Documente Academic
Documente Profesional
Documente Cultură
Holistic solution for Energy Automation Systems with SIPROTEC and SICAM
Technical Article
A holistic approach to cyber security
The task of cyber security not only falls serial WIFI https
to a few specialists within product and
system suppliers. Rather, the integrated
approach calls for an awareness of cyber
security concerns by all employees in a
company. Among others, this also
requires role-specific training in
companies. The following technical Figure 3. example for a secure tele communication
aspects are of key importance:
Secure System Architecture During production, the firmware is fitted with The investment security of products is
System Hardening a digital signature which the device uses to another key aspect.Product suppliers need to
Access Control and Account authenticate. The device enables a physical assure that state-of-the-art security features
Management separation of process and management can be retrofitted for a long period of time by
Security Logging/Monitoring communication. Moreover, devices means of software updates.
Security Patching communicating outside of a physically
Malware Protection protected zone have to satisfy higher Migration strategy
Backup and Restore communication security requirements than
Secure Remote Access. devices communicating within a physically A great part of the existing energy
protected area. automation systems and facilities are
Products End-to-site or end-to-end encryption is potentially insecure and have to be
mandatory in these cases with the device overhauled to meet cyber security standards.
Secure energy automation products are presenting the terminal point of the Since a complete and immediate overhaul is
the foundation of a secure energy encryption chain. The product supplier has to not advantageous economically, a migration
automation system. Cyber security make sure that regular installations of OS strategy has to be adopted in order to make
requirements for the products depend security patches and virus patterns do not systems secure.
on various factors including the affect the availability of energy automation
intended function (protection, control, functions.
operation and monitoring) and the
spatial layout of the products.
Security functions in modern energy Secure development
Encryption of the communication line
automation products follow the general Patch management
between DIGSI 5 and the SIPROTEC 5 device
goals of cyber security: availability, Antivirus compatibility
integrity and confidentiality.
State-of-the-art protection devices are Connection password according to
capable of satisfying these needs. NERC-CIP and BDEW White Paper
Secure communication between the
operating software and the device
Recording of access attempts in a non-volatile
comes first. The encrypted connection is
security log and IEC 61850 messaging
only established after mutual
authentication. A connection password
is used and managed in this process that Confirmation codes for
complies with the BDEW Whitepaper and safety-critical operations
Independent testing
NERC CIP recommendations (North
Secure development
American Electric Reliability Corporation
- Critical Infrastructure Protection) [2]. Digitally signed firmware
All security-relevant events are logged in Internal firewall
a non-erasable security log.
Separation of process and
The protection device is equipped with a
management communication
crypto chip that assures the
cryptographic functions including an Crypto-chip for secure information storage
integrity check of the device firmware.
Figure 4. security features of a state of the art protection device
VPN
Trusted Zone
Station Level
DMZ
Switch
Substation Control
Router with Firewall
Zone I
IEDs
(Protection Devices,
Substation Control Field Devices)
Zone II
Station Controller
Field Level
PC
Control Center
Hardening Measures
The migration strategy must The analysis accounts for the impact Outlook
account for the special boundary of damages of critical operating
conditions that apply to the information and of the protection The threat posed by cyber attacks and regulatory
operation of energy automation requirements of the corresponding requirements will have operators of critical infrastructures
systems. Availability is the top goal IT assets. Also, the analysis has to deal intensively with the necessary security precautions
for protecting energy automation allow for the functional and processes and install them. Secure products and
systems. The system's uninterrupted requirements of the operator and solutions will be used on a wide scale. Operators will
operation is expected 24/7. The the local regulatory stipulations. establish these measures as crucial constituents of their
components used combine quality process to be free to deal with their actual core
Windows or Linux based systems A secure system architecture is the business.
and proprietary systems. There are basis of all subsequent cyber
links to insecure networks and to the security measures. The secure
operator's office IT. Some older architecture splits the system into References
components are still in use that secure zones with identical
cannot be replaced yet due to protection requirements. A [1] Entwurf eines Gesetzes zur Erhöhung der Sicherheit
economical and functional aspects. particularly secure zone can be used informationstechnischer Systeme (IT-Sicherheitsgesetz).
http://dip21.bundestag.de/dip21/btd/18/040/1804096.pdf
Additionally, proprietary to continue operating technically
technologies are part of the mix. outdated products for a certain [2] Bundesverband der Energie- und Wasserwirtschaft e. V. (BDEW):
Hence, an energy automation period of time without reducing the Whitepaper-Anforderungen an sichere Steuerungs und
system is frequently made up of level of protection of the other Telekommunikationssysteme. Überarbeitete Version 1.1, März
various components from different zones. A demilitarized zone (DMZ) is 2015, www.bdew.de
vendors, different technologies and set up that accommodates all
different technological generations. engineering tools required for the
Many of the established office IT components inside the secure zone. Authors
measures prioritize protection goals These zones are protected by
Dipl. Inf.
differently or inadequately account firewalls. The cyber security Chaitanya Bisale,
for the special boundary conditions. measures are implemented on top Product Lifecycle Manager,
This calls for the implementation of of this. The boundary conditions Cyber Securtiy & Substation Automation,
strategies tailored to the needs of described above have to be Energy Management Division,
energy automation. observed in the process. For Energy Automation,
The first step of migration is to take instance, this means that Siemens AG, Nuremberg
stock of all assets of the system. The components from third-party
Dipl. Ing. Andreas Kohl,
architecture of the communication vendors have to be hardened. All Lifecycle Manager Cyber Securtiy,
network and the physical expansion cyber security measures basically Energy Management Division,
of the system are documented. The follow the design principles of Energy Autoamtion,
status quo then becomes the basis defense-in-depth and need-to-know. Siemens AG, Nuremberg
of a risk assessment carried out in [2].
collaboration with the plant
operator.