A Firewall Optimization for Threat-Resilient Micro-Segmentation in Power System Networks

Electric power delivery relies on a communications backbone that must be secure. SCADA systems are essential to critical grid functions and include industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power systems, as cyber-physical critical infrastructure, must be protected against. For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5 specifies that an electronic system perimeter is needed, accomplished with firewalls. This paper presents how these electronic system perimeters can be optimally found and generated using a proposed meta-heuristic approach for optimal security zone formation for large-scale power systems. Then, to implement the optimal firewall rules in a large scale power system model, this work presents a prototype software tool that takes the optimization results and auto-configures the firewall nodes for different utilities in a cyber-physical testbed. Using this tool, firewall policies are configured for all the utilities and their substations within a synthetic 2000-bus model, assuming two different network topologies. Results generate the optimal electronic security perimeters to protect a power system's data flows and compare the number of firewalls, monetary cost, and risk alerts from path analysis.Comment: 12 pages, 22 figure

Firewall Configuration and Path Analysis for Smart Grid Networks

The objective of this research is to develop a complete cyber topology model of the Texas 2000- bus synthetic grid, and to study the data flow through utility companies to defend their networks from cyber-attacks. Specifically, this work focuses to create a set of firewall rules and configurations in a model network, optimize them by testing them against various attacks, then translate them to iptables to be used in our teams test bed. Cisco Packet Tracer will be used to create and test a network with various protocols allowed and denied at various nodes in the network. This sample network has a utility control center network, a substation network, and a balancing authority network. Then Network Perceptions NP-View software is used to run and analyze all firewall and router configuration files for a complete path analysis and risk assessment. The final goal is to understand every possible path into and out of each network, who is permitted to use these paths, and where an attacker might exploit the network. Then these possible attacks are simulated, traced, and studied, to allow for a better network topology