Cybersecurity in a Distributed Energy Future

Total Page:16

File Type:pdf, Size:1020Kb

Cybersecurity in a Distributed Energy Future CYBERSECURITY IN A DISTRIBUTED ENERGY FUTURE Addressing the Challenges and Protecting the Grid from a Cyberattack By Advanced Energy Economy Institute January 18, 2018 San Francisco | Washington D.C. | Boston aee.net | powersuite.aee.net | @aeenet ABOUT ADVANCED ENERGY ECONOMY INSTITUTE The Advanced Energy Economy Institute (AEE Institute) is a 501(c)(3) charitable organization whose mission is to raise awareness of the public benefits and opportunities of advanced energy. AEE Institute provides critical data to drive the policy discussion on key issues through commissioned research and reports, data aggregation and analytic tools. AEE Institute also provides a forum where leaders can address energy challenges and opportunities facing the United States. AEE Institute is affiliated with Advanced Energy Economy (AEE), a 501(c)(6) business association, whose purpose is to advance and promote the common business interests of its members and the advanced energy industry as a whole. Visit www.aee.net/aeei for more information. ABOUT THE 21ST CENTURY ELECTRICITY SYSTEM (21CES) INITIATIVE Through its 21CES initiative, Advanced Energy Economy is helping to accelerate the transition to a high-performing, customer-focused electricity system that is secure, clean, and affordable. The three primary activities of the initiative are: Convening forums that bring together utility executives, policymakers, and advanced energy companies to develop a vision for reform that is responsive to the needs of each state and drives towards concrete action. Participating in key regulatory proceedings in targeted states to provide leadership and input to policymakers and regulators on electric utility industry changes required to support a viable utility business model that allows a high degree of distributed energy resources and empowers customers to become more engaged in their energy use to the benefit of the whole grid. Facilitating detailed discussions and collaboration among diverse stakeholders who are interested in working together to accelerate reforms that lead to win-win outcomes. Page | i Background The energy sector is entering a period of significant change, driven by new technologies, evolving customer needs, environmental imperatives, regulatory drivers, and an increasingly complex set of requirements. Amongst a range of stakeholders, there is mutual interest in moving the industry towards a secure, clean, affordable, and prosperous future. The industry has a unique opportunity to modernize infrastructure and facilitate industry evolution and the deployment of advanced technology solutions, creating economic opportunity and an improved customer experience. The grid of the future will have many more interconnected distributed energy resources and devices. Connecting these systems that are out of the control of the Utility with distributed energy resource technologies in a secure manner is pivotal to the transition process. This paper arises out of an informal Working Group, convened by AEE Institute, that met over a several-month period to address cybersecurity concerns in the electric power sector as a starting point for further discussion with stakeholders, including regulators, policymakers, utilities, advanced energy companies, and others. The views and opinions expressed in this white paper are those of the AEE Institute and do not necessarily reflect the official policy or positions of the Contributors or their organizations. Contributors Lisa Frantzis, Coley Girouard, Ryan Katofsky, and Benjamin Stafford, Advanced Energy Economy Chris Bleuher, Jay Taylor, Joao Souza, and William Romero, Schneider-Electric Chris King, Siemens Jeff Smith, Direct Energy (Centrica) John Berdner, Enphase Energy Ken Lotterhos and Doug Morrill, Navigant Consulting Richard Jones, BRIDGE Energy Group Michael Demeter, Michael Vecchi, Todd Wiedman, Wim Ton, and Steven Chasko, Landis+Gyr Wilson Rickerson and Michael Wu, Converge Strategies, LLC Richard W. Caperton, Oracle Utilities Varun Mehra, EnergyHub Jeff Moe, Ingersoll Rand Page | ii TABLE OF CONTENTS Summary ................................................................................................................................. 1 Introduction ............................................................................................................................. 2 Addressing the Cybersecurity Challenge ............................................................................ 3 National-level Rules and Standards ................................................................................................ 3 Boards, Institutes, and Councils ...................................................................................................... 5 State-level Rules and Standards ..................................................................................................... 5 Protecting Advanced Grids from Cyberattack .................................................................... 7 Best Practices and Strategies ......................................................................................................... 7 Considerations for Grid Operators .................................................................................................. 8 Summary of Recommendations .................................................................................................... 10 Conclusion ............................................................................................................................ 11 End Notes .............................................................................................................................. 12 Page | iii SUMMARY Cybersecurity is a growing issue for the global prevent or limit widespread electric grid economy. As new technologies and outages by enhancing power quality and communications become widespread, allowing problematic components to be cybersecurity1 is an issue for the critical isolated.5 infrastructure that keeps our energy system going – not just the electricity grid, but the At the same time, the modern grid will open highly interconnected and interdependent new modes of communication and interaction natural gas, water, communications, and fuel between increasingly diverse and numerous distribution systems. participants and devices. For this reason, modern grid technologies expose existing This paper focuses specifically on the highly security vulnerabilities in new ways, as well as dynamic electricity sector and on the introduce new benefits. That said, protections opportunities and challenges created by the that are practical and currently available or widespread introduction of advanced and under development will be able to make an intelligent energy technologies. increasingly complex, interactive, and distributed electricity system more resilient The global market for advanced energy was against cyberattacks. estimated to be $1.4 trillion in 2016. The U.S. was at the forefront of the market as a result of This whitepaper is intended to inform its support for grid modernization and decision-makers about cybersecurity for advanced energy innovation. The U.S. advanced energy technologies by advanced energy market was $200 billion in highlighting: 2016, of which advanced electricity generation, electricity delivery and Cybersecurity threats to the economy and management, and building efficiency to the energy sector; Emerging cybersecurity best practices for a accounted for 70%.2 distributed, intelligent grid; It is projected that the transition to advanced Policy and regulatory frameworks on and intelligent energy technologies will create cybersecurity that are in place at the global a wide range of security3 and economic level, national level and in some states; benefits for the energy system and for and, consumers.4 The National Academies, for Specific protective measures and protocols example, recently found that advanced that can make a power grid characterized controls and a more distributed energy by abundant advanced energy generation architecture have the potential to technologies secure against cyberattack. Page | 1 INTRODUCTION command and control server to send out Cyberattack is a growing instructions to flood the target with threat to the economy and malformed packets. The attack on the the grid internet service provider Dyn caused widespread disruption for many of the most Cybersecurity threats to the grid have popular sites in the U.S. Flooding the target increased in the United States and around the with large numbers of malformed packets world; not only are the threats becoming more that were generated by thousands of common, a few have demonstrated that they compromised IoT devices resulted in one of can be successful. The landscape of potential the biggest distributed denial of service attackers is broad, ranging from individuals to (DDos) attacks in history.8 BrickerBot malware nation-state and terrorist actors. Cybercrimes used the same method of locating unsecured involving fraud and theft for monetary gain IoT devices on the internet. Instead of taking continue to be a prevalent and persistent drag control of those devices to launch wider DDoS on national economies.6 There is also an attacks, the BrickerBot malware installed a increasing number of attacks designed to package which caused the device to become disrupt or destroy physical assets. permanently disabled (or “bricked”). The author of this malware claims to have disabled The energy industry is learning important
Recommended publications
  • North Korean Cyber Capabilities: in Brief
    North Korean Cyber Capabilities: In Brief Emma Chanlett-Avery Specialist in Asian Affairs Liana W. Rosen Specialist in International Crime and Narcotics John W. Rollins Specialist in Terrorism and National Security Catherine A. Theohary Specialist in National Security Policy, Cyber and Information Operations August 3, 2017 Congressional Research Service 7-5700 www.crs.gov R44912 North Korean Cyber Capabilities: In Brief Overview As North Korea has accelerated its missile and nuclear programs in spite of international sanctions, Congress and the Trump Administration have elevated North Korea to a top U.S. foreign policy priority. Legislation such as the North Korea Sanctions and Policy Enhancement Act of 2016 (P.L. 114-122) and international sanctions imposed by the United Nations Security Council have focused on North Korea’s WMD and ballistic missile programs and human rights abuses. According to some experts, another threat is emerging from North Korea: an ambitious and well-resourced cyber program. North Korea’s cyberattacks have the potential not only to disrupt international commerce, but to direct resources to its clandestine weapons and delivery system programs, potentially enhancing its ability to evade international sanctions. As Congress addresses the multitude of threats emanating from North Korea, it may need to consider responses to the cyber aspect of North Korea’s repertoire. This would likely involve multiple committees, some of which operate in a classified setting. This report will provide a brief summary of what unclassified open-source reporting has revealed about the secretive program, introduce four case studies in which North Korean operators are suspected of having perpetrated malicious operations, and provide an overview of the international finance messaging service that these hackers may be exploiting.
    [Show full text]
  • Never Agains IV February 2010
    the Availability Digest www.availabilitydigest.com More Never Agains IV February 2010 It is once again time to reflect on the damage that IT systems can inflict on us mere humans. We have come a long way in ensuring the high availability of our data-processing systems. But as the following stories show, we still have a ways to go. During the last six months, hardware/software and network faults shared responsibility, each causing about one-third of the outages. The rest of the outages were caused by a variety of problems such as power failures, construction mishaps, and hacking. Rackspace Hit with Another Outage Techcrunch, June 20, 2009 – On June 20, Rackspace suffered yet another outage1 due to a power failure. The breaker on the primary utility feed powering one of its nine data centers tripped, causing data center’s generators to start up. However, a field excitation failure escalated to the point that the generators became overloaded. An attempt by Rackspace to fail over to its secondary utility feed failed because the transfer switch malfunctioned. When the data center’s batteries ran out, the data center went down. Failovers do fail. Have a contingency plan no matter the extent of your redundancy. NYSE Suffers Several Outages in Less Than a Month Reuters, July 2, 2009 – On Thursday morning, July 2, brokers on the floor of the New York Stock Exchange found that they could not route orders, causing the NYSE to halt trading in some stocks and to extend the trading day. During the previous month, a software glitch halted trading; and an order-matching problem affected timely order reconciliation.
    [Show full text]
  • Availability Digest
    the Availability Digest www.availabilitydigest.com Help! My Data Center is Down! Part 3: Internet Outages December 2011 Long gone are the days of the isolated data center. Back then, batch jobs were submitted to update databases and to generate reports. Back then, turn-around times were measured in hours or even days. In today’s competitive environment, IT services are online; and instant response times are expected. What good is a data center if no one can talk to it? Orders can’t be placed or tracked. Medical records can’t be accessed. Online banking comes to a halt. Today’s data centers must be connected. They depend upon the networks that allow users to access them online reliably and with fast response times. In the old days, a company had control over its communication network. It leased lines that it used exclusively for its purposes. If it lost communications, it had direct access to its communication carrier for rapid repair. For critical applications, companies installed redundant communication facilities so that they could continue in operation even in the presence of a communications failure on one of their lines. Not so true today. More and more, companies are relying on the public Internet to connect their users with company data centers. But how reliable is the Internet? In our previous articles in this series, we related horror stories of unimaginable power failures and storage failures that took down the best-designed data centers. In this article, we explore some notable Internet failures that rendered data centers useless even though they were otherwise fully operational.
    [Show full text]
  • Potential Human Cost of Cyber Operations
    ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS REPORT ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Report prepared and edited by Laurent Gisel, senior legal adviser, and Lukasz Olejnik, scientific adviser on cyber, ICRC THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Table of Contents Foreword............................................................................................................................................. 3 Acknowledgements ............................................................................................................................. 4 Executive summary ............................................................................................................................. 5 Introduction....................................................................................................................................... 10 Session 1: Cyber operations in practice .………………………………………………………………………….….11 A. Understanding cyber operations with the cyber kill chain model ...................................................... 11 B. Operational purpose ................................................................................................................. 11 C. Trusted systems and software supply chain attacks ...................................................................... 13 D. Cyber capabilities and exploits ..................................................................................................
    [Show full text]
  • No Internet? February 2008
    the Availability Digest What? No Internet? February 2008 On Wednesday, January 30, 2008, North Africa, the Middle East, and India experienced a massive Internet outage that was destined to last for several days or even weeks.1 How did this happen? How did companies cope? Could it happen in other areas such as Europe or the United States? The Failure The bulk of data traffic from North Africa, from the Middle Eastern countries, and from India and Pakistan is routed through North Africa. There, it is carried by a set of three submarine cables that lie under the Mediterranean Sea. The cables link Alexandria, Egypt, with Palermo, Italy, where the traffic then moves on to Europe, the UK, and the Eastern United States. On January 30, 2008, two of these three cables were severed. It is not yet known why, but the predominant theory is that the cables were severed by the anchor of a huge freighter. Heavy storms had hit the area the previous day and forced Egyptian authorities to close the northern entrance to the Suez Canal at Alexandria. As a result, ships had to anchor offshore in the Mediterranean Sea, dropping their anchors to ride out the storm. It is suspected that one of the freighters dropped its anchor on top of the cables. Reportedly, the two severed cables were a kilometer apart. The storm may have dragged the freighter’s anchor across the sea bed, thus taking out both cables. The result of this catastrophe was that 75% of channel capacity was lost from the Mideast to Europe and beyond.
    [Show full text]
  • Cyber Benefits and Risks: Quantitatively Understanding and Forecasting the Balance
    Cyber Benefits and Risks: Quantitatively Understanding and Forecasting the Balance Extended Project Report from the Frederick S. Pardee Center for International Futures Josef Korbel School of International Studies University of Denver www.pardee.du.edu September 2015 Barry B. Hughes, David Bohl, Mohammod Irfan, Eli Margolese-Malin, and José Solórzano In project collaboration with and the Table of Contents Executive Summary 4 Conceptualizing Benefits and Costs 4 Using the IFs System for Analysis 4 Background Research Foundations 5 Forecasts and Findings 9 Conclusion 11 A Final Note on Study Contributions 12 1. Introduction: Understanding and Anticipating Change in the Benefits and Costs of Cyber Technology 13 2. ICT and Cyber Development Indices 18 Indices Replicated in the IFs Forecasting System 18 ICT Development Index 18 Global Cybersecurity Index 19 Additional Indices of Importance in Cyber Security Analyses 21 Digitization Index 21 Digital Economy Ranking Index 21 Networked Readiness Index 22 3. Benefits 23 Competing Schools of Thought on Economic Benefits 23 Pessimism Versus optimism concerning ICT’s economic production impacts 23 ICT as a general-purpose technology 25 ICT’s Economic Impact: The Production Side 26 ICT as a growth sector in the economy 26 ICT investment and capital services 29 ICT and multifactor productivity 32 Comparing the Productivity Impacts of GPTs: Steam, Electricity, ICT 33 Variation in ICT Impact across Time/Pervasiveness and Countries 36 Drivers of variation in ICT impact: ICT (especially broadband) pervasiveness 36 Drivers of variable ICT impact: Beyond PCs and broadband 39 Drivers of variable ICT impact: Country development level 41 Consumer Surplus 42 Consumer surplus forecasts 46 Summary of Knowledge Concerning Cyber Risk Benefits: Modeling Implications 47 4.
    [Show full text]
  • SDN-Based Intrusion Detection System for Early Detection and Mitigation of Ddos Attacks
    Article SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks Pedro Manso 1, José Moura 2,* and Carlos Serrão 3 1 Department of Information Science and Technology, School of Technology and Architecture, ISCTE- Instituto Universitário de Lisboa, 1649-026 Lisbon Portugal; [email protected] 2 Department of Information Science and Technology, School of Technology and Architecture, ISCTE- Instituto Universitário de Lisboa, Instituto de Telecomunicações (IT), 1649-026 Lisbon, Portugal 3 Department of Information Science and Technology, School of Technology and Architecture, ISCTE- Instituto Universitário de Lisboa, Information Sciences, Technologies and Architecture Research Center (ISTAR-IUL), 1649-026 Lisbon, Portugal; [email protected] * Correspondence: [email protected] Received: 18 January 2019; Accepted: 4 March 2019; Published: date Abstract: The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic.
    [Show full text]
  • Study on Cloud Computing in Arab States: Legal and Legislative
    International Telecommunication Union Cloud Computing in Arab States: Legal and Legislative Aspects, Facts and Horizons International Telecommunication Union Report By: Dr. Janane EL-KHOURY Beirut, December 30, 2015 PLAN Executive Summary ……………………………………………………………………………….. 3 Introduction …………………………………………………………………………………………… 4 Part I: Cloud Computing …………………………………………………………………………. 6 Clause I: Practical Challenges and Legal Issues Raised in Arab States 7 Clause II: Legislative and Regulatory Situation Exclusively in Arab States 9 1. Jordan ……………………………………………………………………………………………………….. 12 2. United Arab Emirates (UAE) ………………………………………………………………………. 13 3. Bahrain ……………………………………………………………………………………………………… 16 4. Algeria ………………………………………………………………………………………………………. 17 5. Kingdom Saudi Arabia (KSA) ………………………………………………………………………. 17 6. Sudan ……………………………………………………………………………………………………….. 18 7. Somalia …………………………………………………………………………………………………….. 18 8. Iraq …………………………………………………………………………………………………………… 19 9. Kuwait ……………………………………………………………………………………………………… 19 10. Morocco …………………………………………………………………………………………………… 20 11. Yemen ………………………………………………………………………………………………………. 22 12. Tunisia ……………………………………………………………………………………………………… 22 13. Comoros …………………………………………………………………………………………………… 24 14. Djibouti …………………………………………………………………………………………………….. 24 15. Sultanate of Oman ……………………………………………………………………………………. 24 16. Syria ………………………………………………………………………………………………………….. 25 17. Palestine …………………………………………………………………………………………………… 26 18. Qatar ………………………………………………………………………………………………………… 27 19. Lebanon …………………………………………………………………………………………………….
    [Show full text]
  • A Human Rights-Based Approach to Network Disruptions CONTENTS
    JAN RYDZAK FOR THE GLOBAL NETWORK INITIATIVE A Human Rights-Based Approach to Network Disruptions CONTENTS ABOUT THE AUTHOR . 3 ACKNOWLEDGMENTS ATTRIBUTION EXECUTIVE SUMMARY . 4 INTRODUCTION .................................................................. 5 THE DYNAMICS OF NETWORK DISRUPTIONS. 6 What is a network disruption? ...............................................6 When do network disruptions occur? .........................................8 How do network disruptions occur? .........................................10 The challenges of resisting shutdown orders . 10 THE IMPACTS OF NETWORK DISRUPTIONS .........................................11 Civil and Political Rights. 11 — Freedom of expression, association, and assembly .......................11 —Right to equality and digital discrimination .............................12 —Freedom of religious belief .............................................13 —Right to life, bodily integrity, and security of persons .....................13 Economic, Social, and Cultural Rights . 15 2 — Economic rights ......................................................15 — Right to mental and physical health . 16 — Right to education ....................................................17 — Right to take part in cultural life and benefit from scientific progress ......17 Humanitarian Impacts .....................................................18 RECOMMENDATIONS: AN INTEGRATED APPROACH ................................. 19 Broaden the scope of human rights impact assessments . 19 Improve and expand
    [Show full text]
  • Ddos and Iot: How You Could Have Contributed to Breaking the Internet
    DDoS and IoT: How You Could Have Contributed to Breaking the Internet Timothy Ho Introduction to Computer Security Fall 2016 Mentor: Ming Chow Abstract Distributed denial-of-service (DDoS) attacks have been increasingly common in recent years and are frequently used to target businesses, financial institutions, and other services to block and disrupt communications and normal everyday operations. This paper covers and explains basic concepts how using Internet of Things (IoT) devices to perform such DDoS attacks can be used to take down large target servers, as evidenced by the attack on Dyn in October of 2016. While knowledge and awareness of DDoS and IoT has been rising, an encompassing goal of this paper is to increase and promote awareness of these issues, vulnerabilities, and computer security as a whole. Introduction On October 21, 2016, a large cyberattack was directed towards servers owned by Domain Name Service (DNS) provider Dyn. As a result, many major websites and services were made unavailable to a large number of users across North America and Europe. Some of the services that were affected included major well-known companies and social media and news platforms such as Amazon, BBC, CNN, GitHub, Reddit, SoundCloud, Spotify, and Twitter. The massive Internet outage lasted for hours and it was later discovered that hacked cameras and other Internet of Things (IoT) devices were used to perform a large distributed denial-of-service (DDoS) attack against the Dyn servers. Many found themselves asking these questions afterwards: How did this happen? Who was behind this? And how could a single cyberattack result in damage that affected millions of users? To the Community This paper is not merely directed towards those who are involved with computer security or careers in computer science; it is especially directed towards members of the general public.
    [Show full text]
  • Repression in the Digital Age: Communication Technology and the Politics of State Violence
    Repression in the Digital Age: Communication Technology and the Politics of State Violence Anita Rosemary Gohdes Mannheim, 2014 Repression in the Digital Age: Communication Technology and the Politics of State Violence Anita Rosemary Gohdes Inauguraldissertation zur Erlangung des akademischen Grades einer Doktorin der Sozialwissenschaften, Fakultät für Sozialwissenschaften, Universität Mannheim verfasst von Anita Rosemary Gohdes Mannheim, Oktober, 2014 First Examiner: Prof. Sabine C. Carey, PhD Second Examiner: Prof. Nikolay Marinov, PhD Third Examiner: Prof. Dr. Nils B. Weidmann Dean: Prof. Dr. Michael Diehl Date of Defense: 19 December 2014 Summary The effect of the digital revolution on citizens’ ability to voice dissatisfaction with their government and to coordinate dissent via social media has been the subject of much recent research. Optimistic accounts have so far failed to address the salient fact that the state maintains de facto control over the access to social media, which means that new digital technology also provides abusive governments with tools to repress challengers. This dissertation investigates how states’ strategies of violent repression are informed by the use of these opportunities to control the internet. I identify two main forms of control, which are the restriction or disruption of the internet on the one hand, and digital surveillance on the other hand. States face a trade-off: they can either restrict access to the internet and with it diminish opposition groups’ capabilities, or they can permit the digital exchange of information and monitor it to their own advantage. I argue that the choice of internet control affects the type and scale of state-sanctioned violence used against perceived domestic threats.
    [Show full text]
  • Effects of Internet Outage Felt Throughout Campus
    21st Century SPARTAN BASKETBALL NOTEBOOK "EVIEW AND Q&A SEV-.1" BACK TO THE 'OLD SCHOOL' Digital Boy Ii' IHE Feral', Wilson and Vaughn talk about Student apathy hurts their roles as fraternity leaders entire campus community PAINT OPINION 2 SPORTS 8 A&E 4 VOLUME 120, NUMBER 20 SERVING SAN JOSE STATE UNIVERSITY SINCE 1934 SPARTAN DAILY WWW.THESPARTANDAILY.COM THURSDAY, FEBRUARY 20,2003 Effects of Internet outage felt throughout campus By Paulo Hernandez People were working to correct the sit- entire campus wuld not connect with The hardware that caused Thurday's Caret said he wasn't sure about the no up-to-date information." uation all day, Judd said. Daily Staff Writer the outside and the outside couldn't Internet interruption was replaced costs to the campus because of the Robert Milnes, director of the school "Something like this should not connect with the campus." with temporary parts. The permanent Intern et outage. of art and design, said that last happen very often at all," he said. Concerning the costs to the univer- parts are on rush order, he said. "There are a lot of issues we have to Thurday's Internet incident is proof of Last Thurday's Internet outage was a "This is a highly unusual event." sity's students, classes and depart- "We take pride in the system we deal with," he said. "We have to take how reliant we are on contemporary problem of hardware, not software, The Internet could be out for about ments as a result of the outage, Judd have on campus," Judd said.
    [Show full text]