1 Cyber Security and The Smart GridOntario Smart Grid Forum Cyber Security and The Smart Grid November 11, 2008 Cyber Security for the Smart Grid TM

2 Discussion Topics Objectives of PresentationAbout N-Dimension Solutions Cyber Security and the Smart Grid Solutions and Recommendations

3 Objectives of PresentationEngage in two-way discussion on a critical Smart Grid topic and provide useful context and recommendations for the Ontario Smart Grid Forum participants

4 N-Dimension Solutions Inc.Cyber Security Solutions Provider laser focused on the Power & Energy market Headquartered in Richmond Hill Ontario with office in Austin Texas Member of: NERC NERC’s new Demand-Side Management Task Force IESO’s Reliability Standards Standing Committee Cyber Security Technical Working Groups (IEEE P1711, AMI-SEC) Advisory Committee for University of Illinois Trusted Cyber Security Computing Infrastructure for Power Developed comprehensive AMI cyber security analysis and report for the Ontario Utilities Smart Metering (OUSM) working group Published thought leader on cyber security for the emerging Smart Grid Active across North America and globally in delivering Smart Grid cyber security solutions in conjunction with our business partners 4

5 Overview of The Smart Grid

6 The Current Electric Grid – Islands of TechnologyGeneration Transmission Distribution Customers GEN1 - Operational Information TOP1 – Operational Information DIST1 - Operational Information GENx - Operational Information TOPx – Operational Information DISTx – Operational Information

7 Convergence of Enterprise & Operations ITInformation Technology Smart Grid Technology Operations Technology Enterprise Systems Web Applications Control Systems Protection Systems AMI DSM OMS GIS Cyber Secure Integration counters key security principals of isolation and segregation Integration counters key security principals of isolation and segregation

8 End-to-End Communications, Intelligence, and Defense-in-Depth SecurityThe Smart Grid – Connectivity with Security End-to-End Communications, Intelligence, and Defense-in-Depth Security Transmission Distribution Customers Generation AMI DSM System Operators Conservation Authorities

9 Smart Grid Cyber Security

10 The Smart Grid – CharacteristicsSelf-healing Empowers and incorporates the consumer Resilient to physical and cyber attacks Provides power quality needed by 21st century users Accommodates a wide variety of generation options Fully enables maturing electricity markets Optimizes assets Source: The US National Energy Technology Laboratory

11 Smart Grid Technology Sensors Communications First-level integrationMonitoring and detecting the data Communications Moving the data through the build of networks First-level integration Collecting the data Centralized control Using the data for visualization and control Security Protecting the data with Security Services & Solutions Full integration Integrating the data with the rest of the business Services and Applications Using the data in new ways Source: The Emerging Smart Grid, Global Environment Fund - Centre for Smart Energy

12 Smart Grid Attack Threats“Energy control systems are subject to targeted cyber attacks. Potential adversaries have pursued progressively devious means to exploit flaws in system components, telecommunication methods, and common operating systems found in modern energy systems with the intent to infiltrate and sabotage vulnerable control systems. Sophisticated cyber attack tools require little technical knowledge to use and can be found on the Internet, as can manufacturers’ technical specifications for popular control system equipment.” Source: Roadmap to Secure Control Systems in the Energy Sector, The Department of Homeland Security and US Department of Energy

13 Smart Grid Cyber Security DriversIncreasing Interconnection and Integration New 2-Way Systems (e.g. AMI, DSM) Increasing Use of COTS Hardware and Software New Customer Touch Points into Utilities Control Systems Not Designed with Security in Mind Increasing Number Of Systems and Size of Code Base Increased Attack Surface Increased Risk to Operations

14 Takes Control of RTU Overview of Cyber Security – ThreatsOpens with Malware Operator Admin Admin Perform ARP Scan Perform ARP Scan SQL EXEC Send with malware Acct Operator Internet Takes Control of RTU Hacker performs an ARP (Address Resolution Protocol) Scan Once the Slave Database is found, hacker sends an SQL EXEC command Performs another ARP Scan Takes control of RTU Hacker sends an with malware recipient opens the and the malware gets installed quietly Using the information that malware gets, hacker is able to take control of the recipient’s PC! Slave Database Master DB RTU Example from 2006 SANS SCADA Security Summit, INL 14

15 Overview of Cyber Security – ThreatsCyber Penetration AMCC (Advanced Metering Control Computer) Communications Network (WAN) Attacker Controls the Head End Attacker Performs Remote Disconnect Attacker Communications Network (WAN) Retailers 3rd Parties AMI WAN AMI WAN AMI WAN Data Management Systems (MDM/R) Example from AMRA Webinar, Nov ’06 “The Active Attacker” 15

16 Cyber Security ChallengesThe challenge is complex and continuously changing Legacy systems need to be protected Number and geographic location of end points Relationship to physical security Systems are 7x24 and critical The human element / social engineering

17 Cyber Solutions Unlike the beer industry, there is no silver bullet !

18 Cyber Solutions - Defense in DepthPerimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Physical Security Interior Security Firewall, IDS, VPN, AV IEEE P1711 (Serial Connections) NAC Scanning Monitoring Management Processes IDS Intrusion Detection System IPS Intrusion Prevention System DMZ DeMilitarized Zone VPN Virtual Private Network (encrypted) AV Anti-Virus (anti-malware) NAC Network Admission Control

19 Cyber Solutions – 50,000 Foot View of Control NetworkDefense in Depth Access Control Secure connections Link to Physical Security Management Apply same approach to other Smart Grid elements Key Points: Internet Enterprise Network VPN FW Proxy IPS AV IPS FW Host IPS Host AV Partner Site IDS Control Network NAC Scan Host IDS Host AV FW VPN P1711 FW IDS AV Field Site Field Site Field Site Scan NAC

20 The N-Dimension ViewpointCyber security is an absolute requirement for the Smart Grid Smart Grid deployments will fail without proper cyber security A strong security posture can be established so that the benefits can be realized from Smart Grid deployments Ontario can establish a leadership position: Standards Trials Information exchange Learning

21 Recommendations View cyber security as a critical element of your Smart Grid deployment Apply the defense in depth concept isolating and segregating systems and applications, then allow selected connectivity Best accomplished at the foundational / design level Establish a security management system “you can’t manage what you can’t measure” Involve your vendors and interconnected partners Embed into your corporate governance systems Develop and track business case: Project by project basis Integrated system Look to others for learning and suggestions such as the Ontario Smart Grid Forum !

22 Thank You ! Peter Vickery Executive Vice-PresidentN-Dimension Solutions Inc. Office: ext 223 Mobile: Doug Westlund CEO Office: ext 227 Mobile: