Tutorial 1

Date/Time: Monday November 9th, 2:00pm to 3:30pm and 4:00pm to 5:30pm
Duration: 3 hours
Title: Cyber Security for the Power Grid

Presenters: Mel Gehrs, Himanshu Khurana, Andrew Wright
Mel Gehrs Himanshu Khurana Andrew Wright

This tutorial is designed to provide an introduction to the problems and challenges relating to cyber security of the Power Grid. With an aim towards improved reliability and efficiency, the grid is being modernized today with the design and deployment of an extensive and highly interconnected cyber infrastructure. Owing to commercial forces the infrastructure includes substantial Commercial Off-The- Shelf (COTS) components including common operating systems and networking. Given its critical nature and use of COTS, the cyber infrastructure is an attractive target for cyber attacks and consequently at risk. This tutorial will explore cyber security problems, challenges, and solutions for mitigating such risks for the transmission and distribution systems of the grid.


The tutorial will cover four topics. First, an introduction to power systems (10 mins) and an introduction to cyber security issues in the cyber infrastructure will be covered (30 mins). Second, issues with securing both legacy and modern Supervisory Control And Data Acquisition (SCADA) systems will be explored (30 mins). This topic will review basic networking concepts and security issues, outline security threats specific to control systems and focus on architectural guidelines for deploying secure serial- and IP-based SCADA systems. Third, challenges with deploying smart grid devices and systems in the distribution network will be discussed (45 mins). Included will be real world examples of how one leading smart grid vendor is defeating "snooping/reverse engineering" of stolen equipment and using embedded hardware crypto engines to improve performance in field devices. Fourth, grid modernization efforts for wide area measurement and control in the transmission system and ensuing cyber security concerns will be presented (45 mins). This will leave 20 mins for a break and Q&A sessions. For those interested in learning more about these topics complimentary copies of the video-recorded lectures of the TCIP “Cyber Security for Process Control Systems” summer school (Julye’08) will be made available on-site. The CCS tutorial is intended to be a shorter version of the week-long summer school that focuses on select topics but the material will be significantly novel.

Who Should Attend:

The tutorial is intended for a broad audience of persons with some knowledge of security who are interested in learning security issues for the power grid. Material presented will assume undergraduate level knowledge of computer networks and systems. There will be sufficient background information provided on the power systems and grid topics. Students and faculty will have the opportunity to learn about real-world challenges and cyber security R&D problems in this space. Industry members will have the opportunity to learn about cyber security issues related to tools, technologies and standards that impact the realizing of a smart grid. Recently, the state of Illinois has embarked on a Smart Grid Collaborative (ilgridplan.org) and local industry and government stakeholders will find the tutorial useful and a source of technical knowledge for informed policy decision-making.

Speaker Bios:

Mel Gehrs has 30 years of utility experience with ComEd/Exelon in developing and supervising Nuclear Plant Process computers, Nuclear Security Computers, and nuclear simulator systems. He is currently president of Gehrs Consulting, Inc., and is specializing and consulting in "Smart Grid" technologies.

Himanshu Khurana is a Principal Research Scientist at the Information Trust Institute, University of Illinois, Urbana-Champaign. His research interests lie in the area of distributed system security, especially as applied to large-scale distributed systems and critical infrastructures. He is currently serving as the Principal Scientist for the Trustworthy Cyber Infrastructure for Power (TCIP) center. He holds a PhD from the University of Maryland and has published 30 articles covering a range of topics in distributed system security.

Andrew Wright is Chief Technology Officer at N-Dimension Solutions. He holds a Ph.D. in Computer Science from Rice University. He has published over 20 technical papers and has 16 years of experience in industrial research and development. At N-Dimension, he guides R&D strategy for the company's cyber security products for electric power utilities. Prior to joining N-Dimension, he was a Technical Leader in Cisco's Critical Infrastructure Assurance Group (CIAG), where he developed cyber security solutions for critical infrastructure, particularly Industrial Control Systems and SCADA.

Last modified: 2009-09-24 09:02:21 EDT

ACM CCS 2009