Published on March 11, 2014
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL1 Cyber Security in the Power Sector Assessing vulnerabilities in the Power Industry Value Chain
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL2 The Reality of Cyber Threats Understanding the need for a dedicated security machinery HIGHLIGHTS Smart Grid Mission promises to modernize India’s power sector but is highly susceptible to cyber attacks Focus of cyber attacks evolving. Earlier: pure financial motive; Now: creating mayhem Comprehensive security policy and regulatory response required for the power sector
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL3 Introduction • R-APDRP: Restructured Accelerated Power Development and Reforms Program – ICT intensive modernization of India’s state electricity boards • Smart Grid Mission: $5.8 billion outlay in 12th Five Year Plan (2012-17) • Addresses capacity storage issues and transmission & distribution losses • Risk: Technology intensive, hence susceptible to cyber attacks Attack on the National Critical Infrastructure (NCI) can bring the nation to its knees
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL4 • Cyber attackers can cause widespread damage without taking excessive risk • Power sector nuances: Generation, transmission & distribution are all at risk Enforcing Cyber Security Appreciation Acknowledge the threat Discovery Find the exposure/threat Attribution Identifying the perpetrator/source Address jurisdiction issues Determine appropriate reponse Information sharing, collaboration and learning Lack of an international legal framework is a major hurdle to implementing these Steps to Enforce Cyber Security
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL5 Vulnerabilities in the Value Chain 11% 62% 14% 13% Electric Terrorism: % of attacks by grid components targeted (1994-2004) Generation Transmission Substations Others Generation Vulnerabilities • Weaknesses in GenCos' IT systems • SCADA vulnerabilities: Weak authentication, backdoors, ladder logic Transmission Vulnerabilities • D-DOS attack on smart grids • Malicious data injection • Attacks on controllers (SCADA, PLCs) Distribution Vulnerabilities • Network Operating Centre impersonation • Smart Meter tampering through unauthorized control Other vulnerabilities • Telemetry (data connectivity) systems have little to no security protocols • Consumer data can potentially be stolen from Smart Grids and put to malicious use • Zero-day threats due to gaps in network zoning, default passwords, dated patch updates. Power sector is vulnerable to both short-term and long-term disruptions, e.g.: – Unauthorized access to control systems causes outages, overloads or other damages – Malicious data transmission causes unintended system behavior – Meter tampering causes huge financial losses due to replacement – Theft of personally identifiable information reveals usage patterns, home occupancy, etc.
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL6 Importing Best Practices • Non-power NCI sectors – Banking and telecom have rigorous and mature security mechanisms – Power companies have much to learn from RBI, SEBI, DoT and TRAI • Metrics – Measuring and reporting – Clear goals and measurable metrics should be established for all systems – GenCos and grid cos. should follow regulations like SOX and PCI-DSS • Global cyber security regulations for the power sector – E.g., U.S. follows a voluntary reporting approach for its power sector while the EU has compulsory compliance in place – Indian power sector can pick and choose from such regulations Power sector can learn about cyber security from : • Other National Critical Infrastructure (NCI) sectors of India • Regulations prevailing in power sector in other countries
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL7 Conclusion Upgrading power infrastructure without addressing security risks can make it highly susceptible to cyber threats. Cost-benefits study must be done at each step, although it can be challenging in areas where loss expectancy is hard to quantify. The security policy should address the entire spectrum of cyber security, possibly leveraging prior experiences of other agencies. Continuous monitoring and well- defined incident response guidelines can go a long way in reducing risk exposure.
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL8 For more details please visit the link below: http://www.wipro.com/Documents/facing-the-reality-of-cyber- threats-in-the-power-sector.pdf
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL9 About Wipro Wipro Ltd. (NYSE:WIT) is a leading Information Technology, Consulting and Outsourcing company that delivers solutions to enable its clients do business better. Wipro delivers winning business outcomes through its deep industry experience and a 360 degree view of "Business through Technology"; helping clients create successful and adaptive businesses. A company recognized globally for its comprehensive portfolio of services, a practitioner's approach to delivering innovation and an organization wide commitment to sustainability; Wipro has over 140,000 employees and clients across 61 countries. For more information, please visit www.wipro.com
© 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL10 Thank You ©Wipro Limited, 2014. All rights reserved. For more information visit www.wipro.com No part of this document may be reproduced in whole or in part without the written permission of the authors. Wipro is not liable for any business outcome based on the views presented in this document. For specific implementation clients should take advise from their client engagement manager.
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...
FACING THE REALITY OF CYBER THREATS IN THE POWER SECTOR ... The Need for a Strong Cyber Security Strategy The Power sector has seen a significant growth ...
IBM Sales and Distribution White Paper Energy and Utilities Best practices for cyber security in the electric power sector Abstract With rare exceptions ...
EPA Power Sector Regulations; ... Energy Sector Cybersecurity Framework Implementation ... A Guide to Developing a Cyber Security and Risk Mitigation Plan;
EPA Power Sector Regulations; ... Infrastructure Security and Energy Restoration; ... The Trustworthy Cyber Infrastructure for the Power Grid ...
Cyber Security of the Electric Power Grid Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory
Cyber Security of the Electric Power ... laboratories and security firms have demonstrated the cyber ... sector is vulnerable to cyber ...
Cyber-Security and the Electric Sector PublicPower.org in December 2006, which demonstrated the possibility of remotely accessing bulk power system (BPS ...
It’s cyber attacks on ... that look to address the threat from cyber attacks on the energy sector. ... Clean Power Plan Deliver ...
Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. ... Cyber Safety; Cybersecurity Insurance;