PSCC S5 Task Force

Chair: Steven Kunsman

Vice-Chair: Chan Wong

Extensions to Cyber Security requirements for substation

P&C systems

PSCC S5 Task Force

Introductions

Approval of May Meeting Minutes

Purpose of S5 Task Force

Status of Par

Gap dialog/presentations

Next steps

AGENDA

IEEE C37.240 Reason

Our goal is to organize industry experts together with power system domain knowledge involved in the development of cybersecurity standardization

Modern substation automation, protection, and control systems, while using technology advancements to achieve greater power-system reliability, can be vulnerable to a multitude of cybersecurity threats.

These vulnerabilities and threats can lead to overall power-system integrity issues. With the increasing dependency on communication technology and the growing pressure of a secure utility infrastructure, various standardization bodies are in the process of developing cybersecurity standards where very little effort has gone into the harmonization or rationalization of these standards to substation applications.

This standard builds on the other work to date to produce a specification for a technically feasible cybersecurity implementation.

C37.240 Revision PAR

Title: Cybersecurity Requirements for Power System Automation, Protection

and Control Systems

Scope Revision of IEEE C37.240 to included new technical requirements for power

system cybersecurity. Based on sound engineering practices, requirements can be

applied to achieve high levels of cybersecurity of power system automation,

protection and control systems independent of voltage level or criticality of cyber

assets.

C37.240 Revision PARTitle: Cybersecurity Requirements for Power System Automation, Protection

and Control Systems

Need for the Project: Utilities and manufacturers need to revise the standard to

define new cybersecurity requirements for power system automation, protection and

control systems to improve the overall power system network security from threats

and other security vulnerabilities.

Modern power system automation, protection and control systems, while using

technology advancements to achieve greater power system reliability, can be

vulnerable to a multitude of cybersecurity threats. These vulnerabilities and threats

can lead to overall power system integrity issues. With the increasing dependency

on communication technology and the growing pressure of a secure utility

infrastructure, various standardization bodies are in the process of developing

cybersecurity standards where very little effort has gone into the harmonization or

rationalization of these standards to the substation applications.

The extension to IEEE C37.240 standard builds on the other work to date to

produce a specification for a technically feasible cybersecurity implementation.

C37.240 Revision PARTitle: Cybersecurity Requirements for Power System Automation, Protection and

Control Systems

Need for the Project (continued):

Areas of applicability not addressed in the published IEEE C37.240 standard :

Cybersecurity requirements for communications outside the control house but inside the

substation fence

H22 Guide for Cybersecurity for Protection Related Data Files

Cybersecurity for protection systems outside of the substation (Feeder automation/Wide area

systems)

Cybersecurity requirements for wireless applications

Application Whitelisting and usage of Digital Signatures

Cloud based application

C37.240 audit support documentation

Reference appendix to map the standard into NERC CIP applications

The work also includes a review the existing standard for necessary updates.

Cybersecurity requirements for communications outside the control house

but inside the substation fence

Steve Kunsman

September 13, 2017

Issue raised to TC57 WG10Communications outside of the 6-walled control house

The current option for extending substation communications networks outside of the control building to collect data from substation equipment poses numerous issues globally and can not be followed by utilities in North America governed NERC CIP Standards without process implementations that remove all benefits of using Section 9-2.

US Utilities believe routable protocols and configurable IEDS in the substation switchyard (outside of the control building) will place them into non-compliance to NERC CIP standards.

Communications in the switchyard

Critical

Asset

Health

Sensor &

Breaker

IEDs

Communications outside of the control houseIEC 61850 systems

SAMU

NCITNCIT

SAMU

IEC 61850-8-1

IEC 61850-9-2

NCIT Non-conventional instrument transformers

SAMU Stand-alone merging units

IEC 61850-8-1

Security architecture

H22, C37.240 audit support documentation, NERC CIP Mapping

Tony Johnson

H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files

• Overview– Utilities and standard development bodies continue to develop, refine, and

implement standards for cyber security of relay protection and automation systems. Examples include, but are not limited to, NERC CIP-002-011, NIST Cyber Security for Smart Grid, IEEE P1711- Cryptography for SCADA, IEEE 1686 - Cyber Security for IEDs, IEC 61850 - Security Impact on Automation, and IEC 62351 - Data and Communication Security.

– The efforts so far have focused on managing physical and electronic access to protection and automation equipment but have not specifically addressed access security for protection and automation related data files (data at rest issues).

– This guide identifies the various types of protection and automation related data files categorized based on risk of disclosure and/or compromise to help guide both utilities and standards development bodies to enact appropriate security measures based on category of each file type. Such enactment will help ensure the proper balance between security and functionality as related to maintenance and analysis of protection and automation related data files.

H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files

• Scope

– This guide identifies and categorizes commonly used protection and automation related data files based on content, use, and risk of disclosure or compromise. Protection and automation related data files include, but are not limited to, files used for configuration, management, and analysis of protective relaying systems.

H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files

• Confidentiality:

– Preventing unauthorized disclosure

• Integrity:

– Preventing unauthorized modification. Non-repudiation is integrity for digital agreements.

• Availability:

– Ensuring authorized users have timely access.

H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files

• High

– High impact rating is applicable for information that will have an impact that is not mitigatable

• Medium

– Medium impact rating is applicable for information that will have a mitigatable impact

• Low

– Low impact rating is applicable for information that will have minimal impact.

C37.240 Audit Support Documentation

• Cyber Security design need to have clear documentation

• All interfaces need to be documented

• All devices need to be document for compliance with the design

• All test plans need to be clear and detailed

• All test results need to be clearly documented

• A change control process needs to be established

• Only changes approved by change control process

• (its been a bit forgive me if I didn’t get the topic correct)

NERC CIP Standards

CIP-002-5.1a Cyber Security — BES Cyber System Categorization

CIP-003-6 Cyber Security - Security Management Controls

CIP-004-6 Cyber Security - Personnel & Training

CIP-005-5 Cyber Security - Electronic Security Perimeter(s)

CIP-006-6 Cyber Security - Physical Security of BES Cyber Systems

CIP-007-6 Cyber Security - System Security Management

CIP-008-5 Cyber Security - Incident Reporting and Response Planning

CIP-009-6 Cyber Security - Recovery Plans for BES Cyber Systems

CIP-010-2 Cyber Security - Configuration Change Management and Vulnerability Assessments

CIP-011-2 Cyber Security - Information Protection

CIP-014-2 Physical Security

NERC CIP Standards

• Most of the work will fall into the following NERC CIP Standards:

– CIP-003 Cyber Security - Security Management Controls

– CIP-005 Cyber Security - Electronic Security Perimeter(s)

– CIP-007 Cyber Security - System Security Management

– CIP-010 Cyber Security - Configuration Change Management and Vulnerability Assessment

– CIP-011 Cyber Security - Information Protection