The art of securing microgrid control systems
- 1. ADVANCING THE POWER OF ENERGY The Art of Securing Microgrid Control Systems Presented at the Energy, Utility, and Environment Conference, March 6, 2018, San Diego, CA Jim Dodenhoff, Regional Director of Business Development Intelligent Power & Energy Research Corporation (IPERC)
- 2. 50 Utility security professionals that have reported at least one security breach 70% of total 2016 ICS-CERT ICS cyber incidents targeted the Energy sector 20% Cyber Attacks Go Beyond International Cyberwarfare and they Go Beyond Data Breaches
- 3. 3 Microgrids: A System of Systems
- 4. 4 Overly Complex Security Protocols Result in Fragile Systems COMPLEXITY ≠ RESILIENCY Augmentation of cybersecurity solutions adds devices and applications that can malfunction and cause system degradation or cascading failures. KNOW YOUR SYSTEM’S NEEDS Understand the components and interfaces of your system and assess the risks at hand before selecting security measures. ≠ →
- 5. 5 The Art of Securing a Microgrid Control System Initial Threat Analysis Security Measure Identification Prioritized Security Implementation 01 02 03
- 6. 6Proprietary Initial Threat Analysis: Develop System Configuration Baseline LEGACY EQUIPMENT INTERCONNECTIONS Review all interconnections including ports, protocols, services, and end-device connections Consider the impact of legacy assets and potential bandwidth constraints SECURITY POLICIES Examine which security procedures are applicable and reduce the most risk COMPONENT INVENTORY Detailed system inventory with an overarching layered, port-level diagram
- 7. 7Proprietary Initial Threat Analysis: Examine Potential Attack Vectors & High Risk Points PHYSICAL SECURITY FRAGILITY Identify where there could be single points of failure and threats to missions Ensure locked enclosures and controlled access points CRITICAL SECURITY Review security checklists for critical open items such as ICS standards, and DoD and vendor checklists CONNECTIONS Examine connections to external networks, pivot points, and remote access !
- 8. 8Proprietary Security Measure Identification: Network Based Measures MONITORING ENTERPRISE CONSIDERATIONS Identify where there could be single points of failure and threats to mission dependencies Enable monitoring and alert tools to notify system operators SIMPLIFICATION Reduce system fragility by selecting the right security measures for your microgrid SEGMENTATION Physically and logically separate computer networks to isolate network threats
- 9. 9Proprietary Security Measure Identification: End Devices AUTHORIZED CONFIGURATION ACCESS CONTROL Selectively restrict physical and logical access to end devices based on needs Each component should have a known, good configuration. CHANGE DETECTION Monitor end device activity for any changes that occur INVENTORY Develop and maintain a comprehensive listing of all system end devices
- 10. 10Proprietary Security Measure Identification: Control System FLOW CONTROL WHITELISTING A strong form of access control denies access by default unless on the “whitelist.” Manage data flow between system devices at an efficient pace SECURITY HARDENING Build control system software and hardware security from the ground up ACCESS CONTROL Restrict system access to only authorized operators and devices
- 11. 11Proprietary Prioritized Security Implementation 05 HOST BASED PROTECTIONS 04 RAPID RECOVERY03 RISK-BASED PRIORITIZATION 06 MONITOR & TEST 02 TECHNICAL SECURITY 01 PLAN OF ACTION !
- 12. 12 Not all security postures are created equal Legacy Security Paradigm Intrusion Detection Whitelisting Authentication Encryption Soft/Hardware Hardening Defense in Depth Security Paradigm Firewall
- 13. Jim.Dodenhoff@iperc.com M310-936-9456 www.IPERC.com IPERC Contact: Jim Dodenhoff Regional Business Development Director