Professional Documents
Culture Documents
cyber_1 davo (2)
cyber_1 davo (2)
October 9, 2020 2
Communications and Sensors
October 9, 2020 3
What is Sensing and Measurement?
Point of
Variable Connection Comms
Measurement Useful
to be to the or local Action
Device Information
measured Power analytics
System
System
Electrical
Response
October 9, 2020 4
Communications are critical to many
functions of the grid
https://commons.wikimedia.org/wiki/File:
Electricity_Grid_Schematic_English.svg
October 9, 2020 5
Different communications media are used
throughout the grid
Generation
► Wireless and radio networks are used to
transmit control and monitoring messages within
plants
► Cell, POTS (plain old telephone service), and
fiber are used to transmit messages between
plants
Transmission
► Power lines can be used to transmit information
– power line carrier
► Substations use radio and wireless within
substations and microwave between substations
► Land mobile radios and satellite phones are
used during restoration and repair
Distribution
► Some fiber used for controlling loads, but is
generally expensive to run
► Microwave links, land mobile radio, and satellite
phones are used
Smart Grid Communications
► For smart meter networks and control of
distributed generation, wireless mesh networks
can be formed
October 9, 2020 6
Interdependencies in smart grid
communications
• Mitigating potential DA
device failures caused by
Generators communications network
issues
• Utility primarily relies on
SCADA
DA devices to
2b 3 detect/isolate faults
1 • Local operation
2a • Remote operation
2b Smart-grid
Algorithms • If we have
communications issues,
we can’t send
operational commands to
2a Courtesy PG&E devices
1 Fault occurs
2a Lack of power inhibits DA devices operation, or
2b Communication networks fail
3 Remote switch operations prevented
October 9, 2020 7
Events versus Measurement
Distribution system issues on different time scales
October 9, 2020 8
Distribution System Sensing and Measurement
Overview
Primary Secondary
distribution system distribution system
Substation
HV/MV MV/LV
Visibility
October 9, 2020 10
Visualization and analytics integration at the
utility: Large Plant historical information
database
October 9, 2020 11
Discussion: Transmission vs. Distribution
Sensing
SCADA Components:
Sensors: instruments measuring physical quantities (current,
voltage)
Remote terminal units (RTUs): perform analog-to-digital “A
to D” conversion of sensor signals; may include basic control
capability
Programmable Logic Controllers (PLCs): similar to RTUs,
more sophisticated controls
Telemetry: provides connection for signals between field
devices and control center, using some physical
communication layers (telephone wires, radio, satellite,
microwave, 3G wireless)
Data Acquisition Server: manages data from field devices
Data Historian: stores data
Human-machine interface (HMI): client for data from
server; presents to operator; may receive control inputs from
human operator
October 9, 2020 13
Supervisory Control and Data Acquisition (SCADA)
October 9, 2020 14
Smart Meter and
Advanced Metering Infrastructure (AMI)
Smart Meter
Primary purpose: Settlement
(time-differentiated meter reading)
Secondary purpose:
identify outages
other operations support
Typical activity:
Present State in Normal Deployment
record kWh usage, voltage at 15-min intervals
• not enough resolution to observe
report 8 hrs worth of 15-min kWh data to access point 3x per
short-term power variations
day
• typically do not report voltage
send “death chirp” in case of outage
(although it is sensed)
• data may not be provided in real-time
Headroom on communications network allows querying
• data may be provided only to billing
subset of meters for some additional data, reported within
department, not operations
minutes
• most likely early operational
application: fault location, isolation and
Automated Meter Reading (AMR): one-way communication
service restoration (FLISR)
Advanced Metering Infrastructure (AMI): two-way
communication October 9, 2020 15
Smart Meter and
Advanced Metering Infrastructure (AMI)
Resolution is important
October 9, 2020 17
Cybersecurity 101
October 9, 2020 18
The problem is harder when adversaries try to disrupt systems….
Crash Override Triton Attack
Worcester, MA Airport (Ukraine 2016)
Ukraine 2015
Bowman Ave Dam
October 9, 2020 21
IT vs OT Networks
IT and OT networks differ significantly in terms of requirements, priorities and risks. As a result
IT cybersecurity does not directly map into OT cybersecurity, and some practices that are
essential in IT cybersecurity can disrupt the physical processes controlled by OTOctober
networks
9, 2020
if22
they are not adapted to the requirements of the system. 22
NIST Cybersecurity Framework
Framework Function
Identify
Protect
Detect
Respond
Recover
October 9, 2020 23
23
Identify
Function Category
Know thyself…
Asset Management
Have an accurate inventory of
assets, data, people Business Environment
Understand how the network
works and behaves Governance
Understand risks, identify Identify
vulnerabilities and potential impacts Risk Assessment
Understand criticality of assets to
Risk Management Strategy
the mission
Supply Chain Risk
Management
Understanding your own system, how it works and what’s on it is essential for
cybersecurity – we can’t defend what we don’t know is there.October 9, 2020 24
24
Protect
There is no perfect security, but the objective is to make it increasingly hard for the
adversary to gain access to the OT network. October 9, 2020 25
25
Detect
The adversaries will always find a way to get in, but timely detection can minimize
the effectiveness of the attack and prevent it from spreading.October 9, 2020 26 26
Respond
Adequate response to an incident will ensure that its impacts are minimized, making
it increasingly difficult for an adversary to achieve their objectives.
October 9, 2020 27
27
Recover
Recovery can be time consuming, but it’s essential in ensuring the adversary cannot
re-use the same attack in the future. October 9, 2020 28
28
Common Intrusion Paths
*From “Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies,” US-CERT
October 9, 2020 29
Defense-in-depth
*From “Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies,” US-CERT
October 9, 2020 30
Layered defense strategy for the electric
grid – mapping strategy to attack type
October 9, 2020 31
Layered defense strategy for the electric
grid
October 9, 2020 32
Layered defense strategy for the electric
grid
October 9, 2020 33
Layered defense strategy for the electric
grid
October 9, 2020 34
DHS NCCIC Recommended Strategies
October 9, 2020 35
ICS Cybersecurity – Summary & Resources
October 9, 2020 36
Questions & Contact
Emma M Stewart
Associate Program Leader, Defense Infrastructure
Cyber and Infrastructure Resilience
Lawrence Livermore National Laboratory
Livermore, CA
Tel: 925-583-4159
Email: stewart78@llnl.gov
October 9, 2020 37
Extra Slides
October 9, 2020 38
Other Sensors and Measurement Devices
October 9, 2020 40
Other Sensors and Measurement Devices
October 9, 2020 41