Illinois Security Lab Critical Infrastructure Protection for Power
Illinois Security Lab Critical Infrastructure Protection for Power Carl A. Gunter University of Illinois
TCIP Center Illinois Security Lab • NSF/DHS/DOE Cyber. Trust Center scale activity: Trusted Cyber Infrastructure for Power (TCIP) • Lead UIUC, other participants include Cornell, Dartmouth, and Washington State University • C. A. Gunter, B. Sanders (PI), D. Bakken, A. Bose, R. Campbell, G. Gross, C. Hauser, H. Khurana, R. Iyer, Z. Kalbarczyk, K. Nahrstedt, D. Nicol , T. Overbye, P. Sauer, S. Smith, R. Thomas, V. Welch, M. Winslett 2
Illinois Power Grid • Features – Critical to many other systems – Safety-critical real-time control of energy – Multiple administrative domains – Increasing dependence on computer control – Limited attention to security in legacy systems Security Lab • Similar systems – Oil and gas SCADA systems – Air traffic control system – International financial system – Inter-domain routing system (BGP) 3
Present Infrastructure - Peer coordinators may exchange information for broad model - Degree of sharing may change over time Illinois Security Lab 10’s of control areas feed data to coordinator Coordinator - State estimator creates model from RTU/IED data - 1000’s of RTU/IEDs - Monitor and control generation and transmission equipment Photos courtesy of John D. Mc. Donald, KEMA Inc. Control Area 4
Illinois US Grid Infrastructure Security Lab ISO-NE NYSO RTO WEST PJM MISO CAISO TVA GRID SOUTH ERCOT GRID FLORIDA Edison Electric Institute 03 5
Control Center (EMS) Level 3 (Enterprise) Control Center (EMS) Trust Negotiation Secure Information Distribution LAN Public/Private Internet AAA Control Dedicated Links M/W, Fiber, Dialup, Leased Lines, etc) Level 2 (Substation) Vendor Operator Qo. S Mgnt Secure and Timely Data Collection, Aggregation, and Monitoring Dedicated Links M/W, Fiber, Dialup, Leased Lines, etc) RTU Switched Ethernet LAN Level 1 (IED) IEDs Qo. S Mgnt Secure Tunable Hardware Level 0 (Sensors and actuators) Sensors 6
Grid Communication Protocols Illinois Security Lab 7
Illinois Security Lab Intelli. Grid Environments 8
Architecture Technical challenges motivated by domain specific problems in Ubiquitous exposed infrastructure Real-time data monitoring and control Wide area information coordination and information sharing Illinois Security Lab Must be addressed by developing science in Secure and Reliable Computing Base Trustworthy infrastructure for data collection and control Wide-Area Trustworthy Information Exchange Quantitative Validation 9
Sample Research Questions Illinois Security Lab • Should the power grid use the Internet? • How can we unify power grid simulations and Internet simulations? • What are the risks associated with new power grid elements such as networked meters? 10
Pervasive Metering Illinois Security Lab • Advanced power meters on the brink of broad deployment • No good threat assessments currently exist • Corrupt customers, energy service providers, terrorists, and other external agents all highly motivated to attack pervasive meters – Terrorists: Remotely disconnect customers – Service providers: Profile customer loads with high resolution – Customers: Steal electricity • Interesting characteristics: Ownership of the meter and its data shared between service provider and customer • Potential security architectures applicable to other networked systems – Likely to make use of cutting-edge technologies like trusted platform modules, virtualization, and remote attestation 11
- Slides: 11