4,972
views
0
recommends
+1 Recommend
1 collections
    8
    shares

      Studying business & IT? Drive your professional career forwards with BCS books - for a 20% discount click here: shop.bcs.org

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      A Separate Network for Control System CyberSecurity

      Published
      proceedings-article
      , Ph.D.
      6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR)
      Cyber Security Research
      10th-12th September 2019
      Bookmark

            Abstract

            The electric utility sector smart-grid definition implies the need for ubiquitous communications and extensive controls to increase reliability, efficiency, flexibility, and cost effectiveness. Smart-grid features include demand-response capabilities, advanced controls, DER integration, increased situational awareness, smart metering, advancement of ancillary services, time-of-use pricing, and peak curtailment, to name a few. The communication technologies at the smart grid’s heart provide the backbone for these features, which risks being exploited by adversaries. Furthermore, adding numerous automated services and devices to support smart-grid objectives risk compromise. In essence, the attack surface of the utility control systems is significantly larger. For example, smart meter and Advanced Metering Infrastructure systems, when implemented incorrectly, could provide injection points to the utility and meters equipped with demand response capabilities introduce the possibility of direct customer power disconnect. A separate network for control system cybersecurity defines a highly secure, resilient and redundant critical communications, sensing, and technical assistance solution supporting all elements of the electricity enterprise and its supply chain. It is designed to retain national continuity of operations, enable rapid restoration, and facilitate cost-effective protective measures to thwart consequences of cyberattacks, operational and physical threats, and natural disaster. Security and resilience enhancements are not about bolting on a costly, cumbersome exoskeleton. As a nation, we must infuse the grid’s operational architecture digital native attributes (DNA) with modifications resulting in immunity to attack and degradation. Objectives of a project to implement utilization ofa separate communication network include: Implementing cyber defensive measures beyond what is possible on the public internet. Enhancing grid state monitoring with advanced sensing, measurements, escalating alert and situational awareness. Using existing buried treasure of infrastructure (e.g., dark fiber) as a cost-effective protective measure, exploiting advanced communications (5G-LTE private wireless) and cybersecurity technologies suitable for the expanding smart grid requirements. Using living laboratories to test security functionality and resilience – collaborating with utilities and suppliers for proof of concept. A review of this concept is presented.

            Content

            Author and article information

            Contributors
            Conference
            September 2019
            September 2019
            : 144-156
            Affiliations
            [0001]Oak Ridge National Laboratory

            One Bethel Valley Road, Oak Ridge, TN 37831 USA
            Article
            10.14236/ewic/icscsr19.18
            77fab86d-09a5-40b3-93e7-4f87cd86768d
            © Peter L. Fuhr. Published by BCS Learning and Development Ltd. 6th International Symposium for ICS & SCADA Cyber Security Research 2019

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            6th International Symposium for ICS & SCADA Cyber Security Research 2019
            ICS-CSR
            6
            Athens, Greece
            10th-12th September 2019
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/icscsr19.18
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction

            REFERENCES

            1. Industrial Control Systems - Computer Emergency Response Team (ICS-CERT) 21 July 2016 https://ics-cert.us-cert.gov

            2. Utility ‘war games’ players to face an apocalypse scenario Energywire November 16 2015 accessed at http://www.navigant.com/~/media/WWW/Site/Insights/Energy/2015/EnergyWire_GridEx%20III.PDF

            3. Broadbandnow.com accessed at http://broadbandnow.com/Fiber-Providers

            4. Carnegie Mellon University Securing Industrial Control Systems ICS-CERT Pittsburgh, PA 2010

            5. CTIA U.S. Wireless Quick Facts CTIA: The Wireless Association CTIA 7 Nov 2013 Accessed at: http://www.ctia.org/advocacy/research/index.cfm/AID/10323

            6. Energy Information Administration (EIA) 22 July 2016 https://www.eia.gov/electricity/

            7. ESCWG, Roadmap to Achieve Energy Delivery Systems Cybersecurity 2011 21 40 19 July 2016 https://www.controlsystemsroadmap.net

            8. Federal Communications Commission 2013 Measuring Broadband America: A Report on Consumer Wireline Broadband Performance in the U.S 1 Feb 2013 accessed at http://transition.fcc.gov/cgb/measuringbroadbandreport/2013/Measuring-Broadband-America-feb-2013.pdf

            9. Curt Hebert and Susan Tierney, Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat Bipartisan Policy Center 24 February 2014 Washington, D.C

            10. The realized value of fiber infrastructure in Hamilton County, Tennessee University of Tennessee at Chattanooga 18 June 2015 20 July 2016 http://ftpcontent2.worldnow.com/wrcb/pdf/091515EPBFiberStudy.pdf

            11. National Infrastructure Simulation and Analysis Center, LA-CP-08–0547, Los Alamos National Laboratory 25 April 2008

            12. CIO 19 July 2016 http://www.cio.com/article/2899643/data-analytics/internet-of-things-connections-to-quadruple-by-2020.html

            13. ORNL Impacts of a Nominal Nuclear Electromagnetic Pulse on Electric Power Systems: Phase III Final Report, April 1991 ORNL/Sub/83–43374/2

            14. Personal Exchange with Hunter Newby, Dark Fiber Community 21 July 2016 and accessed at www.darkfibercommunity.com

            15. SANS Industrial Control Systems and the Electricity-Information Sharing and Analysis Center Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case, March 18 2016 Washington, D.C.; accessed at http://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf

            16. Smart America 21 July 2016 http://smartamerica.org/about/

            17. U.S. Department of Energy (DOE) Cybersecurity for Energy Delivery Systems program 22 July 2016 http://energy.gov/oe/services/technology-development/energydelivery-systems-cybersecurity

            18. U.S. DOE 22 July 2016 http://energy.gov/oe/downloads/cybersecurity-energy-delivery-systems-ceds-fact-sheets

            19. U.S. DOE and US Department of Homeland Security Energy Sector-Specific Plan, 2015 39 Washington, DC

            20. U.S. DOE and the Electric Power Research Institute Joint Electromagnetic Pulse Resilience Strategy Washington, D.C. 14 22 July 2016 at: http://www.energy.gov/sites/prod/files/2016/07/f33/DOE_EMPStrategy_July2016_0.pdf

            21. U.S. Department of Homeland Security (U/FOUO) DHS OIA, Intelligence Assessment: Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector, IA-0060–16 27 January 2016 Washington, DC

            22. U.S. Department of Homeland Security, National Infrastructure Protection Plan (NIPP) 2013 Washington, D.C. accessed at https://www.dhs.gov/sites/default/files/publications/National-Infrastructure-Protection-Plan-2013–508.pdf

            23. Why a power grid attack is a nightmare scenario The Hill May 30 2016 Washington, D.C. http://thehill.com/policy/cybersecurity/281494-why-a-power-grid-attack-is-a-nightmare-scenario

            Comments

            Comment on this article