Critical Infrastructure Protection for Power

1
Critical Infrastructure Protectionfor Power

• Carl A. Gunter
• University of Illinois

2
TCIP Center

• NSF/DHS/DOE CyberTrust Center scale activity
  Trusted Cyber Infrastructure for Power (TCIP)
• Lead UIUC, other participants include Cornell,
  Dartmouth, and Washington State University
• C. A. Gunter, B. Sanders (PI), D. Bakken, A.
  Bose, R. Campbell, G. Gross, C. Hauser, H.
  Khurana, R. Iyer, Z. Kalbarczyk, K. Nahrstedt, D.
  Nicol , T. Overbye, P. Sauer, S. Smith, R.
  Thomas, V. Welch, M. Winslett

3
Power Grid

• Features
• Critical to many other systems
• Safety-critical real-time control of energy
• Multiple administrative domains
• Increasing dependence on computer control
• Limited attention to security in legacy systems

• Similar systems
• Oil and gas SCADA systems
• Air traffic control system
• International financial system
• Inter-domain routing system (BGP)

4
Present Infrastructure
- Peer coordinators may exchange information for
broad model - Degree of sharing may change over
time
10s of control areas feed data to coordinator
Coordinator
- State estimator creates model from RTU/IED data
- 1000s of RTU/IEDs - Monitor and control
generation and transmission equipment
ControlArea
Photos courtesy of John D. McDonald, KEMA Inc.
5
US Grid Infrastructure
Edison Electric Institute 03
6
Control Center (EMS)
Control Center (EMS)
Level 3 (Enterprise)
Trust Negotiation
Secure Information Distribution
LAN
LAN
Public/Private Internet
AAA Control
Dedicated Links M/W, Fiber, Dialup, Leased
Lines, etc)
Vendor
Operator
Dedicated Links M/W, Fiber, Dialup, Leased
Lines, etc)
QoS Mgnt
Secure and Timely Data Collection, Aggregation,
and Monitoring
Level 2 (Substation)
RTU
Switched Ethernet LAN
Level 1 (IED)
IEDs
QoS Mgnt
Secure Tunable Hardware
Sensors
Level 0 (Sensors and actuators)
7
Grid Communication Protocols
8
IntelliGrid Environments
9
Architecture
Technical challenges motivated by domain specific
problems in
Must be addressed by developing science in
Secure and Reliable Computing Base
Trustworthy infrastructure for data collection
and control
Wide-Area Trustworthy Information Exchange
Quantitative Validation
10
Sample Research Questions

• Should the power grid use the Internet?
• How can we unify power grid simulations and
  Internet simulations?
• What are the risks associated with new power grid
  elements such as networked meters?

11
Pervasive Metering

• Advanced power meters on the brink of broad
  deployment
• No good threat assessments currently exist
• Corrupt customers, energy service providers,
  terrorists, and other external agents all highly
  motivated to attack pervasive meters
• Terrorists Remotely disconnect customers
• Service providers Profile customer loads with
  high resolution
• Customers Steal electricity
• Interesting characteristics Ownership of the
  meter and its data shared between service
  provider and customer
• Potential security architectures applicable to
  other networked systems
• Likely to make use of cutting-edge technologies
  like trusted platform modules, virtualization,
  and remote attestation