Cyber Security for Smart Grids: Impacts and Challenges
This content explores the motivation, impacts, and challenges of cyber security for smart grids, highlighting the vulnerabilities, possible impacts, and the need for defense strategies. It delves into the critical infrastructure of smart grids, their susceptibility to attacks, and the associated risks to national security and economic vitality. Additionally, it discusses the potential impacts such as system observability loss, equipment damage, monetary losses, and blackout scenarios, along with the challenges posed by legacy systems and limited processing capabilities.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Cyber Security for Smart Grids Seemita Pal Department of Electrical, Computer and Systems Engineering Rensselaer Polytechnic Institute, Troy, NY 28thOctober, 2015
Outline Motivation Impacts and Challenges Computer networks Network security Cryptography Hash function Intrusion Detection Cyber security threats for smart grids Defense strategies 1-2
Motivation Generation Transmission Customers Distribution GEN1 - Operational Information TOP1 Operational Information DIST1 - Operational Information GENx - Operational Information TOPx Operational Information DISTx Operational Information Source: n-Dimension solutions 1-3
Motivation End-to-End Communications and Intelligence Transmission Distribution Customers Generation AMI DSM System Conservation Operators Authorities Source: n-Dimension solutions 1-4
Smart Grids an upgraded electricity network to which two-way digital communication between supplier and consumer, intelligent metering and monitoring have been added 1-5
Why is the Smart Grid Vulnerable? One of the most critical infrastructures Increased deployment of sensors and devices Continuous streaming of sensitive data via Internet Attractive target for nation-state actors, disgruntled insiders or casual hackers Incident reports (energy sector) Matter of national security and economic vitality 1-6
Possible Impacts and Challenges Impacts Loss of system observability Uneconomic dispatch choices Equipment damage Monetary loss BLACKOUT!!! BLACKOUT!!! Challenges Legacy systems Limited processing capabilities Low bandwidth connections Minimum network feedback Elimination of false alarms Low detection delay 1-7
Todays Computer Networks Packet: Data chopped up into small blocks (e.g., ~ 500 bytes) Header: Each packet carries extra information to allow it to reach its destination Route: Each intermediate node processes the packet and forward it to the next node Packet-Switched Networks 1-8
What is a Computer Network? Packet Server Client Server Mobile Client Hosts are computers and other devices such as cellphones, TVs etc. 1-9
What is a Computer Network? Application Application Packet Networks connect applications on different stations 1-10
What is a Computer Network? Packet Server Client Server Mobile Client Hosts communicate by sending messages called packets 1-11
What is a Computer Network? Router Packet Router Router Router Packets may pass through multiple routers; Each switch reads the packet header and passes it on 1-12
What is a Computer Network? A collection of computers (PCs, workstations) and other devices (e.g. printers, smart meters) that are all interconnected Goal: provide connectivity and ubiquitous access to resources (e.g., database servers, Web), allow remote users to communicate (e.g., email) Components: Hosts (computers) Links (coaxial cable, twisted pair, optical fiber, radio, satellite) Switches/routers (intermediate systems) 1-13
Networking Issues Resource sharing: accommodate many users over the same link or through the same router Addressing and routing: how does an email message find its way to the receiver Reliability and recovery: guarantee end-to-end delivery Traffic management: monitoring and regulating the traffic in the network 1-14
Solution: Layering Layering to deal with complex systems: Conceptual simplicity modularization eases maintenance, updating of system change of implementation of layer s service transparent to rest of system TCP/IP Model TCP/IP Protocols Application FTP SMTP HTTP Transport TCP UDP Internetwork Host to Network IP Ether net Point-to- Point WiFi 1-15
Network Performance There are a number of measures that characterize and capture the performance of a network It is not enough that networks work They must work well Quality of service (QoS) defines quantitative measures of service quality Data rate or throughput Delay (Latency) Reliability Security (not a QoS measure but crucial) 1-16
Network Security: Introduction Bob and Alice want to communicate securely Trudy (intruder) may intercept, delete, add messages Alice Bob channel data secure sender secure receiver data data Trudy 1-17
Who might Bob, Alice be? well, real-life Bobs and Alices! Phasor measurement units sending synchrophasor data Web browser/server for electronic transactions (e.g., on-line purchases) Information exchange between power distribution networks and power generators on-line banking client/server routers exchanging routing table updates 1-18
Who might Trudy be? Disgruntled insider Nation-state actor Contracted employee Professional hacker Casual hacker 1-19
Types of Security Breaches Q: What can a bad guy do? A: A lot eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) 1-20
Security for Smart Grids: Example 1 Cyber Penetration Attacker Controls the Head End Remote Disconnect Attacker Performs Communications Network (WAN) Attacker AMCC (Advanced Metering Control Computer) Communications Network (WAN) Retailers 3rd Parties AMI WAN AMI WAN AMI WAN Data Management Systems (MDM/R) U N I V E R S I T Y U N I V E R S I T Y Example from AMRA Webinar, Nov 06 The Active Attacker , Source: n-dimension solutions 1-21
Security for Smart Grids: Example 2 Admin Perform ARP Scan EXEC ARP Scan SQL Perform Operator Admin Opens Email with Malware Send e-mail with malware Operator Acct Internet Hacker sends an e-mail with malware 4. Hacker performs an ARP (Address Resolution Protocol) Scan 1. Master DB E-mail recipient opens the e-mail and the malware gets installed quietly 5. Once the Slave Database is found, hacker sends an SQL EXEC command 2. Using the information that malware gets, hacker is able to take control of the e-mail recipient s PC! 7. Takes control of RTU 3. Slave Database 6. Performs another ARP Scan RTU Example from 2006 SANS SCADA Security Summit, Source: n-dimension solutions 1-22
Common Security Attacks Finding a way into the network Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems Denial of Service Ingress filtering, IDS TCP hijacking IPSec Packet sniffing Encryption (SSH, SSL, HTTPS) Social problems Education Source: J. Weisz, CMU 1-23
Network Security Confidentiality: only sender, intended receiver should understand message contents Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users 1-24
Security Mechanisms Prevention: (Proactive Mechanisms) Protect the resource so that attacks will fail Detection: (Reactive Mechanisms) Determines that attack is underway Recovery: First stop the attack and then assess and repair any damage caused 1-25
The language of cryptography Alice s encryption key Bob s decryption key KA KB encryption algorithm decryption algorithm ciphertext plaintext plaintext m plaintext message KA(m) ciphertext, encrypted with key KA m = KB(KA(m)) 1-26
Simple encryption scheme substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E.g.: Plaintext: bob. how are you. alice ciphertext: nkn. akr moc wky. mgsbc Key: mapping from the set of 26 letters to the set of 26 letters 1-27
Message Integrity allows communicating parties to verify that received messages are authentic. Content of message has not been altered Source of message is who/what you think it is Sequence of messages is maintained let s first talk about message digests 1-28
Message Digests large message m function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: message signature H: Hash Function H(m) note that H( ) is a many- to-1 function desirable properties: easy to calculate irreversibility: Can t determine m from H(m) collision resistance: computationally difficult to produce m and m such that H(m) = H(m ) seemingly random output H( ) is often called a hash function Example: H(SEEMITA)= 19+5+5+13+9+20+1=72 1-29
Message Authentication Code (MAC) s = shared secret s message messages message H( ) compare H( ) Authenticates sender Verifies message integrity Also called keyed hash Notation: MDm = H(s||m) ; send m||MDm 1-30
Hash Function Algorithms MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step process. SHA-1 is also used US standard [NIST, FIPS PUB 180-1] 160-bit message digest 1-31
Firewalls Many network applications and protocols have security problems, fixed over time Difficult for users to keep up with changes and keep host secure Solution Administrators limit access to end hosts by using a firewall Firewall is kept up-to-date by administrators Can be hardware or software Ex. Some routers come with firewall functionality ipfw, ipchains, pf on Unix systems, Windows XP and Mac OS X have built in firewalls Source: J. Weisz, CMU 1-32
Firewalls Internet DMZ Web server, email server, web proxy, etc Firewall Firewall Intranet Source: J. Weisz, CMU 1-33
Firewalls Used to filter packets based on a combination of features These are called packet filtering firewalls Ex. Drop packets with destination port of 23 (Telnet) Can use any combination of IP/UDP/TCP header information Source: J. Weisz, CMU 1-34
Intrusion Detection Used to monitor for suspicious activity on a network Can protect against known software exploits, like buffer overflows Uses intrusion signatures Well known patterns of behavior Example IRIX vulnerability in webdist.cgi Can make a rule to drop packets containing the line /cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring Source: J. Weisz, CMU 1-35
Network Security (Recap) Confidentiality: only sender, intended receiver should understand message contents Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users 1-36
Of Primary Interest to Utilities Attacks on timely delivery Gray hole attacks AVAILABILITY Attacks on measurement data False data injection attacks INTEGRITY Attacks on access control Switching attacks AUTHENTICATION Meter data privacy Attacks on smart meters CONFIDENTIALITY 1-37
Background: Synchrophasor Network Input to power system applications Super PDC* / Control Center System-wide Regional PDC PDC Substations PMU PMU PMU PMU PMU Measurements generated * PDC: Phasor Data Concentrator 1-38
Cyber Solutions - Defense sin Depth Gray Hole Attacks Receiver k (TCP) Sender k (TCP) Router 3 Router 2 Receiver 1 (TCP) Sender 1 (TCP) Router 1 Router `n PMU (UDP) PDC (UDP) Attacker drops packets at any node Data is lost forever Difficult to detect Attacker controls packet-drop percentage 1-39
False Data Injection Attacks PMU data (z) Estimated system states ( ?) State Estimator (MMSE) SCADA data (z) Topology, parameters, relay data (H) Conventional bad data detection algorithm: Presence of bad measurements inferred if, ? ? ? > ? Liu et al. introduced concept of false data injection attacks Corruption of measurements: ??= ? + ? for ? = ?? System states bias = ?? ? 1-40
Cyber Solutions - Defense in Depth False Data Injection Attacks Node voltage N O D E 1 Router 1n Router 1a Router 1b PMU 1 Current 1 Current k PDC Packet data modified Node voltage N O D E 2 Router 2m Router 2a Router 2b PMU 2 Current 1 Control Center Current p One or more routers/ PMUs compromised Adversary intends to perform maximum possible manipulation Weak or no encryption 1-41
Cyber Solutions - Defense in Depth Switching Attacks Smart grid envisions remote access of circuit breakers and switches Breaker control signals corrupted or a particular switching sequence applied Destabilization of system occurs 1-42
Cyber Solutions - Defense in Depth Privacy Issues Types and usage of electrical equipments Daily routines Changes in routines What if a bad guy determines that you are not at home and planned a burglary? What if a criminal took control of a good number of smart meters and simultaneously sent a general shutdown command? 1-43
Cyber Security Solutions for Smart Grids Cyber Solutions - Defense in Depth Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV Physical Security Interior Security Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711 (Serial Connections) Network admission control Scanning Monitoring Management 1-44
Questions? 1-45
