sg security wg chair: darren highfill darren@utilisec
DESCRIPTION
SG Security Working Group Face-to-Face Meeting – July 2011 @ Vancouver, BC Usability Analysis Task Force Cybersec-Interop Task Force Embedded Systems Security Task Force. SG Security WG Chair: Darren Highfill [email protected]. Agenda. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/1.jpg)
SG Security Working GroupFace-to-Face Meeting – July 2011 @ Vancouver, BC
Usability Analysis Task ForceCybersec-Interop Task ForceEmbedded Systems Security Task Force
SG Security WG Chair:Darren Highfill
![Page 2: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/2.jpg)
AgendaDay Timeslot Subject Group
Monday 1500-1700 SG Security Boot Camp SG Sec WG
Tuesday 0800-1000 Opening Plenary OpenSG 1030-1200 Agenda & Status Updates
Testing & Certification SupportASAP-SG Process Review & Update
SG Sec WG
1300-1500 SG Security / SG Network Joint Session
Wednesday 0800-1000 SG Security / OpenADR*Embedded Systems Security TF
Joint Session SG Sec WG
1030-1200 Embedded Systems Security TF (continued) SG Sec WG 1300-1500 Usability Analysis TF SG Sec WG 1530-1730 CyberSec-Interop / Lemnos
Topic: Vulnerability DisclosurePlanning & Prioritization
SG Sec WG
*SGSec-OpenADR joint session will be held in Pavillion Ballroom D
![Page 3: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/3.jpg)
Status Updates• NIST CSWG & PAPs
– AMI Security Subgroup– PAP10, PAP18, others?
• NERC CIP SDT• IEC TC 57 WG 15• ICSJWG Solutions Technology Subgroup• NERC Cyber Attack Task Force• DOE-NIST-NERC collaboration: Risk Management Framework
![Page 4: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/4.jpg)
Testing & Certification• How do we align SG Security work products to facilitate
testing & certification?• Structure and format of requirements
– [Subject] [verb] [object] [parameters/constraints]• What does conformance / certification with a users group
specification mean?– Where are we feeding this work?– What is the eventual target?
![Page 5: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/5.jpg)
• Project Description:– Utility-driven, public-private collaborative project to develop system-level
security requirements for smart grid technology
• Needs Addressed:– Utilities: specification in RFP
– Vendors: reference in build process
– Government: assurance of infrastructure security
– Commissions: protection of public interests
• Approach:– Architectural team produce drafts for review
– Usability Analysis TF assess effectiveness
– SG Security WG review, approve
• Deliverables:– Strategy & Guiding Principles white paper
– Security Profile Blueprint
– 6 Security Profiles
– Usability Analysis
ASAP-SG: Summary
Schedule: June 2009 – May 2011Budget: $3M/year
($1.5M Utilities + $1.5M DOE)
Performers: Utilities, EnerNex, Inguardians, SEI, ORNL
Partners: DOE, EPRIRelease Path: NIST, UCAIugContacts:
Bobby Brown [email protected] Highfill [email protected]
![Page 6: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/6.jpg)
Slide 6 Bobby Brown
ASAP-SG Funding Distribution
Labor Security Engineers System Architects Penetration Testers (White Hat Hackers)
Travel – Face-to-face Meetings Meetings – Room, Audio/Visual, Webinar, Meals Supplies/Misc. – Printing, Tech Transfer Materials
![Page 7: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/7.jpg)
Funding & Workflow• Feeding and accelerating smart grid Feeding and accelerating smart grid
standards developmentstandards development• Model of public-private partnershipModel of public-private partnership
![Page 8: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/8.jpg)
Security Profile Impact• Early adoption: Early adoption: Utilities and commissions Utilities and commissions
referencing AMI SPreferencing AMI SP (CPUC, SCE, NV Energy…) (CPUC, SCE, NV Energy…)
• Process for developing a security profile has Process for developing a security profile has evolved substantially since initial AMI SP draftevolved substantially since initial AMI SP draft
• AMI Security Profile AMI Security Profile now under revisions now under revisions by CSWG AMI by CSWG AMI Security SubgroupSecurity Subgroup
![Page 9: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/9.jpg)
Security Profile Impact• Use cases in 3PDA Use cases in 3PDA
form foundation of form foundation of ESPI workESPI work
• Common functional Common functional model facilitates model facilitates definitive mapping of definitive mapping of security requirementssecurity requirements
![Page 10: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/10.jpg)
Security Requirements Relevant to SG
![Page 11: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/11.jpg)
ASAP-SG Security Profiles
• Security Profile status:
– Advanced Metering Infrastructure
– Third Party Data Access
– Distribution Management
– Wide Area Monitoring, Protection,& Control (Synchrophasors)
– Home Area Networks
– Substation Automation
PROPOSED
PROPOSED
COMPLETE
COMPLETE
COMPLETE NISTIR 7628 PublishedAugust 2010
COMPLETE
![Page 12: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/12.jpg)
1. Scopea) Nominate functionality (i.e., use case titles)b) Delineate real-world application/component coverage
2. Logical Architecturea) Nominate logical architectureb) Define roles by functionalityc) Refine use cases & logical architecture
3. Security Constraintsa) Define security & operational objectivesb) Perform failure analysis
4. Security Controlsa) Define controls (including recommended network segmentation)b) Map and tailor controls to roles
5. Validation
ASAP-SG Process: Basic Steps
![Page 13: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/13.jpg)
Process Notes: Scope• Why is this important?
– First point of entry for new audiences– Will likely dictate whether the document gets broad
review and engagement• What does it do?
– End users must be able to figure out if this document applies to them or not
– Need an easy and clear “yes” or “no” answer– Should not have to understand the rest of the
document• What is the approach?
– Define functionality covered in real-world terms– Provide examples using real-world terminology
![Page 14: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/14.jpg)
Process Notes: Logical Architecture• Why is this important?
– Lack of coverage for functionality is the root of security vulnerabilities
– Lack of coverage is rarely intentional• Ambiguity in terminology• Changes in functionality over time
• What does it do?– Provides abstract (vendor-neutral) representation of
the system to bind controls– Removes ambiguity about functionality covered
• What is the approach?– Define roles in terms of functionality– Describe relationships between the roles– Define the functionality in terms of use cases
• Use a normalized format that facilitates verification of coverage
![Page 15: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/15.jpg)
Process Notes: Security Constraints• Why is this important?
– Security ultimately has a cost– How do we know we are investing in the right place?
• What does it do?– Provides justification for selection of controls– Provides traceability for when (not if) system
functionality changes– Provides a means to quantifiably claim coverage
• What is the approach?– Define objectives for system operation
• What the system should do• What the system should NOT do
– Define failures the system should prevent• Bind to functionality (avoidance is one means of mitigating risk)• Look at both common and functionality-specific failures
![Page 16: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/16.jpg)
Process Notes: Security Controls• Why is this important?
– Actions and requirements must be precisely defined• What does it do?
– Provides actionable guidance for the end user– Establishes a context to link high-level objectives to low-
level security mechanisms• What is the approach?
– Generate controls• Brainstorm controls from failures• Normalize controls into approachable and useful organization for the
end user
– Map to logical architecture• System (i.e., network segmentation)• Roles
– Adapt controls to specific context for each role• (e.g., consider resource constraints, access requirements,
maintenance…)
![Page 17: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/17.jpg)
Document EssentialsScope• Functionality Covered• Applications, Interfaces, & Sub-Components• Explicit Examples
Logical Architecture• Communications Architecture• Roles• Use Cases• Mapping to Concrete Applications
Security Considerations• Contextual & Operational Assumptions• Security Principles• Failure Analysis
Security Controls• Network Segmentation• Control Definitions• Mapping of Controls to Roles & Segments
![Page 18: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/18.jpg)
Scope
![Page 19: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/19.jpg)
Roles and FunctionalityApplication of Logical Architecture:Post-Event Analysis
![Page 20: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/20.jpg)
WAMPAC Logical ArchitectureCommunicationsArchitecture Use Cases
Use Case 2 – Alignment Processes PMU Data
PM
UP
haso
r Gat
eway
Dat
a S
tore
Alig
nmen
t
YesYes
No4: Archive incoming data? Use Case 3
3: Alignment validates incoming
data packet
6: Data old (max lag time exceeded)?
7: Alignment discards data
2: Alignment monitors clock
5: Alignment sends data frames to
Data Store End
8: Alignment buffers data until all data received or max lag time
reached
Use Case 5
1B: Phasor Gateway forwards
PMU data to Alignment
Start
Start 1A: PMU sends data to Alignment
![Page 21: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/21.jpg)
Recommended Network Segmentation
![Page 22: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/22.jpg)
Role Assignment to Segments
![Page 23: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/23.jpg)
Mapping Controls to Roles
![Page 24: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/24.jpg)
Control Definition
![Page 25: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/25.jpg)
Security Profile Development Process
![Page 26: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/26.jpg)
Mapping Use Cases• Link structure varies
depending upon level of granularity in text vs. implementation
• Traceability provided regardless
• Analysis for coverage should be performed after catalog of profiles is more complete
{
![Page 27: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/27.jpg)
Mapping Roles to Actors
![Page 28: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/28.jpg)
Security Principles NISTIR Use Case Objectives
![Page 29: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/29.jpg)
NISTIR Controls as Inspiration & to Ensure Coverage
• Start with relevant NISTIR control to address identified failure scenario
• Re-write control specifically for implementation
• Ensure control is testable
• Use NISTIR to ensure coverage
![Page 30: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/30.jpg)
Comparison & Validation
MapValidate
Actors
Interface CategoriesControls
Roles
Failure Analysis
Controls
![Page 31: SG Security WG Chair: Darren Highfill darren@utilisec](https://reader035.vdocuments.mx/reader035/viewer/2022081511/56815c5a550346895dca5e3a/html5/thumbnails/31.jpg)
Other Benefits
• NIST-IR 7628 and Security Profiles Traceability
• Coverage and Gap Analysis• Addresses some GAO Cybersecurity Challenges Report
concerns– Comprehensive Security– SynchroPhasor Security– Metrics for Evaluating Security Posture