Thursday, October 7, 2010

Smart grid security: Critical success factors

Security is paramount in any smart grid deployment and should be embeded into the end-to-end architecture and deployment of intelligent networks

Threats to the smart grid can be classified into three broad groups: System level threats that attempt to take down the grid; attempts to steal electrical service; and attempts to compromise the confidentiality of data on the system.

It’s often assumed that security threats come exclusively from hackers and other individuals or outside groups with malicious intent. Staff and other “insiders” also pose a risk, however, because they have authorised access to one or more parts of the system. Insiders know sensitive pieces of information, such as passwords stored in system databases, and have access to a secure perimeter, cryptographic keys, and other security mechanisms that are targets of compromise. And not all security breaches are malicious; some result from accidental misconfigurations, failure to follow procedures, and other oversights.

An effective security strategy for smart grids needs to be end-to-end. This means that security capabilities need to be layered such that defence mechanisms have multiple points to detect and mitigate breaches. These capabilities also need to be integral to all segments of intelligent network infrastructure and address the full set of logical functional requirements, including:

Physical security

Examining the security of SCADA Networks, we always found lack of evidence in regards to physical security. The first thing to consider for securing a smart grid is keeping the intruders off the premises. A physical security solution needs to include capabilities for video surveillance, cameras, electronic access control, and emergency response. These functions need to be flexible enough to integrate and converge onto the IP backbone. The secure and smooth interoperability enables centralized management and control, monitoring and logging capabilities, and rapid access to information. This reduces the amount of time it takes facilities personnel and operations teams to respond to incidents across the grid.

Indentity and access control policies

Knowing who is on the grid is a vital element to the overall security strategy. Today, we see various user groups that have a reason to be on the network, including employees, contractors, and even customers. Access to these user groups, be it local or remote, should be granular, and authorization should only be granted to 'need to know' assets.

For example, an employee can have access to a specific grid control system, while a contractor only has access to a timecard application, and a customer has Internet-enabled access that allows that customer to view energy consumption and bills online.

Identity should be verified through strong authentication mechanisms. Passwords must be strong, attempts must be logged, and unauthorised attempts should be logged. We should implement a 'default deny' policy whereby access to the network is granted only through explicit access permissions. Furthermore, all access points should be hardened to prevent unauthorised access, and only ports and services necessary for normal operation should be enabled.

Hardened network devices and systems

The foundation of effective security architecture is the protection of the infrastructure itself. A system is only as strong as its weakest link and core elements—the routers and switches—can represent vulnerabilities and access methodologies if not properly protected. If these devices are compromised, they can be used to disrupt grid operations through denial-of-service (DoS) attacks or worse used to gain access to more vital control systems.

For example, routers can be shipped with factory default passwords and basic remote access such as Telnet and HTTP services turned on. Network administrators might neglect to change these settings, unknowingly providing an easy entry point into their domain. These best practices address the steps that keep intruders off the devices and help to make sure of a secure environment.

Threat defence

A comprehensive threat defence strategy is required to broadly cover the different vulnerabilities that a smart grid network can face. Despite discrete functional zones and clear segmentation, it is often difficult to anticipate what form a new threat might take. Care should be taken to apply security principles broadly across the entire infrastructure to build an effective, layered defence:

DoS attacks can debilitate the functionality of the grid. DoS attacks sourcing from the Internet should not have any effect on the control systems due to network segmentation and access control.

Host protection in the form of antivirus capabilities along with host-based intrusion prevention is required to protect critical client systems, servers, and endpoints. Host protection should be kept up to date with patch management controls to make sure that the latest threat intelligence and signature updates are in place.

Network intrusion prevention system (IPS) technologies should augment the host-based defenses. An IPS should be used to identify external threats attempting to enter the infrastructure, as well as stop any attempts at internal propagation.

Vulnerability assessments must be performed at least annually to make sure that any elements that interface with the perimeter are secure.

In some instances, user action can open potential vulnerabilities to the system. As such, awareness programs should be put in place to educate the network users—employees, contractors, and guests alike—about security best practices for using network-based tools and applications.

Data protection for transmission and storage

Because of the different entities that make up a grid, it is important to think about how data is protected as it is transmitted and stored.
  • Implement firewall functionality that enforces access policies between different network segments, either logical or physical
  • Support VPN architectures that apply encryption algorithms to make sure of secure and confidential data transmission
  • Allow for host encryption and data storage security capabilities to protect critical assets on servers and endpoints
  • Provide granular access control to sensitive data at the application level
  • Provide ubiquitous security across both wired and wireless connections in a consistent manner
Real-time monitoring, management, and correlation

For ongoing maintenance and tighter control, it is important to have the ability to monitor events at a granular level. Over the lifespan of any complex system, events occur. Some of these events might be the result of a security incident, and some might simply be 'noise', but it is important for the system to detect those events, generate alerts, and apply intelligence so that more informative and intelligent decisions can be made.

This level of visibility can show which network elements are being targeted, which network elements might be vulnerable, and what type of corrective action needs to take place. This is a requirement for any successful security strategy.

No comments: