Читать книгу Maintaining Mission Critical Systems in a 24/7 Environment - Peter M. Curtis - Страница 34
2.2 Risks Related to Information Security
ОглавлениеThe security of all of these networks is the subject of urgent, on‐going assessment. Much of the analysis has been focused on physical and cyber security – protecting the physical structures themselves, or the computers that are used to control them. But their greatest vulnerability is the loss of power upon which every aspect of their control and operation ultimately depends. While the multiple layers of the utility’s critical infrastructure are highly interdependent, electric power is, more often than not, the prime mover – the key enabler of all the others.
However, in the past, the energy industry has not typically been focused on information security risks and has been even less concerned about privacy. Equipment failures due to information security vulnerabilities are not usually anticipated, and except for an acknowledgment of damage caused by data theft, the exploitation of those vulnerabilities is not usually seen as a likely cause of catastrophic events. The root cause of the August 2003 Northeast Blackout is listed as “Human decisions by various organizations, corporate and industry policy deficiencies, and inadequate management;” proper policies backed by strong information security measures is part of the solution as well as solid training programs that include refreshment courses of emergency action, alarm response, and standard operating procedures.
According to the Federal Energy Regulatory Commission, both domestic and foreign hackers are now devoting considerable time and capital to mapping the technology infrastructures of companies. The network exploitation done to explore a network and map it has to be done whether the intruder is going to steal information, bring the network down, or corrupt data. Information security experts believe that this may be the cause of a few recent major blackouts.
Hackers are like digital spies with the ability to steal information or disrupt networks remotely. Officials need to be more aware of security breaches, as they are a national/global security issue. The intellectual capital and industrial secrets are at risk and keeping the risks quiet only makes the situation worse. The private sector, which owns most information networks that operate power plants, dams, and other critical infrastructures, needs to do more to improve security and protect critical data. A cyber‐attack could disrupt critical operations and impact customers.
The Smart Grid, being a digital system, would be vulnerable to cyber‐attacks. The sector evolves with the emergence of Smart Grids, connected to other systems such as SCADAs, IoT…etc. They require greater security monitoring since they are the entry point for cyber criminals. The combination of Information Technology (IT), Operational Technology (OT) and Internet‐of‐Things (IoT) are access gates for cyber criminals. Therefore, there is an urgent need for effective strategies in order to secure Smart Grids against cyber‐attacks. To address this hazard, recommendations have been made to build the Smart Grid from the ground up with security in mind. Some of the governing standards to address cyber security within the bulk electric power grid are the NERC suite of Critical Infrastructure Protection standards (CIP‐001 thru ‐014), Smart grid information security (IEEE 1686, P37.240, IEEE 1402, IEC‐61850). An intelligent system would be able to detect intrusions and bypass affected nodes to keep electricity flowing to consumers. This capacity to “heal” through the use of installed “smart” switches throughout the network would create a grid that is more resilient to deliberate attacks and natural disasters.
How do power outages relate to the level of reliability your company requires from an energy standpoint? Facilities can generally be classified by Tiers, with Tier I being the most basic, and Tier IV being the most reliable facility. The reason for having different tiers is due in large part to maintainability, i.e., maintaining the facility without shutting it down. Tiers I and II must be shut down to perform maintenance; Tiers III and IV are deemed “concurrently maintainable.” Critical functions will usually require a facility in the Tier III to Tier IV range or utilize other strategies such as co‐location. Although rare, it is possible that critical business functions will be located in a Tier II or even a Tier I facility configuration, despite the fact that both lack full backup and redundancy support. This practice is not encouraged. Figure 2.4 below identifies types of electric load interruptions associated with recent significant power outages shown in Table 2.1.
Figure 2.4 Potential Causes of Load Interruption or Downtime
Figure 2.5 The Tiers of the Electric Grid from Generation to Chip. Derived from “Distributed Energy resources interconnections systems” U.S.DOE NREL (September 2002).
Table 2.1 Recent Significant Power Outages (Various Sources – Google Alert – Major Power Outages)
| LOCATION | CAUSE | EFFECT |
|---|---|---|
| Hartsfield‐Jackson, Atlanta, USA | Equipment failure knocked out the power to the busiest airport of the world in December 2017.Power outages lasted for 11 hours. | The company suffered a loss of $50 million |
| California, USA | PG&E implemented a 48‐hour power shutoff as a preventative measure to control the wildfires | California’s economy suffered a $2.5 billion blowPG&E filed for bankruptcy protection, saying it’s facing more than $30 billion in liabilities |
| Sydney, Australia | Wind Storm on Monday, November 25, 2019 | 76,000 homes without power, lasting several days (wiki) |
| Barbados Island | Engine failure in Barbados Light & Power Company on November 18, 2019Dirty fuel and aging power generators failed – lacked maintenance | Most of the island lost power, affecting 130,000 people for several days (wiki) |
| Pyrenees‐Atlantiques Region of SW France | Storm Amelie caused strong wings and giant ocean waves.Power was lost throughout the region on November 3rd, 2019 | More than 140,000 residents lost power for several days (wiki) |
| Eastern US & Canada | “Halloween” storms and thunderstorms swept the eastern U.S and Canada areas.Power outages throughout November 1st, 2019 leaving many in the dark | More than 2,000,000 people left without power for several days, including people stranded by the flooding (wiki) |
| Island of Tenerife, Spain | Power was cut on September 29, 2019 for the entire island of TenerifeBreakdown occurred at a major electrical substation | More than 1 million people affected, many trapped in buildings and elevators (wiki) |
| Bahamas, Eastern Seaboard of US, and Canada | Hurricane Dorian damaged transmission systems on September 1st, 2019.Power outages spread out and last for extended period | More than 200,000 outages and many people left in the dark (wiki) |
| England & Wales | Major power blackout due to lighting strike. | More than a million people affected and major travel disrupted (wiki) |
| Kiev, Ukraine | Cyber‐attack on December 17, 2015Lasted over an hour – power cut over whole city | 225,000 with no powerCity brought to a halt |
| Venezuela | Hydroelectric Plant Failure (03/07/2019 – 03/14/2019)Possible act of sabotage | 32 Million with no power42 deaths attributed to power outage |
| Dallas, TX | Tornado & Storms (10/21/2019) | Disaster declaration in 16 countiesMore than 140,000 with no power for several days |
| Denver, CO | Power rerouting for maintenance caused a system trip (7/1/2010) | 7 substations brought down100,000 with no power for 15 minutes and 20,000 without power for over an hour |
| Chicago, IL | Severe storms (6/22/2010) | 550,000 customers lost power for approximately 4 days |
| Kentucky | Winter storm (12/25/2009) | 607,000 customers went without power |
| Siberia | Long‐term maintenance negligence (8‐17‐09) | 75 workers killed, 2‐day blackout, oil spill |
| Florida | Significant Equipment Failure (2‐26‐08) | 4,400,000 are left without power |
| New England | Lightning storms cause debris to damage power transmission lines (1‐14‐08) | 20,000 people report power loss over the span of a week‐long storm |
| San Francisco, CA | Data Center Backup Power Generators failed (7‐24‐07) | 40,000 customers directly affected. Internet users worldwide couldn’t access internet sites |
| Los Angeles, CA | Massive Power Outage – Utility Worker wiring error (9‐12‐05) | Traffic and public transportation problemsFear of a terrorist attack |
| Indonesia | Transmission line failure between Java and Bali (8‐18‐05) | 100 million without power |
| Gulf Coast (Florida/New Orleans) | 2004/05 Hurricanes: Iban, Charley, Francés, Katrina, etc. | Millions of customers without power, water, food and shelter, government records lost due to flooding |
| China | 20‐million‐kilowatt power shortage – Equivalent to the typical demand in the entire state of New York (Summer 2005) | Multiple sporadic brownoutsGovernment shutdown least energy‐efficient consumers |
| Greece | Temperatures near 104°FMismanagement of electric grid (7‐12‐04) | Over half of the country left without power |
| O’Hare Airport, Chicago, IL | Electrical explosion (7‐12‐04) | Lost power to two terminalsFlight delays over the course of a day |
| Logan Airport, Boston, MA | Electrical substation malfunction (7‐5‐04) | Flight delays and security screening shutdown for 4 hours |
| Italy | Power line failuresBad Weather (9‐29‐03) | Nationwide power outage 57 million people affected |
| London | National grid failure (8‐29‐03) | Over 250,000 commuters stranded |
| Northeast, Midwest and Canada | Human decisions by various organizations, corporate & industry policy deficiencies, inadequate management (8‐14‐03) | 50 Million People effected due to the 61,800 MW of capacity not being available |
| Brazil | Lightning strike (3‐11‐99) | 75 million without power |
| Quebec, CA | EMP from solar flare | 12‐hour blackout in CanadaWorldwide radio and satellite systems disruptions |
In fact, the energy industry is just coming of age to utilize the latest operation technology. Some organizations lack even accurate and up‐to‐date information to provide first responders of grid outages with the intelligence and support necessary to make informed decisions during critical events. Keeping personnel motivated, trained, and ready to respond to emergencies is a challenge, made even greater without an appropriate records retrieval program in place.
Augmenting security for utilities is seeing some progress. The Federal Government is taking steps to enhance physical and cyber security for utilities. The Critical Infrastructure Protection Cyber Security Standards, mandated by the Federal Energy Regulatory Commission (FERC), are designed to reduce the risk to the reliability of the utility electric system and enhance security by protecting Critical Cyber Assets (CCA). The Cyber Security Standards requires utilities to implement and document a program to identify, classify and protect information associated with CCA’s. Some facilities, control centers, and substations must undergo security assessment and augmentation when identified as Critical Assets.
Access to these Critical Assets, whether in person or through cyber and electronic means, has to be authorized and will be controlled, monitored (with an immediate response to all unauthorized access attempts), and logged. Physical access will likely be controlled by the use of card reader systems. To be authorized for access, affected employees, contractors, and vendors are required to have an appropriate level of personnel risk assessment consisting of identity verification, seven‐year criminal record search, and terrorist watch list search. In addition, they are also required to attend annual cyber security training and regular security awareness training.
Most utilities are required to be compliant with the North American Electric Reliability Corporation (NERC) Cyber Security Standards CIP‐002 through CIP‐009. In order to be compliant, there are a number of physical security access control requirements that must be met at Bulk Power Electric Substations. These are substations handling large power transmission capabilities, not solely local electric distribution to local areas. The requirements are to control, monitor, and log access to critical cyber assets that are contained within the control houses at these substations. There is also a non‐compliance self‐reporting requirement that mandates utilities to self‐report to NERC any known violation of the CIP standards.
