EnergyTech2015.com Track 4 Session 3 RESILIENT APPLICATIONS Moderator: Mike Delamare Josh Long: Paper 1 - Minimum Cyber Security Requirements for a 20 MW Photo Voltaic Field Brian Patterson: Paper 2 - The role of Direct Current micro-grids and data centers for efficiency and resilience Irv Badr: Paper 3 - Managing Risk Factors in Critical Infrastructure

1. © 2015 IBM Corporation
IBM Analytics – Continuous Engineering
Managing Risk:
Safety and Security
Compliance
Irv Badr
Industry Architect
IBM Continuous Engineering, IoT
ibadr@us.ibm.com

2.  Energy and Utility Sector Security Trends, Drivers and Impacts
 IBM Approach and Benefits
 Defining Safety Compliance
 Nature of Safety (and security) standards
 Design Compliance and its automation?
 Client Success Stories
Agenda

3. Engineering
Manufacturing
Operations
Requirements
Market
Needs
Social
Sentiment
Testing and
Compliance
Device
Telematic
s Data
Learn
Predictive Analytics
Design
Models
Engineering Maintenance and Operations
Continuous
Engineering
Regulatory
Reporting
Warranty &
Repair Data
Continuous Engineering and Predictive Analytics close the product
development loop

4. Energy and utility organizations are at the forefront of
attacks
Utilities are among the most targeted verticals
• Organized cyber-crime, hacktivists, nation-
states and exploit researchers
New vulnerabilities are being discovered
• Security testing through injecting invalid,
unexpected or random data (fuzzing) have
uncovered dozens of vulnerabilities in critical
infrastructure systems
• Exploits can be implemented through physical
access to networks or through techniques like
brute-force password hacking Internet
connected devices and phishing
Regulations provide guidance but do not protect
against these recent exploits
• NERC CIP focus on IP communications,
overlooking the real vulnerabilities that are
present
• NIST CSF is process-based and voluntary
• ENISA Smart Grid Security Recommendations
• ENISA Protecting Industrial Control Systems

5. Grow the business
• Customer relationships
• Advanced metering and smart grid
optimization and efficiency
Protect the business
• Customer data (usage data, credit
records, etc.)
• Intellectual property
• Internal/IT operations
Comply with compliance and regulations
• NERC CIP
• NIST CSF
• ENISA
Secure the grid
• Protect control systems and SCADA in
generation, transmission and distribution
• OT security
• Defend AMI/smart meter networks and
devices
Current trends are heightening the focus on utility security
Compliance
Management
Security Risk
Management
Secure Infrastructure
People Technology Information Process
The integration of physical
security and cyber security
is critical

6. Energy and utilities attacks – impact scenarios
Reliability impacts
a potential brown/black out of a
large geographical area/or
concentrated at an area where other
critical infrastructures depend on
power, water treatment plants,
transportation centers, etc.
Safety impacts
potential harms to utility personnel
and/or customers - re-energize systems
where maintenance crews are deployed
or exploding transformers with
hazardous waste
Reputation impacts
exposure of sensitive customer data (e.g.,
usage info, govt. ID information, credit
card details, etc.) – extraction of such
data, including union employee healthcare
information
Productivity impacts
Risks to utilities capacity, delivery
and overall ability to provide a
consistent product/service to their
customer base
CYBER ATTACKS
The balance of risk for energy and utility organizations is unique

7. A view of a transformed security environment
Current Environment Transformed Environment
Security Model based on
Defense in Depth
Security Model based on
Rapid Detection + Rapid Response
Security Operations
Steady State and Reactive
Security Operations
Elastic and Agile
Governance, Risk & Compliance
IT and Compliance Focused
Governance, Risk & Compliance
Enterprise Risk Management
Functional Domains
IT, OT, Telecom, Physical Silos
Functional Domains
Converged
Security Analysis
Manual and Fragmented
Security Analysis
Analytics and Intelligence

8. Reduce risks through greater visibility
Security
Intelligence is
BIG DATA
Develop greater visibility via security intelligence
and big data analytics

9. Client requirements:
A Threat and Risk Assessment review was conducted for a Danish energy company’s
new Smart Grid DMS (Distribution Management System)/SCADA design and architecture.
The purpose of the assessment was to identify and understand the transformational
DMS architecture risks through a “Threat Based” architectural review.
Solution:
The engagement included review and assessment through interviews, observations,
documentation reviews, industry best practices and a cross-business threat analysis and
change workshop.
Key Deliverables included: Threat Matrix Heat Map, DMS Threat and Impact Assessment,
DMS Design Considerations, DMS Security Roadmap
• Identified gaps
in architectural
design from un-
anticipated
threats
• Road map allow
prioritizing of
quick wins and
security
investment by risk
Benefits:
Country: Denmark
Security area: SCADA Threat and Risk Assessment review
• Greater
understanding
of risk exposure
across business
units from cyber
threats
DONG Energy identifies and understands risks in its smart grid
DMS/SCADA design and architecture with a threat review

10. What the analysts are saying about IBM
Gartner
Global Managed Security Services
Providers (MSSPs)
Strengths:
 IBM uses self-developed technology for data
collection, correlation, log query and reporting, and
ticketing/workflow.
 IBM has four North American SOCs, two in Europe,
two in Asia/Pacific, and two in other regions.
 IBM's advanced analytics and targeted attack
detection capabilities are embedded in its MSS and
hosted SIEM offerings, and are supported by IBM and
third-party technology deployed by customers.
 Gartner customers often include IBM in competitive
MSS evaluations, and IBM has high visibility in North
American, Asia/Pacific, and European markets.
 IBM's MSS capabilities include support for a
customer-deployed SIEM (from IBM and others) that
is integrated into its standard MSS offerings.
 IBM is a large, stable provider of security services
and products with global delivery capabilities.
The Bottom Line:
Enterprises with global service delivery requirements,
and those with strategic relationships with IBM, should
consider IBM for MSSs.

11. 2014 Gartner Magic Quadrant
for SIEM: LINK
IBM Security QRadar SIEM is #1 on “Ability to
Execute” (the Y-axis) AND on “Completeness of
vision” (the X-axis)
IBM Internal and BP Use Only
What the analysts are saying about IBM
IBM Security QRadar is in the SIEM
Leadership Quadrant for Sixth Straight Year
 Ability to execute is an assessment of overall
viability, product service, customer
experience, market responsiveness, product
track record, sales execution, operations, and
marketing execution.
 Completeness of Vision is a rating of product
strategy, innovation, market understanding,
geographic strategy, and other factors
 IBM Press Release: LINK

12. Download the
Cyber Security
Intelligence
Index for
Energy and
Utilities
Read the
white paper:
Responding to—
and recovering
from—
sophisticated
security attacks
Read the
white paper:
How Mature is your
cyber-security risk
management?
Download the
white paper:
Best practices for
cyber security in
the electric power
sector
Learn more – select publications

13. CONTINUOUS ENGINEERING
Managing Security and Safety through

14. Source: Schneider Electric
Safety is accounted for during System Development
65% of incidents involving process control systems occur during the specification,
design, installation and commissioning phases of the product implementation.

15. 15
Challenges We Face in the Power Industry (e.g. Nuclear)
 Radioactive Waste
 The impact on water resources,
aquatic habitats, and wildlife
Key drivers for Nuclear Energy Regulatory and Compliance Projects
Ensuring
Compliance
Environment
alSafety and
Security
 Protect confidentiality,
integrity, privacy, and
assurance of utility systems
 Protect the public in the
event of a serious reactor
accident.
 Assure a regulatory
environment for the continued
safe and efficient operation of
nuclear plants.
 Provides the governance,
oversight, and support to
assure corporate and site
regulatory and emergency
preparedness activities meet
corporate needs and
regulatory requirements.
Environmental
Impact

16. 1. Requirements grow and change at rates in excess of 1 percent per
calendar month.
2. Few applications include greater than 80 percent of user requirements in
the first release.
3. Some requirements are dangerous or “toxic” and should not be included.
4. Some applications are overstuffed with extraneous features no one asked
for.
5. Most software applications are riddled with security vulnerabilities.
6. Errors in requirements and design cause many high-severity bugs.
7. Effective methods such as requirement and design inspections are
seldom used.
8. Standard, reusable requirements and designs are not widely available.
9. Mining legacy applications for “lost” business requirements seldom occurs.
10. The volume of paper documents may be too large for human
understanding.
10 of the top issues with requirements
Packaged applications create certain issues
Software Engineering Best Practices: Lessons from Successful Projects in the Top Companies by Capers Jones

17. 17
Most enterprises have an inadequate compliance platform
Compliance
Documents
Costly manual effort to aggregate and analyze
for Completeness and Redundancy
Spreadsheets and word
processors
Document Management
Systems
Inadequate
tools
•Insufficient access controls
•Does not support distributed teams
•Cannot analyze the content of the
documents
•Information is not linked and offers no
traceability

18. 18
Information Traceability - “Chaos to Order”
structured,
linked and
traced at
statement
level,
are
imported,
to produce
reports of
managed
information
Non-
integrated
project data
Autonomous
Word/Excel
Documents
with related
& dependent
Information
between them

19. Requirements have multiple dimensions
Functional
Safety
Procedural
Technical
Specs
Requirements
Management
Pumps,
Valves,
Hardware
Level-1,
Level-2,
….
Security,
Cooling,
….
I&C,
Software,
….
Business
Contractual
Traceability
Impact
Dependency
Detailed Requirements cover more than just software
Requirements Areas

20. 20
Impact Analysis: studied before changes are made
10 CFR Part 72 – related to
Nuclear Cyber Security
NEI is the industry trade
group that interpreted and
proposed a response to the
CFR
Determined by technical
SMEs in each utility.
Varies from site to site
Determined by technical
SMEs in each utility.
Varies from site to site

21. 21
Asset inventory showing which system(s) use the assets (“where used)
A given asset can “touch” multiple
critical systems.
A critical “system” is typically
composed of multiple Critical Digital
Assets (CDAs)

22. 22
Cause and Mitigation – Reactor Auxiliary Feedwater Inspection Guide

23. US Department of Energy (DOE) - Yucca Mountain Repository
Requirements in ~20 areas managed with DOORS
Emergency Mgt.
Safety and Heath
Safeguards & Security
The program used Rational’s DOORS product to develop an extensive requirements
database to track and manage an extremely broad range of program and regulatory
requirements ranging from US CFRs to Contract Requirements.
Customer example

24. Auto-generation of safety-relevant report
Fault Source Matrix, Fault Detection Matrix, Fault-Requirement Matrix, Hazard Analysis…
• Traceability improves the
ability to enforce safety
• Safety metadata guides
downstream engineering work

25. 25
Epic B
Story 1
Story 2
Story 3
Dev Actions in support of a
Business Requirements and
IEC 61508 standard and
guideline
The prioritized set of Epics
supporting Business
requirements that need to
be addressed and/or not
scheduled for
The set of Epics which are
scheduled for the a
different major release.
Specific Stories and Tasks to
implement the Planned Epics.
Developing Control System
For example: Intelligent Electric Devices (IED)
Incoming Business
Dev Actions
Project/product
Milestone & Backlog
Release Milestone
and Backlog/Plan
Dev Action Epic A
Dev Action
Story 4
Epic C
Top-level
safety
function
Component/Iteration
Plan
Story 5
Epic D
#technical
Agile Project PlanningRequirements

26. RM tool Imports IEC 61508 requirement guidelines
26
Link each requirement guideline to techniques/measure that we
should follow

27. Traceability from requirements to Software requirements
implementation state
27

28. Linking from each requirement guideline to the techniques/measures and
System Integrity level (SILs)
28

29. Linking from each requirement guideline from IEC 61508-2 to the
techniques/measures and System Integrity level (SILs) in part 7
29

30. 30
Text based approaches introduce risk into the project
Method Requirements Completeness Requirements Defects per
Function Point
Dynamic Modeling 97% 0.10
Quality Functional Deployment 96% 0.25
Requirements Inspections 95% 0.10
Use Cases 80% 0.80
Energy Legacy Applications 70% 0.20
Prototyping 62% 0.55
Information Requirements
Gathering
57% 1.00
Normal Text Documents 50% 1.10
Requirements Methods (Capers 2010)

31. 31
*Forrester Research Inc, October 23, 2012. Forrester Research, The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester
Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments.
Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are
subject to change.
IBM Rational Recognized As A Leader in ALM
Report Highlights
• Highest Scores among all vendors for
Current Offering & Strategy“
• “Not only has IBM continued
development of its strong suite of
products, but it has also stitched them
together in a more coherent way.”
• [IBM] has also made clearer the use
cases it supports ... such as Agile teams
and embedded software development"
The Forrester WaveTM: Application Life-cycle Management*
Link to report

32. DESIGN COMPLIANCE

33. Creating Architectural (e.g. SOA) Safety View in
UML/SysML

34. • UML can be extended to
model metadata beyond its
standard usage, for example
• UML Profile for
Schedulability
Performance and Time
(SPT)
• Model Analysis of Real-
Time Systems (MARTE)
• Systems Modeling
Language (SysML)
• UML Profile for DoDAF
and
MoDAF (UPDM)
• A safety critical profile can be
developed that provides
• FTA diagrams
• FMEA and fault views
• Hazard analysis table
view
Safety-Critical Profile in UML

35. Model-Based Safety Analysis
Link to requirements
Link to manifestors
Link to extenuators Link to detectors

36. 36
Design Standard: CIM - application and data integration and analysis
• IEC CIM v13 – Combined 61968 and 61970 models
• IEC CIM Model Transformation Plug-in (Harvested from AEP)
• EPRI Intelligrid Use Cases (Partial)
Innovation for a smarter planet

37. IBM Solutions for Systems and Software
Engineering (SSE)
QUALITY MANAGEMENT
Achieve “quality by design” with an
integrated, automated testing process
Rational Quality Manager
ARCHITECTURE & DESIGN
Use modeling to validate requirements, architecture
and design throughout the development process
Rational Rhapsody
REQUIREMENTS MANAGEMENT
Manage all system requirements
with full traceability across the lifecycle
Rational DOORS
COLLABORATION, PLANNING & CHANGE MANAGEMENT
Collaborate across diverse engineering disciplines and development teams
Rational Team Concert
Open Services for Lifecycle Collaboration

38. 38
Deployment for Development: Dong Energy
CIM
Control
CIM
Monitoring
T&D
System
Dong E
Applications
Control
System
Monitoring
System
IBM
Modeling
Solutions
Websphere
Servers
Rational
Development
Solutions
•WebSphere
Application Server
•WebSphere
Message Broker
•RAD
•ILOG JRules

39. Continuous Engineering Reference
SE for
Dummies
Book

40. − https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-
CERT_Monitor_%20Jan-April2014.pdf
− http://www.reuters.com/article/2014/05/21/us-usa-cybercrime-infrastructure-
idUSBREA4J10D20140521
− http://leblog.gdfsuez-dolcevita.fr/2014/03/13/alerte-securite-attention-au-
phishing/
− https://threatpost.com/shodan-search-engine-project-enumerates-internet-
facing-critical-infrastructure-devices-010913/77385
− http://www.shodanhq.com
− http://scadastrangelove.org
− http://www.digitalbond.com/tools/basecamp/
− http://blogs.computerworld.com/cybercrime-and-hacking/23402/hackers-
exploit-scada-holes-take-full-control-critical-infrastructure
Additional References

41. Questions?

42. © 2012 IBM Corporation
Building a smarter planet
© Copyright IBM Corporation 2011. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of
any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to,
nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing
the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release
dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment
to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the
International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
www.ibm.com/software