A carregar...
PublicaĆ§Ć£o
A fault - and intrusion - tolerant architecture for EDP DistribuiĆ§Ć£o SCADA system
| Nome: | DescriĆ§Ć£o: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 3.26 MB | Adobe PDF |
Orientador(es)
Resumo(s)
Nas Ćŗltimas dĆ©cadas tem havido um grande investimento na criaĆ§Ć£o de uma infraestrutura para distribuiĆ§Ć£o de energia que ofereƧa uma maior qualidade de serviƧo e tambĆ©m uma maior cobertura de todo o territĆ³rio nacional PortuguĆŖs. No entanto, a criaĆ§Ć£o de novas instalaƧƵes elĆ©ctricas e a prĆ³pria expansĆ£o da rede nĆ£o garantem por si sĆ³ a qualidade de serviƧo exigida, apesar da maior robustez e confiabilidade das tecnologias mais recentes. Ć muito importante ter a capacidade de monitorizar toda a infraāestrutura a qualquer altura de modo a poder responder o mais rapidamente possĆvel a quaisquer incidentes ou falhas que possam ocorrer na rede elĆ©ctrica. O objectivo principal de um fornecedor de energia Ć© reduzir o tempo de indisponibilidade do serviƧo prestado aos consumidores de electricidade e aumentar a qualidade do serviƧo. O papel de executar uma supervisĆ£o rĆ”pida e eficaz de toda a infraāestrutura de distribuiĆ§Ć£o de energia Ć© delegado ao operador de rede que fornece a rede de distribuiĆ§Ć£o. O principal objectivo serĆ” optimizar o fluxo de energia atravĆ©s da gestĆ£o e operaĆ§Ć£o da rede elĆ©ctrica, garantindo a qualidade do serviƧo tĆ©cnico. Para alĆ©m de estar alerta para qualquer incidente, os operadores de rede sĆ£o tambĆ©m responsĆ”veis para iniciar todas as medidas necessĆ”rias para resolvĆŖālos, de acordo com a anĆ”lise feita no momento. Hoje em dia, a operaĆ§Ć£o da rede de distribuiĆ§Ć£o Ć© assistida por ferramentas de gestĆ£o de alta tecnologia, os sistemas Supervisory Control and Data Acquisition (SCADA) que permitem a supervisĆ£o e controlo remoto da rede de distribuiĆ§Ć£o de energia da EDP DistribuiĆ§Ć£o. No entanto, esta supervisĆ£o nĆ£o foi sempre apoiada por tecnologias sofisticadas.
Antes do aparecimento dos sistemas de informaĆ§Ć£o, a monitorizaĆ§Ć£o da rede elĆ©ctrica era realizada localmente, nas subestaƧƵes de Alta TensĆ£o, por operadores de rede que
trabalhavam em turnos de 24 horas por dia, sete dias por semana, garantindo o controlo e gestĆ£o de incidentes a todo o momento.
Com o desenvolvimento das tecnologias da informaĆ§Ć£o e de comunicaƧƵes, os sistemas SCADA surgiram. Estes sistemas sĆ£o ferramentas muito valiosas para a supervisĆ£o e operaĆ§Ć£o da rede elĆ©ctrica em tempo real. Os sistemas SCADA tĆŖm uma arquitectura muito complexa composta por sistemas de informaĆ§Ć£o com bases de dados relacionais, que recebem quase em tempo real informaĆ§Ć£o dos diferentes componentes elĆ©ctricos monitorizados e que tĆŖm tambĆ©m a capacidade de executar comandos remotamente sobre esses mesmos componentes.
A implementaĆ§Ć£o destes sistemas possibilita uma melhor gestĆ£o da rede elĆ©ctrica de distribuiĆ§Ć£o, a reduĆ§Ć£o de custos de operaĆ§Ć£o, e permite tambĆ©m a automatizaĆ§Ć£o de procedimentos e a padronizaĆ§Ć£o dos processos a nĆvel nacional. Na EDP DistribuiĆ§Ć£o, o
sistema SCADA representa apenas um dos sistemas core do Generation Network Information System (GENESys), um sistema que incorpora as funcionalidades SCADA com funcionalidade de gestĆ£o da distribuiĆ§Ć£o de energia, fornecidas por um sistema Distribution Management System (DMS).
O sistema GENESys representa o nĆŗcleo da gestĆ£o da rede elĆ©ctrica da EDP DistribuiĆ§Ć£o, e a sua robustez, confiabilidade e disponibilidade Ć© crĆtica, considerando as funcionalidades do mesmo. A arquitectura actual do sistema tem algumas debilidades e carece de capacidade para tolerar alguns tipos de falhas na sua estrutura.
Sendo assim, propomos uma arquitectura tolerante a falhas e intrusƵes para o GENESys, com o objectivo de criar um sistema mais confiĆ”vel e seguro. A arquitectura Ć© composta essencialmente por trĆŖs camadas distintas que iremos endereƧar com trĆŖs soluƧƵes dedicadas, com a perspectiva de melhores resultados globais. Para as camadas inferiores do sistema, as instalaƧƵes elĆ©ctricas monitorizadas e os sites dos Frontends, propomos mecanismos de tolerĆ¢ncia a falhas baseado em redundĆ¢ncia com gestĆ£o aplicacional. Para a camada dos sistemas SCADA e DMS, propomos a implementaĆ§Ć£o de um protocolo de replicaĆ§Ć£o tolerante a intrusƵes, uma vez que ambos os serviƧos sĆ£o fundamentais para uma gestĆ£o confiĆ”vel e segura da rede elĆ©ctrica da EDP DistribuiĆ§Ć£o. O protocolo MinBFT irĆ” fornecer uma camada extra de seguranƧa para os sistemas uma vez que o algoritmo de replicaĆ§Ć£o de mĆ”quinas de estado irĆ” garantir que, se um invasor comprometer uma das rĆ©plicas do sistema, nĆ£o serĆ” capaz de controlar e comprometer o funcionamento correcto da rede elĆ©ctrica.
AlĆ©m disso, realizamos duas anĆ”lises distintas sobre a arquitectura proposta, sempre dividindoāa pelas trĆŖs camadas abrangidas. O objectivo da primeira anĆ”lise Ć© entender quais sĆ£o as capacidades de tolerĆ¢ncia a falhas introduzidas nas diferentes camadas do GENESys pelas soluƧƵes propostas. Na segunda, realizamos uma anĆ”lise de custoābenefĆcio para inferir sobre a viabilidade de nossa proposta, reconhecendo tanto os seus custos como os benefĆcios tĆ©cnicos e operacionais.
Over recent decades there has been a great investment in creating an infrastructure for energy distribution that offers a higher quality of service and also a greater coverage over the Portuguese national territory. However, the expansion of facilities and the power grid do not guarantee by themselves the required quality of service, despite the increased robustness and reliability of the more recent technologies. It is very important to monitor the entire infrastructure at all times in order to respond as fast as possible to incidents and failures that occur in the power grid. The main objective is to reduce the downtime of the service provided to electricity consumers and to increase the quality of service. The role of performing a quick and effective oversight of the entire infrastructure of power distribution is delegated to the utility providing the distribution grid. Its main objective is to optimize the flow of energy by managing and operating the power grid, ensuring quality of technical service. In addition to being alert to any incident, the network operators are also responsible to initiate all the necessary measures to solve them, according to the analysis made at the time. Nowadays, these functions of great responsibility are facilitated by management tools, usually supervisory control and data acquisition (SCADA) systems that allow remote monitoring and control of the EDP DistribuiĆ§Ć£o power grid. However, the monitoring of the power grid has not always been supported by sophisticated technologies. Before the appearance of information systems, the oversight of the facilities was carried out locally by grid operators who worked in shifts covering high voltage substations twenty four hours a day, seven days a week, ensuring control and incident management at all times. With the development of information technologies and communications, the SCADA systems emerged. These systems are the most valuable tools on providing supervision and operation of the electric power system in near realātime [1]. The SCADA system have a very complex architecture composed by information systems and database applications which receive realtime information and execute commands over different electrical components on the several telemetry electrical sites, based on sensors, actuators and controllers thereby present. The SCADA systems implementation results in better manageability of the power grid, the reduction of operation costs, and allowing the automation of procedures and the standardization of processes at national level. In EDP DistribuiĆ§Ć£o, the SCADA system only represents one of the core systems of Generation Network Information System (GENESys), a system that incorporates the features and functionalities of SCADA but also the management of the distribution of energy, provided by a Distribution Management System (DMS). The GENESys platform represents the core of the EDP DistribuiĆ§Ć£o power grid management and its robustness, reliability and availability is critical, considering the functionalities it provides. The current architecture of the EDP system as some weaknesses and lacks on the ability of tolerating faults within its structure. We propose a faultā and intrusionātolerant architecture for GENESys, aiming on a more dependable and secure system. The architecture is mainly composed by three different layers which we address with three dedicated solutions with the view of better global results. For the lower layers of the system, the Telemetry Sites and the Frontend Sites, we propose faulttolerant mechanisms based on redundancy with applicational management. For the backend systems layer we propose the implementation of an intrusionātolerant replication protocol since both SCADA and DMS services are crucial for a dependable and secure management of the EDP DistribuiĆ§Ć£o power grid. The MinBFT protocol will provide an extra layer of security to the backend systems since the state machine replication algorithm will guarantee that if an attacker compromises one of the system replicas he will not be able to control and jeopardize the power grid operation. Furthermore, we perform two different analyses over the proposed architecture, always dividing it by the three covered layers. The first analysis objective is to understand which are the fault tolerance capabilities introduced to the different layers of GENESys by our solutions. In the second, we perform a costābenefit analysis to infer about the viability of our proposals by acknowledging both their costs and the technical and operational benefits.
Over recent decades there has been a great investment in creating an infrastructure for energy distribution that offers a higher quality of service and also a greater coverage over the Portuguese national territory. However, the expansion of facilities and the power grid do not guarantee by themselves the required quality of service, despite the increased robustness and reliability of the more recent technologies. It is very important to monitor the entire infrastructure at all times in order to respond as fast as possible to incidents and failures that occur in the power grid. The main objective is to reduce the downtime of the service provided to electricity consumers and to increase the quality of service. The role of performing a quick and effective oversight of the entire infrastructure of power distribution is delegated to the utility providing the distribution grid. Its main objective is to optimize the flow of energy by managing and operating the power grid, ensuring quality of technical service. In addition to being alert to any incident, the network operators are also responsible to initiate all the necessary measures to solve them, according to the analysis made at the time. Nowadays, these functions of great responsibility are facilitated by management tools, usually supervisory control and data acquisition (SCADA) systems that allow remote monitoring and control of the EDP DistribuiĆ§Ć£o power grid. However, the monitoring of the power grid has not always been supported by sophisticated technologies. Before the appearance of information systems, the oversight of the facilities was carried out locally by grid operators who worked in shifts covering high voltage substations twenty four hours a day, seven days a week, ensuring control and incident management at all times. With the development of information technologies and communications, the SCADA systems emerged. These systems are the most valuable tools on providing supervision and operation of the electric power system in near realātime [1]. The SCADA system have a very complex architecture composed by information systems and database applications which receive realtime information and execute commands over different electrical components on the several telemetry electrical sites, based on sensors, actuators and controllers thereby present. The SCADA systems implementation results in better manageability of the power grid, the reduction of operation costs, and allowing the automation of procedures and the standardization of processes at national level. In EDP DistribuiĆ§Ć£o, the SCADA system only represents one of the core systems of Generation Network Information System (GENESys), a system that incorporates the features and functionalities of SCADA but also the management of the distribution of energy, provided by a Distribution Management System (DMS). The GENESys platform represents the core of the EDP DistribuiĆ§Ć£o power grid management and its robustness, reliability and availability is critical, considering the functionalities it provides. The current architecture of the EDP system as some weaknesses and lacks on the ability of tolerating faults within its structure. We propose a faultā and intrusionātolerant architecture for GENESys, aiming on a more dependable and secure system. The architecture is mainly composed by three different layers which we address with three dedicated solutions with the view of better global results. For the lower layers of the system, the Telemetry Sites and the Frontend Sites, we propose faulttolerant mechanisms based on redundancy with applicational management. For the backend systems layer we propose the implementation of an intrusionātolerant replication protocol since both SCADA and DMS services are crucial for a dependable and secure management of the EDP DistribuiĆ§Ć£o power grid. The MinBFT protocol will provide an extra layer of security to the backend systems since the state machine replication algorithm will guarantee that if an attacker compromises one of the system replicas he will not be able to control and jeopardize the power grid operation. Furthermore, we perform two different analyses over the proposed architecture, always dividing it by the three covered layers. The first analysis objective is to understand which are the fault tolerance capabilities introduced to the different layers of GENESys by our solutions. In the second, we perform a costābenefit analysis to infer about the viability of our proposals by acknowledging both their costs and the technical and operational benefits.
DescriĆ§Ć£o
Tese de mestrado em SeguranƧa InformĆ”tica, apresentada Ć Universidade de Lisboa, atravĆ©s da Faculdade de CiĆŖncias, 2011
Palavras-chave
DistribuiĆ§Ć£o de electricidade SCADA GENESys Confiabilidade SeguranƧa TolerĆ¢ncia a falhas TolerĆ¢ncia a intrusƵes Teses de mestrado - 2011