P2030 Smart Grid Standard Text Submittal Form

This text is intended as proposed text for consideration of the P2030 Writing Group to the P2030 Draft Guide for Smart Grid Interoperability of Energy Technology and Information Technology Operation with the Electric Power System (EPS), and End-Use Applications and Loads.

SUBMITTAL INFORMATION

date SUBMITTED: 3/2/2010

SUBMITTED BY: Partha datta ray, Dr. MAriana hentea, RAJ HARNOOR

Affiliation: ALBEADO

Email: , ,

TEXT PLACEMENT INFORMATION

In the P2030 Outline Draft (Mentor DOC#27-2010):

The submitted text proposes reordering and expansion of the following clause

Clause #: 10.5

Clause Heading: Security

PROPOSED TEXT

The 10.5 clause, titled “Security” in the p2030-Draft-1-1 document, is proposed to be expanded as follows:

10.5 Security

Over a short period of time, people and businesses have come to depend greatly upon computer technology and automation in many different aspects of their lives. Whether operating various public utilities or conducting financial, medical, commercial, governmental or any other businesses of all shapes and sizes, information and communication technology now plays a critically central role in our everyday lives. This level of dependence and the extent of integration made security a necessary and essential discipline as stated by OECD [5]:

“Security must become an integral part of the daily routine of individuals, businesses and governments in their use of ICTs and conduct of online activities.”

Security has a wide base and addresses specific issues regarding computers, information, and organization. The continuous growth and evolution of cyber security threats and attacks and increasing sophistication of malwares is impacting the security of critical infrastructure, industrial control systems, various power grid subsystems like Distribution Management System (DMS), Outage Management System (OMS), Market Management System (MMS), Energy Management System (EMS), SCADA control systems and so on.

Electric grids today could be viewed to be composed of mostly independent and isolated partitions, each with a particular set of data sensing and data control functions. However, in reality, these partitions are connected through grid equipments like conductors, breakers, transformers, switches and so on. Each of these partitions comprises data management and data control functionality in terms of Generation, Transmission, Distribution and End Load Consumption. So far, Utilities typically operate systems that are customized to the specific utility due to the proprietary nature of their business applications and implementations. Data exchanges and transfers between partitions have hitherto tended to be proprietary in nature.

Smart grid standards like IEEE P2030 and NIST are attempts to align the operations of different Transmission and Distribution utilities in a meaningful way so that semantically consistent data flows end to end across various applications and devices ensuring they can interoperate both within the domains as well as across them. This alignment and harmonization of operations in the T&D world better prepares the utilities to address emerging Power System requirements but impacts data modeling, architecture, security, IT and communication systems.

10.5.1 Information Security Trends, Issues and Approaches

The smart power grid delivers electricity from suppliers to consumers using two-way digital technology to communicate with end loads and appliances at industrial, commercial and residential premises to save energy, reduce capital and operational cost by improving efficiency and increase reliability and transparency. Also, the smart grid includes control systems, intelligent devices, and communication networks that keep track of electricity flowing in the grid. Since the emergence of Internet and World Wide Web technologies, these systems were integrated with the business and information technology systems and became more exposed to cyber threats. The smart power grid infrastructure is characterized by interdependencies (physical, cyber, geographical, and logical) and complexity (variously termed as system of systems, network of networks and collections of interacting components). Cyber interdependencies are a result of the pervasive computerization and automation of infrastructures. The smart grid disruptions can directly and indirectly affect other infrastructures, impact large geographic regions, and send ripples throughout the national and global economy.

There are growing concerns, some admittedly misplaced, about the security and safety of the control systems in terms of vulnerabilities, lack of protection, and awareness. In the past, control systems were isolated from other Information Technology (IT) systems. Many experts agree that exposing control systems to the public PSTN and Internet carries unacceptable risk. However, even without any connection to the Internet these systems are still vulnerable to external or internal attackers that can exploit vulnerabilities in private communication network and protocol, software such as operating systems, custom and vendor software, data storage software, databases, and applications. Control systems are exposed to the same cyberspace threats like any business system when they share the common vulnerabilities with the traditional Information Technology (IT) systems. Vulnerabilities and attacks could be at different levels – software controlling or controlled device, application, storage, data access, LAN, enterprise, private communication links as well as Public PSTN and Internet based communications.

The electrical grids are designed to ensure a reliable supply of electricity, even in the face of adverse conditions. “Keep the lights on” is the goal of any and all electric utility operation. While attempting to achieve this goal, the industry had to focus on emergency management and service restoration so that responses to events, threats and vulnerabilities could be managed effectively . Throughout the history, the electric power industry has been able to restore supply and service consistently and quickly after major events like earthquakes, hurricanes, floods, ice storms and other natural or man-made disasters.

Besides security concerns, the computer systems including control systems raise public safety concerns, causing possible harm and/or serious damage to person and environment when they fail to support applications as intended. Therefore, information security management principles, processes, and security architecture need to be applied to smart power grid systems without exception, of course keeping interoperability and longer term evolution in mind.

This document intends to provide methodology guidelines and a knowledge base for defining a sound cyber security program for the smart power grid. The need for interoperability standards and building blocks to handle the security of smart grid applications, information, data exchange and management, communications and control is recognized by the stake holders including legislative policy makers, regulatory authorities, public at large and all variations of end consumers. Specific security requirements of the power grid interoperability and integration of electric power system with end user applications and loads are identified in NIST document [1].

However, this document should be adapted to specific security requirements of each organization or application. In addition, each organization should develop its own cyber security strategy for the implementation of security program. For example, each organization should develop its own policy to protect assets, employees, and general public who are at risk when threats from human (intentional or unintentional) or natural sources occur.

We however need to keep in mind that, variants of smart grid implementations have already been rolled out in various jurisdictions across the United States as well as the rest of the world for several years. The window of opportunity to integrate security into the smart grid from the beginning is shrinking fast but fortunately most of the implementations so far have been relatively small. The security frameworks and initiatives surrounding the smart grid technology hence need to be aware that the guidelines and compliance measures need to be in place in a time-critical fashion before larger implementations of smart grid roll out without adherence to such guidelines. Additionally, the community also needs to critically consider applications of all such frameworks to legacy power grid implementations because today’s innovation is tomorrow’s legacy; hence there is a need to be prepared of both security architecture and retrospective security add-ons.

10.5.1.1 Strategic, Tactical and Operational views

Cyber security for smart grid needs to address issues from a strategic, tactical, and operational view. In general these three views are addressed through rigorous risk analysis of the organizational business and asset by well trained team of people, development and deployment of appropriate technology and putting in place the right security process. Figure 10.5.1.1-1 demonstrates a complete security program with component items required for each view. A security program generally contains all the elements necessary to provide overall protection to an organization and supports a long term security strategy.

Fig 10.5.1.1-1 Different Views of a complete security program

10.5.1.2 Security Policies, Standards, Guidelines, and Procedures

A security program should include security policies, standards, guidelines, baselines, procedures, security awareness training, incident response plan, and a compliance program. These terms are often described in standards like ISO/IEC 27000 series and specific aspects of implementation applicable to electricity sectors are usually provided by agencies like North America Electricity Reliability Council (NERC), Department of Energy and so on.

NERC Security Guidelines encourage organizations to review their plans, practices, and procedures as shown in the table below:

# / GUIDELINE / Brief Description / Consideration
1 / Vulnerability and Risk Assessment / To Identify those facilities that may be critical to overall operations, as well as their vulnerabilities / To closely safeguard such information and restricting it to only a few individuals with a “Need to Know”
2 / Threat Response Capability / Ensures that all company personnel at Critical operating facilities understand how to respond to a spectrum of threats, both physical and cyber. / Follow NERC’s Threat Alert Levels and Response Guidelines
3 / Emergency Management / To prepare companies to respond to a spectrum of threats / To review, revise and test emergency plans on a regular basis.
Train key responders to effectively carry out those plans
Maintain comprehensive mutual assistance agreements at the local, state and regional levels to support response, repair, and restoration activities
Liaison with local and governmental agencies
4 / Continuity of Business / To reduce the likelihood of prolonged interruptions and enhance prompt resumption of operations when interruptions occur. / Flexible plans to address Telecom, IT, Customer Service Centers, facilities security, operations, generation, power delivery, etc.
5 / Communications / Ensure effectiveness of Threat response, Emergency Management, and Business continuity plans / Liaison with external agencies.
Plan how personnel will respond to alarms, outages, or other issues at critical operating facilities.
Robust communication devices are effective
6 / Physical Security / Mitigates the threat from inside and outside the organization / Include Deterrence and prevention strategies.
Follow systems approach where detection, assessment, communication, and response are planned and supported by adequate policies, procedures and resources.
7 / IT/Cyber Security / Mitigates the threat from inside and outside the organization / Computer Network Monitoring and Intrusion detection
Special attention on EMS/SCADA or other key operation systems like MMS, DMS, OMS, etc.
Only Authorized persons to have access to critical systems and only for valid purposes.
Firewall protection, period audits of the networks and existing security protocols
Third-party penetration testing
8 / Employment Screening / Mitigates threat from inside the organization / Hiring standards and pre-employment background checks may help ensure trustworthiness.
Apply this to all who have unescorted access including contractors and vendors.
9 / Protecting Potentially Sensitive Information / Reduce the likelihood that information could be used by those intending to damage critical facilities, disrupt operations or harm individuals / Create Hierarchical confidentiality classification framework (e.g., Public, MP Confidential, Company Confidential, Highly Confidential, etc.)
Define authorization requirements and conditions to permit disclosure
10 / Applicable Laws / Compliance / Comply with all applicable local, state and federal laws.

Table 10.5.1.2-1 Security items and their purposes

10.5.1.3 Security Strategy

The overall cyber security strategy for the smart grid is based on a risk mitigation strategy to use both domain specific and common requirements to ensure the interoperability of solutions across different parts of the infrastructure when developing security solutions [1]. The primary goal of the cyber security strategy should be prevention and detection of threats from any and all sources. However, it also requires that a resilient response and recovery strategy be developed in the event of a cyber attack on the power grid. The security requirements and the supporting analysis that are included in NIST document [1] may be used by implementers of the smart grid, e.g., utilities, equipment manufacturers, regulators, as input to the risk assessment processes.

10.5.1.3.1 Defense in Depth

Originally a military strategy, defense in depth is designed to delay, if not prevent, the progress of a security event. Defense in depth approaches attempt to defend a system against any particular attack using several, varying methods. It is a layering tactic, recommended by the National Security Agency (NSA) as a comprehensive approach to information security. The placement of protection mechanisms, procedures and policies is intended to increase the dependability of an IT system where multiple layers of defense prevent, detect and react to intrusions against systems. In terms of computer network defense, such measures should not only contribute to prevention of security breaches, but buy an organization time to detect and respond to an attack, thereby reducing and mitigating the consequences of a breach.

Conceptually, defense in depth can be modeled as a series of interconnecting layers where physical security, perimeter restrictions as well as network, information and application security can be combined to provide much more effective multi-point security management.