Presentation is loading. Please wait.

Presentation is loading. Please wait.

UCAIug Summit October 22-26, 2012 New Orleans, Louisiana New Orleans Downtown Marriott at the Convention Center.

Similar presentations


Presentation on theme: "UCAIug Summit October 22-26, 2012 New Orleans, Louisiana New Orleans Downtown Marriott at the Convention Center."— Presentation transcript:

1 UCAIug Summit October 22-26, 2012 New Orleans, Louisiana New Orleans Downtown Marriott at the Convention Center

2 CIM Overview: CIM is an international standard globally accepted for modeling the information exchanges required in electric utility industry. The interoperability enabled by the CIM standards is a key factor for achieving the Smart Grid vision. OpenSG Overview: The OpenSG User Group (OSGug) was formed to create a forum for the development of requirements for SmartGrid systems. The work focus has been defined by the pragmatic needs of the Utility and Vendor communities. Through these forums leading experts share their insights, create technical content, and resolve key technical issues. Testing Overview: The UCAIug Quality Assurance Program provides for Formalized conformance testing of products supporting IEC standard will verify that supported functions of the IED are implemented correctly as defined in the IEC standard. The results of the tests are documented in a detailed test report. If an IED passes the mandatory tests a conformance certificate will be issued. The Testing community is actively working to add the CIM standards and Green Button to its Quality Assurance Program. Green Button Overview: The Green Button is based a standard developed by the North American Energy Standards Board (NAESB). NAESB OpenESPI 1.0 Standardizes the Energy Services Provider Interface (ESPI). Green Button uses the OpenESPI 1.0 standard to implement the common-sense idea that electricity customers should be able to securely download their own easy-to-understand household energy usage information from their utility or electricity supplier website. IEC Overview IEC is an international standard developed by the International Electro technical Commission (IEC) that provides a comprehensive framework for the implementation of power system automation within substations and across the power system. IEC is a mission critical part of achieving the Smart Grid vision.

3 Open Smart Grid (OpenSG) Security Working Group Meeting

4 Message from Chair, Vice Chair, Secretary OpenSG Security Working Group Members, welcome to the conference. For those attending events throughout the week, please share any pertinent information you learn with the group and thanks for your support and participation. The goal of this conference for OpenSG Security Working Group is to have an open discussion and determine next steps to include projects. Ensure the message of Utility Centric is out and all utilities know the OpenSG is specifically for the utilities Solicit inputs from Utilities on what they need from OpenSG, specifically with regards to Security Solicit inputs on improvements, comments, suggestions for group items Vote on Advanced Metering Infrastructure Profile Changes Review EPRI Slides and where group can assist

5 Open Smart Grid Security Working Groups Overview (Some Groups are in Hibernation Until Called Upon) Chair - JD Senger, Oncor Vice Chair - Bobby Brown, Booz Allen Hamilton Secretary - Scott Palmquist, Itron

6 SG Security WG – Task Forces Usability Analysis Task Force Evaluation and refinement of Security Profiles and other materials considered for ratification by the SG Security WG CyberSec-Interop Task Force (In Hibernation) Spinoff from DOE National SCADA Test Bed Lemnos Interoperable Security Project AMI-SEC Task Force (In Hibernation) Produce technical specifications used by utilities to assess and procure AMI Embedded Systems Security Task Force (Charter Under Revision) Security requirements for embedded components and devices used in utility field systems

7 Will Arensman Tam Do Galen Rasche Standardized Security Objects for AMI October 23, 2012

8 8 © 2012 Electric Power Research Institute, Inc. All rights reserved. Agenda: Standardized Security Objects for AMI Background and Approach Document Overview Current Status Next Steps Working Group Activity

9 9 © 2012 Electric Power Research Institute, Inc. All rights reserved. Background: Project Information Part of EPRI Program P183: –Cyber Security and Privacy Build on Cyber Security Initiative AMI task –Recent EPRI Report –AMI Common Alarms and Events Increase the interoperability of AMI security objects Better alert and alarms for improved situational awareness

10 10 © 2012 Electric Power Research Institute, Inc. All rights reserved. Background: Project Information Deliverables: Technical Update: December 14, 2012 –Security Object Specifications for AMI Systems Value: –Allow more event management vendors to more effectively support AMI monitoring –Easier integration of multiple AMI vendors into event management systems (SIEMs) Building foundation for integrated smart grid monitoring

11 11 © 2012 Electric Power Research Institute, Inc. All rights reserved. Approach Engaging the Community: Common AMI Alarms and Events Document Draft –Released to OpenSG Security WG for review –Performed mapping to ANSI C12.19 events David Haynes (Aclara) Proposing new event codes to committee at October meeting Working with vendors and asset owners on development of standards

12 12 © 2012 Electric Power Research Institute, Inc. All rights reserved. Approach Open process –Develop consensus for security objects with industry stakeholders –Begin engagement with third-party SIEM vendors

13 13 © 2012 Electric Power Research Institute, Inc. All rights reserved. Approach: Common Alerts and Events Authentication –C12.XX –Home Area Network Integrity –Event Log and Storage Management Billing Data –Accounting –Meter Disconnect Switch Anomaly Detection –Metrology –Firmware Cryptographic Services –Key, Certificate Management Notifications, Signaling –Communication Interfaces –System Security –Physical, Device Security Categories of Alerts and Events:

14 14 © 2012 Electric Power Research Institute, Inc. All rights reserved. Document Overview System Interfaces High Level Functionality Communication Detailed Functionality

15 15 © 2012 Electric Power Research Institute, Inc. All rights reserved. System Interfaces Meter to AMI Headend –C12.XX AMI Headend to SIEM –Candidate Technologies –Syslog, XML, Multispeak Interfaces Examined:

16 16 © 2012 Electric Power Research Institute, Inc. All rights reserved. High Level Functionality Describe basic concept of operation for each interface ANSI C /IEEE Std –Emit alerts through exception processing and event logs. AMI Headend to SIEM –Identify interface technology and describe high level usage

17 17 © 2012 Electric Power Research Institute, Inc. All rights reserved. Communication Identify communication sequences: AMI interfaces are specialized and constrained –Bandwidth, latency –Efficiency is critical –Communicate security alarms and events effectively Some events may need to be counted and communicated periodically Define this system interaction

18 18 © 2012 Electric Power Research Institute, Inc. All rights reserved. Detailed Functionality Change of password –C12.19 message –"write service event to the password table" –PSEM Write Code, password table Provide tables with mapping, proposed metadata Where this mapping is not possible, additions to the C12.19 and C12.22 standards are suggested

19 19 © 2012 Electric Power Research Institute, Inc. All rights reserved. Current Status and Focus On schedule –Deadline mid-November Solicit feedback –General comments –Metadata contributions –Communication sequence contributions –Interface technologies and standards Champions in other working groups

20 20 © 2012 Electric Power Research Institute, Inc. All rights reserved. Next Steps Integrate feedback Finish and Release AMI Security Objects Document –Continue mapping to existing standards –Propose updates to standards when applicable Work with vendors and asset owners on development of standards

21 21 © 2012 Electric Power Research Institute, Inc. All rights reserved. Working Group Activity

22 22 © 2012 Electric Power Research Institute, Inc. All rights reserved. Together…Shaping the Future of Electricity

23 Continued Coordination with External Groups NIST Cyber Security Working Group Electric Power Research Institute (EPRI) project P , Standardized Security Objects for AMI. P Industrial Control Systems Joint Working Group (ICSJWG) Vendor Subgroup Green Button Any Updates on DOE funding for 2013? Next Steps

24 “Green Button” is the common-sense idea that electricity customers should be able to securely download their own easy-to-understand household energy usage information from their utility or electricity supplier website. Numerous companies are already developing web and smart phone applications and services for businesses and consumers that can use Green Button data to help consumers choose the most economical rate plan for their use patterns; deliver customized energy-efficiency tips; provide easy-to-use tools to size and finance rooftop solar panels; and conduct virtual energy audits that can cut costs for building owners and speed the initiation of retrofits. Developing innovative applications and services to help consumers understand and manage their energy use and understand the environmental impacts of that usage is a field ripe for innovation. Numerous companiesapplications The attached document is a call for participation to any Accreditation Body, Certification Body, and Conformity and Interoperability Test Laboratories interested in participating in the UCAIug “Green Button” Testing Program. If your organization is interested in participating in this program, we encourage you to respond to the call for participation by end of business Friday, November 2 nd, We will be having a Face to Face meeting at the UCAIug Summit in New Orleans. The Summit runs from October Wednesday, October 24 th we will have the initial meeting to kick-off the UCAIug Green Button Testing Program. More information on the Summit is available at OpenADE will be meeting all day on Thursday, October 25, 2012 working sessions to make progress on the Green Button testing requirements that will drive the test cases. GREEN BUTTON (OpenSG Members Please Advise if Attending)

25 Advanced Metering Infrastructure Security Profile Update for Vote Updated tables 2, line 4 in the AMI-Sec Security Profile. Approval of the modification vote to eligible voting members. Upon approval will rev the doc to Version 2.1 and remove track changes. Changes submitted - Page 13 in the table row labeled Line #4: to MDMS, the Summary of Communication lists "customer HAN equipment commands." This is in conflict with the requirements section of the document, and should be changed to something along the lines of "customer HAN equipment responses.“ We don't want HAN devices sending commands to any part of the AMI system. Call to Vote for following eligible members: JD Senger, Tam Do, Rich Tolway, Scott Palmquist, John Lilley, Galen Rasche, Neil Greenfield, Glen Chason, Mark Ellison, Irene Gassko, David Chambers, Naeem Ahsan, Darren Highfill, David Mitton (If you already sent me your vote I have on record)

26 Ongoing Objectives Support relationships with other OpenSG working groups and task forces Discuss future objectives of group Continued coordination with NIST, DOE and others Ensure utility centric and utilities inputs are incorporated Discuss any interim work done by TFs

27 Ongoing Efforts The ASAP-SG Team finished the first complete public draft of the Security Profile for Substation Automation. 20Automation%20Security%20Profile/SA%20Security%20Profile% 20-%20v0_15%20-% docx John Lilley (Sempra) will resurrect the Usability Analysis Task Force to review the draft document and comments. Once completed the SG Security Working Group will vote on this document. Embedded Systems Task Force activated and no longer in hibernation. Charter being revised and deliverables to group in November. Update from Rohit

28 Ongoing Efforts Energy Sector Cybersecurity Capability Maturity Model (ES-C2M2) Discussion Risk Management (i.e., how systems are assessed and scored). Utilities appear struggle with this and/or don’t have methods that are repeatable. NIST has some guidelines, but none are specific enough to base a real calculation. Having a risk program will also be key in NERC CIP compliance.

29 Substation Automation Profile Update For those of you interested in reviewing and commenting on the Substation Automation Security Profile, it is posted on the SharePoint site at: AllItems.aspx?RootFolder=%2futilisec%2fShared%20Docume nts%2fSubstation%20Automation%20Security%20Profile&Fol derCTID=&View=%7b059E5611%2d3141%2d4B3E%2dAAA4%2 dFE7645EE07EE%7d Darren Highfill has volunteered to be the comments wrangler and

30 Closing Security Group Discussion Members open discussion on all topics for the Security Working Group such as items of interest by members. Utility Members are the reason the group is here, any Utility members that would like to discuss hot topics the group should be focused on please advise. Closing Comments


Download ppt "UCAIug Summit October 22-26, 2012 New Orleans, Louisiana New Orleans Downtown Marriott at the Convention Center."

Similar presentations


Ads by Google