Experiences concerning the implementation of whitelisting solutions for DSAS protection
So far protection of Digital Substation Automation Systems (DSAS) against cyber threats was limited to the isolation of the local network,while the physical access to the substation was and is controlled by means of video surveillance technologies.However,practical experiences show that cyber threats for DSAS can arise not only from hackers or people not authorized to access to the substation,but also from regular company operators who unintentionally (or not…) can affect the system by means of malicious software.Being the current DSAS components not equipped with software solutions to protect themselves against cyber threats, the introduction of appropriate countermeasures is now essential. In order to guarantee the high availability and reliability level required for DSAS and to minimize unforeseen issues, a step by step approach is needed, starting from the selection of solutions that are compatible with the DSAS operation.Firstly Terna identified the main DSAS cyber risks by means of an assessment performed in a laboratory on a DSAS prototype. Taking into account that, once commissioned, the software running on a DSAS is stable and the likelihood to change it during its lifetime is very low, application whitelisting was included in the set of countermeasures to be applied. These technologies are intended to limit the execution of software included in a specific list (white list) and to stop unknown software.Whitelisting is only a part of a wider approach including: introduction of technical solutions, such as protocol encryption and multifactor authentication, but also training of the technical staff and modification of company organization in order to guarantee operation and maintenance of digital technology applied to critical infrastructures. The scope of this paper is limited to the experiences regarding the implementation of application whitelisting on a DSAS.Two different off the shelf whitelisting solutions meeting DSAS requirements have been selected and tested in a laboratory on two DSAS prototypes. These tests confirmed the effectiveness of whitelisting technologies and their compatibility with the DSAS environment.It’s now necessary to define the next steps towards the field application.
DSAS application control whitelisting
Massimo PETRINI Fabrizio CONFORTI Federico AURELI Emiliano CASALE
TERNA Italy
国际会议
国际大电网会议组织保护与自动化专业委员会年度会议暨学术研讨会
南京
英文
1-7
2015-09-20(万方平台首次上网日期,不代表论文的发表时间)