Classification cyber security threats of modern substation
Download as PPTX, PDF1 like521 views
This document discusses cyber security threats to modern power substations. It begins by outlining features of information infrastructures that create opportunities for cyber threats, such as large networks of intelligent devices, lack of network segmentation, and use of unprotected default passwords. It then presents a system model and identifies vectors of potential attacks. Threats are classified into three levels based on their impact: decreasing functional safety and reliability, decreasing transmission efficiency, and violating security of the core transmission process. Examples of possible attacks from a competition are described, such as disabling information networks or reprogramming time servers. Finally, objects are ranked into three security classes based on their impact and influence if compromised.
Classification cyber security threats of modern substation
- 1. CLASSIFICATION CYBER SECURITY THREATS OF MODERN SUBSTATION 1 Maxim Nikandrov, Maxim Braguta IGRIDSIGRIDSИнтеллектуальные СетиИнтеллектуальные Сети
- 2. 1. Information infrastructure Features 2. System Model 3. Vectors of attacks 4. Threats 5. Possible attacks – PHDays V experience 6. Our recommendations on objects classification 2 Contents
- 3. 3 1. Changing off infrastructure Features (1/4) • We build a favorable "environment" for the cyber threats development ourselves • The number of intelligent devices on one management object is huge • Total switch to Ethernet and, as a result, big local networks • Deficiency of network segmentation and traffic control
- 4. 4 2. Network is not isolated Features (2/4) • Necessity to transmit real-time information to higher levels of management • Use off corporate or leased from providers of communication lines • External traffic is not controlled
- 5. 5 Switch Device type Signal Type Source Device Destination Device Features (3/4) 3. No protection • No encryption and disclosure; • Protection relay and controllers are not protected, • Default passwords are used in 99% of situation
- 6. 6 Features (4/4) 4. Changing oа conditions • “Cyberpunk“ culture • Greater attention from hooligans, hacktivists and criminals • Greater attention from state security services
- 7. System Model 7 internet Protection relay Protection relay Protection relay Protection relay Controlled object Router (main) Operator's Workstation Switches Data&Communication Server (Reserve) ВЛ 220 кВ W2E K2E QSG3.2 QW2E QS3QS2 QSG 2 QSG3.1 Router (reserved) Engineer's Workstation Data&Communication Server (Main) Ethernet network In a corporate network Supervisory Control IED 1 12 3 4
- 8. Vector of attacks 8 • SCADA, Management System Servers • Operator and engineer workstations • Time servers and other supporting equipment • Network equipment • Communication lines • IED (controllers and protection relays) • Staff
- 9. Cybersecurity Threats 9 Three level classification (Offered by Sergei Gordeychik) 1. Decrease of functional safety and reliability of energy transfer network system 2. Decrease of efficiency of electric power transmission process 3. Security violation of the basic process
- 10. Cybersecurity Threats (1/3) 10 • Temporal disability of components that are not responsible for electricity transmission security (for example, communication equipment, time server, secondary sensors, etc.) • Temporary disability of remote control system and supervisory control • False diagnostic display at operating staff workstation 1. Decrease of functional safety and reliability of energy transfer network system
- 11. Cybersecurity Threats (2/3) 11 • Long-term disabling of the remote control system and supervisory control • Unauthorized trip of consumers • Deception of supervisory control center 2. Decrease of efficiency of electric power transmission process
- 12. Cybersecurity Threats (3/3) 12 • Shutdown and/or modification of prompt blocking • False administration commands leading to power equipment damage (for example, turning on energized earthing switch) • Unauthorized shutdown of large energy generators • Shutdown and/or removal of terminals of relay protection and Emergency response automatic equipment 3. Violation of the main process security
- 13. Possible attacks - PHDays V experience 13
- 14. Digital Substation Takeover Competition 14 Wind turbine Transformer 500 kV Circuit Switch QS1 Circuit Breaker Q1 Circuit Breaker Q2 Circuit Breaker Q3 Circuit Breaker Q4 Circuit Breaker Q8 Circuit Breaker Q5 T1 Local Network Trans Controller Relay Protection Crash Crash Crash Crash CrashGPS time server Glonass time server Crash Firewall Digital Substation Takeover IGRIDSIGRIDSИнтеллектуальные СетиИнтеллектуальные Сети Nuclear power plant Circuit Breaker Q6 Circuit Breaker Q7 Water-power plant Thermal Power Plant earthing switch 500kV 330kV
- 15. Competition results 15 • Disability of substation information network - 6 times • Reprogramming of time server - 1 time • Impact on the terminal, which lead to the unauthorized disconnection - 2 times
- 16. Objects Ranking (according security class) 16 Feature of object Security class 1) The object is constructed on IED, is equipped with full industrial control system with remote control; 2) Work of the object that influences greatly the Integrated power grid stability. 3) Federal and interregional influence of object work violation. First class (K1) 1) The object is constructed on IED, is equipped with full industrial control system with remote control; 2) Work of the object that influences a little the Integrated power grid stability. 3) Regional influence of object work violation. Second class (K2) 1) The object is constructed on the basis of electromechanical and semiconductor systems of relay protection is equipped with telemechanics system without of remote control; Second class (K2) 1) Municipal (local) influence of object work violation. Third class (K3)
- 17. Thank you! 17 iGRIDS, LLC www.igrids.ru NTC FSK EES www.ntc-power.ru IGRIDSIGRIDSИнтеллектуальные СетиИнтеллектуальные Сети
Editor's Notes
- #2: Этот шаблон можно использовать как начальный файл для представления учебных материалов группе слушателей. Разделы Для добавления разделов щелкните слайд правой кнопкой мыши. Разделы позволяют упорядочить слайды и организовать совместную работу нескольких авторов. Заметки Используйте раздел заметок для размещения заметок докладчика или дополнительных сведений для аудитории. Во время воспроизведения презентации эти заметки отображаются в представлении презентации. Обращайте внимание на размер шрифта (важно обеспечить различимость при ослабленном зрении, видеосъемке и чтении с экрана) Сочетаемые цвета Обратите особое внимание на графики, диаграммы и надписи. Учтите, что печать будет выполняться в черно-белом режиме или в оттенках серого. Выполните пробную печать, чтобы убедиться в сохранении разницы между цветами при печати в черно-белом режиме или в оттенках серого. Диаграммы, таблицы и графики Не усложняйте восприятие: по возможности используйте согласованные, простые стили и цвета. Снабдите все диаграммы и таблицы подписями.
- #4: Добавьте слайды в раздел по каждой теме, включая слайды с таблицами, диаграммами и изображениями. Образцы макетов таблицы, диаграммы, изображения и видео см. в следующем разделе.
- #5: Добавьте слайды в раздел по каждой теме, включая слайды с таблицами, диаграммами и изображениями. Образцы макетов таблицы, диаграммы, изображения и видео см. в следующем разделе.
- #6: Добавьте слайды в раздел по каждой теме, включая слайды с таблицами, диаграммами и изображениями. Образцы макетов таблицы, диаграммы, изображения и видео см. в следующем разделе.
- #7: Добавьте слайды в раздел по каждой теме, включая слайды с таблицами, диаграммами и изображениями. Образцы макетов таблицы, диаграммы, изображения и видео см. в следующем разделе.