security in smart grid / iot - hek.si · for the entire smart grid /iot is to integrate security...
TRANSCRIPT
![Page 1: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/1.jpg)
Nenad Andrejević
Comtrade Solutions Engineering
Security in Smart Grid / IoT
![Page 2: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/2.jpg)
Why is security important
Introduction
With so much of our lives connected to the Internet – from our critical infrastructure andnational security systems to our cars and bank accounts – we know the urgency ofaddressing these new and growing cyber threats.
![Page 3: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/3.jpg)
Traditional power grid
• The present infrastructure is overstrained and inter region bulk transfer is limited
• Cannot fully support the integration of renewable energy
• Low reliability of Power - Outage
• Fluctuating quality of Power
• Major source is fossil fuel
• Efficiency of Power transmission
• Almost zero customer participation
• Low Billing and collecting efficiency
![Page 4: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/4.jpg)
Smart Grid v3
• Decentralization of Generating resources
• Integration of all sources of energy, mainly renewable
• Continuous monitoring and feedback from the network
• Anticipation of faults and helps in fault prevention
• Establishes a two-way communication between the utilities and the consumers
• Reduces the stress on the power system infrastructure
• Reduces and shifts the peak demand
• Continuous self-learning
![Page 5: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/5.jpg)
![Page 6: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/6.jpg)
![Page 7: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/7.jpg)
SECURITY THREATS TO THE ENERGY NETWORK
• CYBER-ATTACKS: • MALWARE INJECTIONS,
• “DENIAL OF SERVICE”,
• REMOTE CONNECT / DISCONNECT COMMANDS
• ATTACKS ON PRIVACY
• REVENUE PROTECTION – THE THEFT OF DATA AND ENERGY
![Page 8: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/8.jpg)
Landscape of attack
• Oil pipeline explosion in Turkey 2008
• Stuxnet Virus
• Ukraine Attack
• U.S. grid was successfully hacked 2015
![Page 9: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/9.jpg)
Privacy concern #1
![Page 10: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/10.jpg)
Privacy concern #2
![Page 11: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/11.jpg)
Risk Levels
UTILITY
Back office
HEAD END SYSTEM
Collection system
WAN
Wide Area Network
FAN
Field Area Network
HAN
Home Area Network
Smart Meter
More Secure
Least Secure
Highest Risk
Least Risk
![Page 12: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/12.jpg)
CiscoNMS
Network Options
Billing/CIS
OMSDMS SCADA
Utility Systems and Back Office
Business Outcomes
Consumer Engagement
EV SmartCharging
Smart Payment
EnergyEfficiency
Meter-to-Cash
RevenueAssurance
RenewablesIntegration
DemandResponse
OutageManagement
DistributionAutomation
Analytics
» Transformer Load Management» Power Quality (Voltage/Outage)» Energy Diversion Detection» Energy Efficiency & Demand Response
WAN Backhaul
Security Manager MDMHead-End
Head End System
Substation
DRMS/DLC
More Secure
Least Secure
Highest Risk
Least Risk
![Page 13: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/13.jpg)
Open Standards
IPv6/IPv4
UDP/TCP
IEEE 802.15.4e MAC enhancements
IPv6 RPL
Web Services, EXI, SOAP, RestFul,HTTPS/CoAP
802.1x / EAP-TLS & IEEE 802.11i based Access Control
Physical Layer
IEEE 802.15.4g2.4GHz, 915, 868MHzDSSS, FSK, OFDM
IEEE 1901.2 NB-PLCOFDM
IEEE 802.11 Wi-Fi
2.4, 5 GHz, Sub-GHz
IEEE 802.3 Ethernet UTP, FO
2G, 3G, LTECellular
IEEE 802.16WiMAX
1.x, 3.xGHz
Data Link Layer
IEEE 802.15.4including FHSS
IEEE 1901.2 802.15.4 frame
format
IEEE 802.11 Wi-Fi
IEEE 802.3 Ethernet
2G, 3G, LTECellular
IEEE 802.16WiMAX
6LoWPAN (RFC 6282) IPv6 over Ethernet (RFC 2464)IPv6 over PPP
(RFC 5072)IP or Ethernet
Convergence SubL.
NetworkLayer
TransportLayer
ApplicationLayer
Addressing, Routing, Multicast,
QoS, Security
Security (DTLS/TLS)
DNS, NTP, IPfix/Netflow, SSHRADIUS, AAA, LDAP, SNMP,…
(RFC 6272 IP in Smart Grid)
MeteringIEC 61968 CIM, ANSI C12.22,
DLMS/COSEM,…
SCADAIEC 61850, 60870
DNP3/IP, Modbus/TCP,…
LLC
MAC
Mgmt
![Page 14: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/14.jpg)
Smart Grid Key AttributesStandards and Conformance• Standards are critical to enabling interoperable systems and
components.
• Mature, robust standards are the foundation of mass markets for the millions of components that will have a role in the future smart grid.
• Standards enable innovation where thousands of companies may construct individual components.
![Page 15: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/15.jpg)
![Page 16: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/16.jpg)
IoT
[ WIKIPEDIA ] The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices.
[ OXFORD ] A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data
![Page 17: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/17.jpg)
Challenge of Securing the IoT
• Manufacturers, energy and transportation providers, and smart cities are gaining a competitive advantage by harnessing the Internet of Things (IoT).
• Connecting more things in more places creates new security challenges. Mitigating risk requires a combination of cybersecurity and physical security.
• The IoT is expected to grow to 50 billion by 2020. Each device is a potential entry point for a network attack by insiders, hackers, or criminals
![Page 18: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/18.jpg)
How to process
• IoT is one of the “new” areas where the new innovative solutions are created every day, for business and eco systems.
• We still have no complete – standard security measures.
• We use threat modeling to find out all relevant threats and risk model to find out best suite security
• European Union Agency for Network and Information Security• Smart Grid Threat Landscape and Good Practice Guide
• NIST • Cyber security framework for critical infrastructure
• OWASP Top 10 IoT
![Page 19: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/19.jpg)
Top 10 IoT Vulnerabilities OWASP
Top 10 IoT Vulnerabilities Project The OWASP Top 10 IoT Vulnerabilities are as follows:
Rank Title
I1 •Insecure Web Interface
I2 •Insufficient Authentication/Authorization
I3 •Insecure Network Services
I4 •Lack of Transport Encryption/Integrity Verification
I5 •Privacy Concerns
I6 •Insecure Cloud Interface
I7 •Insecure Mobile Interface
I8 •Insufficient Security Configurability
I9 •Insecure Software/Firmware
I10 •Poor Physical Security
• 10/10 security systems accept ‘123456’
• 10/10 security systems with no lockout
• 10/10 security systems with enumeration
• SSH listeners with root/“” access
• 6/10 web interfaces with XSS/SQLi
• 70% of devices not using encryption
• 8/10 collected personal information
• 9/10 had no two-factor options
• Unauthenticated video streaming
• Completely flawed software update systems
![Page 20: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/20.jpg)
Why COMTRADE?
• Comtrade firmly believes that the best way to ensure reliable security for the entire smart grid /IoT is to integrate security directly into the design process.
• Our „Security by Design‟ methodology involves the security team working hand in hand with Comtrade architecture team to ensure its products are created with security in mind right from the start.
• Security is not an afterthought; it evolves with the product and needs to be continually developed.
![Page 21: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/21.jpg)
COMTRADE „SECURITY BY DESIGN‟ METHODOLOGY The „Security by Design‟ methodology is a simple, iterative process. It was decided at Comtrade that in the manufacturing of applications for utilities and IoT
An Iterative Approach
1. Assess the security vulnerabilities applicable to the system and all components
2. Conduct a risk evaluation with an impact analysis
3. Design defensive counter measures for mitigating impact
4. Perform penetration tests against each component and then the entire system
5. Iterate - if there are any gaps identified in step
Secure by design
Pre poduction
Production
![Page 22: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/22.jpg)
Being knowledgeable about what can be achieved is one thing. The other is to reduce the impact. In cyber-security – an environment with asymmetric approaches - this can be achieved through common effort and coordination.
Conclusion
![Page 23: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/23.jpg)
“That which depends on me, I can do; that which depends on the enemy cannot be certain. Therefore it is said that one may know how to win, but cannot necessarily do so” (Sun Tzu).
Q&A
![Page 24: Security in Smart Grid / IoT - HEK.SI · for the entire smart grid /IoT is to integrate security directly into the design process. •Our „Security by Design‟ methodology involves](https://reader034.vdocuments.mx/reader034/viewer/2022042310/5ed7f1b8fa335a128a1095bc/html5/thumbnails/24.jpg)
Have a nice day!
Thanks for coming