TC 57 IEC TC57 WG15 - Security Status & Roadmap, July 2008 Frances Cleveland Convenor WG15.
Transcript of TC 57 IEC TC57 WG15 - Security Status & Roadmap, July 2008 Frances Cleveland Convenor WG15.
TC 57
IEC TC57 WG15 - SecurityStatus & Roadmap,July 2008
Frances Cleveland
Convenor WG15
WG15 Status October 2007 3
TC 57Scope of WG15 on Security
Undertake the development of standards for security of the communication protocols defined by the IEC TC 57, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series.
Undertake the development of standards and/or technical reports on end-to-end security issues.
WG15 Status October 2007 4
TC 57 Security Functions vs. Threats
Unauthorized Access to
Information
Unauthorized Modification or Theft
of Information
Denial of Service or Prevention of
Authorized Access
Denial of Action that took place, or Claim of Action
that did not take place
Resource Exhaustion
Integrity Violation
Planted in System
Virus/Worms
Trojan Horse
Trapdoor
Service SpoofingStolen/Altered
Eavesdropping
Traffic Analysis
EM/RFInterception
Indiscretionsby Personnel
Media Scavenging
Listening
After-the-Fact
Denial of Service
Interactions
Masquerade
BypassingControls
AuthorizationViolation
PhysicalIntrusion
Man-in-the-Middle
Integrity Violation
Theft
Replay
Intercept/Alter
Repudiation
Modification
Repudiation
- Actively Being Addressed
- Desired
Confidentiality
Integrity Availability
Non-Repudiation
Security Functions, Threats, and WG15 Work Pattern
Unauthorized Modification or Theft of Information
IntegrityUnauthorized
Access to Information
Confidentiality Denial of Service or
Prevention of Authorized Access
AvailabilityDenial of Action that took place, or Claim of Action that did not
take place
Non-Repudiation
Corporate Security Policy and Management
Cigre, Utilities
Sec
uri
ty M
anag
emen
t
Security Testing, Monitoring, Change Control, and Updating
Security Compliance Reporting
Security Risk Assessment of Assets
Security Policy Exchange
Security Attack Litigation
During-Attack Coping and Post-Attack Recovery
Security Incident and Vulnerability Reporting
Firewalls with Access Control Lists (ACL)
Intrusion Detection Systems (IDS)
Audit Logging
Anti-Virus/ Spy-wareIEC62351 Security
for TASE.2, DNP, 61850
Public Key Infrastructure (PKI)
Transport Level Security (TLS)
Virtual Private Network (VPN)
AGA 12-1 “bump-in-the-wire”
WPA2/80211.i for wireless
Digital Signatures
CRC
Symmetric and Asymmetric Encryption (AES, DES)
Network and System Management (NSM)
Credential Establishment, Conversion, and Renewal
CertificatesPasswords
Authentication
Data Backup
Identity Establishment,
Quality, and Mapping
Role-Based Access Control
Certificate and Key Management
Tele-comm
Being Addressed by many other bodies
New Work
WG15 Status October 2007 7
TC 57
IEC 62351: Data and Communications Security Part 1: Introduction Part 2: Glossary Part 3: Security for profiles including TCP/IP Part 4: Security for profiles including MMS Part 5: Security for IEC 60870-5 and derivatives Part 6: Security for IEC 61850 profiles Part 7: Objects for Network Management
Status of Security Documents, May 2007
Submitted as Technical Specifications in Dec 2006, being finalized by IEC
Submitted as DTS ver 2 January 2007. Comments being awaited
Issued as CD, (NWIP)
WG15 Status October 2007 8
TC 57 For increased power system reliability and security in the future, the two closely intertwined infrastructures must be designed, implemented, and managed as a whole …
Central GeneratingPlant
Step-Up Transformer
DistributionSubstation
TransmissionSubstation
DistributionSubstation
DistributionSubstation
Commercial
Industrial Commercial
Gas Turbine
DieselEngine
Cogeneration
DieselEngine
Fuel cell
Micro-turbine
Wind
Residential
Photovoltaics
Batteries
Data Concentrator
Control Center
Operators, Engineers, & Other Users
2. Information Infrastructure
1.Power System Infrastructure
WG15 Status October 2007 9
TC 57 Security Monitoring Architecture Using NSM
H istorica l D atabaseand D ata In terface
C ontro l C enter
Security M onitoring A rch itecture, U sing N SM D ata O bjects
C lients
S ervers
Legend:
TA SE .2 link toE xternal System s
O perator U serIn terface
E ngineeringS ystem s
O ther
S C A D A System
Substation
C ircu itB reaker P rotection
R elay
Load TapC hanger
C TP T
A utom atedS w itch
V oltageR egulator
C apacitor BankC ontro ller
Feeders
S ubstationM aster
W AN
Firew all
S ecurityS erver
S ecurityC lient
N SM D ata O bjects
ID S
ID S
Firew all
F irew all
F irew all
In trusion D etectionSystem (ID S)
ID S
WG15 Status October 2007 10
TC 57NERC’s Top Ten Vulnerabilities for Control Systems
1. Inadequate policies, procedures, and culture that govern control system security.
2. Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms.
3. Remote access to the control system without appropriate access control.
4. System administration mechanisms and software used in control systems are not adequately scrutinized or maintained.
5. Use of inadequately secured WiFi wireless communication for control.
6. Use of a non-dedicated communications channel for command and control and/or inappropriate use of control system network bandwidth for non-control purposes.
7. Insufficient application of tools to detect and report on anomalous or inappropriate activity.
8. Unauthorized or inappropriate applications or devices on control system networks.
9. Control systems command and control data not authenticated.
10. Inadequately managed, designed, or implemented critical support infrastructure
WG15 Status October 2007 11
TC 57Format of Normative Clauses of Part 7 – Using 61850 Naming and Style
Object Data Type Definition Access M/O
Configura tion Settings
EndLst OI List List of end systems connected in network. r-w O
NodLst OI List List of intermediate network nodes, such as routers, bridges, gateways, etc
r-w O
PthLst OI List List of paths in network r-w O
ACLLst OI List Set or update the Access Control List, based on the l ist of Object Identifiers
r-w O
PthRoutLst OI List List of path routes and rout ing priorit ies to end devices
r-w O
ActSet VS List Set act ion steps for equipment failures, such as switch to backup
r-w O
Alarms
EndDct Alarm Detection of a new end device in the network
r-o O
NodDct Alarm Detection of a new network node r-o O
PthDct Alarm Detection of a new path r-o O
EndLos Alarm Loss of connection with end device r-o O
NodLos Alarm Loss of connection with network node r-o O
PthLos Alarm Loss of path r-o O
Values
r-o O
Controls
HrdPwr Control Hardware
Switch power on or off of a specified piece of hardware – hard disconnect from power
w-o O
NodRs Control Software
Reset node through software capabilit ies w-o O
WG15 Status October 2007 12
TC 57 TC57 Security (62351) Roadmap As of July 2008
Current Work NWIPs to be Issued On-Going Coordination
• Parts 1, 3, 4, 6 – Finalized as TS Standards
• Party 2: Glossary – CDV
• Part 5: Security for IEC 60870-5 Protocols – CDV
• Part 7: Network and System Management /MIBs as CD
• Part 8: Role-Based Access ControlActivities by 2008 To be issued 2008 Current and Future
• Remote Changing of Update Keys for IEC 60870-5
• Implementation Specification for IEC 60870-5
• Conformance testing and interoperability testing
• Security for Access to CIM (Interfaces and RBAC)
• Security Architecture
• IEC TC65C WG10
• ISA, CIGRE D2.22
• EPRI,NERC, PCSF
• National Labs
• IEEE PSRC
• IEEE Security P1711, P1686, P1689
• TC57 WG03
• TC57 WG07?
WG15 Status October 2007 13
TC 57Role-Based Access Control
The scope of the proposed work is to define a specification for the use of Role Based Access Control not only in field devices but also for a whole system, consisting of field devices, station control and network control – the complete pyramid, in order to support end to end security. The specification will refer to the standards IEC 61970 CIM, IEC 61850 and IEC 62351 and also to ANSI INCITS 359-2004.