pscc s5 task force - ieee · 2017-09-14 · c37.240 revision par title: cybersecurity requirements...
TRANSCRIPT
PSCC S5 Task Force
Chair: Steven Kunsman
Vice-Chair: Chan Wong
Extensions to Cyber Security requirements for substation
P&C systems
PSCC S5 Task Force
Introductions
Approval of May Meeting Minutes
Purpose of S5 Task Force
Status of Par
Gap dialog/presentations
Next steps
AGENDA
IEEE C37.240 Reason
Our goal is to organize industry experts together with power system domain knowledge involved in the development of cybersecurity standardization
Modern substation automation, protection, and control systems, while using technology advancements to achieve greater power-system reliability, can be vulnerable to a multitude of cybersecurity threats.
These vulnerabilities and threats can lead to overall power-system integrity issues. With the increasing dependency on communication technology and the growing pressure of a secure utility infrastructure, various standardization bodies are in the process of developing cybersecurity standards where very little effort has gone into the harmonization or rationalization of these standards to substation applications.
This standard builds on the other work to date to produce a specification for a technically feasible cybersecurity implementation.
C37.240 Revision PAR
Title: Cybersecurity Requirements for Power System Automation, Protection
and Control Systems
Scope Revision of IEEE C37.240 to included new technical requirements for power
system cybersecurity. Based on sound engineering practices, requirements can be
applied to achieve high levels of cybersecurity of power system automation,
protection and control systems independent of voltage level or criticality of cyber
assets.
C37.240 Revision PARTitle: Cybersecurity Requirements for Power System Automation, Protection
and Control Systems
Need for the Project: Utilities and manufacturers need to revise the standard to
define new cybersecurity requirements for power system automation, protection and
control systems to improve the overall power system network security from threats
and other security vulnerabilities.
Modern power system automation, protection and control systems, while using
technology advancements to achieve greater power system reliability, can be
vulnerable to a multitude of cybersecurity threats. These vulnerabilities and threats
can lead to overall power system integrity issues. With the increasing dependency
on communication technology and the growing pressure of a secure utility
infrastructure, various standardization bodies are in the process of developing
cybersecurity standards where very little effort has gone into the harmonization or
rationalization of these standards to the substation applications.
The extension to IEEE C37.240 standard builds on the other work to date to
produce a specification for a technically feasible cybersecurity implementation.
C37.240 Revision PARTitle: Cybersecurity Requirements for Power System Automation, Protection and
Control Systems
Need for the Project (continued):
Areas of applicability not addressed in the published IEEE C37.240 standard :
Cybersecurity requirements for communications outside the control house but inside the
substation fence
H22 Guide for Cybersecurity for Protection Related Data Files
Cybersecurity for protection systems outside of the substation (Feeder automation/Wide area
systems)
Cybersecurity requirements for wireless applications
Application Whitelisting and usage of Digital Signatures
Cloud based application
C37.240 audit support documentation
Reference appendix to map the standard into NERC CIP applications
The work also includes a review the existing standard for necessary updates.
Cybersecurity requirements for communications outside the control house
but inside the substation fence
Steve Kunsman
September 13, 2017
Issue raised to TC57 WG10Communications outside of the 6-walled control house
The current option for extending substation communications networks outside of the control building to collect data from substation equipment poses numerous issues globally and can not be followed by utilities in North America governed NERC CIP Standards without process implementations that remove all benefits of using Section 9-2.
US Utilities believe routable protocols and configurable IEDS in the substation switchyard (outside of the control building) will place them into non-compliance to NERC CIP standards.
Communications in the switchyard
Critical
Asset
Health
Sensor &
Breaker
IEDs
Communications outside of the control houseIEC 61850 systems
SAMU
NCITNCIT
SAMU
IEC 61850-8-1
IEC 61850-9-2
NCIT Non-conventional instrument transformers
SAMU Stand-alone merging units
IEC 61850-8-1
Security architecture
H22, C37.240 audit support documentation, NERC CIP Mapping
Tony Johnson
H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files
• Overview– Utilities and standard development bodies continue to develop, refine, and
implement standards for cyber security of relay protection and automation systems. Examples include, but are not limited to, NERC CIP-002-011, NIST Cyber Security for Smart Grid, IEEE P1711- Cryptography for SCADA, IEEE 1686 - Cyber Security for IEDs, IEC 61850 - Security Impact on Automation, and IEC 62351 - Data and Communication Security.
– The efforts so far have focused on managing physical and electronic access to protection and automation equipment but have not specifically addressed access security for protection and automation related data files (data at rest issues).
– This guide identifies the various types of protection and automation related data files categorized based on risk of disclosure and/or compromise to help guide both utilities and standards development bodies to enact appropriate security measures based on category of each file type. Such enactment will help ensure the proper balance between security and functionality as related to maintenance and analysis of protection and automation related data files.
H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files
• Scope
– This guide identifies and categorizes commonly used protection and automation related data files based on content, use, and risk of disclosure or compromise. Protection and automation related data files include, but are not limited to, files used for configuration, management, and analysis of protective relaying systems.
H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files
• Confidentiality:
– Preventing unauthorized disclosure
• Integrity:
– Preventing unauthorized modification. Non-repudiation is integrity for digital agreements.
• Availability:
– Ensuring authorized users have timely access.
H22-Guide for Categorizing Security Needs for Protection and Automation Related Data Files
• High
– High impact rating is applicable for information that will have an impact that is not mitigatable
• Medium
– Medium impact rating is applicable for information that will have a mitigatable impact
• Low
– Low impact rating is applicable for information that will have minimal impact.
C37.240 Audit Support Documentation
• Cyber Security design need to have clear documentation
• All interfaces need to be documented
• All devices need to be document for compliance with the design
• All test plans need to be clear and detailed
• All test results need to be clearly documented
• A change control process needs to be established
• Only changes approved by change control process
• (its been a bit forgive me if I didn’t get the topic correct)
NERC CIP Standards
CIP-002-5.1a Cyber Security — BES Cyber System Categorization
CIP-003-6 Cyber Security - Security Management Controls
CIP-004-6 Cyber Security - Personnel & Training
CIP-005-5 Cyber Security - Electronic Security Perimeter(s)
CIP-006-6 Cyber Security - Physical Security of BES Cyber Systems
CIP-007-6 Cyber Security - System Security Management
CIP-008-5 Cyber Security - Incident Reporting and Response Planning
CIP-009-6 Cyber Security - Recovery Plans for BES Cyber Systems
CIP-010-2 Cyber Security - Configuration Change Management and Vulnerability Assessments
CIP-011-2 Cyber Security - Information Protection
CIP-014-2 Physical Security
NERC CIP Standards
• Most of the work will fall into the following NERC CIP Standards:
– CIP-003 Cyber Security - Security Management Controls
– CIP-005 Cyber Security - Electronic Security Perimeter(s)
– CIP-007 Cyber Security - System Security Management
– CIP-010 Cyber Security - Configuration Change Management and Vulnerability Assessment
– CIP-011 Cyber Security - Information Protection