Summarization Of Energy-Efficient Communication Protocols For Smart Grid

Current State Description

Describe about the Summarization of Energy-Efficient Communication Protocols for Smart Grid.

Industry Control System refers to the various control procedure and system followed majorly in industries like nuclear, chemical and treatment plants for controlling and monitoring the industrial processes. The Industrial Control System (ICS) mainly deals with the instrumentation of the procedures followed in industry, acquiring data and controlling processes, performing data transfer and installation of the HMI (Human Machine Interface) (Weiss, 2014). One of the major threats to the ICS is the computer attacks. The significant challenges to the ICS that make the system much vulnerable are that this control system is linked to the physical processes related to gas, power, water, and transport. Thus, cyber security needs to be enhanced by the control system.

In this particular report, the case study of “PureLand Wastewater Treatment” is taken as a case study for improving and developing a cyber security plan for the existing ICS.

PureLand Wastewater Treatment Plant specializes in waste water treatment of Biological Fermentation and Chemical Manufacturing Industries.

PureLand Wastewater has been contacted by the Department of Homeland Security (DHS) regarding the use of Chlorine Dioxide, a toxic chemical prone to terrorist attacks. The PureLand Wastewater was asked to regulate their both physical and cyber security used in their industry. The network diagram of the ICS followed in PureLand is provided below:

Figure 1: Pureland WasteWater Network Diagram

(Source: Wang, Gao & Qiu, 2015, pp-87)

The entire facility of Pureland wastewater is working on the campus area network or corporate area network (CAN) interconnecting four LANs. In PureLand, the four LANs are Supervisory Network, Control System, Business LAN and Field System.

Supervisory Network: The Supervisory Network LAN controls the Supervisory Control and Data Acquisition (SCADA) that remotely controls, monitors and sends coded signal through the TCP/IP protocol.

Control System: Human machines Interface (HMI) is implemented in this LAN. Control System communicates with other facilities and the Field system with the ICCP (Inter-Control Center Communication Protocol).

Business LAN: The Business LAN is directly connected to the internet and utilizes firewall protection for communication over the internet. Business LAN utilized TCPIP protocol for interacting with the Supervisory Network.

Field System: The Field System where the wastewater treatment work is done is also directly connected to the internet. The Filed system communicated with the Control System and another facility through ICCP protocol.

The Process control vendor support can directly communicate with both Business LAN and Field System over The Internet.

Overview of Network Weaknesses

After the detailed analysis of the network system of the PureLand, the following issues were identified:

Lack of Firewall and anti-virus: All the LANs within the CAN are connected to each other and allow communication. The Business LAN is directly connected to the Internet and has firewall protection whereas the lack of firewall and anti-virus system in other LAN makes the system vulnerable to threats and attacks.

ICCP Protocol: Encryption or authentication is not provided by the ICCP (Inter-Control Center Communication Protocol) (Subramani, & Vijayalakhsmi, 2016). The communication between the Control systems, Filed system with the other facility is done through the ICCP protocol. Thus, it makes the communication at risks from various attacks and modifications.

Direct access to Field System LAN: The most vital task of the PureLand that is the wastewater treatment is done in the Field System along with the Sanitizer Feed Tank. The direct access to the internet with the Field system without any firewall makes it an easy target for attacks.

Supervisory Network: One of the main functions of ISC that is the SCADA (supervisory control and data acquisition) is done in this section. SCADA monitors the whole system by sending coded signal through the communication channel (Shalangwa, 2014). The lack of security and communication through ICCP protocol in control and filed system makes the supervisory network vulnerable.

The most common threats and vulnerabilities related to the Industrial Control System are Malware attacks, software errors, operator error, failure of the SCADA components and others.

Figure 2: Cause of Failures and Issues in ISC

(Source: Afzaal, & Nazir, 2012, pp-2)

In ICS, the IT facilities are controlled from a remote area and connected to each other with LAN connection. The lack of security in the LAN makes the network vulnerable to malware attacks and even Stuxnet that have the potential to infect the PLCs (Programmable Logic Controllers).

The firewall protection is not capable of securing all the issues. Studies have found that most of the attacks are made through remote access. Furthermore, unauthorized access and communication through corporate network make the ICS vulnerable to threats and attacks.

Figure 3: Threats to ICS

(Source: Reniers, Herdewel, & Wybo, 2013, pp-1668)

For achieving compliance with CFATS (Chemical Facility Anti-Terrorism Standards) the PureLand WasteWater should follow these regulations:

Appendix [A] to the Chemical Facility Anti-Terrorism Standard, Final Rule (Published November 20, 2007)

 This regulation defines and comprises of about 300 COI (Chemical of Interest) along with their STQ (Screening Threshold Quantities) (Chemical Security Laws and Regulations | Homeland Security 2016). Any industry or organization possessing any one of the listed COI comes under the law and is required to present a Top Screen within sixty calendar days.

Threats and Vulnerabilities Facing ICS

Chemical Facility Anti-Terrorism Standards, Interim Final Rule (Published April 9, 2007)

Interim Final Rule has published CFATS (Chemical Facility Anti-Terrorism Standards) after incorporating and gathering various information from companies, trade associations, individuals and various entities. According to the Appendix A, that comprises of the COI (Chemical of Interest) (Chemical Security Laws and Regulations | Homeland Security 2016). Any industry or organization having possession to any of the COI will require providing Top Screen to the DHS (Department of Homeland Security) utilizing the CSAT (Chemical Security Assessment Tool).

The desired future ICS system for the effective and efficient security for the information will include various measures like risk assessment, identify and remove vulnerabilities, training, digital asset ID, strong firewall and virus protection along with reliable communication channel between the LANs.

Figure 4: Elements of the Future Network System

(Source: Rusakov, & Shiryaev, 2012, pp-65)

Following secure policies will help in having complete control over the individual element in the ICS network. Blocking several addresses with the help of firewalls and access control software will help in securing the network (Molsberry, & Winter, 2014). The future system will be able to provide various security procedure and elements ensuring the communication and network security of PureLand. Apart from that, these measures will allow minimizing the cyber risks to an acceptable level.

In spite of that, these measures will help in achieving compliance with the various CFATS regulations while minimizing the negative impacts of safety and production (Balmer et al., 2014).

After the analysis of the current network architecture of PureLand; the following areas for improving the cybersecurity has been found.

Figure 5: Subject Areas to Improve Security

(Source: Unnimadhavan et al., 2016, pp-700)

The five major improvement areas for enhancing the security are:

Malware protection: All the computer and information system connected to the Corporate Area Network of PureLand need to be protected via robust and updated anti-virus and anti-malware system.

Encryption: The communication code for controlling and monitoring through the Supervisory Network should be encrypted while sending. Encryption helps in securing the data in the communication channel (Von Solms, & Van Niekerk, 2013).  Encrypted data can only be accessible to the one who has the correct encryption key.

Firewall: The PureLand’s network is divided into four sub-divisions, among which Business LAN and Field System is directly connected to the Internet. Installing robust firewall protection in between every LAN will help in improving the network security and prevent online threats and attacks.

Understanding of Applicable Regulations

Training: Thee employees of the PureLand are not well trained to work with any issues related t security. The employees of PureLand need to train about the various cyber threats and attacks that can occur in the system. Apart from that, the trained employees will be well equipped to monitor and control the system.

Communication Protection: The different LANs within the system communicate with each other while being directly connected to the internet. Introducing a Virtual Private Network (VPN) between the LANs will help in securing the communication channel between different units of PureLand (Kang et al., 2013). Furthermore, installing updated and strong antivirus system will provide security from external attacks like fishing, DDoS and others.

Conclusion

In this particular assignment, the existing network architecture of PureLand WasteWater has been evaluated and assessed. Examining the network various flaws and issues are identified that are prone to risks and cyber-attacks. To mitigate the risks and issues, mitigation plan is provided to minimize the attacks on the waste water management plant. Furthermore, the use of Chlorine Dioxide in their plant has opened more reasons for terrorist attacks and sabotage with the chemical. Thus to prevent those and proceed the operations with DHS and CFATS regulations, PureLand must follow the improvement security methods identified in the report.

References

Afzaal, A., & Nazir, M. (2012). Summarization of Energy-Efficient Communication Protocols for Smart Grid. Science, 3(2).

Balmer, M. L., Slack, E., de Gottardi, A., Lawson, M. A., Hapfelmeier, S., Miele, L., ... & Bernsmeier, C. (2014). The liver may act as a firewall mediating mutualism between the host and its gut commensal microbiota.Science translational medicine, 6(237), 237ra66-237ra66.

Chemical Security Laws and Regulations | Homeland Security. (2016). Dhs.gov. Retrieved 19 March 2016, from https://www.dhs.gov/chemical-security-laws-and-regulations

Kang, D. J., Lee, J. J., Lee, Y., Lee, I. S., & Kim, H. K. (2013). Quantitative methodology to assess cyber security risks of SCADA system in electric power industry. Journal of the Korea Institute of Information Security and Cryptology, 23(3), 445-457.

Molsberry, F. H., & Winter, R. L. (2014). U.S. Patent No. 8,745,373. Washington, DC: U.S. Patent and Trademark Office.

Reniers, G., Herdewel, D., & Wybo, J. L. (2013). A Threat Assessment Review Planning (TARP) decision flowchart for complex industrial areas.Journal of Loss Prevention in the Process Industries, 26(6), 1662-1669.

Rusakov, V. E., & Shiryaev, A. V. (2012). U.S. Patent No. 8,099,596. Washington, DC: U.S. Patent and Trademark Office.

Shalangwa, D. A. (2014). Evaluation of bandwidth Performance in a corporate network by using simulation model. Journal of engineering and technology research, 6(1), 1-5.

Subramani, R., & Vijayalakhsmi, C. (2016). Design of Lagrangian Decomposition Model for Energy Management Using SCADA System. InProceedings of the 3rd International Symposium on Big Data and Cloud Computing Challenges (ISBCC–16’) (pp. 353-361). Springer International Publishing.

Unnimadhavan, S., Bandlamudi, V. K., Adhya, T. K., Vadivelu, J., & Viswanathan, A. (2016). U.S. Patent No. 20,160,036,700. Washington, DC: U.S. Patent and Trademark Office.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.

Walters, D. B., Ho, P., & Hardesty, J. (2015). Safety, security and dual-use chemicals. Journal of Chemical Health and Safety, 22(5), 3-16.

Wang, T., Gao, H., & Qiu, J. (2015). A combined adaptive neural network and nonlinear model predictive control for multirate networked industrial process control.

Weiss, J. (2014). Industrial Control System (ICS) cyber security for water and wastewater systems. In Securing Water and Wastewater Systems (pp. 87-105). Springer International Publishing.