An Early Warning System Based on Reputation for Energy Control Systems

1. An Early Warning System Based on Reputation for Energy Control Systems A Review by Raghu Rangan WPI CS525 September 19, 2012

2. Problem/Goal • Supervisory Control and Data Acquisition systems are not secure enough • Can only detect anomalous events occurring at a certain moment • Serious consequences if part of the control and substations are disrupted • Propose an intelligent early warning system • Capable of preventing anomalous situations • And reacting against them on time

3. Early Warning Systems • Four main components • Detection: sensorial nodes • Reaction • Information recollection: to store evidence • Alarm Management • All of the components have to be active • Before • During • After

4. Background • Wireless sensor networks • Capable of providing all services for EWS • Nodes are able to monitor, detect, track and alert • Lower installation and maintenance costs compared to remote terminal unit • Paper focuses on ISA 100.11a • Extension of WirelessHART • Offers set of services • Reliability of communication • Diagnosis • Alert and priority management

5. Reputation and Trust Management • Trust and reputation systems aid with dealing with uncertainty • Knowing the reputation of nodes and their behavior • Allows nodes to make suitable decisions • Still in the early stage of research • Currently for ad-hoc and P2P networks • This system will be used for mesh and star networks • EWS will use clusters

6. General Architecture

7. Cluster Head Architecture • Cluster head • In charge of gathering and analyzing reputation values of nodes

8. Pattern Association • Pattern Association • Takes data from Message Normalization • Verifies the nature of the message • Checks if the message arrived in a valid time period

9. Reputation Manager • Reputation Manager • Aids in determining which nodes in cluster are not functioning properly • Updates reputation value of each node in cluster • Provides info on nodes to gateway

10. The Gateway Architecture • Analysis of alerts from cluster heads done in ARO • Depending on the queue and its priorities • Send alert to SCADA Centre • Activate operator location component • For critical alerts

11. Updating Reputation • Given the priority of the alert • The reputation of the node is updated • Operator determines the priority of the alerts • Two cases for updating node reputation • If alert priority was as critical as determined • Node behaved correctly • Reputation increased • If alert priority was not as critical as determined • Reputation of node decreased

12. Application Case Scenario • Test scenario for EWS in smart grid system • Five cases identified by cluster heads • Explain what the system should do in each case

13. Cluster Head Cases

14. Case Behaviors • Case 1 is an alert • Pattern association component analyzes and sends to RM • Case 2 is a normal message • No anomalous readings • Stored in cache and sent to aggregation component

15. Case Behaviors • Case 3 is an anomalous situation • Data is outside the specified boundaries • Information forwarded to RM • Alert sent out (event_reading_out_threshold) • Reputation of nodes updated

16. Case Behaviors • Case 4: system is under a replay attack • Node is already compromised • RM generates alert • Case 5: message is lost in the network • Low priority alert sent • Reputation of nodes not updated

17. Future Implementation • The next step is to actually implement this architecture in a simulation • Using TinyOS (open source OS for WSN) • Expected results • Fast response and protection • Safety and security • Performance • Adaptability • Auditing and maintenance

18. Discussion

19. Extra: ISA 100.11a Figure from: http://cantwell.co.nz/blog/archives/2011/06/16/wireless-for-industry/