UCAIug: Smart Grid Security Face-To-Face Meeting – July 2009 @ AEP UtiliSec Working Group ...
-
Upload
derek-haynes -
Category
Documents
-
view
220 -
download
7
Transcript of UCAIug: Smart Grid Security Face-To-Face Meeting – July 2009 @ AEP UtiliSec Working Group ...
UCAIug: Smart Grid SecurityUCAIug: Smart Grid SecurityFace-To-Face Meeting – July 2009 @ AEPFace-To-Face Meeting – July 2009 @ AEP
UtiliSec Working GroupUtiliSec Working GroupAMI-SEC Task ForceAMI-SEC Task Force
UtiliSec WG Chair:UtiliSec WG Chair:
Darren Reece HighfillDarren Reece Highfill
[email protected]@sakersystems.com
Customer
The Grid
AMI SystemSystemOperator
Meter DataManager
EnergyTrader
ISO
FieldTechDispatcher
CustomerRep
Vendors& Third Parties
AMI Security EcosystemAMI Security Ecosystem
Field Elements
Issues• Limited or no control over physical access• Wide range of logical access control• Resource constrained devices• Large quantity of devices
Requirements• Device Identity• Data Integrity• Customer Privacy
Considerations• Intelligence? (How much?)• Filtering?
Field Elements
Network Management• Ad-hoc Structure or Predefined (Prescriptive)? • Integrity, Availability of Provisioning Mechanism
Authentication Mechanism• End-to-End or Step-by-Step?• Bi-Directional (“Two-Way”)• Pre-Shared or Public Key?• Customer Devices
Countermeasures• Role-Based Access Control• Least Privilege, Need-To-Know• Unpredictable Credentials• Intrusion Detection• Tamper Detection
?Data Concentrator
• At a substation? Somewhere in the field?• Who owns the property? Is there a fence?• Does it use wireless technology?• What kind of access controls are implemented?
?Data Concentrator
• How many homes are served? What is peak load?• More than 300MW (~100,000 homes?) NERC CIP?• How does it authenticate / get authorized to the Data Center Aggregator?
Operations Center
System Management Console• Data Availability, Integrity• Filtered View – No Financial Data• Time Sensitive (Freshness)
Field Communications• Data Integrity• Temporal Privilege• Strict Procedures• Detailed Accounting
Meter Data ManagementSystem• Data Integrity, Confidentiality• Multiple Interfaces,
Heterogeneous Constraints
Customer Representative• Data Confidentiality, Integrity• Filtered View – Billing Related
Revenue• Data Integrity, Confidentiality• Non-Repudiation
Public InterfacePublic Interface
Website• Data Confidentiality• Public (General Info) and
Private (Customer) Views• Consumer Portal Best
Practices (e.g.: Financial Services)
Demand-ResponseDemand-Response
Energy Trader• Regulated Relationship
Availability & Control• Data Confidentiality, Integrity• Negotiated “Contract”• Similarities to Dealing with an External Entity
Vendors & Third PartiesVendors & Third Parties
External Entities• Data Confidentiality• Contractual Agreement• Least Privilege, Need-To-Know
Smart Grid LandscapeSmart Grid Landscape
UtiliSec Working GroupUtiliSec Working Group
• Motivation:Motivation:– Part of a utility-led, electric power industry community effort Part of a utility-led, electric power industry community effort
((UCAIugUCAIug) to define a ) to define a common set of requirementscommon set of requirements for the for the procurement of new technologiesprocurement of new technologies
• Status:Status:– Suite of 4 deliverables completed in 2008Suite of 4 deliverables completed in 2008
• AMI Security Risk AssessmentAMI Security Risk Assessment• AMI System Security Requirements (incorporates Architectural Description)AMI System Security Requirements (incorporates Architectural Description)• AMI Security Component CatalogAMI Security Component Catalog• AMI Security Implementation GuideAMI Security Implementation Guide
– AMI System Security Requirements document ratified December, AMI System Security Requirements document ratified December, 2008 (“1.0”)2008 (“1.0”)
• Current Participation:Current Participation:– 200+ Subscribers to Listserv across 8 countries and 4 continents200+ Subscribers to Listserv across 8 countries and 4 continents– More than a dozen major North American utilities actively engagedMore than a dozen major North American utilities actively engaged– Broad mix of utilities, vendors, government, and academiaBroad mix of utilities, vendors, government, and academia
NIST CSCTGNIST CSCTG
• NIST chartered in EISA 2007 with development of NIST chartered in EISA 2007 with development of
Interoperability Framework for the smart gridInteroperability Framework for the smart grid
– Formed a series of Domain Expert Working Groups (DEWGs) to Formed a series of Domain Expert Working Groups (DEWGs) to
engage industryengage industry
– 2 face-to-face meetings in DC in past couple months2 face-to-face meetings in DC in past couple months
• NIST Cyber Security Coordination Task Group (CSCTG)NIST Cyber Security Coordination Task Group (CSCTG)
– Cyber security focus for Interoperability Framework developmentCyber security focus for Interoperability Framework development
Issues Addressed: NIST CSCTGIssues Addressed: NIST CSCTG
• Led by Annabelle Lee, NISTLed by Annabelle Lee, NIST
• Focusing on high-level requirements for securing the Focusing on high-level requirements for securing the
smart grid smart grid across all stakeholdersacross all stakeholders
– Utilities, Grid Operators, Regulators, Consumers, Third PartiesUtilities, Grid Operators, Regulators, Consumers, Third Parties
• Two active sub-groupsTwo active sub-groups
– ““Bottom-up”Bottom-up”
– Vulnerability AnalysisVulnerability Analysis
Issues Addressed: UtiliSecIssues Addressed: UtiliSec
• Chartered with developingChartered with developing
– Detailed requirementsDetailed requirements
– Best practices guidanceBest practices guidance
for utilities for utilities procuring, implementing, and deployingprocuring, implementing, and deploying smart grid smart grid
technologytechnology
• Technology-specific, but vendor-agnostic guidanceTechnology-specific, but vendor-agnostic guidance
• Feed and accelerate SDO work (IEC, IEEE, etc.)Feed and accelerate SDO work (IEC, IEEE, etc.)
• UCAIugUCAIug
Open Smart Grid (OpenSG) SubcommitteeOpen Smart Grid (OpenSG) Subcommittee
UtiliSec Working GroupUtiliSec Working Group
• Encompasses the AMI-SEC Task ForceEncompasses the AMI-SEC Task Force
– (previously under UtilityAMI)(previously under UtilityAMI)
• Following on and expanding work done by AMI-SECFollowing on and expanding work done by AMI-SEC
– AMI System Security Requirements (“AMI-SEC SSR”) published AMI System Security Requirements (“AMI-SEC SSR”) published
as “1.0” in December 2008as “1.0” in December 2008
UtiliSecUtiliSec
Working Group ResponsibilitiesWorking Group Responsibilities• Provide a charterProvide a charter• Submit a project schedule and a monthly status reportSubmit a project schedule and a monthly status report• Schedule meetings (in person or electronic)Schedule meetings (in person or electronic)• Structure sub-working groups or ad-hoc groups as necessaryStructure sub-working groups or ad-hoc groups as necessary• Seek OpenSG approval forSeek OpenSG approval for
– Formal Document ReleaseFormal Document Release– Charter approvalCharter approval– Approval of task force and lower level chairsApproval of task force and lower level chairs
• Working Group ConstitutionWorking Group Constitution
Organization & CommunicationsOrganization & Communications
• Information exchangeInformation exchange– Intra-organizationalIntra-organizational
• Issue hand-off formIssue hand-off form• Cross-representationCross-representation
– Inter-organizationalInter-organizational• ParticipationParticipation• OutreachOutreach
• Charter (1 slide PPT)Charter (1 slide PPT)
UtiliSec CharterUtiliSec Charter
• Chartered with developing detailed security and Chartered with developing detailed security and
assurance requirements and security best practices assurance requirements and security best practices
guidance for organizations throughout the lifecycle of guidance for organizations throughout the lifecycle of
smart grid technologysmart grid technology
• Technology-specific, but vendor-agnostic guidanceTechnology-specific, but vendor-agnostic guidance
• Feed and accelerate SDO work (IEC, IEEE, etc.)Feed and accelerate SDO work (IEC, IEEE, etc.)
AMI-SEC Task ForceAMI-SEC Task Force
• AMI-SEC is concerned with securing AMI system AMI-SEC is concerned with securing AMI system elements.elements.– Contextual Definition:Contextual Definition:
“…“…those measures that protect and defend AMI information and those measures that protect and defend AMI information and systems by assuring their ability to operate and perform in their systems by assuring their ability to operate and perform in their intended manner in the face of malicious actions.intended manner in the face of malicious actions.””
• PurposePurpose– Produce technical specificationProduce technical specification
• Used by utilities to assess and procureUsed by utilities to assess and procure
• Used by OpenAMI – part of AMI/DR Reference DesignUsed by OpenAMI – part of AMI/DR Reference Design
– Determine baseline level of detailDetermine baseline level of detail• Prescriptive in naturePrescriptive in nature
• Compliant products will have known functionality and robustnessCompliant products will have known functionality and robustness
Implementation GuideImplementation Guide
Leveraging ASAP into UtiliSecLeveraging ASAP into UtiliSec
• Project Description:Project Description:
– Utility-driven, public-private collaborative project to develop Utility-driven, public-private collaborative project to develop system-level security requirements for smart grid technologysystem-level security requirements for smart grid technology
• Needs Addressed:Needs Addressed:
– Utilities:Utilities: specification in RFP specification in RFP
– Vendors:Vendors: reference in build process reference in build process
– Government:Government: assurance of infrastructure security assurance of infrastructure security
– Commissions:Commissions: protection of public interests protection of public interests
• Approach:Approach:
– Architectural team Architectural team produce material produce material
– Usability Analysis team Usability Analysis team assess effectiveness assess effectiveness
– NIST, UtiliSec NIST, UtiliSec review, approve review, approve
• Deliverables:Deliverables:
– Strategy & Guiding Principles white paperStrategy & Guiding Principles white paper
– Security Profile BlueprintSecurity Profile Blueprint
– 3 Security Profiles: AMI, ADE, Communications3 Security Profiles: AMI, ADE, Communications
– Usability AnalysisUsability Analysis
ASAP-SG: SummaryASAP-SG: Summary
Schedule: Jun09 – Dec09
Budget: $3M
($1.5M Utilities + $1.5M DOE)
Performers: Utilities, EnerNex, Inguardians, SEI, ORNL
Partners: DOE
Release Path: NIST, UCAIug
Contacts:Bobby Brown [email protected]
Darren Highfill [email protected]
Schedule: Jun09 – Dec09
Budget: $3M
($1.5M Utilities + $1.5M DOE)
Performers: Utilities, EnerNex, Inguardians, SEI, ORNL
Partners: DOE
Release Path: NIST, UCAIug
Contacts:Bobby Brown [email protected]
Darren Highfill [email protected]
• Public-private collaborative projectPublic-private collaborative project
– DOE, NIST, & utilitiesDOE, NIST, & utilities
• Purposes:Purposes:
– Support the activities of Support the activities of
the NIST CSCTGthe NIST CSCTG
– Accelerate the work of Accelerate the work of
the UtiliSec WGthe UtiliSec WG
• Participants:Participants:
– Utilities, regulators, vendors, consultants, national Utilities, regulators, vendors, consultants, national
laboratories, & academialaboratories, & academia
ASAP-SGASAP-SG
Technical Coordination with NISTTechnical Coordination with NIST
Smart Grid Security Profile BlueprintSmart Grid Security Profile Blueprint
• Understandable and user-friendly framework, set of Understandable and user-friendly framework, set of
tools, and methodologytools, and methodology
• Derive and apply smart grid domain-specific security Derive and apply smart grid domain-specific security
profilesprofiles
• Delineates:Delineates:
– Repeatable security risk assessment methodologyRepeatable security risk assessment methodology
– High-level Smart Grid policy setHigh-level Smart Grid policy set
– Smart Grid policy to a domain requirement mapping processSmart Grid policy to a domain requirement mapping process
– Application security profile development processApplication security profile development process
Security ProfilesSecurity Profiles
• Prescriptive, actionable guidance for how to build-in and Prescriptive, actionable guidance for how to build-in and
implement security for smart grid functionalityimplement security for smart grid functionality
• Tailored to a set of specific smart grid functions, such asTailored to a set of specific smart grid functions, such as
– Advanced Metering InfrastructureAdvanced Metering Infrastructure
– Automated Data ExchangeAutomated Data Exchange
– Network TopologyNetwork Topology
– Outage ManagementOutage Management
– Etc.Etc.