Synchrophasor Security Practices John Stewart, Tennessee Valley Authority Thomas Maufer, Mu Dynamics, Inc. Rhett Smith, Chris Anderson, and Eren Ersonmez, Schweitzer Engineering Laboratories, Inc. Presented by Tommy Morris February 22, 2011
Current Power System Situational Awareness • SCADA measurements every 2-15 seconds • Measurement Asynchronous • Complex algorithms used to estimate state of power system • PMUs offer – – – –
30-240 measurements/second Synchronized measurements (100 ns accuracy via GPS) Real time situational awareness Less complex algorithms
Cyber Threat • PMU’s require new/more communication channels • Potential of cyber intrusion • Paper offers: – Best practices for mitigating cybersecurity risks
Synchrophasor Applications Real time applications w/control actions - Special Integrity Protection Schemes (SIPS) •Identify undamped oscillations and take automatic action before system collapse •Voltage stability by automatic control ofstatic VAR compensator (SVC)
•What is effect on these algorithms if MITM pollutes data? •What is effect on these algorithms if DOS makes data unavailable?
C37.118 Message Frames
(Header not commonly used)
Did we Fuzz all of these?
CIP • Synchrophasors not critical day • Increasing trend using synchrophasors in protection, operations, and planning • Synchrophasors will be critical in the future.
Best Practices • Electronic Security Perimeter • Minimize number of electronic access points • Place PMU multiple layers deep in the subnetwork (separate substation VLAN for PMU). • Firewalls with white list (deny-by-default) • PDC provides a security layer – Users access PDC not PMUs – Security upgrades occur at PDC rather than a PMUs
Best Practices, cont’d • C37.118 leaves security to higher layers • Implement IPSEC on substation gateway device • Short reference to connecting PMU’s to PDC via EIA-232 (RS-232). RS-232 is no routable protocol so often preferred for security. Not sure if RS-232 can handle the bandwidth requirements for a single PMU?
UDP Secure • Unidirectional Secure Streaming (PMU->PDC) • Command frames disable • PMU ignores client state, just streams continuously to a predefined location. • Firewall rules simpler – One way – Hide PMU’s IP address (no one needs to know)
• Add VPN for confidentiality and integrity
Remote Access • Avoid it. or • Use secure tunnel (SSH).
Other ports and services • Close them if not needed. – Required by NERC CIP
Non-ESP • • • •
Protect the network not in an ESP Treat this connection as un-trusted. Recommend encryption at any layer. Watch out for DOS.
Latency Measurements • Latency from VPN devices is tolerable for small number of VPN tunnels – i.e. substation with just a few PMU
• Latency increases as more VPN tunnels are added. – Not recommended for use in control center where many tunnels may be required.
• No data on what is acceptable for different applications.
VPN + Firewall Test • Demonstrated Zenmap tool effectiveness – can find devices when firewall disabled – Cannot find device when firewall enabled
• Demonstrated MITM attack – ARP Cache poisoning – Capture, monitor, and replay data
• Demonstrated VPN effectiveness – Without tunnel replay accepted at client – With tunnel replay rejected
Feb 22, 2011 - PMU's require new/more communication channels. ⢠Potential of cyber intrusion. ⢠Paper offers: â Best practices for mitigating cybersecurity ...
I. INTRODUCTION. Synchrophasor technology can be summarized as marking .... synchronous optical networks (SONETs), wireless links, and so on. There are ...
Tip: On the 2-Step Verification page, you can print a one-time passcode that allows you to sign in when you're away from your phone. It's quicker than entering a verification code. You can also choose to use a Security Key . You insert it into your c
FINAL Report â BGP Security Best Practices ..... servers hosting web or email applications; home user machines; VoIP (Voice over Internet .... Working Group 10:.
Company. Rodney Joffe â Co-Chair. Neustar, Inc. Rod Rasmussen â Co-Chair .... software and/or hardware deployments; WG4 is geared toward items that ... then drove development of the initial documentation of issues and ...... work in light of rece
Jun 14, 2014 - Read Information Security: Principles and Practices (2nd. Edition) ... information security in all 10 domains ... increasingly rigorous compliance.
Aug 7, 2015 - To minimize risk in the cloud, we have established the following best ..... are accessed by the appropriate users in the appropriate computing.
Jul 24, 2015 - Security practices that experts follow and consider good security advice for .... the survey via their social media accounts. About 80% of partic-.
Modern Computer Security, in One Book Clearly explains all facets of information ... security, from cloud services to mobile applications, âBring. Your Own Device ...
Jul 24, 2015 - actually be followed and design campaigns to improve security ed- ucation. .... the survey via their social media accounts. About 80% of partic-.