A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Slides:



Advertisements
Similar presentations
DS-01 Disaster Risk Reduction and Early Warning Definition
Advertisements

NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis.
Illinois Security Lab Critical Infrastructure Protection for Power Carl A. Gunter University of Illinois.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice
Geneva, Switzerland, September 2014 Critical telecommunication infrastructure protection in Brazil Antonio Guimaraes / Paulo Moura National Telecommunication.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Stephen S. Yau CSE , Fall Security Strategies.
Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.
Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.
SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lessons Learned in Smart Grid Cyber Security
Smart Grid Technologies Damon Dougherty – Industry Manager.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.
The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
Dependable ICT for Utilities Proposal for DESIRE activities The CRIS Institute Hans Ottosson The International.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Cyber Terrorism Shawn Carpenter Computer Security Analyst
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
1 © A. Kwasinski, 2015 Cyber Physical Power Systems Fall 2015 Security.
Unrestricted © Siemens, Inc All rights reserved.Answers for industry. Crude Oil Pipelines Monitoring and Cont rol Siemens O&G Innovations Conference.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Agenda Control systems defined
and Security Management: ISO 28000
I have many checklists: how do I get started with cyber security?
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
CRITICAL INFRASTRUCTURE CYBERSECURITY
Enhanced alerting and collaborative incident management
Security for Safety: Enabling Digitalization of Railway Systems
Presentation transcript:

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection of Vital Infrastructures

VIKING - 2 VIKING Society is dependent on electricity

VIKING - 3 VIKING The Power Network

VIKING - 4 VIKING SCADA

VIKING - 5 VIKING SCADA Security

VIKING - 6 VIKING Why could SCADA be targeted? SCADA systems monitor and control production and distribution of i.e. electricity, gas and heat. SCADA systems were traditionally physically separated from the office IT network, using proprietary protocols and OS SCADA systems was not in the scope of IT SCADA systems develops today on a standard platform with standard protocols SCADA systems are normally not patched and have a life-cycle of 20 year SCADA systems have today direct access to the office IT networks and systems

VIKING - 7 VIKING SCADA system and security ? From the GAO report, May 2008, security study regarding TVA. Remote access system was not securely configured System and clients was not security patched Lack of security security settings for key programs Firewalls were bypassed or inadequately configured Passwords were not effectively implemented Logging was limited No antivirus protection Lack in security in the connections between Process and Office IT network Etc….. Conclusion “TVA Needs to Address Weaknesses in Control Systems and Networks

VIKING - 8 VIKING Consequences of Cyber Security Incidents… (?)

VIKING - 9 VIKING Potential Consequences Northeast Blackout 2003, US and Canada 50 million people without electricity Financial losses estimated to 6-10 billion USD Railway system interrupted Airports shut down (passenger screening, electronic tickets) Gas stations unable to pump gas Disrupted cellular communication Disrupted television (cable tv) Internet traffic disrupted Water system lost pressure: boil water advisories, closing of restaurants Sewage spills CIA senior analyst Tom Donahue: “We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities.”

VIKING - 10 VIKING This is what we want to avoid!

VIKING - 11 VIKING Strategic objectives of the VIKING project The VIKING project will concentrate on cyber attacks on SCADA systems for the Transmission and Distribution of electricity. The project has the following objectives: Provide a holistic framework for identification and assessment of vulnerabilities for SCADA systems. The framework should provide computational support for the prediction of system failure impacts and security risks. Provide a reference model of potential consequences of misbehaving control systems in the power transmission and distribution network that can be used as abase for evaluating control system design solutions. Develop and demonstrate new technical security and robustness solutions able to meet the specific operational requirements that are posed on control systems for our target area. Increase the awareness of the dependencies and vulnerabilities of cyber-physical systems in the power industry.

VIKING - 12 VIKING Industrial Partners ABB AG (Germany) E.ON AG (Germany) Astron (Hungary) MML Analysis & Strategy (Sweden) Academic Partners Royal Institute of Technology (Sweden) ETH Zurich (Switzerland) University of Maryland (USA) Members

VIKING - 13 VIKING From security requirements to social costs Attack SCADA system Power network Societal cost

VIKING - 14 VIKING Modelling Approach Substation Power Grid Control Center Sensors Transmission Society Applications Actuators Operator Distribution state measurements commands actions commands decision- support information power Cost Substation Automation measurements commands Network attack

VIKING - 15 VIKING Substation Power Grid Control Center Sensors Transmission Society Applications Actuators Operator Distribution state measurements commands actions commands decision- support information power Cost Substation Automation measurements commands Network attack Power System Models Society Models Cyberphysical Models System Architecture Models Attack Inventory Models

VIKING - 16 VIKING Example attack tree

VIKING - 17 VIKING Society Models Destroy transformer TD223… Grain write access to actuator GT435…

VIKING - 18 VIKING What characterizes the VIKING approach? Previous work has been focused on testing attacks on physical SCADA system Viking will do a model based approach Integrated analysis chain of models from attacks to societal cost Previous work has been focused on the central system, e.g. firewalls Viking looks on the complete SCADA system including substation and communication systems Development of new methodologies Use of power applications to detect manipulated data, i.e. higher level of Intrusion Detection System Use of security enhanced communication structures Coupling between physical process and IT systems models to study security issues Etc.

VIKING - 19 VIKING Potential Research Results of VIKING Estimates of the security risk (in terms of monetory loss for the society) based on threats trees, graphical system architecture and society models Comparable, quantitative results for cyber security for different control system solutions Use of existing model based application as application level Intrusion Detection Systems to detect manipulation of data Use of innovative and existing communication solutions to secure power system communication Help with identifying ”weak spots” and how to mitigate them An environment for performing what-if analyses of the security risk impact of different architecture solutions

VIKING - 20 VIKING Summary VIKING will investigate the vulnerability of SCADA systems and the cost of cyber attacks on society VIKING will propose and test strategies and technologies to counteract these weaknesses VIKING will increase the awareness for the importance of critical infrastructures and the need to protect them

VIKING - 21 VIKING Contact Project Coordinator Gunnar Björkman Technical Coordinator Pontus Johnson

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.