SlideShare ist ein Scribd-Unternehmen logo

Standards based security for energy utilities

Nirmal Thaliyil
Nirmal Thaliyil

This is a white paper on Standards Based Security for Energy Utilities.

Ingenieurwesen
1 von 6
Downloaden Sie, um offline zu lesen
sales@kalkitech.com | www.kalkitech.com 1 White Paper Standards-based Security for Energy Utilities Introduction There are a multitude of factors increasing the number and severity of cyber threats and vulnerabilities in the energy sector. With the adoption of intelligent distributed technologies that enable remote control and/or monitoring and advanced analytics, more critical data is traversing communication networks necessitating stronger security. In this paper we examine the unique aspects of cybersecurity in energy along with the various applicable industry standards and best practices for reducing risk. Major Drivers for Change The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is focused on control system security issues with the objective of providing information to help in reducing risk. ICS-CERT analyzed a subset of the total number of vulnerabilities reported and determined that the average Common Vulnerability Scoring System (CVSS) score for reported vulnerabilities for the year 2016 was 7.8/10. And 73.8 percent of the vulnerabilities, have CVSS scores of seven and above. A CVSS score of seven or above indicates that these vulnerabilities, if exploited, have the potential to have a high or critical impact. The majority of vulnerabilities tracked by ICS-CERT were most commonly associated with the energy sector. A successful cyberattack in the energy sector could have important consequences or implications, beyond those of just the facility or the organization, due to the critical nature of their services to other organizations that rely on energy to function. One of the illustrious cases in 2016 was that attackers successfully blacked out a portion of Kiev, the capital city of Ukraine, using malware capable of deleting data and causing physical damage to industrial control systems. The energy industry is expected to continue to be a high priority target for threat actors, particularly given its importance to national and economic security. However, by acknowledging the threats, performing a comprehensive and recurring risk assessment, and implementing a mitigation strategy, organizations can be in position to prevent cyberattacks.
sales@kalkitech.com | www.kalkitech.com 2 There are several factors which could cause an increase in threats and vulnerability trends in the energy sector. Until recently, utilities have primarily relied on serial comunications or a dedicated and isolated control and automation network. With the evolution in device technologies and support for more advanced data processing mechanisms deployed at field and central locations, more data needs to be transferred from the field to a central location in near real-time. Earlier communication technology needed to evolve to provide greater bandwidth. Convergence of operational technology (OT) and information technology (IT) infrastructure has enabled bidirectional flow of information and more advanced data analysis, interconnecting more devices and systems than ever before. Secure connectivity enables both energy providers and consumers alike to reap the benefits of an increasingly connected world. It is critical that security be standards-based so that vendors and asset owners/operators can identify security vulnerabilities and develop effective mitigation strategies in a timely manner. Standards-based security solutions help ensure interoperability and availability of affordable and secure solutions in a rapidly evolving environment. It is achieved by combining robust digital certificate- based authentication with strong encryption at the network level to conceal device and other sensitive information as well as implementing application layer security to ensure authentication, authorization and accounting on any operations. There are several industry standard initiatives, of which NERC CIP, IEEE1686 and IEC 62351 are the most advanced and should be considered by utilities in developing overall cybersecurity policies and practices. Overview of Energy-Focused Cybersecurity Standards IEEE1686 and C37.240 Intelligent Electronic Devices (IED) Cybersecurity Capabilities This standard describes IED cybersecurity capabilities. It also defines functions and features that must be provided in substation IEDs to accommodate critical infrastructure protection programs. It addresses security in terms of access, operation, configuration, firmware revision, and data retrieval from IEDs. Security functionality with respect to confidentiality of the transmission of data is not part of this standard. The system aspects are addressed by the IEEE C37.240. IEC 62351 Power Systems Management and Associated Information Exchange – Data and Communication Security A goal of IEC 62351 is the assurance of end-to-end security, which can be achieved on different OSI levels. The standard comprises multiple parts to cover the security of data in motion as well as at rest. The standard also provides general guidelines for designing power systems with security in mind. Portions of IEC 62351 covers different scenarios and applies directly to substation automation deploying IEC 61850 and IEC 60870-x protocols as well as to adjacent communication protocols supporting energy automation, like ICCP (TASE.2) used for inter-control center communication. NERC CIP NERC CIP standard is one of the mandatory standards issued by NERC in order to protect critical infrastructures and is used to secure bulk electric systems. NERC CIP provides a suite of standards that ensures the overall security of computing systems that directly manage the power grids and all supported subsystems or resources. These standards are mapped into four quadrants based on the levels of detail by which each addresses the security requirement and solution: • Details for Operation: Organizational and procedural means applicable for all or selected actors. • Devices and Equipment: Directly influences component and/or system functionality and needs to be considered during product design and/or development. It addresses technology to be used to integrate a security measure. • Design Details: Describes the implementation of security in enough detail to achieve interoperability between different vendors' products for standards on a technical level and/or procedure to be followed for standards addressing organizational means. • Completeness: Addresses not only one specific security measure but addresses the complete security framework, including technical and organizational. WHITEPAPER
sales@kalkitech.com | www.kalkitech.com 3 Mapping security standards per the above classification provides scope on the level of detail each standard address on an abstract level. Moreover, it also addresses the relevance of the standards for organizations (utilities /operators) as well as products and services (manufacturer or service providers). Design Details Technical Aspects Devices and Equipment Governance and Policy Aspects Completeness Operations Diagram recreated and modified from source: CEN-CENELEC-ETSI Smart Grid Coordination Group Report Figure 1: Quadrant Mapping of Standards Cybersecurity Best Practices Best practices for cybersecurity should include both technological as well as operational controls of the system. Technological control includes strategies adopted for cybersecurity protection, detection of vulnerabilities and response to incidents. Operational aspects include polices, procedure and guidelines defined by the utilities and industries to effectively manage attacks. Utilities must continuously monitor and adapt these practices as attackers continue to evolve and find new ways to access critical systems. Below is the mapping between technological controls with the various security standards defined for utilities. Protection • Hardening • Edge firewall • Authentication, digital signature and access control • Data encryption • Validation Detection • Audit trail • Security events and alarm logging • Analysis tools Response • Network management service • Remote key and certificate management process • Patching, backup and recovery Figure 2: Mapping of Technological Controls WHITEPAPER
sales@kalkitech.com | www.kalkitech.com 4 Protection Hardening of the devices is the first step which needs to be part of protection. Any devices or equipment deployed on a physically secured system should have restricted access for management and operation of the device. Any super user or root access to the devices should be provisioned only for local access. For remote access by system or security administrator should always require two-factor authentication to ensure that attackers cannot get into the system or devices even if one of the authentication mechanisms is compromised. All passwords should be enforced as per password policy outlined in CIP-007-5 R5 (5.5) and it should be rotated at a minimum, every 15 months CIP-007- 5 R5 (5.6). CIP-007-6 R5.7 also mandates that if any user has failed to login to the device after a defined maximum number of retry attempts, their account should be locked out for a specified period as defined by the asset owners. All perimeter equipment must have a built- in firewall as per NERC CIP 005. It should be possible for users to control the physical port as well as the logical port of the devices. It is an important defense tool which protects network assets from external attacks. Firewalls should be flexible enough to be configured for inbound and outbound traffic policies on each interface and local ports. After physical protection the next priority is for security of data in motion, at rest and in use. Confidentiality and integrity of the data is ensured by encrypting the data in all the states mentioned above. Algorithms and protocols used for data encryption should be per the standard to have a truly vendor independent system. IEC62351- 3 substandard defines the standard mechanism on implementing TLS-based security for all TCP- based communication used in utility networks. This is a generic standard which can be applied across all utility protocols including DNP3.0, IEC 60870-5-104, Modbus, IEC 61850, etc. WHITEPAPER 230,000 new malware samples are produced every day — and this is predicted to only keep growing. By 2020 there will be roughly 200 billion connected devices How long would it take to detect configuration changes to endpoint devices in organization’s network? Source: Panda Security Source: Tripwire Minutes Hours Days Weeks Months and longer Associated services including network management, time synchronization, file transfer terminal access used in the utility network, should mandate the use of only the secure version of the protocols. Network management should be enabled only if the devices have Simple Network Management Protocol version 3 (SNMPv3) or IETF RFC 7252 CoAP; similarly, only Network Time Protocol version 4 (NTPv4) should be used. File transfer from devices and system if used should mandate only Secure File Transfer mechanism (SFTP/SCP). Online and offline device access should be over a secure link. If any offline configuration tool connects with a device, it should be compliant with IETF TLS 1.2 tunnel. Web access for configuration or monitoring should be over Hyper Text Transfer Protocol Secure (HTTPS) or using a secure proxy channel connected on a TLS1.2 tunnel.
sales@kalkitech.com | www.kalkitech.com 5 As more and more devices and software system are connected and exchange information, there is a strong need for device identification and access control, specifically, each device and users should be required to present authentication credentials and be verified by an authority to establish the trust before allowing connectivity to the system. Centrally deployed Identity and Access Management (IAM) systems based on Pubic Key Infrastructure (PKI) should act as authority for the authorization of an entity. It ensures that access to a utility system is granted only to authenticated users, groups and software services. PKI cryptographic technique enables entities to securely communicate (encrypt communications using TLS), and reliably verify the identity of an entity via X.509 certificates with digital signatures. Standards for use of certificates within the utility industry includes IEC62351-8 (role-based access control) using attribute certificate or IETF RFC 6960 OCSP. Adigital signature can be used to validate the source and integrity of any information shared between entities. Firmware, configuration file and licenses are examples of the information which needs to be transferred to devices. Information should only be used if the signature appended in it is validated successfully. Security standard IEC 62351-5 defines challenge-response mechanism in telemetry protocols such as DNP3.0 (IEEE1815) and IEC 60870-5 derivatives to verify the control operations in real time. IEC 62056 standard defines authentication and encryption of data used for DLMS-COSEM protocol for meter data exchange. Detection Utilities should invest in threat detection technologies to receive an alert of a potential threat. Monitoring and threat detection tools help to identify and locate intrusions and anomalies in the system. Some of these solutions can also isolate threats early and occlude the attack which could potentially spread to other parts of the system. Detection systems need to identify information about the device type, location, activity, etc. Furthermore, this information must be captured, analyzed, stored, and shared among auditors and security analysts. IEEE1686 and CIP 007 mandates logging this information as syslog for centralized analysis. Syslog can be used to log security incidents generated by system elements as well as user actions in the form of audit trails. User access logs can track operations made to device settings and configuration. It is also mandatory to ensure that all devices have adequate backup for at least 90 days for root cause analysis. IEEE1686 also defines events and alarms which need to be captured by any IEDs such as device reboot, unauthorized access, updates, setting changes, etc. Response A proactive response plan includes policy and operational mechanisms for the management of cybersecurity vulnerabilities reported or detected in all the devices and software, to manage the risks arising thereof. Utilities should ensure that all systems and devices are updated and patched regularly. Vendors should regularly monitor the security vulnerabilities in their products. Whenever a security vulnerability is reported, it should be thoroughly evaluated and analyzed in detail and once confirmed, notify in a public forum to share the information with product users and keep them updated. Alternately or additionally, the reporter may also directly submit the report to ICS CERT, CERT-IN or any other national CERT body designated that handles security vulnerabilities. If the system has initiated an attack response plan it should document the tools and procedures which help in recovering the system from the attack and analyzing the data to help accelerate system recovery from a similar attack in the future. The response plan should include in-depth analysis of the incident including logs, event and alarm lists which could indicate the path of the attack. A recovery strategy should also include redundancy and regular data backup to ensure restoration of operations. Response is effective only with strong policies and procedures. WHITEPAPER 81 percent of data breach victims do not have a system in place to self-detect data breaches. A single data breach will cost the average company $3.8 million. And will exceed $150 million by 2020. Source: Juniper Research Average number of days to resolve a cyber-attack is $32 days Source: KRYPSYS
WHITEPAPER References https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS-CERT_2016_Annual_Vulnerability_ Coordination_Report_S508C.pdf https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/FY2016_Industrial_Control_Systems_Assessment_ Summary_Report_S508C.pdf http://www.cencenelec.eu/standards/Sectors/SustainableEnergy/SmartGrids/Pages/default.aspx https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/ https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion https://www.krypsys.com/hacking-2/cyber-attacks-becoming-increasingly-costly-can-business-really-afford-protect- attacks Corporate Headquarters: Bangalore, India U.S. Headquarters: Campbell, California Sales Office: United Arab Emirates www.kalkitech.com sales@kalkitech.com © 2019 Kalkitech Inc. Version: 1.01.012019 6 Conclusion Cybersecurity solutions for utilities is unique. Systems used in the utility industry often have a life of at least 20 years unlike what is seen in other industries where technology is updated more frequently. Therefore, it is critical to design a security solution which incorporates a strategy to protect legacy and newer devices, protocols and software to meet the requirement of transmission and distribution operators, regulatory bodies along with various new stakeholders including IT and OT technical experts, compliance and analytics team. About Kalkitech Kalkitech helps energy utilities around the globe in enabling and transforming grid communications, improving reliability and energy efficiency. Its solutions enable customers to implement mission-critical applications ranging from advanced metering and distribution automation to wide area monitoring, substation automation and power plant optimization. Kalkitech invests extensively in research and development in areas such as power systems engineering, thermal engineering, control theory and communication and information technology. By building expertise, the company creates robust standards-based communication and optimization solutions and products for modernization of utilities, helping them to harness the power of grid data.

Empfohlen

02 ibm security for smart grids
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart gridsIBM Italia Web Team
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammondPROFIBUS and PROFINET InternationaI - PI UK
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
NetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesNetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
 

Empfohlen

02 ibm security for smart grids
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart gridsIBM Italia Web Team
 
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsPractical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart gridsSergey Gordeychik
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammondPROFIBUS and PROFINET InternationaI - PI UK
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
NetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesNetSpi Whitepaper: Hardening Critical Systems At Electrical Utilities
NetSpi Whitepaper: Hardening Critical Systems At Electrical UtilitiesCoreTrace Corporation
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Nist.sp.800 82r2
Nist.sp.800 82r2Nist.sp.800 82r2
Nist.sp.800 82r2vimal Kumar Gupta
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?VISTA InfoSec
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
From Air Gap to Air Control
From Air Gap to Air ControlFrom Air Gap to Air Control
From Air Gap to Air ControlEnergySec
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksInternational Journal of Engineering Inventions www.ijeijournal.com
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksMaurice Dawson
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati
 

Weitere ähnliche Inhalte

Was ist angesagt?

Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNorth Texas Chapter of the ISSA
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?VISTA InfoSec
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
From Air Gap to Air Control
From Air Gap to Air ControlFrom Air Gap to Air Control
From Air Gap to Air ControlEnergySec
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Networks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksMaurice Dawson
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...Eran Goldstein
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 

Was ist angesagt? (20)

Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin WheelerNTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler
 
Nist.sp.800 82r2
Nist.sp.800 82r2Nist.sp.800 82r2
Nist.sp.800 82r2
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
From Air Gap to Air Control
From Air Gap to Air ControlFrom Air Gap to Air Control
From Air Gap to Air Control
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Protecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber AttacksProtecting Infrastructure from Cyber Attacks
Protecting Infrastructure from Cyber Attacks
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabili...
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- Insurance
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 

Ähnlich wie Standards based security for energy utilities

White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesDr Dev Kambhampati
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
Light sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperLight sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperGeorge Wainblat
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial Systemiosrjce
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptDelforChacnCornejo
 
Securing the Digital Frontier: SecurityGen's Telecom Cybersecurity Solutions
Securing the Digital Frontier: SecurityGen's Telecom Cybersecurity SolutionsSecuring the Digital Frontier: SecurityGen's Telecom Cybersecurity Solutions
Securing the Digital Frontier: SecurityGen's Telecom Cybersecurity SolutionsSecurityGen1
 
Guardians of Connection: Signalling Protection in the Digital Age
Guardians of Connection: Signalling Protection in the Digital AgeGuardians of Connection: Signalling Protection in the Digital Age
Guardians of Connection: Signalling Protection in the Digital AgeSecurityGen1
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automationjohnnywess
 
Creating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management SystemCreating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management SystemSchneider Electric
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceCoreTrace Corporation
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:CoreTrace Corporation
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED
 
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...Schneider Electric
 

Ähnlich wie Standards based security for energy utilities (20)

White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Light sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperLight sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paper
 
Privacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial SystemPrivacy Protection in Distributed Industrial System
Privacy Protection in Distributed Industrial System
 
F017223742
F017223742F017223742
F017223742
 
Industrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphyIndustrial networks safety & security - e+h june 2018 ben murphy
Industrial networks safety & security - e+h june 2018 ben murphy
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
Securing the Digital Frontier: SecurityGen's Telecom Cybersecurity Solutions
Securing the Digital Frontier: SecurityGen's Telecom Cybersecurity SolutionsSecuring the Digital Frontier: SecurityGen's Telecom Cybersecurity Solutions
Securing the Digital Frontier: SecurityGen's Telecom Cybersecurity Solutions
 
Guardians of Connection: Signalling Protection in the Digital Age
Guardians of Connection: Signalling Protection in the Digital AgeGuardians of Connection: Signalling Protection in the Digital Age
Guardians of Connection: Signalling Protection in the Digital Age
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automation
 
Creating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management SystemCreating a Reliable and Secure Advanced Distribution Management System
Creating a Reliable and Secure Advanced Distribution Management System
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:
 
IJSRED-V2I2P15
IJSRED-V2I2P15IJSRED-V2I2P15
IJSRED-V2I2P15
 
OT_Security.pptx
OT_Security.pptxOT_Security.pptx
OT_Security.pptx
 
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...
 

Mehr von Nirmal Thaliyil

Remote management and data access of solar pv systems
Remote management and data access of solar pv systemsRemote management and data access of solar pv systems
Remote management and data access of solar pv systemsNirmal Thaliyil
 
Cloud based dlms cosem metering head end
Cloud based dlms cosem metering head endCloud based dlms cosem metering head end
Cloud based dlms cosem metering head endNirmal Thaliyil
 
Secure remote device access
Secure remote device access Secure remote device access
Secure remote device access Nirmal Thaliyil
 
Monitoring MV& LV Distribution assets using LoRaWAN
Monitoring MV& LV Distribution assets using LoRaWANMonitoring MV& LV Distribution assets using LoRaWAN
Monitoring MV& LV Distribution assets using LoRaWANNirmal Thaliyil
 
Enabling utility protocols in Edge gateways
Enabling utility protocols in Edge gatewaysEnabling utility protocols in Edge gateways
Enabling utility protocols in Edge gatewaysNirmal Thaliyil
 
Distribution Automation based on IEC61850
Distribution Automation based on IEC61850Distribution Automation based on IEC61850
Distribution Automation based on IEC61850Nirmal Thaliyil
 
Secured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation AutomationSecured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation AutomationNirmal Thaliyil
 

Mehr von Nirmal Thaliyil (8)

Remote management and data access of solar pv systems
Remote management and data access of solar pv systemsRemote management and data access of solar pv systems
Remote management and data access of solar pv systems
 
Cloud based dlms cosem metering head end
Cloud based dlms cosem metering head endCloud based dlms cosem metering head end
Cloud based dlms cosem metering head end
 
Secure remote device access
Secure remote device access Secure remote device access
Secure remote device access
 
Monitoring MV& LV Distribution assets using LoRaWAN
Monitoring MV& LV Distribution assets using LoRaWANMonitoring MV& LV Distribution assets using LoRaWAN
Monitoring MV& LV Distribution assets using LoRaWAN
 
Enabling utility protocols in Edge gateways
Enabling utility protocols in Edge gatewaysEnabling utility protocols in Edge gateways
Enabling utility protocols in Edge gateways
 
Ami system using dlms
Ami system using dlmsAmi system using dlms
Ami system using dlms
 
Distribution Automation based on IEC61850
Distribution Automation based on IEC61850Distribution Automation based on IEC61850
Distribution Automation based on IEC61850
 
Secured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation AutomationSecured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation Automation
 

Kürzlich hochgeladen

Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction managementMariconPadriquez1
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 

Kürzlich hochgeladen (20)

Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction management
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 

Standards based security for energy utilities

  • 1. sales@kalkitech.com | www.kalkitech.com 1 White Paper Standards-based Security for Energy Utilities Introduction There are a multitude of factors increasing the number and severity of cyber threats and vulnerabilities in the energy sector. With the adoption of intelligent distributed technologies that enable remote control and/or monitoring and advanced analytics, more critical data is traversing communication networks necessitating stronger security. In this paper we examine the unique aspects of cybersecurity in energy along with the various applicable industry standards and best practices for reducing risk. Major Drivers for Change The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is focused on control system security issues with the objective of providing information to help in reducing risk. ICS-CERT analyzed a subset of the total number of vulnerabilities reported and determined that the average Common Vulnerability Scoring System (CVSS) score for reported vulnerabilities for the year 2016 was 7.8/10. And 73.8 percent of the vulnerabilities, have CVSS scores of seven and above. A CVSS score of seven or above indicates that these vulnerabilities, if exploited, have the potential to have a high or critical impact. The majority of vulnerabilities tracked by ICS-CERT were most commonly associated with the energy sector. A successful cyberattack in the energy sector could have important consequences or implications, beyond those of just the facility or the organization, due to the critical nature of their services to other organizations that rely on energy to function. One of the illustrious cases in 2016 was that attackers successfully blacked out a portion of Kiev, the capital city of Ukraine, using malware capable of deleting data and causing physical damage to industrial control systems. The energy industry is expected to continue to be a high priority target for threat actors, particularly given its importance to national and economic security. However, by acknowledging the threats, performing a comprehensive and recurring risk assessment, and implementing a mitigation strategy, organizations can be in position to prevent cyberattacks.
  • 2. sales@kalkitech.com | www.kalkitech.com 2 There are several factors which could cause an increase in threats and vulnerability trends in the energy sector. Until recently, utilities have primarily relied on serial comunications or a dedicated and isolated control and automation network. With the evolution in device technologies and support for more advanced data processing mechanisms deployed at field and central locations, more data needs to be transferred from the field to a central location in near real-time. Earlier communication technology needed to evolve to provide greater bandwidth. Convergence of operational technology (OT) and information technology (IT) infrastructure has enabled bidirectional flow of information and more advanced data analysis, interconnecting more devices and systems than ever before. Secure connectivity enables both energy providers and consumers alike to reap the benefits of an increasingly connected world. It is critical that security be standards-based so that vendors and asset owners/operators can identify security vulnerabilities and develop effective mitigation strategies in a timely manner. Standards-based security solutions help ensure interoperability and availability of affordable and secure solutions in a rapidly evolving environment. It is achieved by combining robust digital certificate- based authentication with strong encryption at the network level to conceal device and other sensitive information as well as implementing application layer security to ensure authentication, authorization and accounting on any operations. There are several industry standard initiatives, of which NERC CIP, IEEE1686 and IEC 62351 are the most advanced and should be considered by utilities in developing overall cybersecurity policies and practices. Overview of Energy-Focused Cybersecurity Standards IEEE1686 and C37.240 Intelligent Electronic Devices (IED) Cybersecurity Capabilities This standard describes IED cybersecurity capabilities. It also defines functions and features that must be provided in substation IEDs to accommodate critical infrastructure protection programs. It addresses security in terms of access, operation, configuration, firmware revision, and data retrieval from IEDs. Security functionality with respect to confidentiality of the transmission of data is not part of this standard. The system aspects are addressed by the IEEE C37.240. IEC 62351 Power Systems Management and Associated Information Exchange – Data and Communication Security A goal of IEC 62351 is the assurance of end-to-end security, which can be achieved on different OSI levels. The standard comprises multiple parts to cover the security of data in motion as well as at rest. The standard also provides general guidelines for designing power systems with security in mind. Portions of IEC 62351 covers different scenarios and applies directly to substation automation deploying IEC 61850 and IEC 60870-x protocols as well as to adjacent communication protocols supporting energy automation, like ICCP (TASE.2) used for inter-control center communication. NERC CIP NERC CIP standard is one of the mandatory standards issued by NERC in order to protect critical infrastructures and is used to secure bulk electric systems. NERC CIP provides a suite of standards that ensures the overall security of computing systems that directly manage the power grids and all supported subsystems or resources. These standards are mapped into four quadrants based on the levels of detail by which each addresses the security requirement and solution: • Details for Operation: Organizational and procedural means applicable for all or selected actors. • Devices and Equipment: Directly influences component and/or system functionality and needs to be considered during product design and/or development. It addresses technology to be used to integrate a security measure. • Design Details: Describes the implementation of security in enough detail to achieve interoperability between different vendors' products for standards on a technical level and/or procedure to be followed for standards addressing organizational means. • Completeness: Addresses not only one specific security measure but addresses the complete security framework, including technical and organizational. WHITEPAPER
  • 3. sales@kalkitech.com | www.kalkitech.com 3 Mapping security standards per the above classification provides scope on the level of detail each standard address on an abstract level. Moreover, it also addresses the relevance of the standards for organizations (utilities /operators) as well as products and services (manufacturer or service providers). Design Details Technical Aspects Devices and Equipment Governance and Policy Aspects Completeness Operations Diagram recreated and modified from source: CEN-CENELEC-ETSI Smart Grid Coordination Group Report Figure 1: Quadrant Mapping of Standards Cybersecurity Best Practices Best practices for cybersecurity should include both technological as well as operational controls of the system. Technological control includes strategies adopted for cybersecurity protection, detection of vulnerabilities and response to incidents. Operational aspects include polices, procedure and guidelines defined by the utilities and industries to effectively manage attacks. Utilities must continuously monitor and adapt these practices as attackers continue to evolve and find new ways to access critical systems. Below is the mapping between technological controls with the various security standards defined for utilities. Protection • Hardening • Edge firewall • Authentication, digital signature and access control • Data encryption • Validation Detection • Audit trail • Security events and alarm logging • Analysis tools Response • Network management service • Remote key and certificate management process • Patching, backup and recovery Figure 2: Mapping of Technological Controls WHITEPAPER
  • 4. sales@kalkitech.com | www.kalkitech.com 4 Protection Hardening of the devices is the first step which needs to be part of protection. Any devices or equipment deployed on a physically secured system should have restricted access for management and operation of the device. Any super user or root access to the devices should be provisioned only for local access. For remote access by system or security administrator should always require two-factor authentication to ensure that attackers cannot get into the system or devices even if one of the authentication mechanisms is compromised. All passwords should be enforced as per password policy outlined in CIP-007-5 R5 (5.5) and it should be rotated at a minimum, every 15 months CIP-007- 5 R5 (5.6). CIP-007-6 R5.7 also mandates that if any user has failed to login to the device after a defined maximum number of retry attempts, their account should be locked out for a specified period as defined by the asset owners. All perimeter equipment must have a built- in firewall as per NERC CIP 005. It should be possible for users to control the physical port as well as the logical port of the devices. It is an important defense tool which protects network assets from external attacks. Firewalls should be flexible enough to be configured for inbound and outbound traffic policies on each interface and local ports. After physical protection the next priority is for security of data in motion, at rest and in use. Confidentiality and integrity of the data is ensured by encrypting the data in all the states mentioned above. Algorithms and protocols used for data encryption should be per the standard to have a truly vendor independent system. IEC62351- 3 substandard defines the standard mechanism on implementing TLS-based security for all TCP- based communication used in utility networks. This is a generic standard which can be applied across all utility protocols including DNP3.0, IEC 60870-5-104, Modbus, IEC 61850, etc. WHITEPAPER 230,000 new malware samples are produced every day — and this is predicted to only keep growing. By 2020 there will be roughly 200 billion connected devices How long would it take to detect configuration changes to endpoint devices in organization’s network? Source: Panda Security Source: Tripwire Minutes Hours Days Weeks Months and longer Associated services including network management, time synchronization, file transfer terminal access used in the utility network, should mandate the use of only the secure version of the protocols. Network management should be enabled only if the devices have Simple Network Management Protocol version 3 (SNMPv3) or IETF RFC 7252 CoAP; similarly, only Network Time Protocol version 4 (NTPv4) should be used. File transfer from devices and system if used should mandate only Secure File Transfer mechanism (SFTP/SCP). Online and offline device access should be over a secure link. If any offline configuration tool connects with a device, it should be compliant with IETF TLS 1.2 tunnel. Web access for configuration or monitoring should be over Hyper Text Transfer Protocol Secure (HTTPS) or using a secure proxy channel connected on a TLS1.2 tunnel.
  • 5. sales@kalkitech.com | www.kalkitech.com 5 As more and more devices and software system are connected and exchange information, there is a strong need for device identification and access control, specifically, each device and users should be required to present authentication credentials and be verified by an authority to establish the trust before allowing connectivity to the system. Centrally deployed Identity and Access Management (IAM) systems based on Pubic Key Infrastructure (PKI) should act as authority for the authorization of an entity. It ensures that access to a utility system is granted only to authenticated users, groups and software services. PKI cryptographic technique enables entities to securely communicate (encrypt communications using TLS), and reliably verify the identity of an entity via X.509 certificates with digital signatures. Standards for use of certificates within the utility industry includes IEC62351-8 (role-based access control) using attribute certificate or IETF RFC 6960 OCSP. Adigital signature can be used to validate the source and integrity of any information shared between entities. Firmware, configuration file and licenses are examples of the information which needs to be transferred to devices. Information should only be used if the signature appended in it is validated successfully. Security standard IEC 62351-5 defines challenge-response mechanism in telemetry protocols such as DNP3.0 (IEEE1815) and IEC 60870-5 derivatives to verify the control operations in real time. IEC 62056 standard defines authentication and encryption of data used for DLMS-COSEM protocol for meter data exchange. Detection Utilities should invest in threat detection technologies to receive an alert of a potential threat. Monitoring and threat detection tools help to identify and locate intrusions and anomalies in the system. Some of these solutions can also isolate threats early and occlude the attack which could potentially spread to other parts of the system. Detection systems need to identify information about the device type, location, activity, etc. Furthermore, this information must be captured, analyzed, stored, and shared among auditors and security analysts. IEEE1686 and CIP 007 mandates logging this information as syslog for centralized analysis. Syslog can be used to log security incidents generated by system elements as well as user actions in the form of audit trails. User access logs can track operations made to device settings and configuration. It is also mandatory to ensure that all devices have adequate backup for at least 90 days for root cause analysis. IEEE1686 also defines events and alarms which need to be captured by any IEDs such as device reboot, unauthorized access, updates, setting changes, etc. Response A proactive response plan includes policy and operational mechanisms for the management of cybersecurity vulnerabilities reported or detected in all the devices and software, to manage the risks arising thereof. Utilities should ensure that all systems and devices are updated and patched regularly. Vendors should regularly monitor the security vulnerabilities in their products. Whenever a security vulnerability is reported, it should be thoroughly evaluated and analyzed in detail and once confirmed, notify in a public forum to share the information with product users and keep them updated. Alternately or additionally, the reporter may also directly submit the report to ICS CERT, CERT-IN or any other national CERT body designated that handles security vulnerabilities. If the system has initiated an attack response plan it should document the tools and procedures which help in recovering the system from the attack and analyzing the data to help accelerate system recovery from a similar attack in the future. The response plan should include in-depth analysis of the incident including logs, event and alarm lists which could indicate the path of the attack. A recovery strategy should also include redundancy and regular data backup to ensure restoration of operations. Response is effective only with strong policies and procedures. WHITEPAPER 81 percent of data breach victims do not have a system in place to self-detect data breaches. A single data breach will cost the average company $3.8 million. And will exceed $150 million by 2020. Source: Juniper Research Average number of days to resolve a cyber-attack is $32 days Source: KRYPSYS
  • 6. WHITEPAPER References https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS-CERT_2016_Annual_Vulnerability_ Coordination_Report_S508C.pdf https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/FY2016_Industrial_Control_Systems_Assessment_ Summary_Report_S508C.pdf http://www.cencenelec.eu/standards/Sectors/SustainableEnergy/SmartGrids/Pages/default.aspx https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/ https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion https://www.krypsys.com/hacking-2/cyber-attacks-becoming-increasingly-costly-can-business-really-afford-protect- attacks Corporate Headquarters: Bangalore, India U.S. Headquarters: Campbell, California Sales Office: United Arab Emirates www.kalkitech.com sales@kalkitech.com © 2019 Kalkitech Inc. Version: 1.01.012019 6 Conclusion Cybersecurity solutions for utilities is unique. Systems used in the utility industry often have a life of at least 20 years unlike what is seen in other industries where technology is updated more frequently. Therefore, it is critical to design a security solution which incorporates a strategy to protect legacy and newer devices, protocols and software to meet the requirement of transmission and distribution operators, regulatory bodies along with various new stakeholders including IT and OT technical experts, compliance and analytics team. About Kalkitech Kalkitech helps energy utilities around the globe in enabling and transforming grid communications, improving reliability and energy efficiency. Its solutions enable customers to implement mission-critical applications ranging from advanced metering and distribution automation to wide area monitoring, substation automation and power plant optimization. Kalkitech invests extensively in research and development in areas such as power systems engineering, thermal engineering, control theory and communication and information technology. By building expertise, the company creates robust standards-based communication and optimization solutions and products for modernization of utilities, helping them to harness the power of grid data.