classification cyber security threats of modern substation
TRANSCRIPT
CLASSIFICATION CYBER SECURITY THREATS OF MODERN SUBSTATION
1
Maxim Nikandrov, Maxim Braguta
IGRIDSIGRIDSИнтеллектуальные СетиИнтеллектуальные Сети
1. Information infrastructure Features
2. System Model
3. Vectors of attacks
4. Threats
5. Possible attacks – PHDays V experience
6. Our recommendations on objects classification
2
Contents
3
1. Changing off infrastructureFeatures (1/4)
• We build a favorable "environment" for the cyber threats development ourselves
• The number of intelligent devices on one management object is huge
• Total switch to Ethernet and, as a result, big local networks
• Deficiency of network segmentation and traffic control
4
2. Network is not isolated Features (2/4)
• Necessity to transmit real-time information to higher levels of management
• Use off corporate or leased from providers of communication lines
• External traffic is not controlled
5
Switch
Device type
Signal Type
Source Device Destination Device
Features (3/4)3. No protection• No encryption and disclosure;
• Protection relay and controllers are not protected,
• Default passwords are used in 99% of situation
6
Features (4/4)4. Changing oа conditions• “Cyberpunk“ culture
• Greater attention from hooligans, hacktivists and criminals
• Greater attention from state security services
System Model
7
internet
Protectionrelay
Protectionrelay
Protectionrelay
Protectionrelay
Controlled object
Router(main)
Operator's Workstation
Switches
Data&Communication Server(Reserve)
ВЛ 220 кВW2E
K2E
QSG3.2
QW2E QS3QS2
QSG 2 QSG3.1
Router (reserved)
Engineer's Workstation
Data&Communication Server(Main)
Ethernet network
In a corporate network
Supervisory Control
IED
1 12
3 4
Vector of attacks
8
• SCADA, Management System Servers
• Operator and engineer workstations
• Time servers and other supporting equipment
• Network equipment
• Communication lines
• IED (controllers and protection relays)
• Staff
Cybersecurity Threats
9
Three level classification (Offered by Sergei Gordeychik)
1. Decrease of functional safety and reliability of energy transfer network system
2. Decrease of efficiency of electric power transmission process
3. Security violation of the basic process
Cybersecurity Threats (1/3)
10
•Temporal disability of components that are not responsible for electricity transmission security (for example, communication equipment, time server, secondary sensors, etc.)
•Temporary disability of remote control system and supervisory control
•False diagnostic display atoperating staff workstation
1. Decrease of functional safety and reliability of energy transfer network system
Cybersecurity Threats (2/3)
11
•Long-term disabling of the remote control system and supervisory control
•Unauthorized trip of consumers
•Deception of supervisory control center
2. Decrease of efficiency of electric power transmission process
Cybersecurity Threats (3/3)
12
•Shutdown and/or modification of prompt blocking
•False administration commands leading to power equipment damage (for example, turning on energized earthing switch)
•Unauthorized shutdown of large energy generators
•Shutdown and/or removal of terminals of relay protection and Emergency responseautomatic equipment
3. Violation of the main process security
Possible attacks - PHDays V experience
13
Digital Substation Takeover Competition
14
Wind turbine
Transformer 500 kV Circuit Switch QS1
Circuit Breaker Q1
Circuit Breaker Q2
Circuit Breaker Q3
Circuit Breaker Q4
Circuit Breaker Q8
Circuit Breaker Q5
T1
Local Network
Trans Controller
Relay Protection
Crash
Crash
Crash
Crash
CrashGPS time server
Glonass time server
Crash
Firewall
Digital Substation Takeover IGRIDSIGRIDSИнтеллектуальные СетиИнтеллектуальные Сети
Nuclear power plant
Circuit Breaker Q6
Circuit Breaker Q7
Water-power plant
Thermal Power Plant
earthing switch
500kV
330kV
Competition results
15
•Disability of substation information network
- 6 times
•Reprogramming of time server - 1 time
•Impact on the terminal, which lead to the unauthorized disconnection
- 2 times
Objects Ranking (according security class)
16
Feature of object Security class1) The object is constructed on IED, is equipped with full industrial control system with remote control;2) Work of the object that influences greatly the Integrated power grid stability.3) Federal and interregional influence of object work violation.
First class (K1)
1) The object is constructed on IED, is equipped with full industrial control system with remote control;2) Work of the object that influences a little the Integrated power grid stability.3) Regional influence of object work violation.
Second class (K2)
1) The object is constructed on the basis of electromechanical and semiconductor systems of relay protection is equipped with telemechanics system without of remote control;
Second class (K2)
1) Municipal (local) influence of object work violation.Third class (K3)
Thank you!
17
iGRIDS, LLCwww.igrids.ru
NTC FSK EESwww.ntc-power.ru
IGRIDSIGRIDSИнтеллектуальные СетиИнтеллектуальные Сети