Download   Report
  1. No category

IKT-Sikkerhet og pålitelighet innenfor smartgrids

ENERGY
IKT-Sikkerhet og pålitelighet innenfor smartgrids – har vi
kommet et steg videre på å forstå og håndtere risiko?
The Norwegian Smartgrid Centre
Erling Hessvik
16. april 2015
1
DNV GL ©
16. april 2015
SAFER, SMARTER, GREENER
Innhold
Trender
Situasjonen i dag
Har vi kommet et steg videre?
Hvordan kommer vi lenger?
2
DNV GL ©
16. april 2015
Trender
3
DNV GL ©
16. april 2015
4
DNV GL ©
16. april 2015
Foto: eyesonnatureexpeditions.com
ISF Threat Horizon for 2017
1. Disruption divides and conquers
1.1. Supercharged connectivity overwhelms defences
1.2. Crime syndicates take a quantum leap
1.3. Tech rejectionists cause chaos
2. Complexity conceals fragility
2.1. Dependence on critical infrastructure becomes dangerous
2.2. Systemic vulnerabilities are weaponised
2.3. Legacy technology crumbles
2.4. Death from disruption to digital services
3. Complacency bites back
3.1. Global consolidation endangers competition and security
3.2. Impact of data breaches increases dramatically
 Kilde: Information Security Forum
5
DNV GL ©
16. april 2015
Energisektoren har vært et mål for angripere i 2014
Kilde: U.S. Department of Homeland Security rapport
for angrep på industrielle kontrollsystemer i 2014.
6
DNV GL ©
16. april 2015
Kilde: DN.no
Yesterdays infrastructure: simple and straight forward
DNV GL ©
16. april 2015
Tomorrow: Smart Grids, highly intelligent fully integrated
infrastructures
Reforming
Electricity
Gas
Bi-directional power and information flows
8
DNV GL ©
16. april 2015
Situasjonen i dag
9
DNV GL ©
16. april 2015
10
Current Cyber Security situation
 The most important task for a system responsible is to ensure reliable and safe
operation of the system
 But due to more IT automation, cyber attacks are now a bigger threat to this
then ever before
 It has therefore become impossible to only trust on the vendor to guarantee
safe and secure system operation, end user validation is needed
 Perfect security is not realistic, but what is needed is a good grip in respect to
understanding the risk and impact of the network’s vulnerabilities
The evolvement of technology causes new vulnerabilities for the energy system
10
DNV GL ©
16. april 2015
Helheten må adresseres
Domenekunnskap
IT
Engineering
11
DNV GL ©
16. april 2015
Smartgrids basert på standard IT vil medføre nye utfordringer
Standardisert
programvare som
krever hyppige
oppdateringer
12
DNV GL ©
16. april 2015
Samarbeid med
partnere
Fjernstyring
Har vi kommet et steg videre?
13
DNV GL ©
16. april 2015
Therefore DNV GL developed the cyber security end to end test
Is my system secure enough?
14
DNV GL ©
16. april 2015
Cyber Security End-To-End Test
Comprehensive, cost effective testing for energy IT systems and smart grids


15
The service will provide 3rd party
technical validation services to provide
bottom up proof that proper security
measures have been taken for a
complete system from an end to end
perspective.
Periodic evaluation
We assess your system regarding
–
Secure network design principles.
–
Physical cyber defences and
intrusion prevention.
–
In-depth data stream analysis.
–
Policy and procedures for
prevention, detection, mitigation
and recovery.
DNV GL ©
16. april 2015
End to end testing
Device testing
High Level Findings from the pilot tests
 Physical security, network security and security
procedures are handled by different
departments
– Little alignment in between
 Networks are often not configured correctly by
the vendor, if turn key solutions are provided.
E.g.: unused enabled switch ports, 3rd party
vendor access unbeknown to the end-user, open
webservers and telnet listeners
 There is little or no detection possibility of
suspicious activity on a industrial network
 Firewalls are absent, or configuration has not
been maintained
 We find viruses (trojans) on isolated control
systems
 Emergency procedures in case of cyber
attacks usually do not exist for SCADA,
nobody knows what to do or who to call if
they see something suspicious going on
16
DNV GL ©
16. april 2015
Forståelsen øker – Men tiltakene er ikke i mål
Gjengitt med tillatelse fra Børge Lund
17
DNV GL ©
16. april 2015
Sannsynlighet er vanskelig…
• Sannsynlighet for angrep er vanskelig i
risikoanalyser
• Et alternativ er å fokusere på sannsynlighet
for at et angrepsforsøk lykkes
18
DNV GL ©
16. april 2015
En «Bow Tie» modell kan være nyttig
19
DNV GL ©
16. april 2015
Hvordan kommer vi et steg videre?
20
DNV GL ©
16. april 2015
Hva bør prioriteres for å komme et steg videre?
Undersøk egen
sikkerhetstilstand
Sikkerhet må bygges
bedre inn
Det må investeres mer i
deteksjon og reaksjon
21
DNV GL ©
16. april 2015
www.dnvgl.com
SAFER, SMARTER, GREENER
22
DNV GL ©
16. april 2015
Safer – Smarter

Safer – Smarter

Screening Study The client was appraising

Screening Study The client was appraising

presentation - Behavior Energy and Climate Conference

presentation - Behavior Energy and Climate Conference

WELCOME! Thursday, October 30th, 2014 WINDSOR GUANABARA HOTEL, RIO DE JANEIRO, BRAZIL

WELCOME! Thursday, October 30th, 2014 WINDSOR GUANABARA HOTEL, RIO DE JANEIRO, BRAZIL

MP6 Pipeline Recovery/GP Basket

MP6 Pipeline Recovery/GP Basket

DIN EN ISO 50001 - Butting GmbH & Co. KG

DIN EN ISO 50001 - Butting GmbH & Co. KG

Acute Strategies Oil spill plans (ASO)

Acute Strategies Oil spill plans (ASO)

MCE conf - Driving Value through Subsea Standardization

MCE conf - Driving Value through Subsea Standardization

HOW TO DO BUSINESS IN VIETNAM? 2014-03-21 Andrew Westwood MARITIME

HOW TO DO BUSINESS IN VIETNAM? 2014-03-21 Andrew Westwood MARITIME

DNV Presentation

DNV Presentation

abcdocz.com

© Copyright 2024