Nathan Wallace, PhD€¦ · Nathan Wallace, PhD @NathanSWallace [email protected] 06/07/2018...

@NathanSWallace www.nathanswallace.org

NathanWallace,PhD

@[email protected]

06/07/2018

Dir.CyberEngineeringStaffEngineer


Disclaimer

•  Statementsandopinionsaremyownwhichmayormaynotreflectthatofmycurrentemployer.

•  Statementsarebasedongeneralizedobservationsoftheindustryanddo

notrepresentanyparticularentityorassetowner.


Volunteering:

EEIntern EEIntern AssociateEngineer

Co-Founder,Dir.CyberEngineering

Drafting RelaySettingsT&DProtection

ResearchAssociate

ICSCybersecurityResearcherDigitalForensicsExaminer

StaffEngineer

Relay&RTUDesign,Setting,&Commissioning

RiskAssessments,SecurityDesign&Integration

•  ElectricalPowerSystemCyberDeviceFunctionNumbers,Acronyms,andDesignations•  GuideforTestingandCommissioningPowerSystemCybersecurityControls•  IoTforconnectedhome–CommunicationandCybersecurityRequirementsforConnecting

HometoUtility•  Std.C37.240CyberSecurityRequirementsforPowerSystemAutomation,Protectionand

ControlSystems

IndustryStandards&Guides

PersonalBackground


InherentlySafeCyber-securePowerSystemEnvironments

•  Inherent=>Built-in,included,integrated,…ithasbeenengineered.

•  Safe=>PowerSystemCybersecurityisaSAFETYIssue

Baked-invsBolted-on.Requireslittletonohumaninteraction.

Ex:AuroraGeneratorTest Ex:DERs


KeyTakeawaysfromProtectionandControlEngineering

Security:“Thefacetofreliabilitythatrelatestothedegreeofcertaintythatarelayorrelaysystemwillnotoperateincorrectly.”cyberdeviceor

NortheastOutage2003

ArizonaOutage2007

FPLOutage2008

UkraineAttack2016

LoadLost 61,800MW 400MW 4,300MW 230,000Customers

Intent Unintentional Unintentional Unintentional Intentional

Cyber Yes Yes Yes Yes

Areallgridcyber-eventsmaliciousandintentional?


TaxonomyofPowerGridCyber-Events

Malicious

Unintentional

95%-99%Known

1 2 3

45

n

…

nthupdateatSub1

nthupdateatSubN

PathBIndustryTechnical

Standards&BestPractices

Energized

PathAReview

Design

ProactiveorReactive


CyberInfrastructure(Computation&Communication)

PhysicalInfrastructure(FlowofPower)

Inputs:Currents,Voltages,Impedance,Status(open,close,lockout)

Output:Open/CloseBkr,+/-Vars,

Inputs:Topology,trafficflows,deeppacketinspection,communicationstate,

stateofphysicalpowersystem

Output:ForthemostpartNOTHING!


ProtectionandControloftheModernizedGrid



ProtectionandControloftheModernizedGrid


Identify

Detect

Respond

Recover

Protect

Tasks

NIST.FrameworkforImprovingCriticalInfrastructureCybersecurity,V1,2014

-CyberAssets,Zones

-Controls,Firewalls,data-diodes,IEDsettingconfiguration

-Controls,Relays,RTUs,EMS,IEDsettingconfiguration

-Loads,transformers,Zones

-IEDs,Relays,RTUs,SCADA,Firewalls,IDS,SIEMs

-RelayProtectionLogic,Primary&Back-up,SCADA

-Isolatefault,reclose,lockout,open,close,SOE

-open,close,+/-Vars,Improvements

-Removeaccess,droppackets,SoE,ICSDigitalforensics

-Backups,Replace,Improvements


Filledboxmethod(IEEEStdPC37.2)


•  OperationalOne-Line



DocumentingProtection&Control

•  AFirewallina‘CommunicationsOne-Line’

PSCCWGS7-ElectricalPowerSystemCyberDeviceFunctionNumbers,Acronyms,andDesignations

c50–Rolebasedaccesscontrolc51–Reportcybereventstomasterc52–Cyber-eventconcentrator(RTU)c53–Cyber-eventconverter,(DNP->Syslog)c54–Logcyber-eventslocallyc56-Antivirusc57–Enablehostfirewallc58–Intrusiondetectionc59–Intrusionpreventionc60–Webaccessc61– Emailalerts



PSCCWGS8–GuideforTestingPowerSystemCybersecurityControls



Testing&CommissioningProtection&Control

IEEEStdC37.233-2009“GuideforPowerSystemProtectionTesting”

•  TestingLogic

•  End-to-EndBinary/Analogs

OtherthancommunicationchecksNOTHING!

•  1stNERC-CIPauditofassetownerinTNrevealedoverhalfofthefirewallsweremisconfigured.

•  Anotherassetownerhadmultiplecyberrelated

alarmsenabledintheIEDs,buttheywerenotbeingmonitored.

InjectPT/CTSignals

Trip?

IEDn


Safety Reliability

ThankYou!

NathanWallace@NathanSWallace

[email protected]

Dir.CyberEngineeringStaffEngineer

Nathan Wallace, PhD€¦ · Nathan Wallace, PhD @NathanSWallace [email protected] 06/07/2018...

Documents

Transcript of Nathan Wallace, PhD€¦ · Nathan Wallace, PhD @NathanSWallace [email protected] 06/07/2018...