December 27, 2024

Securing Utility Assets: The Ways and Means of Critical Infrastructure Protection (Part 2)

by Electric Energy T&D Magazine Editorial Staff
This is Part 2 of our annual feature on security, initiated in the latter part of last year. As an issue of importance throughout the coming year, we believe that security deserves special attention. With an overwhelming need to protect critical infrastructure continuing to build from growing levels of physical and cyber threats emanating from myriad sources, security is an issue that must be solved in a pragmatic yet economical way. A follow up to this article is planned for the Nov/Dec 2009 issue as well, so if security is on your radar, we want to hear from you! – Ed.

Tony DiMarco is director and global industry manager for the Utilities & Communications business unit at Intergraph Corporation (www.intergraph.com). DiMarco has more than 30 years of experience in utilities and software solutions, responsible for consulting, professional services and business development for several Fortune 500 firms providing software and services to the global utility market. He previously held senior management roles at Oracle Consulting, Autodesk and GE Energy.

DiMarco began his career in R&D and applied computer applications at Con Edison of New York where he implemented the company’s first GIS and infrastructure management system for the electric, gas and steam distribution system in New York City, NY. DiMarco holds a bachelor’s degree in mechanical engineering and master’s degree in business administration from New York University. He is a member of GITA International and the American Society of Mechanical Engineers.

Ellen Libenson is vice president of marketing and product management at Symark International (www.symark.com), a leading provider of security administration solutions. Ms. Libenson has over twenty years of experience in product marketing, product management, and marketing communications for hi-tech companies. She has held management positions at leading providers of enabling technologies and enterprise software applications that have focused on delivering solutions to major corporations in the Energy, Consumer Goods, Healthcare, Financial Services, and Manufacturing industries.

Kass Aiken is the Vice President of Sales for Ceelox (www.ceelox.com). Founded in 2003 and headquartered in Tampa (Florida), Ceelox is an established developer of biometric security software solutions for multiple vertical markets and businesses of all sizes. Ceelox’s logical access biometric solutions provide affordable, innovative and fresh ways for customers to securely access mission critical applications. Mr. Aiken’s core competencies and experience range from business strategy consulting to overall delivery of client engagements through all stages of acquisition, design and development. With a long tenure of senior management experience, he has been at the forefront of where cutting-edge technology meets practical creativity. Mr. Aiken began his professional career at Wang Laboratories and most recently held the position of Vice President of Professional Services at Intelladon Corporation, a learning management software company.

Gregg Larson is R&D Director of System Software & Operations for Sensus Conservation Solutions  (www.sensus.com)  where he is responsible for the field installation, operation, maintenance and customer training for the company’s FlexNet product line. Larson is also charged with software development for its backend data collection suite. Larson joined Sensus in 2006 following the acquisition of Advanced Metering Data Systems (AMDS), where he had served as Operations Director. Prior to AMDS, Larson held various positions over the span of a decade at CellNet, the final being Vice President of Network Operations. Larson holds a Bachelor of Science degree in Electrical Engineering from the University of Minnesota and has completed study at Kansas University in pursuit of a Masters in Business Administration. He also is a certified information systems security professional, awarded by the International Information Systems Security Certification Consortium.

More Perspectives On Security…
The first part of this article appeared in our Nov/Dec 2008 issue with information and viewpoints expressed by members of the Special Security Panel convened at the Smart Grid RoadShow in Toronto, Canada (October 6-7, 2008). This second installment adds additional perspectives and commentary from representatives of four more companies involved in various facets of security products, systems and services.

Intergraph’s Tony DiMarco states that the events of Sept. 11, 2001 have had a profound effect on security considerations for utilities. As a leading global provider of spatial information management (SIM) software, Intergraph Corporation fuses geospatial technology to security, helping some of the world’s largest government, military, and industrial organizations in more than 60 countries better manage their operations and safeguard their infrastructure.

“There has been both an over-reaction and an under-reaction by some companies with regard to their overall security posture,“ DiMarco observes. “While there has been a strong reaction to cyber-security issues, including much attention now being paid to compliance with the NERC-issued guidelines for cyber-security, the pursuit of technologies to improve critical infrastructure physical security has gotten substantially less attention – at least so far.”

Physical security, like cyber-security, is intended to mitigate the impact of threats through deterrence, prevention, detection, limitation and corrective action. While cyber-security has been primarily focused on preventing intruders from commandeering or threatening utility control systems, physical security measures have remained relatively unchanged. Utilities continue to use physical barriers, increased security personnel, access control systems and occasional video monitoring as their main lines of prevention and defense.

“It has been said, ‘security is always excessive until it’s not enough’,” DiMarco reminds us. “The terrorist events of 9/11 are a grim reminder of complacency. Keeping this in mind, utilities can dramatically improve their ‘situational awareness’ and enhance their security posture with changes that are possible in the utility operations control center and control room.”

“Today, there is technology available to design and assemble a comprehensive video monitoring and alarm network around identified critical infrastructure to improve overall ‘situation awareness’. Such a security network can be designed to monitor substation internal and external areas using intelligent video cameras, as well as monitor intruders crossing certain paths, such as transmission towers and easements, using wireless fences.”

“This physical security monitoring of critical infrastructure can be directed to a central command center where alarms can be integrated into the same operations control center display where the central monitoring and control of the electrical transmission and distribution systems is focused. Integrating physical security systems alarms with systems operations and control provides improved situational awareness and heightens the security posture by integrating physical security monitoring and alarms with electrical operations.”

To further illustrate the point, DiMarco invites us to consider the following scenario…

“When operating the electrical system, a change in operating status at a substation may be considered an isolated event. That same change in electrical substation operating status, when combined with a security alarm at a substation, has much greater significance and may be interpreted as a more significant threat in progress rather than an isolated system malfunction. This underscores the value of combining physical security systems technology with operations technology in the control room. The result is improved situational awareness and an improved ability to respond to a threat, take corrective action and mitigate the impact,” says DiMarco.

Integration of physical security and control room operations systems is feasible today, providing a command-and-control environment for operations through a single user interface for a number of operating systems in the control room. The same technology being implemented for this control room environment allows the integration of physical security devices as part of the control room display.

Symark’s Ellen Libenson stresses the importance of access control in meeting NERC-CIP guidelines and securing critical assets. Libenson maintains that to meet short-term NERC-CIP deadlines and develop longer-term “best practices” security and compliance measures, utilities must evaluate their infrastructures to ensure that core processes are in place, including a sound identity management system that allows only authorized users access to critical infrastructure systems and associated proprietary information.

“An effective role-based access control (RBAC) system will make certain that those authorized to perform various duties with elevated privileges and access will be confined to what their role designates. Their activities will be recorded and an indelible audit trail will be created. In addition to helping guarantee the integrity of IT systems, this is invaluable for forensics and troubleshooting purposes – and often serves as a deterrent to malicious or unethical behavior. Role-based access can and should be granularly defined to meet CIP and data privacy requirements,” Libenson asserts.

“If a utility works within the framework of these best-practices approaches, a robust access control solution will allow for an easier implementation and enforcement of security policy related to privileged accounts. These technologies serve as a centrally controlled application for password management for the hundreds – or even thousands – of systems typically running within a complex, heterogeneous Windows/UNIX/Linux environment,” Libenson continues.

“By making it easier to authenticate users and automate access restriction, utilities will be a step closer to a secure infrastructure and complying with the multiple requirements within NERC’s CIP regulations,” Libenson concluded.

Ceelox is another provider of access control solutions serving the utility industry. The company’s biometric security software solutions are used in multiple vertical markets and businesses including utilities.

“The use of fingerprint biometrics substantially reduces the chance that an unauthorized person could access your computer files, services or networks,” says Ceelox’s Kass Aiken. “Each user simply authenticates their identity via a fingerprint scanner. This provides a much stronger access authentication than user name and passwords that can be lost, stolen, forgotten or shared – whether accidentally or intentionally. The Ceelox identification solution offers convenient password replacement with the swipe of a finger,” Aiken emphasizes.

The Ceelox sytem is very flexible and has been used by a Florida-based electric utility to create custom features, permitting multiple employees to access the same workstation with fingerprint biometrics while successfully logging into their individual SCADA sessions with different application-level access. In addition, the solution provided roaming user profiles, so that user settings “follow” each person from one workstation to another without the need for reprogramming.

Gregg Larson of Sensus Metering Systems contends that many of the communication systems deployed across the myriad of data conveyance applications in the utility environment use only a single method of encryption or authentication.

“While the method selected is usually closely tied to the level of complexity and standards set forth by relevant governing bodies for each application, securing wireless communications is often left to a single element,” Larson points out. “Use of a monolithic (i.e., ‘single-layered’) approach to security – though perhaps quick,  easy and seemingly inexpensive to implement – sends a strong message to potential attackers that they need only breach one layer to completely compromise the security shield in place.”

By contrast, some systems employ multiple communications security measures to provide a series of barriers to unauthorized access. In applications such as advanced metering infrastructure (AMI) networks, for example, large numbers of potential access points (i.e., meters) are routinely deployed in unsecure locations, thus providing numerous possibilties for security breaches. This is especialy true for two-way AMI networks where endpoints can freely communicate with the host, data concentrators or even each other on a peer-to-peer (P2P) basis, depending on the supplier and system architecture. In this increasingly common scenario, every node becomes a ready-made entrance into the network as well as potentially opening a path into every system deployed using that same technology – whether in the past or the future.
 
A sample multi-layered security shield is depicted in the diagram above. In many older and even some newer ones, only a few of these layers are implemented or available; in other cases, a single layer may be the only security protection there is. Moreover, some systems rely partially or even entirely on third-party security measures over which the user has no influence, control or recourse when cellular or other conventional media networks are employed.

By contrast, utilizing all of the layers simultaneously, means that penetration defenses are vastly improved. Indeed, it is the wrapping of one layer upon another that provides security thresholds that are otherwise unattainable. This is not to say that one encryption method is necessarily better than another (although one could argue that some are), but rather that all measures used in concert provide the most robust communications protection across an entire network, end-to-end and point-to-point.

“Putting the final elements under the control of the end user also means that every customer can be fully isolated from all others, which is paramount when considering the pace at which AMI systems are currently being deployed,” Larson observes. “And without taking the necessary steps to protect these systems properly and comprehensively, we are essentially designing in new vulnerabilities that will inevitably have to be remedied after deployment – a much more costly and time-consuming path.

Conclusions
The companies represented here (and previously, in Part 1 of this feature) barely scratch the surface of the many types, technologies and sources of security solutions. However, it is hoped that by broadening exposure to security issues and heightening awareness of the potential threats as well as the available deterrents, users will be better equipped to make informed selections when the need arises, as it most certainly will at some point, if not already. (Remember to watch for our follow up report in the November/December 2009 issue!)