Mar 14, 2014 | Archives

Real-Time Systems Need Real-Time Security Requirements: the Value of Agile Detective and Corrective Security Controls

by | Mar 14, 2014 | Archives

It is no secret that cyber security related to Smart Grid systems and deployments has garnered much attention over the past several years. Much of it has been and still is negative in the form of criticism that the industry as a whole is not doing enough to address cyber security.  While most utilities today agree on the need to secure these systems and are actively working to do so, the debate of the adequacy of the industry’s efforts is not likely to subside anytime soon.

One of the drivers in this debate is the degree to which the various utility systems employed today are integrated and interconnected and the fact that these systems will be more so interconnected in the future.  As their infrastructure has evolved over the years, utilities have become well versed in system design. Requirements are developed and systems are designed, built, and tested to validate that they meet these requirements. Once operational, they system(s) remain relatively unchanged until the need to modify, upgrade, or replace them is justified by identifying new or changing requirements, usually in the timeframe of months or even years. It’s a model that the electric utility industry understands well.

The challenge with cyber security and Smart Grid is that there is no finish line, at least not one that remains constant throughout the life of the system being protected. Adversaries and threats evolve constantly and new vulnerabilities can be discovered at anytime which means that for cyber security, the system requirements are always changing to a certain extent. On one hand, there have been many technical solutions developed or customized for the Smart Grid environment which has lead to tangible improvements. On the other hand, the industry’s ability to evolve and deploy solutions struggles to keep pace with these threats.

The bottom line for utilities is reducing risks that any system or application poses to the operational and business aspects of the power grid.  While this can be accomplished by limiting or even removing system functionality, it’s a safe assumption that the industry will follow the opposite direction and rely more on and increase the functionality of these systems in the future. This evolution in turn drives the need for continues improvement of the employed cyber security solutions. Looking at many of the security solutions developed within the industry over the past decade, many of them are aimed at preventing unauthorized activity, malicious or otherwise, within the utility’s control systems. While preventative measures such as these are essential, they represent only one facet of technical security controls which can be organized into three basic types:

Preventative security controls exist to prevent a threat from coming in contact with a utility control system weakness or vulnerability

Detective security controls exist to identify that a security event, malicious or otherwise, is present within the utility’s control the system

Corrective security controls exist to mitigate or lessen the effects of an event affecting the utility’s control system

Of the three types of security controls, Preventative controls are typically the most popular in any security program since they minimize the possibility of loss by preventing an event from occurring.  They are active and typically designed, tested, and validated with specific threats and vulnerabilities in mind. The challenge with Preventative security controls in control systems which support Smart Grid functions is that in many cases, the utility’s ability to quickly deploy new or modified security controls is limited. Utilities invest a significant amount of effort to test and validate the operations of their control systems which may unintentionally create an overly rigid environment when the necessity of new or modified security controls arises. In many cases, system updates, modification, and subsequent testing is not feasible until an outage of the supported power system assets, such as the case for a generating plant Distributed Control System (DCS).  As new threats and vulnerabilities emerge, utilities may be faced with a gap in their ability to mitigate the associated risks until new or modified Preventative security controls can be applied. To bridge this gap in many cases, Detective and Corrective security controls are utilities primary defense.

Where Smart Grid systems often lack effective security is in the agility of the prescribed Detective and Corrective security controls. In many electric utility control system deployments, Detective and Corrective controls are not implemented in a real-time fashion and are less effective in mitigating potential impact to real-time power system operations. Often these controls are applied after the fact such as examination of security logs to detect an event that has already happened or a system restart to reload an application.  While these are legitimate security controls for more business centric systems, they fall short of the mark when trying to mitigate risks to control systems which in turn translates to risks to the stability of the real-time process; generating, transmitting, and distributing electric power in this case.  To be effective in control systems supporting Smart Grid functions, Detective and Corrective security controls need to be invoked as soon as possible from the start of the event.

All three security control types are utilized together to form an effective defense. If a security control to prevent an event is ineffective or cannot be deployed in a timely manner, then there must be a mechanism in place to detect that an event is happening as quickly as possible. Detecting an event in progress many times is not enough so there must also be corrective mechanisms in place to react to the detected event.  The key for electric utilities is that they need all three types of security controls in Smart Grid deployments implemented in a manner that creates an agile defense.

One key aspect of attaining this improved cyber defense agility is information sharing. EnerNex is fortunate enough to be participating in the Situational Awareness Reference Architecture (SARA) pilot project lead by the folks at the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC). One of the key components of the SARA project is fostering the adoption of automated Machine-to-Machine knowledge sharing. The notion that a trusted source can share threat information tailored for the utility control systems environment and have that information automatically downloaded and available to the utility’s monitoring systems in real-time or near real-time is a powerful concept and those of you who may not be familiar with the SARA pilot will find it worthwhile to check out.

Want to know more about how EnerNex can support your cyber security efforts relating to utility automation systems? Feel free to contact me at brian@enernex.com to discuss. EnerNex is uniquely qualified to assist you as our staff has decades of experience in all aspects of utility automation systems from both vendor and utility perspectives.

Related Articles

Related

X