Digital Bond

For Secure & Robust ICS

CIP v5 Foundations and Generation Focused Security Training – April 17-18

by Leave a Comment

17-192x100[1]Spring is here, and that means generally cool, but not cold days.  Days where the wind blows through open windows, a light jacket is all you need for walking around, and both Daylight Savings Time and the axial tilt of this wonderful planet have graced us sunshine into the evenings.  These are the days when we have a chance to emerge from our electronic hibernation, away from our power-sucking gadgets in our winter nests, and enjoy the fellowship of our fellow humans.

And if you go to the Generation Focused Security Training in Denver on April 17th and 18th, you’ll also know that this is partly why Spring is big outage season for power stations in many parts of the United States.  You’d know that now is when the drop in electricity demand corresponding to the weather and human activities allows many power stations that have been running since ~October to come down for much needed maintenance and upgrades.

energysec_white_gray2-300x61[1]Now is your chance. The Generation Focused Security training is intended to communicate good cyber security concepts in the context of a generation station, and links those concepts with the paired NERC CIPv5 Foundations course offered by our partner, EnergySec.

Day 1 is the excellent CIP v5 Foundations course offered by EnergySec. The Foundations training will prepare attendees to face version 5. In this course we will:

  • Explain the 19 terms with new or revised definitions and other important terms that are still undefined
  • Describe the 13 categories of assets to which requirements apply
  • Explain the new bright line criteria and the three tier (High/Medium/Low) approach to asset classification
  • Walk through a detailed mapping and discussion of the new, revised, and retired requirements
  • Discuss the two new standards in version 5
  • Explore future changes that may result from the FERC Order on version 5
  • Provide references and discussion on the pertinent NERC filings and FERC rulings on these standards

Day 2 of the paired course will examine and impart established cyber security concepts in the context of a Generation Station, and link those concepts to the Foundations points from Day 1. The intructor shall discuss all concepts in the context of a model plant, designed to allow conversations on different control systems and networks. Emphasis will be on how cyber security measures have been successfully and unsuccessfully applied in the generation environment, strategies for implementation and operation, common problems and solutions. And finally, the course will discuss vulnerabilities in control systems, and introduce all students to tools used by penetration testers and hackers to better prepare them for challenges ahead.

As the generation business is different, so too are the ideas and concepts when applying cyber security concepts to the operating environment. And placing cyber security controls into the generation context will be increasingly important over the next two years, as more Generation is brought into the mix of NERC CIP regulations.

Those interested may register on the EnergySec website here. Cost for the paired training is $1,295.00 total, a savings of $100 is recognized when signing up for both courses.  Seats are limited to the first 25 participants, and EnergySec partners are offered their customary training discount.

title image by James Sarmiento (old account)

News on CIPv5, for Generation

by Leave a Comment

Guess which one is NERCIt was a busy week for NERC CIP last week, where comments in the Notice of Proposed Rulemaking (NOPR) from FERC indicate that CIP Version 5 will be approved. CIPv5, and the potential successive versions suggested by NOPR language, are going to have a heavy impact on generators.

But before I hop into what CIPv5 means for Generation, I want to spotlight Tom Alrich and his excellent coverage of the NERC CIP development process. Tom is an active participant in both the CIP development efforts, and in some regional efforts. Since discovering his blog, I have a better understanding of not only what direction the regulations are taking, but also why they are taking that direction. He is candid, and he is thorough, and he is, what I would term, a compliance geek. Points I expand on in this post specifically for generation, Tom has made in his posts for electric power in general. Now, for some generation geekery of my own…

Major comments in the NOPR indicate that FERC wants some very specific changes to the NOPR. The big ones that will affect generation are:

  1. Technical Cyber Security Controls for Low Impact
  2. ‘Temporary’ Cyber Assets, i.e. those that are connected for 30 days or less and connect to an ESP network
  3. Clarification on what a Generation Control Center is

[Read more…]

Electricity Market 101

by Leave a Comment

A lot of Digital Bond readers are not electric power professionals, so I figured some 101 on the electricity sector might be appropriate. One of the more fascinating, and least understood even by power professionals, aspects of electric power is the electric power market. As cyber security professionals, we have an obligation to understand how our clients make their money, so that we can give them appropriate recommendations on securing that cashflow (you know, outside of “do it or I’ll CIP you”).

The power market is a a bid based construct where buyers and sellers of electric power can exchange various electric power ‘instruments’, the most common being Megawatt hours (MWh), for money. A megawatt hour is a measure used to meter large amounts of power, and is equal to an output of 1 MW for 1 hour. Buyers bid into the market with their minimum price per MWh ($/MWh) each day, which is the minimum amount of money they will accept to generate. The intent is that generators take into account all their operating costs, and their intended profit margin, and compete against other generators doing the same thing.

After bidding, the market then ‘fills’ the expected daily demand starting with the cheapest sources first (called Least Cost Dispatch) with the bids from all the generators. The price paid to all the generators is then set to the price by the last bidder necessary to fill the demand. When it’s done ahead of time, this price is an estimated price based on forecasts (called the day-ahead price in some markets).

But, it’s not that simple. The electric power grid runs according to the laws of physics, not of humans, and needs some specific operating rules to ensure that it stays stable and reliable.

First of all, the market is security constrained, which is not what you cyber folks think it is. Security constrained refers to the ability of grid operators to limit the market approach when there is a reliability limit in place. Sometimes, systems work well for market purposes and there are few security considerations. However, when the system is at high load, has limited supply, or other system issues are present, the operator has the power to constrain generators to ensure reliability. A common constraint is limiting generator output due to transmission lines having reached limits (called congestion). Operators will either increase or decrease specific generation to balance and alleviate congestion, which obviously affects the price of electricity (called the spot price). Or, they will switch lines and components in and out as well, though a system reconfiguration is not something to be done lightly. There are other security constraints as well, most based upon the physics of the electric power system.

The last part of the electricity market handles the real-time component, which I’ve heard called a  spot market, or a real-time market. Basically, electricity demand cannot be fully predicted and accounted for, though it can be trended and forecast to an extent. When the forecast is different from the actual demand (notice I said “when”), the market must react by buying more power from generators. When the difference between the forecast and the real demand is small, then it’s often absorbed into existing production at nominally the same price. When the difference is high, then the price can quickly jump as new generators are added into the system. In these cases, the $/MWh can go from the mid-$30s up to several hundred dollars, and even into the thousands. This mechanism is also used when unexpected failures happen in the system, the higher the severity and the more unpredictable the event, the higher the price can rise. The spot is calculated in time slices, sometimes an hour, or 30 minutes, and even down to 1 minutes slices.

Different generation types bid differently. For instance, shutting down a nuclear power plant is an a supremely expensive proposition, so they usually bid in at $1 a MWh. This means they are almost always picked by the least cost dispatch model, and make whatever the market price is at the time. Base-load plants do a similar strategy, often bidding in at cost (or slightly below cost), taking advantage of spot price fluctuations to make a profit. Peaking plants are typically higher cost, and bid in as such, due to higher maintenance associated with cycling the units. Wind and Solar are special cases, and some markets have special rules to handle their inclusion (ERCOT is the one I’m most familiar with).

I hope this has been educational to cyber security professionals, and maybe even some engineers. This is a basic introduction to electricity markets in North America and a few internationally, but there are always local variations if you travel around. It’s also important to note that not everyone participates in a market, we also have the traditional utility model, which I need to discuss as well. As always, comments and questions are welcome below.

 

 

The Electric Power Plant Tour

by Leave a Comment

Digital Bond has been doing a lot of generation work lately, and I’ve found myself in plant clothes (safety shoes, hard hat, jeans, cotton shirt) more and more often. There has been a lot of interest in the cyber security of generation plants, and not all of it is due to criteria in the NERC CIP V4 Brightline. But, I’m not here to discuss what’s in and what’s out this time around….  I’m here to discuss what happens when your plant becomes a Critical Asset, and a very important initial activity.

Generation differs greatly from Control Centers and Substations.  First, Generation is big, the kind of big that often requires 4 wheeled transportation to avoid hiking from place to place. Second, generation has cyber assets tucked away in hard to reach places, and out at the most remote corners of the plant. To see these places, you need to take a tour of the major mechanical and electrical systems at the plant in order to inventory these cyber assets so that you can determine if their function can affect the operation of the plant in a manner that effects a reliable Bulk Power System.

[Read more…]

About Us

Digital Bond was founded in 1998 and performed our first control system security assessment in the year 2000. Over the last sixteen years we have helped many asset owners and vendors improve the security and reliability of their ICS, and our S4 events are an opportunity for technical experts and thought leaders to connect and move the ICS community forward.

Recent Comments