Remote operation and security – experiences from a Power ...

stagebetterSecurity

Jun 13, 2012 (5 years and 9 days ago)

730 views

Remote operation and security –
experiences from a Power Utility
“Information management –
supporting multiple users”
Stavanger November 29th 2006
Jens Kristian Engstrøm / Harald Hilde
Statkraft Energy AS
www.statkraft.no
05/12/2006 s. 2
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
Content:
 Technical aspects.
 ProSam, From a Hierarchical to a Network based solution
 Communication network
 “Devices on the Network”
 Security measures
 Experience
05/12/2006 s. 3
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
SCADA
Process
Prosess Control, From – To
Sauda
Gaupne
Dale
n
Korgen
Narvik
Hovedkon
tor
From:
- 5 separate and different
systems
- different functionality
- Serial communication
- Proprietary protocols
Sauda
Gaup
ne
Hovedkon
tor
Korgen
Narvik
To - ProSam
- ONE integrated system
- common functionality
- Network system
- IEC standardized
protocols
SCADA
WAN
New
”customer(s)”
Process
”Device on a network”
Functionality regarding Redundancy for protocols
supporting requirements from NVE - needed.
Norwegian User Convention for IEC 60870-5-104
Today:
Included in the IS for IEC 60870- 5-104
05/12/2006 s. 4
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
Communication Network
Main principles used:
• Ring-structure (redundancy)
• Regional ‘rings’, RWAN, connects CC and
power stations.
• National ‘ring’ NWAN, connects cluster to
power stations and CC
05/12/2006 s. 5
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
IED
Catchments
areas
SCADA
(1+1)
Physical &
Logic
Hydro Power
Stations
Wind Power
Parks
Gas
(Kårstø)
New
Projects
Device on the network.
”Device on
the Network”
SCADA servers
advanced functionality
Control Centre
HMI
Maintenance
Control Centre
SCADA
Communication Network
(1+1)
Physical
Process interface, real time IEC 60870-5-104
4 parks / 250 MW / 700 GWh
(monitor)
120 stations 2007
10.650 MW / 42 500 GWh (2006)
400 MW / 3500 GWh
(monitor)
Total (2007):
11.300 MW / 46.700 GWh
(monitor and Control)
05/12/2006 s. 6
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
ICT - Zone Modell
05/12/2006 s. 7
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
Utilization / Services used on the network
Hydro Power
stations
”Device on
the Network”
Wind Power
Parks
Gas
(Kårstø)
New
Projects
Maintenance
Remote
Fault Diagnosis
Logs / Tests
New projects
Test & verification
Commissioning
SCADA
Test system
SCADA
Operational
systems
Maintenance services
Vendor specific protocol
Vendor access
Via
Certificate
IN
Maintenance
Remote
Change / Upgrade
Patches / Versions
Communication Network
IED
Catchments
areas
Process interface, real time IEC 60870-5-104
05/12/2006 s. 8
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
Security measures
 Security procedure (I-40/200)
 Logical measures
 Zone model
 Physical measures
 All process zone rooms subject to entry restrictions
 Organisational measures
 ICT responsibility
 Security patch management (Windows-based systems)
 Virus control (Windows-based systems)
 Release upgrade to satisfy ISO 17799 requirements
 ITIL (IT Infrastructure library)
 Error management
 Configuration management
 Change management
05/12/2006 s. 9
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
Change process
Objectives
 Change of culture
 Work Discipline
 Own personnel
 Vendors
 Security in engineering /
testing / commissioning
 Process zone specific equipment
including laptops for testing,
logging of network traffic and
analysis
 Improved physical security
awareness
Challenges
 Way of thinking
 Across organisational boundaries
 The whole “value chain”
 Security awareness /
procedures & principles.
 Avoid disruption of “hot”
operation
 Handling of patches/new versions
 Import/export of engineering data
 Vendor’s change management vs
need to correct errors fast
 Use of “personal” laptops and
memory sticks
 Process network and process
equipment present in numerous
locations
05/12/2006 s. 10
Harald.Hilde@statkraft.com
Jens.Kristian.Engstrom@statkraft.com
Harald Hilde
Stavanger November 29th 2006
Experiences
Consequences
 Zone 4 (Process network)
 Luckily, none
 None
 Zone 2 (Office network)
 Hampered Zone 2 operation
 Did not penetrate to Zone 3 and 4
 Zone 2
 Could not penetrate to Zone 3 and 4
 Integrity breach
 Loss of communication for remote
control
 Telecom room used as store room
Incidences
 Memory sticks
 Once (known) inserted into process
device
 A number of attempts stopped in
time
 Viruses/worms
 A few entries by e-mail or laptops
 Hacking
 One test case
 No known specific attack
 Operational security
 Work in power station
 Awareness