563.7 Critical Infrastructure Protection - PowerPoint PPT Presentation

Loading...

PPT – 563.7 Critical Infrastructure Protection PowerPoint presentation | free to download - id: 3b6a89-NWIzO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

563.7 Critical Infrastructure Protection

Description:

563.7 Critical Infrastructure Protection Presented by: Carl A. Gunter University of Illinois Spring 2006 Outline Complex systems Threats to critical infrastructure ... – PowerPoint PPT presentation

Number of Views:553
Avg rating:3.0/5.0
Slides: 50
Provided by: csUiucEd
Learn more at: http://www.cs.uiuc.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: 563.7 Critical Infrastructure Protection


1
563.7 Critical Infrastructure Protection
  • Presented by Carl A. Gunter
  • University of Illinois
  • Spring 2006

2
Outline
  • Complex systems
  • Threats to critical infrastructure
  • Networked control systems
  • The power grid
  • Trustworthy Cyber-Infrastructure for Power (TCIP)

3
Outline
  • Complex systems
  • Threats to critical infrastructure
  • Networked control systems
  • The power grid
  • Trustworthy Cyber-Infrastructure for Power (TCIP)

4
Examples of Systems
  • Transportation
  • Financial
  • Energy
  • Human health
  • Agricultural health
  • Communication
  • Cities and fixed infrastructure

5
Presidential Decision Directive 63
  • Critical infrastructures are those physical and
    cyber-based systems essential to the minimum
    operations of the economy and government. They
    include, but are not limited to,
    telecommunications, energy, banking and finance,
    transportation, water systems and emergency
    services, both governmental and private.
  • Many of the nation's critical infrastructures
    have historically been physically and logically
    separate systems that had little interdependence.
    As a result of advances in information
    technology and the necessity of improved
    efficiency, however, these infrastructures have
    become increasingly automated and interlinked.
  • These same advances have created new
    vulnerabilities to equipment failure, human
    error, weather and other natural causes, and
    physical and cyber attacks. Addressing these
    vulnerabilities will necessarily require
    flexible, evolutionary approaches that span both
    the public and private sectors, and protect both
    domestic and international security.

PDD 63 98
6
Interdependency of Systems
Heller 02 from NRC 02
7
Dependency on Network-Based Systems
  • Key conclusions form NAIC report
  • Dependency on network-based systems is pervasive
    across all sectors. Critical components of our
    national infrastructure rely on a variety of
    network-based systems.
  • Each critical sector surveyed identified
    dependency on one or two sectors.
  • The answer to the question are we ranking our
    critical infrastructures as to their
    vulnerability to cyber attacks is multi-faceted.
    The degree that any sector is vulnerable is
    dependent upon a number of characteristics type
    of attack, scope of impact, time of attack,
    duration of outage.
  • Sound business continuity practices, as well as
    information technology and cyber security best
    practices, provide some protection.

NIAC 04
8
Outline
  • Complex systems
  • Threats to critical infrastructure
  • Networked control systems
  • The power grid
  • Trustworthy Cyber-Infrastructure for Power (TCIP)

9
For Want of a Nail
For want of a nail the shoe was lost.For want of
a shoe the horse was lost.For want of a horse
the rider was lost.For want of a rider the
battle was lost.For want of a battle the kingdom
was lost.And all for the want of a horseshoe
nail.
10
Identifying Vulnerabilities
  • Secure the mechanisms of the Internet
  • Improve security and reliability of key
    protocols IP, DNS, BGP.
  • Routing address verification, management.
  • Management
  • Foster trusted DCS and SCADA systems.
  • Reduce and remediate software vulnerabilities
  • Understand infrastructure interdependency and
    improve physical security of cyber systems and
    telecommunications

National Strategy to Secure Cyberspace 03
11
Impact Assessment
NIAC 04
12
Attacks on the Internet
  • Mar 99 Melissa Virus
  • infected 1.2 million machines and cost 80M
  • Feb 00 DoS attack
  • shut down Yahoo, Amazon, ETrade, eBay, CNN.com
  • Yahoo costs alone estimated at 116K
  • Jul 01 Code Red and Sep 01 Nimda
  • Code Red infected 359K computers in less than 14
    hours
  • Estimated 3B lost world-wide because of these
    two worms

CSTB 03 IT for Counterterrorism
13
Executive Order
  • The information technology revolution has changed
    the way business is transacted, government
    operates, and national defense is conducted.
  • Those three functions now depend on an
    interdependent network of critical information
    infrastructures.
  • The protection program authorized by this order
    shall consist of continuous efforts to secure
    information systems for critical infrastructure,
    including emergency preparedness communications,
    and the physical assets that support such
    systems.
  • Protection of these systems is essential to the
    telecommunications, energy, financial services,
    manufacturing, water, transportation, health
    care, and emergency services sectors.

Executive Order on Critical Infrastructure
Protection 2001
14
Research Plans
  • Many groups have proposed agendas for research
    related to CIP
  • Case study 2004 National Critical Infrastructure
    Protection RD Plan by DHS
  • Three strategic goals
  • National Common Operating Picture (NCOP)
  • Next-Generation architecture with designed-in
    security
  • Resilient, self-diagnosing, self-healing systems
  • Eight themes to contribute to the strategic goals

15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
Outline
  • Complex systems
  • Threats to critical infrastructure
  • Networked control systems
  • The power grid
  • Trustworthy Cyber-Infrastructure for Power (TCIP)

19
Modern Control Systems
  • Three generations
  • Analog control systems
  • Technology Electronic feedback amplifiers
  • Theory Frequency domain analysis
  • Digital control systems
  • Technology Digital computers
  • Theory Digital control, Kalman filters,
    real-time scheduling
  • Networked control systems
  • Technology Computer networks
  • Technological Framework?
  • Theory?

20
UIUC Convergence Lab
P. R. Kumar
21
Typical Components
Sensor Component
Controller Component
Container
Container
Data Out
Data In
Sensor Device
Control Law
Control Out
Control In
Container
Actuator Device
Actuator Component
Etherware framework implements this in testbed
22
SPSO
  • Principle of Safety Preserving Security Overrides
  • Higher-level security overrides must preserve
    lower-level safety features as far as possible
  • Rationale
  • Lower-level safety mechanisms provide fail-safe
    guarantees
  • E.g. Low level collision avoidance in testbed
  • Higher-level security overrides may not preserve
    such guarantees
  • E.g. Global supervisor cannot prevent all
    collisions in the testbed

Baliga, Gunter, Kumar 05
23
Testbed Implementation
VisionSensor 1
Supervisor
VisionServer
VisionSensor 2
Controller 1
Legend MessageStream MulticastStream
MessageFilter
Actuator 1
Dukes of Hazard Demo
24
Experiment 1
No Collision Avoidance No Security Override
25
Experiment 2
No Collision Avoidance Security Override enabled
26
Experiment 3
Collision Avoidance enabled No Security Override
27
Experiment 4
Collision Avoidance enabled Security Override
enabled
28
Safety Measure
29
Security Measure
30
Outline
  • Complex systems
  • Threats to critical infrastructure
  • Networked control systems
  • The power grid
  • Trustworthy Cyber-Infrastructure for Power (TCIP)

31
Power Grid Management
  • Principal concerns
  • Safety of personnel and the public
  • Reliable supply of energy to customers
  • Economical operation
  • Energy Management System (EMS) tasks
  • Generation control and scheduling
  • Network analysis
  • Operator training

Electrical Engineering Handbook Chap 16
32
(No Transcript)
33
SCADA for an EMS
  • Supervisory Control and Data-Acquisition
    Subsystem
  • Data acquisition collection, processing,
    monitoring, special calculations, scan
    configuration control
  • Supervisory control manual replacement of
    telemetered data, alarm inhibit/enable, reverse
    normal, bypass enter, tag/tag clear
  • Alarm display and control

34
User Interface Subsystem
  • Functions
  • Presentation of system data on visual displays
  • Entry of data into the EMS through a keyboard
  • Validation of data entry
  • Support of supervisory control procedures
  • Output of displays to a printer or other channel
  • Operator execution control of application
    programs
  • Display types
  • Menu or index displays
  • One-line schematic circuit diagrams
  • System overviews
  • Substation and generation displays
  • Transmission line displays
  • Summary displays
  • System configuration displays
  • Application program displays
  • Trend or plot displays
  • Disturbance data collection displays
  • Historical data storage displays
  • Report displays
  • Other displays

35
Other Subsystems
  • Communications
  • Information Management
  • Applications
  • Generation control

36
Control Areas
A multiple area system is one in which there are
many control areas, each with its own control
system, each normally adjusting its own
generation in response to load changes within its
own area. All the interconnected systems in the
United States and Canada operate on a
multiple-area basis.
37
Operating Objectives
  • Total generation of the interconnection as a
    whole must be matched, moment to moment, to the
    total prevailing customer demand.
  • This in itself is achieved by the self-regulating
    forces of the system.
  • Total generation of the interconnected system is
    to be allocated among the participating control
    areas so that each area follows its own load
    changes and maintains scheduled power flows over
    its interties with neighboring areas.
  • This objective is achieved by area regulation.
  • Within each control area, its share of total
    system generation is to be allocated among
    available area generating sources for optimum
    area economy, consistent with area security and
    environmental considerations.
  • This objective is achieved by economic dispatch,
    supplemented as required by security and
    environmental dispatch.

38
IntelliGrid Environments
39
Outline
  • Complex systems
  • Threats to critical infrastructure
  • Networked control systems
  • The power grid
  • Trustworthy Cyber-Infrastructure for Power (TCIP)

40
Smart, Responsive, and Self-Healing Grid
  • Building the Energy Internet, The Economist,
    March 11, 2004.
  • More and bigger blackouts lie ahead, unless
    todays dumb electricity grid can be transformed
    into a smart, responsive and self-healing digital
    network

Economist 04
41
TCIP Center
  • NSF/DHS/DOE CyberTrust Center scale activity
    Trusted Cyber Infrastructure for Power (TCIP)
  • Lead UIUC, other participants include Cornell,
    Dartmouth, and Washington State University

42
Present Infrastructure
- Peer coordinators may exchange information for
broad model - Degree of sharing may change over
time
10s of control areas feed data to coordinator
Coordinator
- State estimator creates model from RTU/IED data
- 1000s of RTU/IEDs - Monitor and control
generation and transmission equipment
ControlArea
Photos courtesy of John D. McDonald, KEMA Inc.
43
Infrastructure Complexity
Edison Electric Institute 03
44
Challenges
  • Cross Cutting Issues
  • Large-scale, rapid propagation of effects
  • Need for adaptive operation
  • Need to have confidence in trustworthiness of
    resulting approach

45
Barriers
  • Inability to deliver accurate and timely
    monitoring and control data
  • Inability to share data in a trustworthy manner
  • Lack of situational awareness
  • Rapid propagation of errors, failures, attacks
  • Inability to adapt to changing environmental,
    fault, attack, and emergency situations

46
Architecture of the Power Grid
Technical challenges motivated by domain specific
problems in
Must be addressed by developing science in
Secure and Reliable Computing Base
Trustworthy infrastructure for data collection
and control
Wide-Area Trustworthy Information Exchange
Quantitative Validation
47
Fundamental Scientific Challenges
  • Embedded computing base to enforce trust
    properties
  • Efficient, timely and secure measurement and
    aggregation mechanisms
  • Adaptable performance/security policies for
    normal, attack, and emergency condition
  • Scalable, tunable, inter-domain authorization
  • Fundamental principles for security in emergency
    conditions
  • Security metrics, multi-scale abstractions for
    measurement-based attacks models to emulate real
    power grid scenarios

48
Control Center (EMS)
Control Center (EMS)
Level 3 (Enterprise)
Secure Languages (DAL)
Trust Negotiation
Secure Information Distribution
LAN
LAN
Public/Private Internet
AAA Control
Dedicated Links M/W, Fiber, Dialup, Leased
Lines, etc)
Vendor
Operator
Dedicated Links M/W, Fiber, Dialup, Leased
Lines, etc)
QoS Mgnt
Secure and Timely Data Collection, Aggregation,
and Monitoring
Level 2 (Substation)
RTU
Switched Ethernet LAN
Level 1 (IED)
IEDs
QoS Mgnt
Secure Tunable Hardware
Sensors
Level 0 (Sensors and actuators)
49
Inter-Domain Protocols
50
Sources of Interest
  • Computer Science and Telecommunications Board
    (CTSB) IT board associated with the NRC
  • Department of Homeland Security (DHS)
    Cabinet-level body in charge of CIP for the U.S.
  • National Infrastructure Advisory Council (NIAC)
    DHS council
  • Computer Emergency Response Team (CERT) Center
    at CMU
About PowerShow.com