Usability Analysis Task Force Activity Update July 20, 2011.

12
Usability Analysis Task Force Activity Update July 20, 2011

description

Current Activities Distribution Management Security Profile – Second comment period completed – Comment resolution in progress – Document update based on comments WAMPAC Security Profile analysis – SG Security WG comments – Comment resolution – Analysis report

Transcript of Usability Analysis Task Force Activity Update July 20, 2011.

Usability Analysis Task Force

Activity UpdateJuly 20, 2011

UA TF Meeting Schedule• Meetings– Every two weeks– Monday, 10 am Pacific– Next meeting• Monday, 7/25/2011, 10 am Pacific

Current Activities• Distribution Management Security Profile– Second comment period completed– Comment resolution in progress– Document update based on comments

• WAMPAC Security Profile analysis– SG Security WG comments– Comment resolution– Analysis report

Distribution Management Security Profile• Resolution of comments is in progress– Xanthus, FPL, APS, AEP, and SAIC

• Discussion of specific comments• Expect resolution of comments to be

completed 7/25/2011• Final review and return to SG Security WG

8/5/2011

WAMPAC Security Profile• SG Security WG comments– Three sets of comments submitted

• SCE, Grid Protection Alliance, FPL

– Additional comments will be accepted• Document review initiation pending completion

of TF work on DM Security Profile• Comment resolution period August to September• Analysis report expected September

SG Security WG activities• After document returns from task force:– One week review period– One week voting period

• If approved, document is presented by WG chair to Technical Committee for endorsement

Distribution Management Discussion• Commenting best practices– Proposed resolutions to address concern– Limits of comment resolution team– Discussion topics

• Intended use– Common comment– Risk management vs. controls– Suggest “lifecycle” & clear component definitions

Distribution Management Discussion• UML/Enterprise Architect– Should SG Security standardize?– Provide better integration with other groups

• Protection.21 Automated Labeling – any existing systems?– “The control system automatically labels information in storage, in

process, and in transmission based on its classification and the binding between the label and information is maintained as the information moves throughout the system.”

– Based on: Access control, distribution, system security policy

Distribution Management Discussion• Protection.41 Wireless Encryption

– “All wireless communicaitons shall use a FIPS certified method of link-layer encryption in addition to any encryption already required by other controls.”

– If using TLS or IPSEC, why force additional encryption at link layer?

– Weakened access to the link layer reduces the effectiveness of a layered defense in depth approach.

Distribution Management Discussion• Distinctions between substation and line

based device locations– Generalized actors– Differences in controls due to location based trust– Is a distinction necessary?

Summary• Distribution Management Security Profile– Expected completion August 2011

• WAMPAC Security Profile– Expected comment resolution August/September– Expected completion September 2011

How to participate• Meetings: Every other Monday• Next Meeting: Mon, 7/25/2011, 10am Pacific• Distribution List: – [email protected]

• Contact Information– John Lilley, Chair, [email protected]– Daniel Thanos, Vice Chair, [email protected]– Scott Palmquist, Secretary, [email protected]– Darren Highfill, SG Security Chair, [email protected]