Load balancing of renewable energy: a cyber security analysis
Tóm tắt
In the coming years, the increase of automation in electricity distribution grids, controlled by ICT, will bring major consequences to the cyber security posture of the grids. Automation plays an especially important role in load balancing of renewable energy where distributed generation is balanced to load in a way that the grid stability is ensured. Threats to the load balancing and the smart grid in general arise from the activities of misbehaving or rouge actors in combination with poor design, implementation, or configuration of the system that makes it vulnerable. It is urgent to conduct an in-depth analysis about the feasibility and imminency of these potential threats ahead of a cyber catastrophy. This paper presents a cyber security evaluation of the ICT part of the smart grid with a focus on load balancing of renewable energy. The work builds on a load balancing centered smart grid reference architecture model that is designed as part of the evaluation with the help of SCADA system and smart grid experts. The smart grid load balancing architecture represented by the model is then analyzed using a threat modelling approach that is encapsulated in a tool called securiCAD. Countermeasures are introduced in the model to measure how much each improve the cyber security of the smart grid. The analysis shows that the main threat comes from the internet and is directly dependant on the level of internet access office users have coupled with their level of access on the OT zone. Supply chain attacks are also of great concern, i.e. the compromising of the software/hardware vendor with the objective of feeding rogue updates to assets, typically to install a backdoor. The general takeaway defense-wise is that it is of the utmost importance to increase efforts in securing the smart Grid in all the ways possible as they appear to be generally complementary. The obtained results raise concerns whether the architecture of the smart grid still remains satisfactory in today’s state of the cyberspace and the increased presence and sophistication of cyber threats. There are also concerns whether the proposed security measures, regardless of their evaluated effectiveness, are realistically implementable from both financial and practical point of view. There is no silver bullet available to achieve full protection against cyber attacks. The smart grid remains a network of IT/OT machines with dataflows going between them. State-sponsored hackers given enough time and regardless of the defences in place will eventually make their way into a critical infrastructure such as the smart grid. While mitigations will not eliminate the threats, they will increase the cyber resilience of the infrastructure by increasing both its time frame and effectiveness. As such, in a time where usability, efficiency and practicality are at the front of every domain, innovations regarding these aspects should really be carried out with strong security in mind.
Tài liệu tham khảo
Alberts, C, Dorofee A, Stevens J, Woody C (2003) Introduction to the octave approach. Technical report.
Angelov, S, Grefen P, Greefhorst D (2009) A classification of software reference architectures: Analyzing their success and effectiveness In: Software Architecture, 2009 & European Conference on Software Architecture. WICSA/ECSA 2009. Joint Working IEEE/IFIP Conference On, 141–150.. IEEE, New York.
Bernus, P, Nemes L, Schmidt GJ (2012) Handbook on Enterprise Architecture. Springer, Berlin Heidelberg.
Bernus, P, Noran O (2010) A Metamodel for Enterprise Architecture. In: Bernus P, Doumeingts G, Fox M (eds)Enterprise Architecture, Integration and Interoperability, 56–65.. Springer, Berlin, Heidelberg.
Blom, R, Korman M, Lagerström R, Ekstedt M (2016) Analyzing attack resilience of an advanced meter infrastructure reference model In: Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG), Joint Workshop On, 1–6.. IEEE, New York.
Boyer, SA (2009) SCADA: Supervisory Control and Data Acquisition. International Society of Automation.
Breu, R, Innerhofer-Oberperfler F, Yautsiukhin A (2008) Quantitative assessment of enterprise security system In: Availability, Reliability and Security, 2008. ARES 08. Third International Conference On, 921–928.. IEEE, New York.
Cherdantseva, Y, Burnap P, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K (2016) A review of cyber security risk assessment methods for scada systems. Comput Secur 56:1–27.
Cloutier, R, Muller G, Verma D, Nilchiani R, Hole E, Bone M (2010) The concept of reference architectures. Syst Eng 13(1):14–27.
Corp, S (2018) Risk Analytics for Cyber Security, Skybox Security. http://www.skyboxsecurity.com/. Accessed 15 Jan 2018.
Ekstedt, M, Franke U, Johnson P, Lagerström R, Sommestad T, Ullberg J, Buschle M (2009) A tool for enterprise architecture analysis of maintainability In: Software Maintenance and Reengineering, 2009. CSMR’09. 13th European Conference On, 327–328.. IEEE, New York.
Ekstedt, M, Johnson P, Lagerström R, Gorton D, Nydrén J, Shahzad K (2015) securicad by foreseeti: A cad tool for enterprise cyber security management In: Enterprise Distributed Object Computing Workshop (EDOCW), 2015 IEEE 19th International, 152–155.. IEEE, New York.
foreseeti (2018) securiCAD, Cyber Threat Modelling and Risk Management. https://www.foreseeti.com/. Accessed 15 Jan 2018.
Galster, M, Avgeriou P (2011) Empirically-grounded reference architectures: a proposal In: Proceedings of the Joint ACM SIGSOFT conference–QoSA and ACM SIGSOFT symposium–ISARCS on Quality of Software architectures–QoSA and Architecting Critical systems–ISARCS, 153–158.. ACM, New York.
Gottschalk, M, Uslar M, Delfs C (2017) The Use Case and Smart Grid Architecture Model Approach: The IEC 62559-2 Use Case Template and the SGAM Applied in Various Domains. Springer, Berlin Heidelberg.
Group, C-C-ESGCCEN-CENELEC-ETSI Smart Grid Coordination Group: Smart Grid Reference Architecture. ftp://ftp.cencenelec.eu/EN/EuropeanStandardization/HotTopics/SmartGrids/Reference_Architecture_final.pdf.
Holm, H (2014) A large-scale study of the time required to compromise a computer system. Dependable Secure Comput IEEE Trans 11(1):2–15.
Holm, H, Buschle M, Lagerström R, Ekstedt M (2014) Automatic data collection for enterprise architecture models. Softw Syst Model 13(2):825–841.
Holm, H, Shahzad K, Buschle M, Ekstedt M (2015) P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language. IEEE Trans Dependable Secure Comput 12:626–639.
Holm, H, Sommestad T, Ekstedt M, Nordström L (2013) Cysemol: A tool for cyber security analysis of enterprises In: Electricity Distribution (CIRED 2013), 22nd International Conference and Exhibition On, 1–4.. IET, Mississauga.
Huang, H, Zhang S, Ou X, Prakash A, Sakallah K (2011) Distilling critical attack graph surface iteratively through minimum-cost sat solving In: Proceedings of the 27th Annual Computer Security Applications Conference, 31–40.. ACM, New York.
Inc, R (2018) RedSeal Systems. https://redseal.net/. Accessed 15 Jan 2018.
Irlbeck, M, Bytschkow D, Hackenberg G, Koutsoumpas V (2013) Towards a bottom-up development of reference architectures for smart energy systems In: Software Engineering Challenges for the Smart Grid (SE4SG), 2013 2nd International Workshop On, 9–16.. IEEE, New York.
Jauhar, S, Chen B, Temple WG, Dong X, Kalbarczyk Z, Sanders WH, Nicol DM (2015) Model-based cybersecurity assessment with nescor smart grid failure scenarios In: Dependable Computing (PRDC), 2015 IEEE 21st Pacific Rim International Symposium On, 319–324.. IEEE, New York.
Johnson, P, Vernotte A, Ekstedt M, Lagerström R (2016) pwnpr3d: an attack-graph-driven probabilistic threat-modeling approach In: Availability, Reliability and Security (ARES), 2016 11th International Conference On, 278–283.. IEEE, New York.
Jonsson, E, Olovsson T (1997) A quantitative model of the security intrusion process based on attacker behavior. Softw Eng IEEE Trans 23(4):235–245.
Ingols, K, Chu M, Lippmann R, Webster S, Boyer S (2009) Modeling modern network attacks and countermeasures using attack graphs In: Computer Security Applications Conference, 2009. ACSAC’09. Annual, 117–126.. IEEE, New York.
Institute, EPRAnalysis of Selected Electric Sector High Risk Failure Scenarios. http://smartgrid.epri.com/doc/nescor%20detailed%20failure%20scenarios%2009-13%20final.pdf.
Johnson, P, Lagerström R, Närman P, Simonsson M (2007) Extended influence diagrams for system quality analysis. J Softw 2(3):30–42.
Jajodia, S, Noel S, O’Berry B (2005) Topological analysis of network attack vulnerability In: Managing Cyber Threats, 247–266.. Springer, Berlin Heidelberg.
Korman, M, Lagerström R, Välja M, Ekstedt M, Blom R (2016) Technology management through architecture reference models: A smart metering case In: Management of Engineering and Technology (PICMET), 2016 Portland International Conference On, 2338–2350.. IEEE, New York.
Korman, M, Välja M, Björkman G, Ekstedt M, Vernotte A, Lagerström R (2017) Analyzing the effectiveness of attack countermeasures in a scada system In: Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, 73–78.. ACM, New York.
Lagerström, R, Baldwin C, MacCormack A, Dreyfus D (2013) Visualizing and measuring enterprise architecture: an exploratory biopharma case In: IFIP Working Conference on The Practice of Enterprise Modeling, 9–23.. Springer, Berlin Heidelberg.
Lagerstrom, R, Sommestad T, Buschle M, Ekstedt M (2011) Enterprise architecture management’s impact on information technology success In: System Sciences (HICSS), 2011 44th Hawaii International Conference On, 1–10.. IEEE, New York.
Langner, R (2011) Stuxnet: Dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51.
Lee, RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. SANS Industrial Control Systems. https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf.
LeMay, E, Ford MD, Keefe K, Sanders WH, Muehrcke C (2011) Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE) In: 2011 Eighth International Conference on Quantitative Evaluation of SysTems, 191–200.. IEEE, New York. http://dx.doi.org/10.1109/QEST.2011.34.
Lund, MS, Solhaug B, Stølen K (2010) Model-driven Risk Analysis: the CORAS Approach. Springer, Berlin Heidelberg.
Närman, P, Johnson P, Lagerström R, Franke U, Ekstedt M (2009) Data Collection Prioritization for System Quality Analysis. Electronic Notes in Theoretical Computer Science. Elsevier. New York, NY, US. 233:29–42. Proceedings of the International Workshop on Software Quality and Maintainability (SQM 2008). https://doi.org/10.1016/j.entcs.2009.02.059, http://www.sciencedirect.com/science/article/pii/S1571066109000644.
Nakagawa, EY, Oquendo F, Becker M (2012) Ramodel: A reference model for reference architectures In: Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012 Joint Working IEEE/IFIP Conference On, 297–301.. IEEE, New York.
Ou, X, Boyer WF, McQueen MA (2006) A scalable approach to attack graph generation In: Proceedings of the 13th ACM Conference on Computer and Communications Security, 336–345.. ACM, New York.
Ou, X, Singhal A (2012) Quantitative Security Risk Assessment of Enterprise Networks. Springer, Berlin Heidelberg.
Padilla, E (2015) Substation Automation Systems: Design and Implementation. John Wiley & Sons.
Santodomingo, R, Uslar M, Goring A, Gottschalk M, Nordstrom L, Saleem A, Chenine M (2014) Sgam-based methodology to analyse smart grid solutions in discern european research project In: Energy Conference (ENERGYCON), 2014 IEEE International, 751–758.. IEEE, New York.
Searle, J, Rasche G, Wright A, Dinnage SNESCOR Guide to Penetration Testing For Electric Utilities. http://smartgrid.epri.com/doc/NESCORGuidetoPenetrationTestingforElectricUtilities-v3-Final.pdf.
Smart Grid Interoperability Panel – Smart Grid Cybersecurity CommitteeNISTIR 7628 Revision 1 - Guidelines for Smart Grid Cyber Security, Vol. 1-3. http://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf.
Sommestad, T, Ekstedt M, Holm H (2013) The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures. Syst J IEEE, New York 7(3):363–373.
Sommestad, T, Ekstedt M, Johnson P (2009) Cyber security risks assessment with bayesian defense graphs and architectural models In: System Sciences, 2009. HICSS’09. 42nd Hawaii International Conference On, 1–10.. IEEE.
Trefke, J, Rohjans S, Uslar M, Lehnhoff S, Nordstrom L, Saleem A (2013) Smart grid architecture model use case management in a large european smart grid project In: Innovative Smart Grid Technologies Europe (ISGT EUROPE), 2013 4th IEEE/PES, 1–5.. IEEE, New York.
Uslar, M, Rosinger C, Schlegel S (2014) Security by design for the smart grid: Combining the sgam and nistir 7628 In: Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International, 110–115.. IEEE, New York.
Välja, M, Korman M, Lagerström R, Franke U, Ekstedt M (2016) Automated architecture modeling for enterprise technology manageme using principles from data fusion: A security analysis case In: Management of Engineering and Technology (PICMET), 2016 Portland International Conference On, 14–22.. IEEE, New York.
Vu, AH, Tippenhauer NO, Chen B, Nicol DM, Kalbarczyk Z (2014) Cybersage: A tool for automatic security assessment of cyber-physical systems In: Quantitative Evaluation of Systems.. Springer, Berlin Heidelberg.
Wang, AJA (2005) Information security models and metrics In: Proceedings of the 43rd Annual Southeast Regional conference-Volume 2, 178–184.. ACM.
Wenpeng, L (2009) Advanced metering infrastructure. South Power Syst Technol 3(2):6–10.