大型综合电力系统防火墙配置的生成

A. Sahu, Patrick Wlazlo, Nastassja Gaudet, A. Goulart, E. Rogers, K. Davis
{"title":"大型综合电力系统防火墙配置的生成","authors":"A. Sahu, Patrick Wlazlo, Nastassja Gaudet, A. Goulart, E. Rogers, K. Davis","doi":"10.1109/TPEC54980.2022.9750776","DOIUrl":null,"url":null,"abstract":"Supervisory Control and Data Acquisition (SCADA) systems play an important role in modern power grid operations. Interactions of interest include the numerous application layer protocols, from industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3) to traditional information technology (IT) protocols such as Web-based applications. All these protocols are vulnerable to cyber threats, against which power grid control systems must be protected. For this reason, the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP-005-5) exists and requires an electronic security perimeter. This paper presents how these electronic security perimeters can be configured in an automated way. First, a set of firewall rules are described, translated to iptables, and evaluated in the emulation environment in the Resilient Energy System Laboratory (RESLab) cyber-physical testbed. To configure the firewall rules for a large scale power system model, this paper presents an automatic firewall configuration generator that is implemented as a prototype software tool that can streamline configuration of firewalls for utilities. Using this tool, firewall policies are configured for all the utilities and substations within the Texas 2000-bus model, assuming a star network topology plus one balancing authority. The resulting number of firewalls, object groups, and access control lists for this large power system model are also presented.","PeriodicalId":185211,"journal":{"name":"2022 IEEE Texas Power and Energy Conference (TPEC)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Generation of Firewall Configurations for a Large Scale Synthetic Power System\",\"authors\":\"A. Sahu, Patrick Wlazlo, Nastassja Gaudet, A. Goulart, E. Rogers, K. Davis\",\"doi\":\"10.1109/TPEC54980.2022.9750776\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Supervisory Control and Data Acquisition (SCADA) systems play an important role in modern power grid operations. Interactions of interest include the numerous application layer protocols, from industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3) to traditional information technology (IT) protocols such as Web-based applications. All these protocols are vulnerable to cyber threats, against which power grid control systems must be protected. For this reason, the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP-005-5) exists and requires an electronic security perimeter. This paper presents how these electronic security perimeters can be configured in an automated way. First, a set of firewall rules are described, translated to iptables, and evaluated in the emulation environment in the Resilient Energy System Laboratory (RESLab) cyber-physical testbed. To configure the firewall rules for a large scale power system model, this paper presents an automatic firewall configuration generator that is implemented as a prototype software tool that can streamline configuration of firewalls for utilities. Using this tool, firewall policies are configured for all the utilities and substations within the Texas 2000-bus model, assuming a star network topology plus one balancing authority. The resulting number of firewalls, object groups, and access control lists for this large power system model are also presented.\",\"PeriodicalId\":185211,\"journal\":{\"name\":\"2022 IEEE Texas Power and Energy Conference (TPEC)\",\"volume\":\"77 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-02-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Texas Power and Energy Conference (TPEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TPEC54980.2022.9750776\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Texas Power and Energy Conference (TPEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TPEC54980.2022.9750776","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

摘要

监控与数据采集(SCADA)系统在现代电网运行中发挥着重要作用。感兴趣的交互包括许多应用层协议,从工业控制系统(ICS)协议(如分布式网络协议-3 (DNP3))到传统信息技术(IT)协议(如基于web的应用程序)。所有这些协议都容易受到网络威胁,电网控制系统必须受到保护。出于这个原因,北美电力可靠性公司(NERC)关键基础设施保护(CIP-005-5)存在,并需要一个电子安全边界。本文介绍了如何以自动化的方式配置这些电子安全边界。首先,描述了一组防火墙规则,将其转换为iptables,并在弹性能源系统实验室(RESLab)网络物理试验台的仿真环境中进行了评估。为了对大型电力系统模型的防火墙规则进行配置,本文提出了一种防火墙自动配置生成器,并将其作为简化公用事业防火墙配置的原型软件工具来实现。使用此工具,可以为Texas 2000总线模型中的所有公用事业和变电站配置防火墙策略,假设是星型网络拓扑和一个平衡机构。最后给出了该大型电力系统模型的防火墙、对象组和访问控制列表的数量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Generation of Firewall Configurations for a Large Scale Synthetic Power System
Supervisory Control and Data Acquisition (SCADA) systems play an important role in modern power grid operations. Interactions of interest include the numerous application layer protocols, from industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3) to traditional information technology (IT) protocols such as Web-based applications. All these protocols are vulnerable to cyber threats, against which power grid control systems must be protected. For this reason, the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP-005-5) exists and requires an electronic security perimeter. This paper presents how these electronic security perimeters can be configured in an automated way. First, a set of firewall rules are described, translated to iptables, and evaluated in the emulation environment in the Resilient Energy System Laboratory (RESLab) cyber-physical testbed. To configure the firewall rules for a large scale power system model, this paper presents an automatic firewall configuration generator that is implemented as a prototype software tool that can streamline configuration of firewalls for utilities. Using this tool, firewall policies are configured for all the utilities and substations within the Texas 2000-bus model, assuming a star network topology plus one balancing authority. The resulting number of firewalls, object groups, and access control lists for this large power system model are also presented.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信