2 research outputs found
A Firewall Optimization for Threat-Resilient Micro-Segmentation in Power System Networks
Electric power delivery relies on a communications backbone that must be
secure. SCADA systems are essential to critical grid functions and include
industrial control systems (ICS) protocols such as the Distributed Network
Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power
systems, as cyber-physical critical infrastructure, must be protected against.
For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5
specifies that an electronic system perimeter is needed, accomplished with
firewalls. This paper presents how these electronic system perimeters can be
optimally found and generated using a proposed meta-heuristic approach for
optimal security zone formation for large-scale power systems. Then, to
implement the optimal firewall rules in a large scale power system model, this
work presents a prototype software tool that takes the optimization results and
auto-configures the firewall nodes for different utilities in a cyber-physical
testbed. Using this tool, firewall policies are configured for all the
utilities and their substations within a synthetic 2000-bus model, assuming two
different network topologies. Results generate the optimal electronic security
perimeters to protect a power system's data flows and compare the number of
firewalls, monetary cost, and risk alerts from path analysis.Comment: 12 pages, 22 figure
Firewall Configuration and Path Analysis for Smart Grid Networks
The objective of this research is to develop a complete cyber topology model of the Texas 2000- bus synthetic grid, and to study the data flow through utility companies to defend their networks from cyber-attacks. Specifically, this work focuses to create a set of firewall rules and configurations in a model network, optimize them by testing them against various attacks, then translate them to iptables to be used in our teams test bed. Cisco Packet Tracer will be used to create and test a network with various protocols allowed and denied at various nodes in the network. This sample network has a utility control center network, a substation network, and a balancing authority network. Then Network Perceptions NP-View software is used to run and analyze all firewall and router configuration files for a complete path analysis and risk assessment. The final goal is to understand every possible path into and out of each network, who is permitted to use these paths, and where an attacker might exploit the network. Then these possible attacks are simulated, traced, and studied, to allow for a better network topology