illinois security lab critical infrastructure protection for power carl a. gunter university of...
TRANSCRIPT
IllinoisSecurity Lab
Critical Infrastructure Protectionfor Power
Carl A. Gunter
University of Illinois
IllinoisSecurity Lab
2
TCIP Center
• NSF/DHS/DOE CyberTrust Center scale activity: Trusted Cyber Infrastructure for Power (TCIP)
• Lead UIUC, other participants include Cornell, Dartmouth, and Washington State University
• C. A. Gunter, B. Sanders (PI), D. Bakken, A. Bose, R. Campbell, G. Gross, C. Hauser, H. Khurana, R. Iyer, Z. Kalbarczyk, K. Nahrstedt, D. Nicol , T. Overbye, P. Sauer, S. Smith, R. Thomas, V. Welch, M. Winslett
IllinoisSecurity Lab
3
Power Grid
• Features– Critical to many other
systems– Safety-critical real-time
control of energy– Multiple administrative
domains– Increasing
dependence on computer control
– Limited attention to security in legacy systems
• Similar systems– Oil and gas SCADA
systems– Air traffic control
system– International financial
system– Inter-domain routing
system (BGP)
IllinoisSecurity Lab
4
Present Infrastructure
ControlArea
Coordinator
- 1000’s of RTU/IEDs- Monitor and control generation and transmission equipment
10’s of control areas feed data to coordinator
- State estimator creates model from RTU/IED data
- Peer coordinators may exchange information for broad model- Degree of sharing may change over time
Photos courtesy of John D. McDonald, KEMA Inc.
IllinoisSecurity Lab
5
US Grid Infrastructure
Edison Electric Institute 03
CAISO
RTO WEST
ERCOT
MISO
TVA
GRID FLORIDA
GRID SOUTH
PJM
NYSO
ISO-NE
Public/Private Internet
Control Center (EMS)
LAN
Control Center (EMS)
LAN
Dedicated Links M/W, Fiber, Dialup, Leased Lines, etc)
Dedicated Links M/W, Fiber, Dialup, Leased Lines, etc)
RTU
IEDs
Sensors
Dedicated Links M/W, Fiber, Dialup, Leased Lines, etc)
Dedicated Links M/W, Fiber, Dialup, Leased Lines, etc)
Level 0(Sensors and actuators)
Level 1(IED)
Level 2(Substation)
Level 3 (Enterprise)
Vendor Operator
Switched Ethernet LAN
Trust Negotiation
QoSMgnt
QoSMgnt
Secure and Timely Data Collection, Aggregation, and Monitoring
Secure TunableHardware
Secure InformationDistribution
AAA Control
Person Person
IllinoisSecurity Lab
7
Grid Communication Protocols
ISO A ISO B
CCA.A
CCA.B
CCB.A
CCB.B
SSA.A.A
SSA.A.B
SSA.A.C
SSA.B.A
SSA.B.B
SSA.B.C
IED#1
IED#2
SSB.A.A
SSB.A.B
SSB.A.C
SSB.B.A
SSB.B.B
SSB.B.C
6
8
2
3 3
1: ISO, CC: ICCP2: ISO, ISO: ICCP3: CC, CC: ICCP4: CC, SS: DNP/61850/UCA5: ISO, SS: DNP/61850/UCA6: Seam tie line7: SS, IED: DNP/61850/UCA8: Tie line
ISO: Independent system operatorCC: Control centerSS: SubstationIED: Intelligent electronic device
IllinoisSecurity Lab
8IntelliGrid Environments
IllinoisSecurity Lab
9
Secure and ReliableComputing Base
Architecture
Technical challenges motivated by domain specific problems in
Ubiquitous exposed infrastructure
Real-time data monitoring and control
Wide area information coordination and information sharing
Must be addressed bydeveloping science in
Trustworthy infrastructure for data collection and control
Wide-Area Trustworthy Information Exchange
Quantitative Validation
IllinoisSecurity Lab
10
Sample Research Questions
• Should the power grid use the Internet?
• How can we unify power grid simulations and Internet simulations?
• What are the risks associated with new power grid elements such as networked meters?
IllinoisSecurity Lab
11
Pervasive Metering
• Advanced power meters on the brink of broad deployment
• No good threat assessments currently exist• Corrupt customers, energy service providers, terrorists,
and other external agents all highly motivated to attack pervasive meters– Terrorists: Remotely disconnect customers– Service providers: Profile customer loads with high resolution– Customers: Steal electricity
• Interesting characteristics: Ownership of the meter and its data shared between service provider and customer
• Potential security architectures applicable to other networked systems– Likely to make use of cutting-edge technologies like trusted
platform modules, virtualization, and remote attestation