Information Security in Electrical Power Distribution

 Dr. Vivek Chandra, Head IT vivekchandra123@gmail.com
 Dr. Ashok Kumar Tiwari, EE (RAPDRP)
ashokktiwari@gmail.com
MPPKVVCL Jabalpur
1
© vivek chandra and ashok kumar
tiwari MPPKVVCL Jabalpur

S.
No.
Particulars
1 East Discom in MP as a typical Indian Power Distribution
Utility & prevailing IT systems prior to R-APDRP.
2 Launch of R-APDRP & ERP in the Discom.
3 Network Architecture Post R-APDRP & ERP
4 Vulnerability of the new system and Potential Threats to
Security.
5 Security Measures adopted at various levels.
6 Conclusion
2

3

 MP East Discom was
formed after the
unbundling of
erstwhile MP State
Electricity Board in
July’02.
4

The major applications deployed included:
 Consumer Bill Generation System
 Financial Accounting System
 Stores Management System
 Payroll System.
5

6

S.
No.
Name of
Application
Architecture Office
where
deployed
No. of
locations.
1. Billing System (HT) Distributed RAO 6 Nos.
2. Billing System (LT) Distributed Circle/Dn 29 Nos.
3. Stores
Management
System
Distributed Area Stores 5 Nos.
4. Financial
Accounting System
Distributed RAO 6 Nos.
5. Payroll System Distributed RAO 6 Nos.
7

8

 Power Sector in the country suffers a loss of over 35% on
account of AT&C losses.
 To curtail these losses R-APDRP scheme was launched by
GoI to reform Distribution Sector during XITH
plan.
 The scheme intends to cover urban areas i.e. towns and cities
with population above 30,000 (10,000 in case of special
category states).
Projects under the scheme is in Two Parts.
 Part-A covered IT applications in distribution sector
 Part-B covered System improvement, strengthening
and augmentation etc.
9

Establishment of IT Infrastructure for determination of
baseline data of AT&C losses.
Reduction of AT&C losses
Focus on system reliability and customer satisfaction
Achieve operational efficiency through IT enablement
10

11

 Creation of Centralized Consumer Care Centre.
 Setup of Data Centre at Jabalpur.
 Setup of a Centralized Control Centre at Jabalpur.
 Setup of Data Recovery Centre at Bhopal.
 All offices located in select 27 towns connected
through MPLS network .
12

 Considering the
limited modules
coverage under R-
APDRP the Company
decided to procure the
same through ERP .

 It was decided to
implement the solution
across all offices up
the level of
Distribution Centres.
 The Project has been
launched in 2011.
R-APDRP ERP
1 Metering, Billing &
Collection
Procurement &
Material
Management
2 Maintenance
Management
Project Systems
3 Asset
Management
Human Resource
Management
4 Email Solution Financial
Accounting
13

Particulars R-APDRP ERP
1. Extent 27 towns having
population above
30,000.
All offices up to distribution Centres i.e
500+ locations.
2. Connectivity
through MPLS
Through MPLS
Network only
(Primary as well as
secondary)
Through MPLS Network
3. Connectivity
Through
Internet
Not provisioned Yes, The VPN Users(Around 500 No.
who have been provided the firewall
authentication (VPN username and
password) shall be able to access the
entire MPLS network. Normal Internet
users shall access the application
through Reverse Proxy.
14

3. Network Architecture Post R-APDRP
& ERP
15

16

 DMZ stands for "demilitarized zone“.
 The purpose of a DMZ is to add an additional layer of
security to an organization's local area network (LAN).
 An external attacker only has access to equipment in
the DMZ, rather than any other part of the network.
 A DMZ configuration typically provides security from
external attacks.
17

 The VPN Users who have been provided the
firewall authentication (VPN username and
password) can access the entire MPLS network.
 Normal Internet users shall access the application
through Reverse Proxy. Reverse proxy fetches
the information from internal network. These users
shall require login and passwords of application.
As per requirements only some forms/reports are
exposed to internet.
18

19

Proxy: A proxy takes requests from an
internal network and forwards them to the
Internet To keep machines behind it
anonymous, mainly for Security.
Reverse Proxy receives requests from
the Internet and forwards them to servers in
the internal network. This is for Security of
Internal Network.
20

21

22

23

24

25

 Creation of sizable amount of IT Infrastructure.
 Built of great amount of data.
 Convergence of GIS, AMR , SCADA and CCC networks to a
single network.
 Creation of numerous interface points between heterogeneous
networks which could prove potential weak links.
 Creation of a very large Intranet exposed to internet.
26

27

 Introduction of malicious code such as viruses,
Trojan horses, and worms.
 Interception and tampering of data.
 Denial of service attacks.
 Web hacking.
 SQL Injection.
 Input Validation attacks.
28

5. Security Measures adopted at
various levels.
29

30
Physical
Security
Fire &
Smoke
Redundant Power
Supply
Data Backup
Closed Circuit
Cameras
Smoke
Detectors
Redundant Power Supply SAN Storage
Permanent Security
Guards
Fire
Extinguishers
Backup power consists of
power from two feeders,
battery banks, and diesel
generators
Tape Library
Use of Identity
Access Cards
Water Leakage
Detectors
To prevent single points of
failure, all elements of the
electrical systems, including
backup systems, are typically
fully duplicated.
Replication of
Data at SAN in
Data Recovery
Site.
Use of Biometric
Devices like Finger
Print Recognition

 Network virtualization is a method of combining the
available resources in a network by splitting up the
available bandwidth into channels.
 Each resource is independent from the other and
each of which can be assigned (or reassigned) to a
particular server or device in real time.
 Each channel is independently secured.
 Every subscriber has shared access to all the
resources on the network from a single computer.
31

 Identity Access Management
 Blocking use of CD Drives and Pen Drives
 Anti-virus software is installed and enabled on all
workstations.
 Anti-virus definition are updated through Antivirus
server at Data Centre rather than individual
machine getting updated through internet.
32

 Role based Access Control.
 Audit trail and Real time Monitoring Logs.
 Administrator and operator logs.
 Communication through Asymmetric/ symmetric
key Cryptography
 Role Based Access Control
 Single Sign-on functionality
33

 Internet access is given to users who have legitimate
need. Following kind of access can be provided to users
to restrict misuse of internet:
 Use of Web Filter for Filtration of undesired web content.
 Throttling of bandwidth (to restrict the download speed)
 Use of Spam Filter for blocking of junk mails.
34

6. Conclusion.
35

 As technology advances, so does the associated
threats and risks.
 There is no panacea against all potential threats.
 It is for the utility to identify the treats, prioritize
them and identify the mitigation actions according
to the risk involved and its affordability.
36

37

Information Security in Electrical Power Distribution

More Related Content

Information Security in Electrical Power Distribution