?

shortterm

• “blackbox” implementations based on common mainstream technology : (e.g. windows embedded no antivirus, no patching, local admin, no lockdown)

• Blackout mitigation out of design scenario : Emergency preparedness exercise “Cyberattack on realtime environment“ • Regular contact with vendors, SPOC for security, security roadmaps

Midterm

• Establishment of 24/7 Security Operation Center • Next-gen industrial firewalls in monitoring mode

longer

• Next gen industrial firewalls in blocking mode based on business transaction monitoring?

(21)

Questions?

References

Download now ( PDF - 21 Page - 1.71 MB )

Related documents

Transcriptional responses to radiation exposure facilitate the discovery of biomarkers functioning as radiation biodosimeters

For the medium to high radiation doses, my bioinformatics-driven analysis revealed the following key findings: with the above mentioned p-value-driven and fold-change-driven

FANUC Robotics Variables

Power Up: Changes to this variable take effect immediately User Interface Location: SYSTEM Variables screen $MCR_GRP[1].$forc eupdate. Minimum: 0 Default: 0

Code-switching in Irish tweets: a preliminary analysis

Our contributions are as follows: (i) an enhancement of the POS-tagged Twitter corpus in which English code-switched segments are an- notated, (ii) a categorisation of the types

Ndt

Which of the following is the proper first step in removal of excess penetrant when using the solvent removable penetrant process.. (a) Immerse the test piece in solvent (b)

How You Can Get Richer... Quicker!

As you study the following chapters, you will learn that improving your job-skill is just ONE success method which must be supplemented by many· other

B.Sc. (Physics, Chemistry, Forensic Sc.)

serology, chemistry, toxicology) documents, fingerprints, ballistics, photography and physics, Voice identifications, Tape authentication & Computer frauds pertaining

ARTISTIC BLACKSMITHING AT RATHO BYRES FORGE

The course can be individually tailored to suit a whole range of levels, from basic skills through to more advanced techniques, but in every case they are designed to be and

REPORT ON EXAMINATION OF THE MAXUM INDEMNITY COMPANY AS OF DECEMBER 31, 2012

This examination covered the period of January 1, 2009, through December 31, 2012, and encompasses a general review of transactions during the period, the Company’s business