Duke Energy Emerging Technology OfficeNext Generation Cybersecurity for DistributedIntelligence and Grid Edge DevicesDavid Lawrence

OpenFMB: Enhancing Grid Edge IntegrationNodeVendor A SolutionVendor C Key Observations:Single-Purpose FunctionsProprietary & Silo’ed systemsLatent , Error-prone DataOT/IT/Telecom DisconnectedNo Field dEnd CC12.22or CoAPNode1. AAny Medium3G, LTE, Wi-Fi,Fiber, Ethernet,RF ISM, or PLC61850 CIMIoT Pub/SubHeadEnd BCIMDNP3Enterprise Service BusProprietaryNetworkHeadEnd BOpen Field Message BusVendor B SolutionSunspecModbusHeadEnd AEnterprise Service BusPrivateCarrierHeadEnd CUTILITYCENTRALOFFICEKey Observations:Multi-Purpose FunctionsModular & Scalable HW&SWEnd-to-End Situational AwarenessOT/IT/Telecom ConvergenceTrue Field Interoperability!

OpenFMB: Layered Architecture FrameworkEnd PointsDevicesSmartMeterMiddle Tier Nodes(e.g. substation)BreakerRelayLegacy ProtocolAdapterBatteryInverterHigher Tier NodeCentral Office(Utility Datacenter)MDMGISDMSOMS- Common DataModel Profile(s)ModbusLineSensorMLower Tiers Nodes(e.g. grid)FirewallOpenFMBprotocolHeadEndsSCADALegacy ProtocolAdapterCommon DataModel Profile(s)OpenFMBprotocolLegacy Protocol AdapterCommon Data ModelCapacitorBankSolar PVInverterOpenFMB protocolLegacy ProtocolAdapterCommon DataModel Legacy Protocol TranslationCommon Semantic ModelOpenFMB IoT ProtocolVirtual FirewallClient/Server PollingPub/Sub Messaging

Microgrid Test Site in Mount Holly, NCSolar PV InstallationsBattery Energy Storage SystemsMicrogrid Islanding Switch

OpenFMB: Federated Message Exchanges Periodic Readings - Pub every fewsecs or near-real-timeData-Driven Events – on statuschange in near-real-timePVPub/Sub - ReadingsKW A/B/CKVAR A/B/CV A/B/CI A/B/CPhase Angle A/B/CKWhTimeStampState of ChargePub/Sub - Events, Alarms,and ControlTrip / OpenTimeStampBatterySecurity/NetworkPolicy ManagerOpen Field Message BusRecloser / SwitchMeterGrid Edge analyticsDER/MicrogridOptimizer

OpenFMB: Relevant PublicationsSEPA’s Open Field Message Bus (OpenFMB): Internetof Things (IoT) Interoperability FrameworkNAESB RMQ.26 Version 3.1Please contact [email protected] PNNL’s Grid Architecture 2.0:Laminar Coordination Framework (LCF)PNNL-25480 (Courtesy of JD Taft)Available at

System Architecture TodayCentral Control,Hierarchical, Tier 2Distribution Intelligenceand CoordinationCentral Control, Hierarchical,Minimum Distributed Intelligence(RTUs and Gateways)Tier 1Tier 1Tier 2Tier 2Tier 3Tier 3

System Architecture In-ProgressHybrid Central and DistributedControl, Hierarchical and/or BusTier 1Tier 2Tier 3Distributed CoordinatedAutonomous Functions

Rankin / Mount Holly Microgrid Pilot Circuit275KW/300KWhHybrid Battery SystemPlanned use-cases: Microgrid Islanding/Reconnection Circuit Segment Optimization DER Circuit Segment Management PKI Management (new)1.2MW PV 20KW650KW/326KWh250KW/250KWhVoltage Source 100KW Current SourceBattery System PVBattery System500KWloadbank

IIoT Attacks GrowingCopyright 2017 Trusted Computing Group10

Distribution SubstationSecurityConsoleSCADAHMIRed is Good.That means the poweris on.LANDOE FOA 797:Distributed Cyber Security DemoWANSubstation NetworkGatewayProtection relaysLocal Agent containers

What can a hacker do? Crain & Sistrunk DNP3 vulnerabilities reported (2013)– Fuzzer attack– OpenDNP3 – complete with master/outstation demos– Legacy protocols were not designed with security in mind Take over DNP3 control– “arpspoof ”– Try random commands using tshark & “OpenDNP3” hack– Hacker may already know the actual commands Masquerade as a control application––––Control the Switch / Breaker / Recloser / Voltage Regulator / PCCSpoof StatusChange Setpoints, Disable ProtectionDrive Distributed Denial-of-Service attack (DDoS)– Programmer’s manual is also a “how to hack” guide– No one expected this

0Pu b l ic a tio n o f t h e In d u s t r ial Int e r n et Sec u r it y Fr a m e w o r k { l lSF)T h e c o l le ct i v e c y b e r- s e c u r it y w is d o m o f o u r m e m b e r s f r o m o v e r 2 5 d i f f e r e nt o r ga n i z a t io n sSecurjty Configuration & ManagementSecurity Monitoring & Ana lys1sCommunications & Connectivity ProtectionEndpoint ProtectionE d pE n d p o i ntAccossControlProc t loe n d p o in t M o n t o r n g& A n a l y s isE n dp o int S e c u r eC o n f i g u r a t io n & M a n a g e m e n tE n d poi nt IdentityE n d p o in t R o o t o f T r u s t

OpenFMB Security Analytics FrameworkDescribeUse-Case PlanningIdentifying Normal Behavior & Good Actors:Commissioning, Updating & OperatingData ModelDefineSecure Pub/SubSecure TransportProfiles, Topics, Semantics, Behavior:Operational Functions & Security PoliciesMessagingWhite-listed & Encrypted Payloads:DDS Secure on top of the UDP/IP or TCP/IPTransportTLS 1.2 Transport SecurityBehavior AnalysisSecurity Behavior AnalysisIntrusion Detection & Machine Learning:Domain Knowledge: Detect, Isolate, Restore

OpenFMB Cybersecurity Working Group OpenFMB Node Security–––––Physical SecurityIdentity Management: TPM, PUF, ECCSecure BootSecure Operating SystemData at Rest Signed Applications Isolation / Containers Data Assurance– Data in Motion / Communications PKI: Authentication, Authorization Trust Ingress and Egress Filtering Network Segmentation Security– SDN / VLAN’s– White-Listing, Topics, Data Models formed by Use Case Behaviorial Analytics– Auto-generate the Single-Line diagram– Determine normal behavior and detect anomalies

TPM 2.0Trusted Platform Module Cryptographic coprocessor, since 2003 Meets FIPS 140-2 Key generation, Secure storage, Authorization,Health attestation Random number generator Crypto and hash algorithmsUse Cases Grant network access, Topic signing, Topic decryptingOpenFMB Compliance (minimums) Key exchange: ECDHE X25519, P-256 Cert authentication / signing: ECDSA 128 bits Encryption: GCM AEAD Block cipher: AES 128 Cert type: X.509v3 Certs: self-signed or Utility CA Certs: maximum lifespan of one year If TLS is used: Bi-directional authentication TLS version1.2 TLS ECDHE ECDSA AES 128 GCM SHA256 OpenFMB nodes authenticate and authorize usingECDSA 128 bits


PMU AnalyticsLegendBlack: FreqSloped lines: PanglesGreen: Va magPurple: Vb magPink: Vc mag

Rankin HIL Simulation Test HarnessConventional Simulator SolutionsFeeder P&CGrid SimulatorMicrogridinvertercontrollerGrid SimulatorMicrogrid P&C Prior work with UNCC leveraging theirReal-time Data Simulator (RTDS) , OpalRT,and OpenDSS solutions. Steady-state simulation validated withCYME and Rankin measurements. Precision ( 10us) and scaling (requiresmultiple racks) of existing simulationsolutions was insufficient for full Feeder withdynamic power electronics needed forseamless microgrid islanding.Benefits of New Simulator Solution New TyphoonHIL simulator scales muchbetter (1 box for full feeder) with highprecision ( 5us) simulation steps Agile power electronics simulator modelingtools for tuning of actual vendor hardware Supports seamless microgrid islanding Easy virtual user interface with completelibrary of power system assets and DERs. Compatible with OpenFMB DI use-casesRankin Feeder One-line


Discussion – Q&A

The collective cyber-securityw isdom ofo ur m e m bers from over 25 differ ent organizations Securjty Configuration & Management Security Monitoring & Ana lys1s Communications & Connectivity Protection Endpoint Protection E _dp Pro ctlo E n d p o i nt A c c o s s C o n t r o l e n dpoin t M