Cyber Security
for the
for the
Smart Grid
Peter David Vickery Executive Vice President N-Dimension Solutions Inc.
Selected Partner of the APPA
“As stated by the Federal Energy Regulatory Commission cyber attacks can damageAs stated by the Federal Energy Regulatory Commission, cyber attacks can damage generation and distribution facilities in ways that cause widespread disruption of electric service and undermine our government, economy, and the health and safety of millions of citizens. We selected N-Dimension Solutions Inc. as the official cyber security partner of Hometown Connections because the firm offers a deep knowledge of cyber security a Hometown Connections because the firm offers a deep knowledge of cyber security, a proven methodology, and a commitment to addressing the unique requirements of public power systems of all sizes.”
About N-Dimension Solutions
• Cyber Security Solutions Provider laser focused on the Power & Energy market • Member of:
NIST Cyber Security Committees: NIST Cyber Security Committees:
Cyber Security Working Group (CSWG) Smart Grid Interoperability Panel (SGIP)
NERC and NERC’s Demand-Side Management Task Force
Cyber Security Technical Working Groups (IEEE P1711 AMI SEC) Cyber Security Technical Working Groups (IEEE P1711, AMI-SEC)
Advisory Committee for U. of Illinois Trusted Computing Infrastructure for Power
• Developed comprehensive power & energy cyber security and NERC CIP assessment methodology
assessment methodology
• Developed cyber security product family specifically for the Smart Grid • Published thought leader on cyber security for the emerging Smart Grid
• Recognized as an industry leader by Pike Research
• Active across North America and globally in delivering Smart Grid cyber security
Industry Leading Partners
Communications
Smart Grid Integration Asian Distribution
P&E Consulting
Di t ib ti & P&E Consulting
Distribution & ASP Delivery
Technology Evolution
Internet Workplaces Enterprise Optimization Enterprise Network Firewall Services Third Party Application Server p Suite Mobile OperatorIP
Engineering Workplace Network Application Server Historian Server Connectivity Server Control Network Redundant Modbus Device Network Modbus DNP3What Are The Most Likely Attacks?
• Malware impairing operations
– no human behind the attack
– no awareness that victim is a utility
• Malware exploited for extortion
– targeted at insecure enterprises with significant ability to payg p g y p y
• Dormant malware
– activated some day in the future – terrorists, nation statesterrorists, nation states
• Hacker attacks against US power system
– terrorists, nation states
– combined cyber/physical attack – combined cyber/physical attack
• Insiders
Lifecycle Approach to Cyber Security
1 P
i
Preparation
t / i li t t t
1. Preparation
• create/review policy statements • conduct a risk analysis• establish/review security team structure
2. Prevention
Prevention• deploy security countermeasures • approve security changes
3. Response
• approve security changes • monitor security posture
Response Response
• respond to security violations • restoration
• review • review
Defense in Depth
• Perimeter Protection
– Firewall, IPS, VPN, AV, , ,
– Host IDS, Host AV – DMZ
• Interior Security
– Firewall, IDS, VPN, AV – Host IDS, Host AV
– IEEE P1711, IEC 62351 NAC
– NAC
– Scanning
• Monitoring
M t
IDS Intrusion Detection System IPS Intrusion Prevention System
• Management
• Processes
DMZ DeMilitarized Zone
VPN Virtual Private Network (encrypted) AV Anti-Virus (anti-malware)
NAC Network Admission Control NAC Network Admission Control
N-Dimension’s Products and Services
Professional Services C b S it S i Cyber Security Services for Smart Grid Operational
Environments
+
Addresses Pain Points inTechnical Solutions
n-Platform UTM
n-Central Management System
Target Sector
Integrated Solution
+
Industry Partnersy
Solution Augmentation Turnkey ASP Service
Perimeter Defense-in-Depth
Firewall IDS
Remote Access VPN Site-to-Site VPN
DMZ
Site-to-site VPN DMZ
Proxy Anti-Virus
IDS IDS NAC
Interior Defense-in-Depth
IDS Port Scan Port Scan Vuln Scan
Firewall SSL VPN
IPSEC VPN Firewall
NAC
SSL VPN
IPSEC VPN SCADA VPN
Firewall IDS IPSEC VPN
SCADA VPN Firewall Port Scan
IDS
Port Scan IDS Access Control
Central Log and Event Management
Outsourced Smart Grid
Security Internal: Log,
Analyze, Report,
Service
ASP Service Description
• Based on term agreement with each participating Utility • Pricing is for all elements of the service including:
• Initial design • Initial design
• Configuration and hardware / software installation • Level 1, 2 and 3 customer support
• Cyber node hardware / softwarey
• Maintenance including hardware replacement if required • Software updates
• Reports, audits, logs
• 24x7x365 Cyber Security Monitoring • 24x7x365 Cyber Security Monitoring • Secure Utility Web portal
• Annual Cyber Security Policy Review
• Add-on capabilities within term e.g. AMI and additional substationsp g • Contract extension option after initial term
ASP Service Program Benefits
• High ease-of-procurement and ease-of-use
• Cost efficiencies: typically < 0.1% of utility’s O&M budget • 7x24x365 coverage by subject matter experts
• No need to expend capital nor hire and train expensive specialists • Utility retains control of its cyber data through remote access to their • Utility retains control of its cyber data through remote access to their
specific data, customized reports and real-time insight via secured web portal
• Additional end points and operating areas (e g AMI and additional • Additional end points and operating areas (e.g. AMI and additional
substations) can be added within the term of the agreement • Program aligns with NERC-CIP standards
A h i d d b i id d i f
• Approach is endorsed by insurance providers as demonstration of “duty of care”
