1. D2-02_04I NDIA 2013 PS 2. Standards, Security and Leading-edge Technologies in the context of Power Systems Building an Interoperable Grid with Industry- Standard IPV6 Architecture Andrew O’Brien, Australia

2. I NDUSTRY D RIVERS AND C HALLENGES Major grid transformation with the increased penetration of distributed and renewable energy resources, advanced metering, distributed control and automation, multiservice networks, among others. A drive to connect the previously unconnected. Pressure for evolution to Ethernet and IP based services (ex. IEC 61850 or OT/IT convergence) while also maintaining support for legacy services and devices. Stronger, standards based security for industry compliance like NERC CIP

3. C OMMS D ESIGN C ONSIDERATIONS The communications network should allow the connection of different device types and multiple services to run over the same infrastructure The communications layer should not depend of application gateways, allowing transparent, end-to-end bidirectional communications between any two devices The technology and solutions should be future proof and be a valid option for at least 10 years Standards based solution for vendor interoperability and easy deployment of new services Allow multiple technologies and media types for flexibility, allowing different deployment scenarios and future evolution Consistent network management and advanced security throughout the complete solution

4. W HY IP V 6? An end-to-end IP Smart-Grid architecture can leverage 30 years of Internet Protocol technology development [RFC 6272] guaranteeing open standards and interoperability. Key benefits of IP are: Open and Standards-based – IETF, IEEE, IEC, ANSI Versatile – Layered IP architecture for many types of physical and data link layers, without changing the whole solution architecture. Future proof. Scalable – Existing deployments of tens of millions of end points Manageable and Secure - Well-understood network management and security protocols, mechanisms, and toolsets. Stable and Resilient - Can leverage 30 years of experience with critical infrastructures (ex. Financial) as well as critical services (ex. Voice) that have already transitioned to open IP standards. End-to-end - The adoption of IP provides end-to-end and bi-directional communication capabilities between any devices in the network.

5. IP V 6 T ECHNOLOGY FOR P OWER U TILITIES IPv6/IPv4 UDP/TCP IEEE 802.15.4e MAC enhancements IPv6 RPL Web Services, EXI, SOAP, RestFul,HTTPS/CoAP 802.1x / EAP-TLS & IEEE 802.11i based Access Control Physical Layer IEEE 802.15.4 2.4GHz, 915, 868MHz DSSS, FSK, OFDM IEEE P1901.2 NB-PLC OFDM IEEE 802.11 Wi-Fi 2.4, 5 GHz, Sub-GHz IEEE 802.3 Ethernet UTP, FO 2G, 3G, LTE Cellular IEEE 802.16 WiMAX 1.x, 3.xGHz Data Link Layer IEEE 802.15.4 including FHSS IEEE P1901.2 802.15.4 frame format IEEE 802.11 Wi-Fi IEEE 802.3 Ethernet 2G, 3G, LTE Cellular IEEE 802.16 WiMAX 6LoWPAN (RFC 6282)IPv6 over Ethernet (RFC 2464) IPv6 over PPP (RFC 5072) IP or Ethernet Convergence SubL. Network Layer Transport Layer Application Layer Addressing, Routing, Multicast, QoS, Security Security (DTLS/TLS) DNS, NTP, IPfix/Netflow, SSH RADIUS, AAA, LDAP, SNMP,… (RFC 6272 IP in Smart Grid) Metering IEC 61968 CIM, ANSI C12.22, DLMS/COSEM,… SCADA IEC 61850, 60870 DNP3/IP, Modbus/TCP,… LLC MACMAC Mgmt

6. E ND - TO -E ND S ECURITY A RCHITECTURE Access Control User and Device Identity Authentication, Authorization & Accounting Data Confidentiality and Data Privacy Network Segmentation Security Connectivity and Encryption (VPN) Threat Detection and Mitigation Security Zones with Firewall Intrusion Prevention Device and Platform Integrity Device Hardening Configuration Assurance

7. S CALABILITY AND M ANAGEMENT Network scalability is a fundamental requirement of the future grid. Being able to manage this scalable network and its security is also key SNMP alone may not be enough for all parts of the network! Specialized protocols like CoAP (Constrained Application Protocol) and CSMP (CoAP Simple Management Protocol) are suitable for use with constrained nodes and large scale constrained networks (lossy, low bandwidth networks) All mentioned protocols are IPv6 capable, allowing to build scalable, secure and manageable networks to millions of endpoints Databases and IT systems interoperability are very relevant for easier operation and reduced TCO (IPAM, certificates, authentication, etc) Automated provisioning and deployment mechanisms (ex. Zero touch deployment) are fundamental when deploying millions of devices Pro-active monitoring of the network for faults and performance

8. C ONCLUSIONS I NDIA 2013 IPv6 based Smart Grid applications already exist and are deployed in some Power Utilities. One example of such an application is AMI. This fact is driven not because IPv6 is the only option but because it presents several benefits for power utilities, including improved scalability, advanced security, rich management capabilities and more flexibility. During a long period legacy, IPv4, IPv6 based applications will co-exist and the communications architecture must cope with this requirement. An architectural communication systems approach is key to meet Power Utilities current needs but also allow the future deployment of IPv4 and IPv6 based applications

9. I NDIA 2013 Thank you! Andrew O’Brien androbri@cisco.com