Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click anywhere to continue Click here to go back Presented by Sam Sciacca – Working Group C1 Chair Substations C0 Subcommittee IEEE Standard for Substation.

Published byCarmel Dorsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Click anywhere to continue Click here to go back Presented by Sam Sciacca – Working Group C1 Chair Substations C0 Subcommittee IEEE Standard for Substation."— Presentation transcript:

1 Click anywhere to continue Click here to go back Presented by Sam Sciacca – Working Group C1 Chair Substations C0 Subcommittee IEEE Standard for Substation IED Cyber Security IEEE- 1686

2 Click anywhere to continue Click here to go back Purpose of Document Define cyber security functions and features Serve as a procurement specification for new IEDs or analysis of existing IEDs Produce a common reference point for terms and verbiage regarding cyber security

3 Click anywhere to continue Click here to go back Reasons for the Effort Increased cyber security requirements NERC Critical Infrastructure Protection (CIP 002-1 through 009-1) Confusion among users and vendors as to what IED cyber security should include

4 Click anywhere to continue Click here to go back NERC CIP Goals oriented – security, reliability, accountability Does not require the application of specific technologies Provides no baseline of product features (Claims of products to be “NERC CIP Compliant” or “Conform to NERC CIP standards” are baseless) Concerned with both intentional and unintentional acts

5 Click anywhere to continue Click here to go back Underlining Premises of IEEE-1686 Substation cyber security programs will be company- specific Determination of what devices require cyber security is outside of the scope of the effort Not all features will be required in every program Addresses only embedded security features of the IED and the IED configuration software

6 Click anywhere to continue Click here to go back Objectives of IEEE-1686 Establish a suite of IED features and functions which can be incorporated in a cyber security program Define the features and functions in a non-ambiguous manner Serve as the format of a procurement or evaluation specification Raise vendor awareness as to desirable features and functions which they may wish to consider providing in new generations of equipment.

7 Click anywhere to continue Click here to go back Proper Use of IEEE-1686 Requires 3 important elements: 1. Proper citation of the standard. 2. Table of Compliance to the standard 3. Analysis and verification by the User of the IED offering

8 Click anywhere to continue Click here to go back Improper Citation of IEEE-1686 “IED must conform to all applicable sections of IEEE-1686”

9 Click anywhere to continue Click here to go back IEEE-1686 IED Requirements Strong password construction No undisclosed bypass or “back door” Multiple access levels Non-modifiable audit trail Supervisory permissive control IEEE 37.231 compliance (Firmware Control) Alarm Generation

10 Click anywhere to continue Click here to go back IEEE-1686 IED Configuration Software Concepts Authentication/copy control Multiple access levels - View Configuration Data - Change Configuration Data - Full Access (User/ID Password changes) IED Communications Port Enabling/Disabling

11 Click anywhere to continue Click here to go back IEEE-1686 Audit Trail Login Manual Log Out Timed Log Out Config Access Config Change Supervisory Permission Value Forcing Firmware Change UserID/Password Change Audit Log Access Time/Date Change Alarm Incident

12 Click anywhere to continue Click here to go back IEEE-1686 IED Alarm Events Unsuccessful login attempt Reboot Use of unauthorized configuration software

13 Click anywhere to continue Click here to go back IEEE-1686 Status Approved and available for use

14 Click anywhere to continue Click here to go back Identified Areas of Further Work Definition and recommended practice for strong or multifactor authentication Definition and recommended practice for substation electronic perimeters

15 Click anywhere to continue Click here to go back Substations C0 Subcommittee Data Acquisition Processing and Control Systems Subcommittee (“SCADA Subcommittee”) Michael Dood, Chair Open to IEEE-PES Members and Guests Meets at Substation Annual Meeting (Spring), IEEE-PES Annual Meeting, and most PSRC meetings

Download ppt "Click anywhere to continue Click here to go back Presented by Sam Sciacca – Working Group C1 Chair Substations C0 Subcommittee IEEE Standard for Substation."

Similar presentations

Www.burnsmcd.com Engineering, Architecture, Construction, Environmental and Consulting Solutions © 2011 Burns & McDonnell Missouri Public Service Commission.

Engineering, Architecture, Construction, Environmental and Consulting Solutions © 2011 Burns & McDonnell Missouri Public Service Commission.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.

1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.

1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.
Configuration Management Managing Change. Points to Ponder Which is more important?  stability  progress Why is change potentially dangerous?

Configuration Management Managing Change. Points to Ponder Which is more important?  stability  progress Why is change potentially dangerous?
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
Information Security Policies and Standards

Information Security Policies and Standards
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Software Configuration Management

Software Configuration Management
Network security policy: best practices

Network security policy: best practices
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

Similar presentations

Ads by Google