Advances in Cyber Security for Electric Utilities: WG15 & Black Hat

I clearly remember the moment, almost six years ago, when I first heard about the IEC TC57 WG15 and its commitment to creating the IEC 62351 standards for secure-by-design power grid information systems.

The goal was bold and complex, but with enough skilled and passionate people focusing on it, the chance of success seemed high. And, “secure-by-design” is an objective Nozomi Networks has championed for since we initially formed the company. That’s why our organization joined IEC Working Group 15 (WG15) and why I’ve been an active member of it since the summer of 2015.

Membership means helping the group move things forward in multiple ways, including hosting the working sessions. More than two years ago we invited WG15 members to attend a meeting near our European HQ in Mendrisio, Switzerland. And, we’ve just recently hosted the spring meeting in south San Francisco, California — very close to our corporate HQ.

If you want to learn about the future of cyber security for power systems, I urge you to read this article. It also provides a sneak peek into our related (and groundbreaking!) talk about power system security at Black Hat USA 2019.

Nozomi Networks hosted the spring meeting of IEC Technical Committee 57, WG15 in south San Francisco. WG15 is defining the technical standards for secure-by-design power grid information systems.

Nozomi Networks Contributions to the IEC 62351 Standards 

If you’re not familiar with WG15 or the IEC 62351 standards, you can read about them in my earlier blog. Nozomi Networks efforts were initially dedicated to the analysis of proposals to include Deep Packet Inspection (IEC 62351-90-2) capabilities in end-to-end secure systems. We knew that if this functionality was not part of the initial design, then solutions used in the field would, by necessity, be poorly thought-out.

I’m now leading the development of another standard component devoted to providing guidance to utilities who want comprehensive monitoring of their secure power grid information system. It’s called “IEC/TR 62351-90-3 Guidelines for Network Management” and a draft will soon be available for comments.

The thinking behind this piece of the overall standard was described in a presentation I gave at Vienna Cybersecurity Week 2019, now available below for download. It boils down to this question:

“How are we going to manage and monitor systems designed for end-to-end security?”

Are we going to feel more secure, and consequently, employ weaker defenses? The answer is “Of course not.”

When the entire IEC 62351 family of standards (and similar efforts) is fully deployed, it will still be important to have systematic and holistic system monitoring. As a minimum, it will be essential to ensure that the security modules are in place and working properly.

See End-to-End Security for Power Systems at Black Hat USA 2019

The journey to end-to-end ICS security for power systems is long, but worthwhile. If you’re interested in this topic, you won’t want to miss our talk “The Future of Securing Intelligent Electronic Devices using the IEC 62351-7 Standard for Monitoring” at the upcoming Black Hat conference in Las Vegas.

The Nozomi Networks Labs team will show what an end-to-end secure system looks like and conduct a live demo of threat detection using IEC 62351 and SNMP communications. Through active interactions with devices deployed on the power system network, we’ll show how:

• The threat detection rate is increased
• Incident visibility is improved
• Cost-effective cyber resiliency can be applied to large, distributed systems. 

This will be the first time such a system is publicly demonstrated, using capabilities we think are groundbreaking. 

In the meantime, if you’re looking for more information on energy system cyber resiliency today and tomorrow, download the presentation available below.