Presentation is loading. Please wait.

Presentation is loading. Please wait.

UCAIug: Smart Grid Security Face-To-Face Meeting – July AEP  UtiliSec Working Group  AMI-SEC Task Force UtiliSec WG Chair: Darren Reece Highfill.

Published byDerek Haynes Modified over 8 years ago

Similar presentations

Presentation on theme: "UCAIug: Smart Grid Security Face-To-Face Meeting – July AEP  UtiliSec Working Group  AMI-SEC Task Force UtiliSec WG Chair: Darren Reece Highfill."— Presentation transcript:

1 UCAIug: Smart Grid Security Face-To-Face Meeting – July 2009 @ AEP  UtiliSec Working Group  AMI-SEC Task Force UtiliSec WG Chair: Darren Reece Highfill darren@sakersystems.com

2 AMI Security Ecosystem

3 Customer The Grid AMI System System Operator Meter Data Manager Energy Trader ISO Field Tech Dispatcher Customer Rep Vendors & Third Parties AMI Security Ecosystem

4 Field Elements Issues Limited or no control over physical access Wide range of logical access control Resource constrained devices Large quantity of devices Requirements Device Identity Data Integrity Customer Privacy Considerations Intelligence? (How much?) Filtering?

5 Field Elements Network Management Ad-hoc Structure or Predefined (Prescriptive)? Integrity, Availability of Provisioning Mechanism Authentication Mechanism End-to-End or Step-by-Step? Bi-Directional (“Two-Way”) Pre-Shared or Public Key? Customer Devices Countermeasures Role-Based Access Control Least Privilege, Need-To-Know Unpredictable Credentials Intrusion Detection Tamper Detection

6 ? Data Concentrator At a substation? Somewhere in the field? Who owns the property? Is there a fence? Does it use wireless technology? What kind of access controls are implemented?

7 ? Data Concentrator How many homes are served? What is peak load? More than 300MW (~100,000 homes?)  NERC CIP? How does it authenticate / get authorized to the Data Center Aggregator?

8 Operations Center System Management Console Data Availability, Integrity Filtered View – No Financial Data Time Sensitive (Freshness) Field Communications Data Integrity Temporal Privilege Strict Procedures Detailed Accounting Meter Data Management System Data Integrity, Confidentiality Multiple Interfaces, Heterogeneous Constraints

9 Customer Representative Data Confidentiality, Integrity Filtered View – Billing Related Revenue Data Integrity, Confidentiality Non-Repudiation Public Interface Website Data Confidentiality Public (General Info) and Private (Customer) Views Consumer Portal Best Practices (e.g.: Financial Services)

10 Demand-Response Energy Trader Regulated Relationship Availability & Control Data Confidentiality, Integrity Negotiated “Contract” Similarities to Dealing with an External Entity Vendors & Third Parties External Entities Data Confidentiality Contractual Agreement Least Privilege, Need-To-Know

11 Smart Grid Landscape

12

13 UtiliSec Working Group Motivation:Motivation: –Part of a utility-led, electric power industry community effort (UCAIug) to define a common set of requirements for the procurement of new technologies Status:Status: –Suite of 4 deliverables completed in 2008 AMI Security Risk AssessmentAMI Security Risk Assessment AMI System Security Requirements (incorporates Architectural Description)AMI System Security Requirements (incorporates Architectural Description) AMI Security Component CatalogAMI Security Component Catalog AMI Security Implementation GuideAMI Security Implementation Guide –AMI System Security Requirements document ratified December, 2008 (“1.0”) Current Participation: Current Participation: –200+ Subscribers to Listserv across 8 countries and 4 continents –More than a dozen major North American utilities actively engaged –Broad mix of utilities, vendors, government, and academia

14 NIST CSCTG NIST chartered in EISA 2007 with development of Interoperability Framework for the smart gridNIST chartered in EISA 2007 with development of Interoperability Framework for the smart grid –Formed a series of Domain Expert Working Groups (DEWGs) to engage industry –2 face-to-face meetings in DC in past couple months NIST Cyber Security Coordination Task Group (CSCTG)NIST Cyber Security Coordination Task Group (CSCTG) –Cyber security focus for Interoperability Framework development

15 Issues Addressed: NIST CSCTG Led by Annabelle Lee, NISTLed by Annabelle Lee, NIST Focusing on high-level requirements for securing the smart grid across all stakeholdersFocusing on high-level requirements for securing the smart grid across all stakeholders –Utilities, Grid Operators, Regulators, Consumers, Third Parties Two active sub-groupsTwo active sub-groups –“Bottom-up” –Vulnerability Analysis

16 Issues Addressed: UtiliSec Chartered with developingChartered with developing –Detailed requirements –Best practices guidance for utilities procuring, implementing, and deploying smart grid technology Technology-specific, but vendor-agnostic guidanceTechnology-specific, but vendor-agnostic guidance Feed and accelerate SDO work (IEC, IEEE, etc.)Feed and accelerate SDO work (IEC, IEEE, etc.)

17 UCAIugUCAIug  Open Smart Grid (OpenSG) Subcommittee  UtiliSec Working Group Encompasses the AMI-SEC Task ForceEncompasses the AMI-SEC Task Force –(previously under UtilityAMI) Following on and expanding work done by AMI-SECFollowing on and expanding work done by AMI-SEC –AMI System Security Requirements (“AMI-SEC SSR”) published as “1.0” in December 2008 UtiliSec

18 Working Group Responsibilities Provide a charterProvide a charter Submit a project schedule and a monthly status reportSubmit a project schedule and a monthly status report Schedule meetings (in person or electronic)Schedule meetings (in person or electronic) Structure sub-working groups or ad-hoc groups as necessaryStructure sub-working groups or ad-hoc groups as necessary Seek OpenSG approval forSeek OpenSG approval for –Formal Document Release –Charter approval –Approval of task force and lower level chairs Working Group ConstitutionWorking Group Constitution

19 Organization & Communications Information exchangeInformation exchange –Intra-organizational Issue hand-off formIssue hand-off form Cross-representationCross-representation –Inter-organizational ParticipationParticipation OutreachOutreach Charter (1 slide PPT)Charter (1 slide PPT)

20 UtiliSec Charter Chartered with developing detailed security and assurance requirements and security best practices guidance for organizations throughout the lifecycle of smart grid technologyChartered with developing detailed security and assurance requirements and security best practices guidance for organizations throughout the lifecycle of smart grid technology Technology-specific, but vendor-agnostic guidanceTechnology-specific, but vendor-agnostic guidance Feed and accelerate SDO work (IEC, IEEE, etc.)Feed and accelerate SDO work (IEC, IEEE, etc.)

21 AMI-SEC Task Force AMI-SEC is concerned with securing AMI system elements.AMI-SEC is concerned with securing AMI system elements. –Contextual Definition: “…those measures that protect and defend AMI information and systems by assuring their ability to operate and perform in their intended manner in the face of malicious actions.” PurposePurpose –Produce technical specification Used by utilities to assess and procureUsed by utilities to assess and procure Used by OpenAMI – part of AMI/DR Reference DesignUsed by OpenAMI – part of AMI/DR Reference Design –Determine baseline level of detail Prescriptive in naturePrescriptive in nature Compliant products will have known functionality and robustnessCompliant products will have known functionality and robustness

22

23 Implementation Guide

24 Leveraging ASAP into UtiliSec

25 Project Description:Project Description: –Utility-driven, public-private collaborative project to develop system-level security requirements for smart grid technology Needs Addressed:Needs Addressed: –Utilities: specification in RFP –Vendors: reference in build process –Government: assurance of infrastructure security –Commissions: protection of public interests Approach:Approach: –Architectural team  produce material –Usability Analysis team  assess effectiveness –NIST, UtiliSec  review, approve Deliverables:Deliverables: –Strategy & Guiding Principles white paper –Security Profile Blueprint –3 Security Profiles: AMI, ADE, Communications –Usability Analysis ASAP-SG: Summary Schedule: Jun09 – Dec09 Budget: $3M ( $1.5M Utilities + $1.5M DOE) Performers: Utilities, EnerNex, Inguardians, SEI, ORNL Partners: DOE Release Path: NIST, UCAIug Contacts: Bobby Brown bobby@enernex.combobby@enernex.com Darren Highfill darren@sakersystems.comdarren@sakersystems.com Schedule: Jun09 – Dec09 Budget: $3M ( $1.5M Utilities + $1.5M DOE) Performers: Utilities, EnerNex, Inguardians, SEI, ORNL Partners: DOE Release Path: NIST, UCAIug Contacts: Bobby Brown bobby@enernex.combobby@enernex.com Darren Highfill darren@sakersystems.comdarren@sakersystems.com

26 Public-private collaborative projectPublic-private collaborative project –DOE, NIST, & utilities Purposes:Purposes: –Support the activities of the NIST CSCTG –Accelerate the work of the UtiliSec WG Participants:Participants: –Utilities, regulators, vendors, consultants, national laboratories, & academia ASAP-SG

27 Technical Coordination with NIST

28 Smart Grid Security Profile Blueprint Understandable and user-friendly framework, set of tools, and methodologyUnderstandable and user-friendly framework, set of tools, and methodology Derive and apply smart grid domain-specific security profilesDerive and apply smart grid domain-specific security profiles Delineates:Delineates: –Repeatable security risk assessment methodology –High-level Smart Grid policy set –Smart Grid policy to a domain requirement mapping process –Application security profile development process

29 Security Profiles Prescriptive, actionable guidance for how to build-in and implement security for smart grid functionalityPrescriptive, actionable guidance for how to build-in and implement security for smart grid functionality Tailored to a set of specific smart grid functions, such asTailored to a set of specific smart grid functions, such as –Advanced Metering Infrastructure –Automated Data Exchange –Network Topology –Outage Management –Etc.

30 Questions? darren@sakersystems.com UtiliSec Collaboration Site http://osgug.ucaiug.org/utilisec

Download ppt "UCAIug: Smart Grid Security Face-To-Face Meeting – July AEP  UtiliSec Working Group  AMI-SEC Task Force UtiliSec WG Chair: Darren Reece Highfill."

Similar presentations

Impact of Smart Grid, ICT on Environment and Climate Change David Su Advanced Network Technologies National Institute of Standards and Technology ITU Symposium.

Impact of Smart Grid, ICT on Environment and Climate Change David Su Advanced Network Technologies National Institute of Standards and Technology ITU Symposium.
Knoxville, TN Oct. 19, 2009 AMI-Enterprise Systems Requirements Specification Overview.

Knoxville, TN Oct. 19, 2009 AMI-Enterprise Systems Requirements Specification Overview.
SG Security Working Group Face-to-Face Meeting – July Vancouver, BC  Usability Analysis Task Force  Cybersec-Interop Task Force  Embedded Systems.

SG Security Working Group Face-to-Face Meeting – July Vancouver, BC  Usability Analysis Task Force  Cybersec-Interop Task Force  Embedded Systems.
Introduction Build and impact metric data provided by the SGIG recipients convey the type and extent of technology deployment, as well as its effect on.

Introduction Build and impact metric data provided by the SGIG recipients convey the type and extent of technology deployment, as well as its effect on.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
UCAIug HAN SRS v2.0 Summary August 12, 2010. 2 Scope of HAN SRS in the NIST conceptual model.

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
May 2010 Slide 1 SG Communications Boot Camp Matt Gillmore 03/07/11.

May 2010 Slide 1 SG Communications Boot Camp Matt Gillmore 03/07/11.
Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.

Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.
September 30, 2011 OASIS Open Smart Grid Reference Model: Standards Landscape Analysis.

September 30, 2011 OASIS Open Smart Grid Reference Model: Standards Landscape Analysis.
UCAIug: AMI Security Update – September 2008  AMI-SEC Task Force  AMI Security Acceleration Project (ASAP) AMI-SEC Task Force Chair: Darren Reece Highfill,

UCAIug: AMI Security Update – September 2008  AMI-SEC Task Force  AMI Security Acceleration Project (ASAP) AMI-SEC Task Force Chair: Darren Reece Highfill,
The Voice of the Asset Owner ICSJWG – April Dallas  UCAIug  SG Security  ASAP-SG SG Security WG Chair: Darren Reece Highfill

The Voice of the Asset Owner ICSJWG – April Dallas  UCAIug  SG Security  ASAP-SG SG Security WG Chair: Darren Reece Highfill
Slide 1 UCAIug OpenSG OpenADE Automated Data Exchange Requirements NAESB ESPI Energy Services Provider Interface Standard Specification Overview November.

Slide 1 UCAIug OpenSG OpenADE Automated Data Exchange Requirements NAESB ESPI Energy Services Provider Interface Standard Specification Overview November.
Cyber Security Working Group March 17, 2010. 2 Smart Grid Cyber Security Strategy Establishment of a Cyber Security Coordination Task Group (CSCTG) Established.

Cyber Security Working Group March 17, Smart Grid Cyber Security Strategy Establishment of a Cyber Security Coordination Task Group (CSCTG) Established.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
UCAIug: Smart Grid Security OpenSG Face-to-Face (January 2010 – San Francisco, CA)  SG Security Working Group  AMI-SEC Task Force SG Security WG Chair:

UCAIug: Smart Grid Security OpenSG Face-to-Face (January 2010 – San Francisco, CA)  SG Security Working Group  AMI-SEC Task Force SG Security WG Chair:
Slide 1 UCAIug OpenSG OpenADE Automated Data Exchange Requirements NAESB ESPI Energy Services Provider Interface Standard Specification Overview.

Slide 1 UCAIug OpenSG OpenADE Automated Data Exchange Requirements NAESB ESPI Energy Services Provider Interface Standard Specification Overview.
# 1 Information Exchange Standards Development Collaboration for AMI and HAN For further information, contact: Wayne Longcore

# 1 Information Exchange Standards Development Collaboration for AMI and HAN For further information, contact: Wayne Longcore
EPRI Smart Grid Demonstration and CIM Standards Development

EPRI Smart Grid Demonstration and CIM Standards Development
1 ISO/RTO Council Wholesale Demand Response Projects & OpenADR David Forfia.

1 ISO/RTO Council Wholesale Demand Response Projects & OpenADR David Forfia.

Similar presentations

Ads by Google