Our Cyber Security History and Future

Similar documents
Synchronous Measurement, Control, & Protection of Electric Power Systems. Dr. Edmund O. Schweitzer, III February 29, 2012

SEL Serial Radio Transceiver. The industry-recognized standard for reliable, low-latency wireless communications

S a t e l l i t e T i m e a n d L o c a t i o n. N o v e m b e r John Fischer VP Advanced R&D

Power Utilities Mitigating GPS Vulnerabilities and Protecting Power Utility Network Timing

Does Anyone Really Know What Time It Is? Dr. Michael L. Cohen, MITRE October 15, 2013

TCG 02-G FULL FEATURED SATELLITE CLOCK KEY FEATURES SUPPORTS

Protection Augmentation Toughness and Alternatives of GNSS. Melaha 2016 Concord Al-Salam Hotel Cairo, April 25,2016 Refaat Rashad

Suggested reading for this discussion includes the following SEL technical papers:

TCG 02-G FULL FEATURED SATELLITE CLOCK KEY FEATURES SUPPORTS

satech SynchroStar GPS 200 Series

Designing and Testing Precise Time-Distribution Systems

Your benefits using DTS 4160.grandmaster:

SEL-3060 Ethernet Radio Data Sheet

Specifications subject to change without notice Heartbeat of the Smart Grid

Surviving and Operating Through GPS Denial and Deception Attack. Nathan Shults Kiewit Engineering Group Aaron Fansler AMPEX Intelligent Systems

GPS10RBN-26: 10 MHz, GPS Disciplined, Ultra Low Noise Rubidium Frequency Standard

The FEI-Zyfer Family of Modular, GPS-Aided Time & Frequency Systems

Your benefits using DTS 4160.grandmaster:

NMI's Role and Expertise in Synchronization Applications

Fallback Algorithms for Line Current Differential Protection Applied With Asymmetrical Channels Upon the Loss of Time Reference

DTS 4210.timecenter. Swiss Time Systems. High precision time server, grandmaster and PRC

GPS10RBN - 10 MHz, GPS Disciplined Rubidium Frequency Standard

Experience with Radio Navigation Satellite Service (RNSS)

The Effect of Radio Frequency Interference on GNSS Signals and Mitigation Techniques Presented by Dr. Tarek Attia

Utility Communications Teleprotection Equipment TPT-200

Commercial Deployments of Line Current Differential Protection (LCDP) Using Broadband Power Line Carrier (B-PLC) Technology

Leica Spider Infrastructure HW Solutions Introducing: Leica GR30 & GR50

HOW TO RECEIVE UTC AND HOW TO PROVE ACCURACY

Enabling Tomorrow s Technology Today

Locating Faults by the Traveling Waves They Launch

MICHIGAN DEPARTMENT OF TRANSPORTATION SPECIAL PROVISION FOR TRAFFIC SIGNAL WIRELESS COMMUNICATIONS LINK

Applying Defence-in-depth to counter RF interferences over GNSS

DARPA developing Very Low Frequency (VLF) systems to provide GPS like position and timing technologies

MICHIGAN DEPARTMENT OF TRANSPORTATION SPECIAL PROVISION FOR TRAFFIC SIGNAL WIRELESS COMMUNICATIONS LINK

T200, PTP/IEEE 1588 Grandmaster Clock and

Direct Link Communication II: Wireless Media. Current Trend

So many wireless technologies Which is the right one for my application?

SEL-2488 Satellite-Synchronized Network Clock

Embedded Generation Information Package

[ tima-datasheet-en v11.1 ]

PERFECT TIMING CRAIG PREUSS, P.E. HOW IEEE STANDARD PC IMPACTS SUBSTATION AUTOMATION

ATIS Briefing March 21, 2017 Economic Critical Infrastructure and its Dependence on GPS.

On Location at Stanford University

Transmission Protection Overview

Point to Point PTP500

NTS-6002 VERSION 11 HARDWARE MANUAL

T108, GPS/GLONASS/BEIDOU Time Server

Timing in Mission-Critical Systems

UNDER STANDING RADIO FREQUENCY Badger Meter, Inc.

Model 1133A Power Sentinel. with. Digital Signal Analysis SYNCHRONIZED POWER QUALITY/REVENUE STANDARDS

SpeedTouch 190. Setup and User s Guide. SIP Gateway. Release R1.0

CURRENT ACTIVITIES OF THE NATIONAL STANDARD TIME AND FREQUENCY LABORATORY OF THE TELECOMMUNICATION LABORATORIES, CHT TELECOM CO., LTD.

TACOT Project. Trusted multi Application receiver for Trucks. Bordeaux, 4 June 2014

Ultra-High Spectral Efficiency, Very Low Latency UHF Radio for Mission-Critical Applications. Optimised Protection Variant (OPV)

WIRELESS COMMUNICATION STUDY NOTES

Introduction to micropmu. PSL Australasian Symposium 2017 September 29 Thomas Pua Product Engineer

Understanding Design, Installation, and Testing Methods That Promote Substation IED Resiliency for High-Altitude Electromagnetic Pulse Events

Synchrophasors and the Smarter Grid

Wide Area Time distribution Via eloran. NASPI WG Meeting

Phone: Fax: Mentor Radio, LLC. Airport Wireless Integrated Connectivity System (AWICS)

Reason RT430/RT434. GE Grid Solutions. GNSS Precision-Time Clocks. Precise Time Synchronization. Flexible Design. Hardened for Industry.

Fault Locating at Pacific Gas and Electric Company

Reason RT431. GE Grid Solutions. GPS Precision-Time Clock. Precise Time Synchronization. Compact Design. Hardened for Industry. Time Synchronization

Canadian Coast Guard Review to Implement a Resilient Position, Navigation and Timing Solution for Canada. Mariners Workshop January 31 st, 2018

AIMS Radar Specifications

Global Navigation Satellite System for IE 5000

F6052 Universal Time Synchronizer

Understanding Wireless Radio Communication Options and the Benefits of Hybrid Wireless Networks

PQube 3 Specifications

SOUTHERN AVIONICS COMPANY. SE125 Transmitter. SE125 Transmitter 1-1

SEATTLE CITY LIGHT DISTRIBUTION AUTOMATION

Wireless Technologies Provide Effective Data Communications to the Solar Power Industry

Timing & Synchronisation

AIRCRAFT AVIONIC SYSTEMS

Energy Sector. Use of Positioning, Navigation and Timing (PNT) Services

GPSR116 Quick Start Guide

Cutting-edge Technology for Data and Communications

QAM Snare Isolator User Manual

Session Number: 13 Application of Wireless Communication for Monitoring of Critical Infrastructure

SIP Trunking Service Configuration Guide for XO

GPS Interference Detection & Mitigation

Research on State Estimation and Information Processing Method for Intelligent Substation

Specifications PPC-1000

Small Satellites: The Execution and Launch of a GPS Radio Occultation Instrument in a 6U Nanosatellite

On Location at Stanford University

Phasor Measurement Unit and Phasor Data Concentrator test with Real Time Digital Simulator

GPS camera locator function table

Receiver Design. Prof. Tzong-Lin Wu EMC Laboratory Department of Electrical Engineering National Taiwan University 2011/2/21

Transport Technology for Microwave Environment

IMPLEMENTATION OF GNSS BASED SERVICES

Lecture 3: The Physical Layer and Transmission Media

IST 220 Exam 1 Notes Prepared by Dan Veltri

SYNCHROPHASOR TECHNOLOGY GLOSSARY Revision Date: April 24, 2011

GPS Time Server Product Specifications and Installation Data

Next Generation AMI. Reji Kumar Pillai President India Smart Grid Forum (ISGF)

DPA602 1/7. Multi-Channel Network Amplifier. General Description. Features. Applications. AtlasIED.com. DPA602 Front. DPA602 Back

500 Series AP and SM CAP and CSM Licensed, Reliable Wireless Connectivity

PHASOR TECHNOLOGY AND REAL-TIME DYNAMICS MONITORING SYSTEM (RTDMS) FREQUENTLY ASKED QUESTIONS (FAQS)

ITU-T G.8272/Y.1367 (01/2015) Timing characteristics of primary reference time clocks

CAPRICA: A Testbed Demonstrating a Cyber-Secure Synchronous Power Island. Dr Kieran McLaughlin, Dr David Laverty, Prof Sakir Sezer

Transcription:

Our Cyber Security History and Future Trustworthy Cyber Infrastructure for the Power Grid April 3, 2015 Edmund O. Schweitzer III, Ph.D. President, Schweitzer Engineering Laboratories, Inc. Copyright SEL 2015

Delivering Energy at the Speed of Light 186,000 mi / sec 50 mi / hr 30 mi / hr

Faster Than Information in Fiber 300,000 km / sec 200,000 km / sec

Staying Safe in the Information Age What can we learn from history? What makes the power system work? How can technology contribute? Avoiding the weaknesses. Benefiting from the strengths.

Technology Has Risks Earth-return field telephones WW1 Local oscillator radiation WW2 False Beacons (Meaconing)

Field Telephones with Single-Pole Earth-Return Save Wire One Conductor not TWO! Mother Earth completes the circuit.

but the Enemy Can Worm In!

Local Oscillator Leakage Whispers, 1250 khz broadcast Here I am! Radio Receiver 1705 khz L.O. Leakage 455 khz 1705 khz I.F. Amp Local Oscillator Dial 1250 khz 1705 khz 1250 khz = 455 khz

Morale(?) Receiver

Pull Aircraft Off Course With False Beacons BEACON MEACON

Some Basic Thoughts Power systems are inherently stable. They can run without cyber. Protection must always be available. Maintaining protection usually means taking primary equipment out of service. Faults must be cleared FAST! Communicate more, depend on it less.

Speed of Light Limits Relay Time S 100-mile line 600 µs X 300 μs 300 μs R 600 μs by line or 1,000 μs by fiber 900 μs or 1,300 μs The fastest communications path is the line

Trip Fast on Current and Light

Fault Current Trip in 4 ms Light Flash Current Light Light TRIP Relay Trips

SEL-21 Security in 1984 Two access levels Jumper to disable trip Alarm contacts Firmware checksums *ACC Password:? @@@@@@ Invalid Password Password:? @@@@@@ Invalid Password Password:? @@@@@@ Invalid Password Access Denied

Two-Party Authentication in 1984 Substation Modem Telephone Network Modem Digital Relay ACC, 2AC = acc Password? ****** Get it wrong 3x and contact closes. = >2ac Every time, contact closes! Password? ****** Control Center SCADA

SCADA Op Connects Phone Line You call in; if op knows you, then access Substation Modem Telephone Network Modem Digital Relay ACC, 2AC SCADA Control Center SCADA Authentication Slow Could be toll call

Concerns About Intrusions Into Remotely Accessible IEDs, Controllers, and SCADA Systems 27 th Western Protective Relay Conference Spokane, WA October 24 26, 2000 Dr. Paul W. Oman Dr. Edmund O. Schweitzer Dr. Deborah Frincke

What s Causing the Increased Risk? WPRC, Spokane, WA Oct 2000 Pressure to Downsize, Automate, Cut Costs Instability in Electric Utility Job Market Rapid Growth of Computer Literacy Widespread Availability of Hacker Tools Shift From Proprietary Systems to Distributed Systems With Open Protocols FERC 888 / 889 Requirements Increased Access via Modems and Internet Increasing Espionage and Terrorism

Connectivity = Convenience + Risk 2001: Relay with Ethernet Port Substation LAN Internet LAN Digital Relay ACC, 2AC Fast and free Very convenient to good and bad guys Q: Why would anyone put an Ethernet port on a relay? A: Market Pressure!

Regulations Fall Short Take years to emerge, all the while the tech and threats change. One-size-fits-all probably fits no one. Tell bad guys what we will and won t do. Compliance and security are different.

Government: Teach and Advise Teach the threat, with all due respect to sources and methods. Advise, on best ways to secure communications and information systems.

SCADA Op Can Enable Link SNMP Control Center Yes No Corporate WAN Threat?? ICON Network Ops Mgr Comm Tech You re only exposed when remote access is required.

Defense-in-Depth for Secure Connectivity Dial-Up Zone 1: Access Zone 2: Data Aggregation Zone 3: IED or Process Relay/IED Relay/IED

TEMPEST: Shield, Filter, Mask Don t let the cat out of the bag cat Teleprinter cat Crypto Box cat qmx cat cat cat Power Line Security Perimeter = Bag

Ships in products, get up to 90 at a time for free!

Physical and Cyber Protection SEL-3622 Security Gateway Senses Motion Door Opening and Detects Light and Cable Disconnect

Dependable Communications for Critical Infrastructure Utility rated 5 ms network healing Deterministic communications Absolute microsecond network time Best of TDM and Ethernet features Clean sheet design: performance, security quality, manufacturability, and price

- The Best of TDM and IP Communication Video VoIP IEC 61850 Ethernet TDM 2.5 Gbps Transport Bandwidth Teleprotection

We Chose TDM Because It s Fast and Doesn t Jitter. TDM MPLS 0 1 2 3 4 5 6 7 8 9 10 Latency ms

Reset Network Complexity With Software-Defined Networking SDN Server SEL-2740S X SEL Relay SEL-2740S X SEL-2740S RTAC SEL-2740S Primary Path Backup Path Secondary Path

Pilot: Where Am I? Airspeed, barometric altimeter, compass Celestial Navigation Charts (Jeppson, flying mail) ADF receives NDBs and radio stations VOR, DME, ILS; Radar Altimeter GPS Inertial Navigation Systems GPS works great, and we have other tools

Power Engineer: What Time is It? Substations seldom move Satellites <<100 ns Terrestrial Network Time <<100 ns Disciplined Standards with very low drift rates for excellent holdover VLF Broadcasts ~ 1 ms GPS works great, and we have other tools

GPS Time Is Not Guaranteed! We need robust solutions. Jam, spoof, or interfere (NAVWAR) Equipment failure DoD control Solar flares On December 6, 2006, a solar flare created an unprecedented intense solar radio burst causing large numbers of receivers to stop tracking the GPS signal. NOAA Press Release

Detect, Jam, Spoof Radar Megawatts 1/r 2 1/r 2 Milliwatts Received Radar Signal ~ 1/r 4 Countermeasure Watts 1/r 2 Countermeasure >> Reflection

SEL-2488 Clock Compares Time from GPS and GLONASS Satellites

ICON Distributes Precise Time <100 ns and NO GPS Risks SEL-3530 RTAC IRIG-B SEL-3530 RTAC ICON Network SEL-2488 SEL-3530 RTAC SEL-3530 RTAC

SEL-3400 Authenticates Time Alarms if Time Differs, but Good Quality Bits SEL-2488 IRIG-B IRIG-B I m also a lie detector! Authenticated IRIG-B SEL Relay Relay/IED SEL Relay

A Layered Approach to Time Integrity Hide the Antennas GLONASS GPS Two-Constellation Comparison Terrestrial Failover IRIG-B Authentication IRIG-B Quality Checks

Serious Suggestions Never connect SCADA to Internet Operate private and secure control networks Consider TDM, not just packet comms Apply defense in depth; layers of security Learn, innovate, educate Encourage our government to teach the threat Security Plans: Private and Compartmented Understand the physics of electric power

The History and The Future Power systems run without cyber. Computers and communications add to the safety, reliability, and economy of electric power. We can build cyber-safe solutions!

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback