Scribd
Upload
15 views19 pages

T063500000200201PPTE

Uploaded by

prabhu_088981
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
15 views19 pages

T063500000200201PPTE

Uploaded by

prabhu_088981
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 19

Cyber Security and the Smart Grid

George W. Arnold, Eng.Sc.D.


National Institute of Standards and Technology (NIST)
U.S. Department of Commerce
george.arnold@nist.gov

Geneva, 6-7 December 2010 Addressing security challenges on a global scale 2


The Electric Grid
One of the largest, most complex infrastructures ever built

“The supreme engineering achievement of the 20 th


century”
- National Academy of Engineering

3
Electric Grid in the U.S.

• 3,200 electric utility • 17,000 power plants


companies • 800 gigawatt peak
demand
• 266,000 km of high-
voltage lines
• 10 million km of
distribution lines
• 140 million meters
• $1 trillion in assets
• $350 billion annual
revenues
4
The Electric Grid Today

Generation
Transmission Distribution
Markets and Operations Customer Use

One-way flow of electricity


•Centralized, bulk generation, mainly coal and natural gas
•Responsible for 40% of human-caused CO2 production
•Controllable generation and predictable loads
•Limited automation and situational awareness
•Lots of customized proprietary systems
•Lack of customer-side data to manage and reduce energy use
Smart Grid Goals
• Enable customers to
reduce energy use
• Increase use of
renewable sources
• Improve reliability and
security
• Facilitate
infrastructure for
electric vehicles

6
What Will the Smart Grid Look Like?

Energy management systems


Dynamic pricing
Distributed generation and
microgrids
High use of variable renewables
Distributed
storage
Bidirectional Electric
metering vehicles

Smart
Ubiquitous networked Smart meters and
appliances
sensors real time usage
data 7
Smart Grid: The “Energy Internet”

2-way flow of electricity and information

Standards Provide a Critical Foundation


Graphics courtesy of EPRI
Current Grid Environment
• Legacy SCADA systems
• Limited cyber security controls currently in
place
– Specified for specific domains – bulk power
distribution, metering
• Vulnerabilities might allow an attacker to
– Penetrate a network,
– Gain access to control software, or
– Alter load conditions to destabilize the grid in
unpredictable ways
• Even unintentional errors could result in
destabilization of the grid

9
Threats to the Grid

• Deliberate attacks
– Disgruntled employees
– Industrial espionage
– Unfriendly states
– Organized crime
• Inadvertent threats
– Equipment failures
– User/Administrator errors
• Natural phenomena
– Weather – hurricanes, earthquakes
– Solar activity

10
New Risks
• Greater complexity increases exposure to
potential attackers and unintentional errors
• Linked networks introduce common
vulnerabilities
• “Denial of Service” – type attacks
• Increased number of entry points and paths
• Compromise of data confidentiality or
customer privacy

11
Ensuring Security and Privacy

12
Smart Grid – an Opportunity

• Modernization provides an opportunity to


improve security of the Grid
• Integration of new IT and networking
technologies
– Brings new risks as well as an array of security
standards, processes, and tools
• Architecture is key
– Security must be designed in – it cannot be added
on later

13
Cyber Security Working Group
• Building cyber security in from the start
has been a paramount concern
• Permanent Working Group
– Over 460 public and private sector
participants
• August 2010 NIST publishes:
Guidelines for Smart Grid Cyber
Security
– Reflects Comments on Sept 2009 and
Feb 2010 Draft Smart Grid Cyber
Security Strategy and Requirements
• Guideline includes:
– Risk assessment guidance for
implementers
– Recommended security requirements
– Privacy recommendations
14
Guidelines for Smart Grid Cyber Security

• NIST Interagency Report 7628 - August 2010


– Development of the document lead by NIST
– Represents significant coordination among
• Federal agencies
• Private sector
• Regulators
• Academics
– Document includes material that will be used in selecting
and modifying security requirements

15
15
NISTIR 7628 – What it IS and IS NOT

What it IS
• A tool for organizations that are researching, designing, developing, and
implementing Smart Grid technologies
• May be used as a guideline to evaluate the overall cyber risks to a Smart
Grid system during the design phase and during system implementation
and maintenance
• Guidance for organizations
– Each organization must develop its own cyber security strategy (including a
risk assessment methodology) for the Smart Grid.

What it IS NOT
• It does not prescribe particular solutions
• It is not mandatory

16
16
NISTIR 7628 Content

The NISTIR includes the following


• Executive Summary
• Chapter 1 - Overall cyber security strategy for the
Smart Grid
• Chapter 2 – High level and logical security
architecture
• Chapter 3 – High level security requirements
• Chapter 4 – Cryptography and key management

17
17
NISTIR 7628 Content (Continued)

• Chapter 5 - Privacy and the Smart Grid


• Chapter 6 Bottom-up security analysis of the Smart Grid
• Chapter 7 – R&D themes for cyber security in the Smart
Grid
• Chapter 8 – Overview of the standards review
• Chapter 9 – Key power system use cases for security
requirements
• Appendices A - J

18
18
Further Information

• Web portal: http://www.nist.gov/smartgrid


• Contact:
– George Arnold, National Coordinator
– Email: george.arnold@nist.gov
– Telephone: +1.301.975.2232

19

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy