Presentations TCIP: Trustworthy Cyber Infrastructure for Power - - PDF document

presentations
SMART_READER_LITE
LIVE PREVIEW

Presentations TCIP: Trustworthy Cyber Infrastructure for Power - - PDF document

Mar 20, 2023 280 likes •409 views

Trustworthy Cyber Infrastructure for the Power Grid Presentations TCIP: Trustworthy Cyber Infrastructure for Power Focus Area: Quantitative & Qualitative Evaluation Presented by: David M. Nicol TCIP Industry Meeting, October 17, 2007

slide-1
SLIDE 1

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

1

University of Illinois Dartmouth College Cornell University Washington State University

TCIP: Trustworthy Cyber Infrastructure for Power

Focus Area: Quantitative & Qualitative Evaluation

Presented by: David M. Nicol

University of Illinois • Dartmouth College • Cornell University • Washington State University

TCIP Industry Meeting, October 17, 2007

Personnel

PIs/Senior Personnel Roy Campbell C l G t Students Scott Bai Frank Stratton Carl Gunter Himanshu Khurana David Nicol Tom Overbye Bill Sanders Staff Frank Stratton Matt Davis Angel Aquino-Lugo Kate Rodgers Jianqing Zhang Zahid Anwar Mirko Montanari Sankalp Singh

University of Illinois • Dartmouth College • Cornell University • Washington State University

Tod Courtney Apollo Crum Sankalp Singh Student Alumni Steve Hanna Jeff Farris

slide-2
SLIDE 2

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

2

University of Illinois Dartmouth College Cornell University Washington State University

Focus Area Activities

Powerworld integration with devices [Overbye] – Power network simulator, integrated with physical power grid equipment (e.g., relay). RINSE (Real-time Immersive Network Simulation Environment) [Nicol] RINSE (Real time Immersive Network Simulation Environment) [Nicol] – Simulator / emulator which integrates virtual and physical systems. Designed for evaluation of hw/sw architectures (e.g. substation) Evaluation of Security Hub Architecture [Gunter] – Pushing security protocols onto IEDs in networked substation impacts

  • latency. Is it acceptable?

Automated Security Assessment [Campbell] – Combine models of power grid, SCADA, operational & recovery work-

University of Illinois • Dartmouth College • Cornell University • Washington State University

flow, and assertions about security to determine security risks associated with various recovery strategies APT (Access Policy Tool) [Nicol, Sanders] – Analyze system access policies for violations with global requirements Testbed that integrates virtual systems and physical systems [ALL]

Research Organization

University of Illinois • Dartmouth College • Cornell University • Washington State University

slide-3
SLIDE 3

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

3

University of Illinois Dartmouth College Cornell University Washington State University

Research in Algorithms

RINSE

  • High fidelity mixed abstraction

– Higher abstraction for background flows, detailed abstraction for flows of interest

  • Sampling for simulation kernel

performance assessment – Understanding behavior is key

University of Illinois • Dartmouth College • Cornell University • Washington State University

g y to performance debugging – Full tracing far too expensive – Complicated interactions between system and user- defined threads

Research in Algorithms

Power System Simulation

  • Abstraction focused on

Phasor Measurement Units-- smaller system to analyze Mathematics (equivalent

PMU bus PMU bus PMU bus PMU bus

PMU PMU

APT

– Mathematics (equivalent circuit theory) to determine what can be said removing buses w/o PMUs

Buses without PMUs

PMU bus PMU bus PMU bus PMU bus PMU bus PMU bus

PMU PMU PMU University of Illinois • Dartmouth College • Cornell University • Washington State University

APT

  • Integrate analysis of

firewall rules with host rules (SeLinux) to obtain reachability map of actors to objects

slide-4
SLIDE 4

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

4

University of Illinois Dartmouth College Cornell University Washington State University

Research in Tools

Powerworld integration with physical devices

Relay signals breaker

Energy Management Adaptive multi‐ channel source Relay Converter Program simulated current conversion to serial

  • utput

voltage status Energy Management System University of Illinois • Dartmouth College • Cornell University • Washington State University PowerWorld simulated current values

Change in load distribution

Research in Tools: Wireless Models

  • Support Protocol focus area by emulation of wireless network

– Developing wireless MAC and physical layers in RINSE

Port of DaSSF/SWAN radio layer (4 ld) years old) – Refactor base and derived classes – 802.11b implemented – Simple radio models (free- space, 2 ray) ported 802 11e functionality to support real

University of Illinois • Dartmouth College • Cornell University • Washington State University

Packet capture From IP layer

MAC layer protocol Physical layer modeling

RINSE

802.11e functionality to support real QoS middleware (in progress) Zigbee model, and scalability studies (in progress) High performance / high fidelity RF modeling

Real applications & middleware

slide-5
SLIDE 5

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

5

University of Illinois Dartmouth College Cornell University Washington State University

Research in Tools: Integration

University of Illinois • Dartmouth College • Cornell University • Washington State University

Integration Issues / Research Challenges

  • Scalable real-time proxy management
  • Packet capture at appropriate (and general) point in the

protocol stack

  • State exchange between emulated and real devices

g

  • Latency hiding in emulation

University of Illinois • Dartmouth College • Cornell University • Washington State University

slide-6
SLIDE 6

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

6

University of Illinois Dartmouth College Cornell University Washington State University

Research in Tools : Automated Security Assessment

Objective : Integrate different sources of knowledge about power grid IT system to make security risk assessments about pre-planned work-flow activities (e.g., recovery) Approach

  • Analyze descriptions of

– Physical power grid network – Control network components – Workflows describing maintenance and fault-recovery activities – Descriptions of known vulnerabilities and faults in software – Activities

  • Enables defense in-depth:

University of Illinois • Dartmouth College • Cornell University • Washington State University

– Automated security assessment – Distinguishes between faults & attacks – Give security advisories on which recovery paths would be the safest to follow

Research in Tools: Automated Security Assessment

Power Grid Model SCADA Model (CIM)

+

  • Security Attributes: viz Authorization

University of Illinois • Dartmouth College • Cornell University • Washington State University

Operations+Recovery Workflows Assertions about Security

Security Attributes: viz. Authorization

  • Element Vulnerabilities Database
  • Government Advisory Best Practices,

Known Attacks

slide-7
SLIDE 7

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

7

University of Illinois Dartmouth College Cornell University Washington State University

Research in Tools : Automated Security Assessment

University of Illinois • Dartmouth College • Cornell University • Washington State University

Case Study: Distributed Intelligent Agents

  • Intelligent Agents coordinate for control action, rather than a center
  • Agents would be distributed through the power network.
  • The research goals are:

– Develop and evaluate new control algorithms for restoration scenarios, and for system reconfiguration and for system reconfiguration – Evaluate communication needs for a broad set of use contexts

  • A simulation test-bed is being developed using MATLAB/SIMULINK and

tested in a simple restoration scenario.

University of Illinois • Dartmouth College • Cornell University • Washington State University

slide-8
SLIDE 8

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

8

University of Illinois Dartmouth College Cornell University Washington State University

Case Study: Latency in Security Hub

  • Security Hub

– “Inverted” hub-and-spokes VPN

  • Ehost

– Hosts operating in the p g Internet or enterprise network (HMI, technical services)

  • Ihost

– Hosts (SIEDs) operating in the control network (substation network)

  • Performance Requirements:

University of Illinois • Dartmouth College • Cornell University • Washington State University 15

Performance Requirements: – Assure authenticated low- latency communications between SIEDs – Must meet process timing guarantees

Case Study: Latency in Security Hub

  • Preliminary result (from emulation testbed)
  • Future work

– Attack traffic and continuous technical service traffic Key management and access control for SIEDs and

University of Illinois • Dartmouth College • Cornell University • Washington State University 16

– Key management and access control for SIEDs and IEC61850 – Scalability studies using RINSE – Study on secure communication for control networks and the Internet

slide-9
SLIDE 9

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

9

University of Illinois Dartmouth College Cornell University Washington State University

Accomplishments

Theory – Equivalent circuit derivation, reduced PMU bus system – Importance sampling results on policy verification – Analysis of threat of malware address harvesting Software RINSE – RINSE

  • Performance instrumentation
  • Wireless models
  • Production level software maintenance, automated testing

– Powerworld

  • Integration with AMS, relay, EMS

– Automated Security Assessment

  • Prototype system deployed

Evaluation

University of Illinois • Dartmouth College • Cornell University • Washington State University

– Latency analysis of Security Hub – Integration of PowerWorld/RINSE/devices – ASA analysis of prototypical recovery scenarios

Future

Bigger, more realistic, faster – Research directions point to increasing size of systems that can be evaluated, and realism of those system More integration – Evaluation of wireless w.r.t. scalability – Evaluation of base technology w.r.t. simulation attack generation – Evaluation of middleware (e.g., GridStat) and services (e.g. Security Hub) More development of theoretical foundations – Modeling of electrical systems – Modeling of communication systems

University of Illinois • Dartmouth College • Cornell University • Washington State University

g y – Experimental design

slide-10
SLIDE 10

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

10 10

University of Illinois Dartmouth College Cornell University Washington State University

TCIP: Trustworthy Cyber Infrastructure for Power TCIP: Trustworthy Cyber Infrastructure for Power

TCIP Testbed Capabilities and Utilization

University of Illinois • Dartmouth College • Cornell University • Washington State University

Presented by: Himanshu Khurana TCIP Lab Overview

  • Goal for the TCIP Lab:

– Create a realistic yet flexible environment that enables innovative research in trustworthy power system communications and control

  • Specifically, the lab will combine:

– commercial power system equipment – simulated power grid – computer hardware – simulated computer networks – commercial and research software

University of Illinois • Dartmouth College • Cornell University • Washington State University

  • As a result:

– enable us to run experiments using technologies we develop as part of TCIP, – and may serve as a resource for others in the future

20

slide-11
SLIDE 11

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

11 11

University of Illinois Dartmouth College Cornell University Washington State University

Testbed Layout

Control Center/ EMS ISO Control Center/ EMS ISO Control Center (EMS)

ISO

Ethernet / IP- Network (Secure, Real- time, Monitored)

Transmission

Ethernet / IP-Network (Secure, Real-time, Monitored)

Substation I Substation II

Distribution

Private IP-Based Network (Secure, Real- time, Monitored)

Data “Smart” Gateway/Hub “Smart”

Monitored) Private IP- Based Network (Secure, Real- time, Monitored)

University of Illinois • Dartmouth College • Cornell University • Washington State University

(Sensors/Actuators) (Substations)

IED IED IED Local HMI IED DFR IED IED IED Gateway/Hub Ethernet / IP- Network (Secure, Real- time, Monitored)

Sample Configuration for Substation

University of Illinois • Dartmouth College • Cornell University • Washington State University 22

slide-12
SLIDE 12

Trustworthy Cyber Infrastructure for the Power Grid

Presentations

12 12

University of Illinois Dartmouth College Cornell University Washington State University

Sample Configuration for Control Center

University of Illinois • Dartmouth College • Cornell University • Washington State University 23

Testbed Utilization in Evaluation Demo

(5)

Key Features

(1) Power System simulation via PowerWorld (2) SCADA to PowerWorld interface (3) (4) University of Illinois • Dartmouth College • Cornell University • Washington State University (1) (2) ( ) (3) Cyber infrastructure simulation via RINSE (4) (4) SCADA to RINSE interface (5) SCADA measurements and visualization (6) RINSE to SCADA interface (forthcoming) (7) PowerWorld to SCADA interface (forthcoming)