SlideShare a Scribd company logo

Security for Smartgrid

Gruene-it.org
Gruene-it.org

The unfortunate reality is that because of the critical nature of the technology and the services that it provides, the grid becomes a prime target for acts of terrorism and cyberattacks. In January 2008, a CIA analyst reported that hackers had attacked foreign utilities, turning out the lights in several foreign cities. Even if the motivation behind a targeted attack on the energy infrastructure is not terror or disruption, the evolving threat landscape dictates that the potential financial gains of such action can be alluring to the cybercriminal network.

TechnologyBusiness
1 of 7
Download to read offline
. White Paper Security for the Smart Grid Introduction Most of the nation’s electricity system was built when primary energy was relatively inexpensive. Grid reliability was mainly assured by having excess capacity in the system, with unidirectional electricity flow to consumers from centrally dispatched, coal-fired power plants. Investments in the electric system were made to meet increasing demand—not to change fundamentally the way the system works. Although innovation and technology have dramatically transformed other industrial sectors, the electric system, for the most part, has continued to operate the same way for decades. This lack of investment, coupled with increased demand and green initiatives that are promoting the need for innovation, has resulted in an inefficient and increasingly unstable system. Recognizing these challenges, the energy community is starting to combine advancements in information technology with electricity infrastructure, allowing the electric system to become “smart." This system uses interconnected elements that optimize the communications and control across the different segments of energy generation, distribution, and consumption. Near-real-time information allows utilities to manage the entire electricity system as an integrated framework, actively sensing and responding to changes in power demand, supply, costs, quality, and emissions across various locations and devices. Similarly, better information enables consumers to manage energy use to meet their needs. Securing a Smart Grid As discussed in the previous section, the modernization of the energy infrastructure highlights the need for information and physical security. The unfortunate reality is that because of the critical nature of the technology and the services that it provides, the grid becomes a prime target for acts of terrorism and cyberattacks. In January 2008, 1 a CIA analyst reported that hackers had attacked foreign utilities, turning out the lights in several foreign cities. Even if the motivation behind a targeted attack on the energy infrastructure is not terror or disruption, the evolving threat landscape dictates that the potential financial gains of such action can be alluring to the cybercriminal network. Regardless of intent, it is clear that the transformation of traditional energy networks to smart grids requires an intrinsic security strategy to safeguard this critical infrastructure. 1 http://www.washingtonpost.com/wp-dyn/content/article/2008/01/18/AR2008011803277_pf.html © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 7
White Paper Smart Grid Framework Figure 1 shows the different functional components that make up the Smart Grid framework and the role that security plays across these different layers. Figure 1. Smart Grid Framework: A Layered Approach According to the U.S. Department of Energy, “A smarter grid applies technologies, tools, and techniques available now to bring knowledge to power—knowledge capable of making the grid work far more efficiently." As utilities build the smart grid infrastructure on top of the electrical system, the real benefits of the new approach in enabling business applications and addressing customer use cases are dependent on making the communication network and the compute platform secure, operationally efficient, cost-effective, and resilient. Given that a number of these components are going to be built on an IP foundation, the grid will tremendously benefit from and at the same time be exposed to some of the challenges of IP-based networks today. By itself, the latter is not a cause for concern given the maturity of Internet Protocol and the fact that similar tasks have successfully been accomplished in the recent past with the time-division multiplexing (TDM)-to-secure IP migration. However, it is an area that has to have focused attention from day one for any entity considering a smart grid strategy. As the process of migrating to a common IP infrastructure accelerates across the industry, it is important to understand the need for security and also define a set of effective security controls. NERC, the North American Electric Reliability Corporation, has published a set of compliance standards for critical infrastructure protection 2 (CIP). These standards are still maturing and subsequent revisions are in process. Other governing bodies have followed suit and are also participating in standards activities. Pursuant to the Energy Security and Independence Act of 2007 (P.L. 110-140), the Secretary of Energy has directed the U.S. National Institute of Standards and Technology (NIST) to publish and enforce a set of interoperability standards for emerging smart grids. In addition, the GridWise 3 Alliance, a consortium of public and private stakeholders, has aligned to develop a basic understanding of interoperability in the smart grid by using actual case study examples, starting with members of the GridWise Alliance. These and other activities illustrate the importance of developing standards and regulations and are vital to building a successful security strategy. 2 http://www.nerc.com/page.php?cid=2|20 3 http://www.gridwise.org © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7
White Paper Given these trends, a clear set of factors is bringing the security requirements for smart grids into light, including: ● Migration of grid infrastructure to IP-based wired and wireless networks ● Influx of new network endpoints such as smart meters, sensors, and telemetry and control systems ● Increasing demand for granular access policies and controls for remote user groups such as employees, contractors, and even customers ● The evolution of the threat landscape to covert cyberattacks ● Regulatory compliance requirements Migration Risks Migrating the electric system today to a common IP infrastructure will simplify communications and control, simplify integration for renewable sources of energy, improve end-to-end visibility, and ultimately enable innovation and the creation of new business models. Systems that were previously unable to connect or share information because of either high costs or integration complexity would now be able to participate networkwide and share information. To understand the risks, we need to make the distinction between using IP and technologies to build a common, standards-based communication backbone versus providing systems open access to the Internet. Migrating to IP does not mean that critical elements of the grid will be accessible using the open Internet. In the case of building a smart grid, proper network segmentation that includes separating devices, networks, and functions helps ensure that there are discrete boundaries with enforceable access controls in place. Cisco has demonstrated experience and success with this model. Consider the public switched telephone networks (PSTNs) that support the traditional telephone services which most homes and businesses use. Over the past decade, Cisco has led the industry effort to build and migrate telephony infrastructure to an IP-based model. Proper network segmentation and design controls make sure that critical elements of this infrastructure (call managers, voicemail servers, and so on) are not openly exposed and vulnerable on the open Internet. As further validation, we continue to see increasing adoption rates for IP-based telephony deployments. The concern with IP migration is simply that because it is standards-based, there is a larger community that potentially understands how to exploit vulnerabilities in the protocol. However, by adopting the principles of network security, this risk can be mitigated with a strategy that involves a combination of people, process, and technology. Functional Requirements An effective security strategy for smart grids needs to be end to end. This means that security capabilities need to be layered such that defense mechanisms have multiple points to detect and mitigate breaches. These capabilities also need to be integral to all segments of the grid infrastructure and address the full set of logical functional requirements, including: ● Physical security ● Identity and access control policies ● Hardened network devices and systems ● Threat defense ● Data protection for transmission and storage ● Real-time monitoring, management, and correlation © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7
White Paper Integrated Physical Security Examining the problem from the outside and looking in, the first thing to consider for securing a smart grid is keeping the intruders off the premises. A physical security solution needs to include capabilities for video surveillance, cameras, electronic access control, and emergency response. These functions need to be flexible enough to integrate and converge onto the IP backbone. This approach allows energy organizations to build complete physical security systems while preserving their existing investments. Smooth interoperability enables centralized management and control, monitoring and logging capabilities, and rapid access to information. This reduces the amount of time it takes facilities personnel and operations teams to respond to incidents across the grid. Identity and Access Control Policies Knowing who is on the grid is a vital element to the overall security strategy. Today, we see various user groups that have a reason to be on the network, including employees, contractors, guests, and even customers. Access to these user groups, be it local or remote, should be granular, and authorization should only be granted to “need to know” assets. For example, an employee can have access to a specific grid control system, while a contractor only has access to a timecard application, and a customer has Internet-enabled access that allows that customer to view energy consumption and bills online. Identity should be verified through strong authentication mechanisms. Passwords must be strong, attempts must be logged, and unauthorized attempts should be logged. Organizations should implement a “default deny” policy whereby access to the network is granted only through explicit access permissions. Furthermore, all access points should be hardened to prevent unauthorized access, and only ports and services necessary for normal operation should be enabled. Hardened Network De vices and Systems The foundation of an effective security architecture is the protection of the infrastructure itself. A system is only as strong as its weakest link, and core elements—the routers and switches—can represent vulnerabilities and access methodologies if not properly protected. If these devices are compromised, they can be used to disrupt grid operations through denial-of-service (DoS) attacks or worse used to gain access to more vital control systems. For example, routers can be shipped with factory default passwords and basic remote access such as Telnet and HTTP services turned on. Network administrators might neglect to change these settings, unknowingly providing an easy entry point into their domain. Cisco publishes a set of guidelines and recommendations for hardening network 4 devices referred to as network foundation protection. These best practices address the steps that keep intruders off the devices and help to make sure of a secure environment. Threat Defense A comprehensive threat defense strategy is required to broadly cover the different vulnerabilities that a smart grid network can face. Despite discrete functional zones and clear segmentation, it is often difficult to anticipate what form a new threat might take. Care should be taken to apply security principles broadly across the entire infrastructure to build an effective, layered defense: ● DoS attacks can debilitate the functionality of the grid. DoS attacks sourcing from the Internet should not have any effect on the control systems due to network segmentation and access control. ● Host protection in the form of antivirus capabilities along with host-based intrusion prevention is required to protect critical client systems, servers, and endpoints. Host protection should be kept up to date with patch management controls to make sure that the latest threat intelligence and signature updates are in place. 4 http://www.cisco.com/go/SAFE © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7
White Paper ● Network intrusion prevention system (IPS) technologies should augment the host-based defenses. An IPS should be used to identify external threats attempting to enter the infrastructure, as well as stop any attempts at internal propagation. ● Vulnerability assessments must be performed at least annually to make sure that any elements that interface with the perimeter are secure. ● In some instances, user action can open potential vulnerabilities to the system. As such, awareness programs should be put in place to educate the network users—employees, contractors, and guests alike—about security best practices for using network-based tools and applications. Data Protection for Transmission and Storage Because of the different entities that make up a grid, it is important to think about how data is protected as it is transmitted and stored. A power generation plant, a local utility company, and a commercial office building might all be on the same grid network, but it might not make sense to freely share data between these segments. In fact, if each organizational component of the grid has its own data center, there needs to be enforcement of security policies that permits information sharing between these segments and secures access for administrative personnel. The primary security technologies that enable this are firewall, VPN, and host-based security for server protection. The smart grid must: ● Implement firewall functionality that enforces access policies between different network segments, either logical or physical ● Support VPN architectures that apply encryption algorithms to make sure of secure and confidential data transmission ● Allow for host encryption and data storage security capabilities to protect critical assets on servers and endpoints ● Provide granular access control to sensitive data at the application level ● Provide ubiquitous security across both wired and wireless connections in a consistent manner Real-Time Monitoring, Management, and Correlation For ongoing maintenance and tighter control, it is important to have the ability to monitor events at a granular level. Over the lifespan of any complex system, events occur. Some of these events might be the result of a security incident, and some might simply be “noise," but it is important for the system to detect those events, generate alerts, and apply intelligence so that more informative and intelligent decisions can be made. This level of visibility can show which network elements are being targeted, which network elements might be vulnerable, and what type of corrective action needs to take place. This is a requirement for any successful security strategy, as the system needs to continuously evolve and grow to stay ahead of the game. Cisco and Smart Grid Cisco is in a unique position to help energy organizations make the transformation to smart grids. From a technology ® standpoint, the Cisco portfolio includes industry-leading networking equipment and software with integrated security capabilities that cover the spectrum of functional requirements for smart grids. These products are coupled with Cisco SAFE, a set of proven and validated security designs that offer prescriptive guidelines on how to build secure network segments. This allows energy organizations to use Cisco experience to build end-to-end, secure IP networks. The maturity, reliability, and success of these products and services will serve to shorten the learning curve for power grid operations. © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 7
White Paper Cisco also has a proven track record of success in using the network as the platform to roll out advanced services and applications. The lessons learned from PSTN to IP migrations provide expertise that enables the deployment of time-tested networking techniques to make sure of resilience and self-healing. Similarly, Cisco has handled the migration of wired to wireless networks, providing consistent mobile services for a variety of applications in a secure manner across both LAN and WAN environments. Cisco boasts some of the most comprehensive security intelligence in the industry. Cisco Security Intelligence Operations is an advanced security infrastructure that combines threat telemetry, a team of global security researchers, and sophisticated security modeling to understand the latest trends, vulnerabilities, attack vectors, and attackers. Using this global network of intelligence and hard-earned reputation helps make sure that the intrinsic security in Cisco networks is the most effective in dealing with the wide variety of threats. Cisco continues to actively invest in security across a variety of technologies and products. It is fair to state that Cisco is involved in most communication hops in the IP-based Internet today, including the Internet core, service provider and enterprise edge, and enterprise boundary, providing ubiquitous end-to-end security. In the smart grid network, this experience is easily replicated in the home and building area networks, the federated data centers, and the neighborhood area network with embedded grid intelligence. Cisco has effectively managed to integrate security into the communication infrastructure while offering ease of use such as zero-touch configuration and secure mobility. The integrated services router is an excellent proof point of these capabilities and offers advanced security for a multitude of applications, with advanced encryption, secure services integration, threat detection, and mitigation capabilities. These have been deployed in highly sensitive customer networks with stringent security requirements. Rugged instances of this router have been deployed in mobile and outdoor environments. Finally, Cisco also continues to lead various security efforts in standards bodies such as the Internet Engineering Task Force (IETF) to continue to strengthen the security of IP-based networks for a variety of deployment applications. Conclusion There is no debate about the potential advantages that a smart grid can bring. The ability to bring together complex, proprietary systems onto a common, standards-based network infrastructure will enhance communications, improve efficiency, help reduce costs, integrate renewable sources of energy, and promote more opportunities for innovation. The fallacy is that a smart grid is less secure: that by migrating the energy network to IP, we are exposing critical infrastructure to the dangers of the Internet. The reality is that using IP as a communications protocol is not the same as putting the energy grid on the Internet. In fact, because experience and history in how to secure IP networks already exist, the energy industry can effectively use this knowledge. The benefits of this approach far outweigh the risks, as the growth of the Internet has shown. To the extent these controls are properly implemented, energy organizations can confidently build truly secure, end-to-end networks that ultimately deliver on the promise of a smart grid. © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7
White Paper Printed in USA C11-539161-00 05/09 © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 7

Recommended

2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 

Recommended

2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi?
Adil Burak Sadıç - Siber Güvenlik mi, Bilgi Güvenliği mi, BT Güvenliği mi? CypSec - Siber Güvenlik Konferansı
 
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutThe 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know AboutBernard Marr
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018Confederation of Indian Industry
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_finalSarah Jarvis
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCigniti Technologies Ltd
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Brian Metzger
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success media and technology pvt ltd
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017Insights success media and technology pvt ltd
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosHaltdos
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant EnterpriseBooz Allen Hamilton
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015Marcos Ortiz Valmaseda
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographicCSC Australia
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 
2019 State of Cyber Security Report
2019 State of Cyber Security Report2019 State of Cyber Security Report
2019 State of Cyber Security ReportMohamed Zaheer Husain
 
Energy_Efficiency_Policy_Report_Tech_Report_2012-03
Energy_Efficiency_Policy_Report_Tech_Report_2012-03Energy_Efficiency_Policy_Report_Tech_Report_2012-03
Energy_Efficiency_Policy_Report_Tech_Report_2012-03Kathryn Dodge
 
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...Luis Taveras EMBA, MS
 

More Related Content

What's hot

2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCigniti Technologies Ltd
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Brian Metzger
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosHaltdos
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015Marcos Ortiz Valmaseda
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographicCSC Australia
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 

What's hot (20)

2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out for
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations Campaign
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDos
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant Enterprise
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
50+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 201550+ facts about State of CyberSecurity in 2015
50+ facts about State of CyberSecurity in 2015
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographic
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)
 
2019 State of Cyber Security Report
2019 State of Cyber Security Report2019 State of Cyber Security Report
2019 State of Cyber Security Report
 

Viewers also liked

Energy_Efficiency_Policy_Report_Tech_Report_2012-03
Energy_Efficiency_Policy_Report_Tech_Report_2012-03Energy_Efficiency_Policy_Report_Tech_Report_2012-03
Energy_Efficiency_Policy_Report_Tech_Report_2012-03Kathryn Dodge
 
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...Luis Taveras EMBA, MS
 
SmartGrid System Report
SmartGrid System ReportSmartGrid System Report
SmartGrid System ReportGruene-it.org
 
Report on smart metering& control of transmission system
Report on smart metering& control of transmission systemReport on smart metering& control of transmission system
Report on smart metering& control of transmission systemDurgarao Gundu
 
Red bull final
Red bull finalRed bull final
Red bull finalTKANHAR
 
Artificial intelligence report
Artificial intelligence reportArtificial intelligence report
Artificial intelligence reportSourabh Sharma
 
Power System Operation and Control
Power System Operation and ControlPower System Operation and Control
Power System Operation and ControlBiswajit Pratihari
 
Seminar report on solar tree (by Vikas)
Seminar report on solar tree (by Vikas)Seminar report on solar tree (by Vikas)
Seminar report on solar tree (by Vikas)dreamervikas
 

Viewers also liked (8)

Energy_Efficiency_Policy_Report_Tech_Report_2012-03
Energy_Efficiency_Policy_Report_Tech_Report_2012-03Energy_Efficiency_Policy_Report_Tech_Report_2012-03
Energy_Efficiency_Policy_Report_Tech_Report_2012-03
 
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...
Regulating Artificial Intelligence Systems, Risks, Challenges, Competencies, ...
 
SmartGrid System Report
SmartGrid System ReportSmartGrid System Report
SmartGrid System Report
 
Report on smart metering& control of transmission system
Report on smart metering& control of transmission systemReport on smart metering& control of transmission system
Report on smart metering& control of transmission system
 
Red bull final
Red bull finalRed bull final
Red bull final
 
Artificial intelligence report
Artificial intelligence reportArtificial intelligence report
Artificial intelligence report
 
Power System Operation and Control
Power System Operation and ControlPower System Operation and Control
Power System Operation and Control
 
Seminar report on solar tree (by Vikas)
Seminar report on solar tree (by Vikas)Seminar report on solar tree (by Vikas)
Seminar report on solar tree (by Vikas)
 

Similar to Security for Smartgrid

IBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM Energy & Utilties
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu
 
01012010 a reliability perspective
01012010 a reliability perspective01012010 a reliability perspective
01012010 a reliability perspectivemiguelazo84
 
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET Journal
 
Resource placement strategy optimization for smart grid application using 5G...
Resource placement strategy optimization for smart grid application using 5G...Resource placement strategy optimization for smart grid application using 5G...
Resource placement strategy optimization for smart grid application using 5G...IJECEIAES
 
Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...
Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...
Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...Gruene-it.org
 
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network SecuritySECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network SecurityIRJET Journal
 
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...nilesh405711
 
Modeling the Grid for De-Centralized Energy
Modeling the Grid for De-Centralized EnergyModeling the Grid for De-Centralized Energy
Modeling the Grid for De-Centralized EnergyTon De Vries
 
A Survey on the Placement of Virtual Security Network Functions in Softwarise...
A Survey on the Placement of Virtual Security Network Functions in Softwarise...A Survey on the Placement of Virtual Security Network Functions in Softwarise...
A Survey on the Placement of Virtual Security Network Functions in Softwarise...IRJET Journal
 
Importance of Measurements in Smart Grid
Importance of Measurements in Smart GridImportance of Measurements in Smart Grid
Importance of Measurements in Smart GridIJERD Editor
 
Sondaggio smart meter
Sondaggio smart meterSondaggio smart meter
Sondaggio smart metercanaleenergia
 
Security_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdfSecurity_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdf4nm18is123SunidhiSir
 
A REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKS
A REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKSA REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKS
A REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKSIRJET Journal
 
Key Aspect for Approach of Smart Grid Design System
Key Aspect for Approach of Smart Grid Design SystemKey Aspect for Approach of Smart Grid Design System
Key Aspect for Approach of Smart Grid Design Systemijtsrd
 
Wide area network in smart grid kundan
Wide area network in smart grid kundanWide area network in smart grid kundan
Wide area network in smart grid kundanKundan Kumar
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati
 

Similar to Security for Smartgrid (20)

IBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart Grids
 
Thesis Body
Thesis BodyThesis Body
Thesis Body
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
 
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...
 
01012010 a reliability perspective
01012010 a reliability perspective01012010 a reliability perspective
01012010 a reliability perspective
 
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
IRJET-Comparative Study on Evolution of State of Art Practices on Smart Grid ...
 
Resource placement strategy optimization for smart grid application using 5G...
Resource placement strategy optimization for smart grid application using 5G...Resource placement strategy optimization for smart grid application using 5G...
Resource placement strategy optimization for smart grid application using 5G...
 
Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...
Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...
Smart Grid The Role of Electricity Infrastructure in Reducing Greenhouse Gas ...
 
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network SecuritySECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
SECURING FUTURE CONNECTIVITY: An Extensive Analysis on 5G Network Security
 
Transformer Smart Grid
Transformer Smart GridTransformer Smart Grid
Transformer Smart Grid
 
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
A_Review_of_Cybersecurity_in_Grid-Connected_Power_Electronics_Converters_Vuln...
 
Modeling the Grid for De-Centralized Energy
Modeling the Grid for De-Centralized EnergyModeling the Grid for De-Centralized Energy
Modeling the Grid for De-Centralized Energy
 
A Survey on the Placement of Virtual Security Network Functions in Softwarise...
A Survey on the Placement of Virtual Security Network Functions in Softwarise...A Survey on the Placement of Virtual Security Network Functions in Softwarise...
A Survey on the Placement of Virtual Security Network Functions in Softwarise...
 
Importance of Measurements in Smart Grid
Importance of Measurements in Smart GridImportance of Measurements in Smart Grid
Importance of Measurements in Smart Grid
 
Sondaggio smart meter
Sondaggio smart meterSondaggio smart meter
Sondaggio smart meter
 
Security_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdfSecurity_for_5G_Mobile_Wireless_Networks (1).pdf
Security_for_5G_Mobile_Wireless_Networks (1).pdf
 
A REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKS
A REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKSA REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKS
A REVIEW ON QUALITY OF MONITORING FOR CELLULAR NETWORKS
 
Key Aspect for Approach of Smart Grid Design System
Key Aspect for Approach of Smart Grid Design SystemKey Aspect for Approach of Smart Grid Design System
Key Aspect for Approach of Smart Grid Design System
 
Wide area network in smart grid kundan
Wide area network in smart grid kundanWide area network in smart grid kundan
Wide area network in smart grid kundan
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 

Recently uploaded

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Security for Smartgrid

  • 1. . White Paper Security for the Smart Grid Introduction Most of the nation’s electricity system was built when primary energy was relatively inexpensive. Grid reliability was mainly assured by having excess capacity in the system, with unidirectional electricity flow to consumers from centrally dispatched, coal-fired power plants. Investments in the electric system were made to meet increasing demand—not to change fundamentally the way the system works. Although innovation and technology have dramatically transformed other industrial sectors, the electric system, for the most part, has continued to operate the same way for decades. This lack of investment, coupled with increased demand and green initiatives that are promoting the need for innovation, has resulted in an inefficient and increasingly unstable system. Recognizing these challenges, the energy community is starting to combine advancements in information technology with electricity infrastructure, allowing the electric system to become “smart." This system uses interconnected elements that optimize the communications and control across the different segments of energy generation, distribution, and consumption. Near-real-time information allows utilities to manage the entire electricity system as an integrated framework, actively sensing and responding to changes in power demand, supply, costs, quality, and emissions across various locations and devices. Similarly, better information enables consumers to manage energy use to meet their needs. Securing a Smart Grid As discussed in the previous section, the modernization of the energy infrastructure highlights the need for information and physical security. The unfortunate reality is that because of the critical nature of the technology and the services that it provides, the grid becomes a prime target for acts of terrorism and cyberattacks. In January 2008, 1 a CIA analyst reported that hackers had attacked foreign utilities, turning out the lights in several foreign cities. Even if the motivation behind a targeted attack on the energy infrastructure is not terror or disruption, the evolving threat landscape dictates that the potential financial gains of such action can be alluring to the cybercriminal network. Regardless of intent, it is clear that the transformation of traditional energy networks to smart grids requires an intrinsic security strategy to safeguard this critical infrastructure. 1 http://www.washingtonpost.com/wp-dyn/content/article/2008/01/18/AR2008011803277_pf.html © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 7
  • 2. White Paper Smart Grid Framework Figure 1 shows the different functional components that make up the Smart Grid framework and the role that security plays across these different layers. Figure 1. Smart Grid Framework: A Layered Approach According to the U.S. Department of Energy, “A smarter grid applies technologies, tools, and techniques available now to bring knowledge to power—knowledge capable of making the grid work far more efficiently." As utilities build the smart grid infrastructure on top of the electrical system, the real benefits of the new approach in enabling business applications and addressing customer use cases are dependent on making the communication network and the compute platform secure, operationally efficient, cost-effective, and resilient. Given that a number of these components are going to be built on an IP foundation, the grid will tremendously benefit from and at the same time be exposed to some of the challenges of IP-based networks today. By itself, the latter is not a cause for concern given the maturity of Internet Protocol and the fact that similar tasks have successfully been accomplished in the recent past with the time-division multiplexing (TDM)-to-secure IP migration. However, it is an area that has to have focused attention from day one for any entity considering a smart grid strategy. As the process of migrating to a common IP infrastructure accelerates across the industry, it is important to understand the need for security and also define a set of effective security controls. NERC, the North American Electric Reliability Corporation, has published a set of compliance standards for critical infrastructure protection 2 (CIP). These standards are still maturing and subsequent revisions are in process. Other governing bodies have followed suit and are also participating in standards activities. Pursuant to the Energy Security and Independence Act of 2007 (P.L. 110-140), the Secretary of Energy has directed the U.S. National Institute of Standards and Technology (NIST) to publish and enforce a set of interoperability standards for emerging smart grids. In addition, the GridWise 3 Alliance, a consortium of public and private stakeholders, has aligned to develop a basic understanding of interoperability in the smart grid by using actual case study examples, starting with members of the GridWise Alliance. These and other activities illustrate the importance of developing standards and regulations and are vital to building a successful security strategy. 2 http://www.nerc.com/page.php?cid=2|20 3 http://www.gridwise.org © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7
  • 3. White Paper Given these trends, a clear set of factors is bringing the security requirements for smart grids into light, including: ● Migration of grid infrastructure to IP-based wired and wireless networks ● Influx of new network endpoints such as smart meters, sensors, and telemetry and control systems ● Increasing demand for granular access policies and controls for remote user groups such as employees, contractors, and even customers ● The evolution of the threat landscape to covert cyberattacks ● Regulatory compliance requirements Migration Risks Migrating the electric system today to a common IP infrastructure will simplify communications and control, simplify integration for renewable sources of energy, improve end-to-end visibility, and ultimately enable innovation and the creation of new business models. Systems that were previously unable to connect or share information because of either high costs or integration complexity would now be able to participate networkwide and share information. To understand the risks, we need to make the distinction between using IP and technologies to build a common, standards-based communication backbone versus providing systems open access to the Internet. Migrating to IP does not mean that critical elements of the grid will be accessible using the open Internet. In the case of building a smart grid, proper network segmentation that includes separating devices, networks, and functions helps ensure that there are discrete boundaries with enforceable access controls in place. Cisco has demonstrated experience and success with this model. Consider the public switched telephone networks (PSTNs) that support the traditional telephone services which most homes and businesses use. Over the past decade, Cisco has led the industry effort to build and migrate telephony infrastructure to an IP-based model. Proper network segmentation and design controls make sure that critical elements of this infrastructure (call managers, voicemail servers, and so on) are not openly exposed and vulnerable on the open Internet. As further validation, we continue to see increasing adoption rates for IP-based telephony deployments. The concern with IP migration is simply that because it is standards-based, there is a larger community that potentially understands how to exploit vulnerabilities in the protocol. However, by adopting the principles of network security, this risk can be mitigated with a strategy that involves a combination of people, process, and technology. Functional Requirements An effective security strategy for smart grids needs to be end to end. This means that security capabilities need to be layered such that defense mechanisms have multiple points to detect and mitigate breaches. These capabilities also need to be integral to all segments of the grid infrastructure and address the full set of logical functional requirements, including: ● Physical security ● Identity and access control policies ● Hardened network devices and systems ● Threat defense ● Data protection for transmission and storage ● Real-time monitoring, management, and correlation © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7
  • 4. White Paper Integrated Physical Security Examining the problem from the outside and looking in, the first thing to consider for securing a smart grid is keeping the intruders off the premises. A physical security solution needs to include capabilities for video surveillance, cameras, electronic access control, and emergency response. These functions need to be flexible enough to integrate and converge onto the IP backbone. This approach allows energy organizations to build complete physical security systems while preserving their existing investments. Smooth interoperability enables centralized management and control, monitoring and logging capabilities, and rapid access to information. This reduces the amount of time it takes facilities personnel and operations teams to respond to incidents across the grid. Identity and Access Control Policies Knowing who is on the grid is a vital element to the overall security strategy. Today, we see various user groups that have a reason to be on the network, including employees, contractors, guests, and even customers. Access to these user groups, be it local or remote, should be granular, and authorization should only be granted to “need to know” assets. For example, an employee can have access to a specific grid control system, while a contractor only has access to a timecard application, and a customer has Internet-enabled access that allows that customer to view energy consumption and bills online. Identity should be verified through strong authentication mechanisms. Passwords must be strong, attempts must be logged, and unauthorized attempts should be logged. Organizations should implement a “default deny” policy whereby access to the network is granted only through explicit access permissions. Furthermore, all access points should be hardened to prevent unauthorized access, and only ports and services necessary for normal operation should be enabled. Hardened Network De vices and Systems The foundation of an effective security architecture is the protection of the infrastructure itself. A system is only as strong as its weakest link, and core elements—the routers and switches—can represent vulnerabilities and access methodologies if not properly protected. If these devices are compromised, they can be used to disrupt grid operations through denial-of-service (DoS) attacks or worse used to gain access to more vital control systems. For example, routers can be shipped with factory default passwords and basic remote access such as Telnet and HTTP services turned on. Network administrators might neglect to change these settings, unknowingly providing an easy entry point into their domain. Cisco publishes a set of guidelines and recommendations for hardening network 4 devices referred to as network foundation protection. These best practices address the steps that keep intruders off the devices and help to make sure of a secure environment. Threat Defense A comprehensive threat defense strategy is required to broadly cover the different vulnerabilities that a smart grid network can face. Despite discrete functional zones and clear segmentation, it is often difficult to anticipate what form a new threat might take. Care should be taken to apply security principles broadly across the entire infrastructure to build an effective, layered defense: ● DoS attacks can debilitate the functionality of the grid. DoS attacks sourcing from the Internet should not have any effect on the control systems due to network segmentation and access control. ● Host protection in the form of antivirus capabilities along with host-based intrusion prevention is required to protect critical client systems, servers, and endpoints. Host protection should be kept up to date with patch management controls to make sure that the latest threat intelligence and signature updates are in place. 4 http://www.cisco.com/go/SAFE © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7
  • 5. White Paper ● Network intrusion prevention system (IPS) technologies should augment the host-based defenses. An IPS should be used to identify external threats attempting to enter the infrastructure, as well as stop any attempts at internal propagation. ● Vulnerability assessments must be performed at least annually to make sure that any elements that interface with the perimeter are secure. ● In some instances, user action can open potential vulnerabilities to the system. As such, awareness programs should be put in place to educate the network users—employees, contractors, and guests alike—about security best practices for using network-based tools and applications. Data Protection for Transmission and Storage Because of the different entities that make up a grid, it is important to think about how data is protected as it is transmitted and stored. A power generation plant, a local utility company, and a commercial office building might all be on the same grid network, but it might not make sense to freely share data between these segments. In fact, if each organizational component of the grid has its own data center, there needs to be enforcement of security policies that permits information sharing between these segments and secures access for administrative personnel. The primary security technologies that enable this are firewall, VPN, and host-based security for server protection. The smart grid must: ● Implement firewall functionality that enforces access policies between different network segments, either logical or physical ● Support VPN architectures that apply encryption algorithms to make sure of secure and confidential data transmission ● Allow for host encryption and data storage security capabilities to protect critical assets on servers and endpoints ● Provide granular access control to sensitive data at the application level ● Provide ubiquitous security across both wired and wireless connections in a consistent manner Real-Time Monitoring, Management, and Correlation For ongoing maintenance and tighter control, it is important to have the ability to monitor events at a granular level. Over the lifespan of any complex system, events occur. Some of these events might be the result of a security incident, and some might simply be “noise," but it is important for the system to detect those events, generate alerts, and apply intelligence so that more informative and intelligent decisions can be made. This level of visibility can show which network elements are being targeted, which network elements might be vulnerable, and what type of corrective action needs to take place. This is a requirement for any successful security strategy, as the system needs to continuously evolve and grow to stay ahead of the game. Cisco and Smart Grid Cisco is in a unique position to help energy organizations make the transformation to smart grids. From a technology ® standpoint, the Cisco portfolio includes industry-leading networking equipment and software with integrated security capabilities that cover the spectrum of functional requirements for smart grids. These products are coupled with Cisco SAFE, a set of proven and validated security designs that offer prescriptive guidelines on how to build secure network segments. This allows energy organizations to use Cisco experience to build end-to-end, secure IP networks. The maturity, reliability, and success of these products and services will serve to shorten the learning curve for power grid operations. © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 7
  • 6. White Paper Cisco also has a proven track record of success in using the network as the platform to roll out advanced services and applications. The lessons learned from PSTN to IP migrations provide expertise that enables the deployment of time-tested networking techniques to make sure of resilience and self-healing. Similarly, Cisco has handled the migration of wired to wireless networks, providing consistent mobile services for a variety of applications in a secure manner across both LAN and WAN environments. Cisco boasts some of the most comprehensive security intelligence in the industry. Cisco Security Intelligence Operations is an advanced security infrastructure that combines threat telemetry, a team of global security researchers, and sophisticated security modeling to understand the latest trends, vulnerabilities, attack vectors, and attackers. Using this global network of intelligence and hard-earned reputation helps make sure that the intrinsic security in Cisco networks is the most effective in dealing with the wide variety of threats. Cisco continues to actively invest in security across a variety of technologies and products. It is fair to state that Cisco is involved in most communication hops in the IP-based Internet today, including the Internet core, service provider and enterprise edge, and enterprise boundary, providing ubiquitous end-to-end security. In the smart grid network, this experience is easily replicated in the home and building area networks, the federated data centers, and the neighborhood area network with embedded grid intelligence. Cisco has effectively managed to integrate security into the communication infrastructure while offering ease of use such as zero-touch configuration and secure mobility. The integrated services router is an excellent proof point of these capabilities and offers advanced security for a multitude of applications, with advanced encryption, secure services integration, threat detection, and mitigation capabilities. These have been deployed in highly sensitive customer networks with stringent security requirements. Rugged instances of this router have been deployed in mobile and outdoor environments. Finally, Cisco also continues to lead various security efforts in standards bodies such as the Internet Engineering Task Force (IETF) to continue to strengthen the security of IP-based networks for a variety of deployment applications. Conclusion There is no debate about the potential advantages that a smart grid can bring. The ability to bring together complex, proprietary systems onto a common, standards-based network infrastructure will enhance communications, improve efficiency, help reduce costs, integrate renewable sources of energy, and promote more opportunities for innovation. The fallacy is that a smart grid is less secure: that by migrating the energy network to IP, we are exposing critical infrastructure to the dangers of the Internet. The reality is that using IP as a communications protocol is not the same as putting the energy grid on the Internet. In fact, because experience and history in how to secure IP networks already exist, the energy industry can effectively use this knowledge. The benefits of this approach far outweigh the risks, as the growth of the Internet has shown. To the extent these controls are properly implemented, energy organizations can confidently build truly secure, end-to-end networks that ultimately deliver on the promise of a smart grid. © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7
  • 7. White Paper Printed in USA C11-539161-00 05/09 © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 7