the voice of the asset owner icsjwg – april 2011 @ dallas ucaiug sg security asap-sg sg...
TRANSCRIPT
The Voice of the Asset OwnerThe Voice of the Asset OwnerICSJWG – April 2011 @ DallasICSJWG – April 2011 @ Dallas
UCAIugUCAIugSG SecuritySG SecurityASAP-SGASAP-SG
SG Security WG Chair:SG Security WG Chair:
Darren Reece HighfillDarren Reece Highfill
[email protected]@utilisec.org
A Little History…A Little History…
• Original Utility Communications Architecture– EPRI Project RP2949 - 1991– Utility Data Communications from Enterprise to Customer– Adoption limited
• Lack of detailed spec about how protocols would be used by apps (mapping)
Interoperability issues
• UCA (MMS) Forum– Started in 1992 to address interoperability– Genesis of utility-vendor collaborative venue
• Build technical agreements around interoperability Idea of defining standard power system objects• Map to services, MMS data types, other underlying protocols
UCA International Users GroupUCA International Users Group
• UCA2UCA2– Started in 1996Started in 1996
• Published as IEEE TR1550 (1999)Published as IEEE TR1550 (1999)
– Endorses ten different profiles, incl. Endorses ten different profiles, incl. TCP/IP, ICCP, etc.TCP/IP, ICCP, etc.
• Organized data via the Generic Object Organized data via the Generic Object Models for Substation and Feeder Models for Substation and Feeder Equipment (GOMSFE)Equipment (GOMSFE)
• Included Common Application Service Included Common Application Service Model (CASM)Model (CASM)
– Submitted to IEC (TC57 WG10)Submitted to IEC (TC57 WG10)• IEC 61850 released in 2003IEC 61850 released in 2003
• UCA International Users GroupUCA International Users Group– Incorporated June 2002 as a 501(c)(3) CorpIncorporated June 2002 as a 501(c)(3) Corp
– Organization supports individual and corporate members from Organization supports individual and corporate members from utilities, vendors, and othersutilities, vendors, and others
• 134 corporate members134 corporate members• Members from 29 countriesMembers from 29 countries• Hundreds of “friends of the UCAIug”Hundreds of “friends of the UCAIug”
UCAIug Corporate SupportersUCAIug Corporate Supporters
UCAIug Membership CompositionUCAIug Membership Composition
UCAIug Mission UCAIug Mission (from Charter)(from Charter)
• Enable utility integrationEnable utility integration through the deployment of through the deployment of open standardsopen standards
• Provide a forum Provide a forum for the various stakeholders in the utility industry to for the various stakeholders in the utility industry to
work cooperatively together work cooperatively together as members of a as members of a common organization common organization
to:to:
– Influence, select, and/or endorse Influence, select, and/or endorse open and public standards open and public standards
appropriate to the utility market based upon the needs of the membershipappropriate to the utility market based upon the needs of the membership
– Specify, develop, and/or accredit product/system testing programs that Specify, develop, and/or accredit product/system testing programs that
facilitate the field interoperability facilitate the field interoperability ofof products and systems products and systems based upon based upon
these standardsthese standards
– Implement educational and promotional activities that Implement educational and promotional activities that increase awareness increase awareness
and deployment and deployment of these of these standardsstandards in the utility industry in the utility industry
http://www.ucaiug.org/
UCAIug Organization ChartUCAIug Organization Chart
2007
• OpenHAN 1.0 approved
• ZigBee a good choice due to industry support despite technical issues
• Initiates cross utility leadership discussions
• Identified and communicated gaps in ZigBee standard
• Talks initiated with HomePlug to align with ZigBee on Smart Energy.
• Active in defining AMI Security requirements under UCA and DOE funded projects such as ASAP
• Aligning utilities on common Home Area Network strategy
• ZigBee Smart Energy (SE) 1.0 technical issues identified with resolutions in SE 2.0
• Formed joint ZigBee & HomePlug group to develop multi-medium SE 2.0
• Re-birth of utility-led initiatives through UCA International Users Group
• Security focus broadens to other SG applications
• Smart Energy 2.0 release includes end to end system view, comprehensive certification process and IEC/IETF/IEEE compliance
• Implementing Smart Grid standards strategy
• Expanded scope of UCA to cover Smart Grid strategy
• Close working ties with NIST and DOE, etc.
• Too many HAN standards but none fully met requirements
• Lack of coordination in utility efforts
• Utilities would not agree to a common technical solution due to differences in regulation, topography, and technology preferences
• No utility alignment on SG standards
• OpenHAN Task Group begins work
201020092008
UCAIug OpenSGUCAIug OpenSG
OpenHANTask Force
OpenHANTask Force
UtilityAMIWorking Group
AMI-SecurityTask Force
SG Security Working GroupSG Security Working Group
Chair Darren Highfill, SCE
Vice-Chair Bobby Brown, EnerNex
Secretary Nick Gerbino, Dominion
SG Security WG – Task ForcesSG Security WG – Task Forces
• Usability Analysis Task ForceUsability Analysis Task Force– Evaluation and refinement of Security Profiles and other materials considered for Evaluation and refinement of Security Profiles and other materials considered for
ratification by the SG Security WGratification by the SG Security WG– Chair: John Lilley (SDG&E), Vice-Chair: Daniel Thanos (GE)Chair: John Lilley (SDG&E), Vice-Chair: Daniel Thanos (GE)
• CyberSec-Interop Task ForceCyberSec-Interop Task Force– Spinoff from DOE National SCADA Test Bed Lemnos Interoperable Security Spinoff from DOE National SCADA Test Bed Lemnos Interoperable Security
ProjectProject– Development of Development of interoperable security configuration profilesinteroperable security configuration profiles– Chair: Dave Teumim (Teumim Technical), Vice-Chair: John Stewart (TVA)Chair: Dave Teumim (Teumim Technical), Vice-Chair: John Stewart (TVA)
• AMI-SEC Task ForceAMI-SEC Task Force– Produce technical specifications used by utilities to assess and procureProduce technical specifications used by utilities to assess and procure– Determine baseline level of detail (prescriptive in nature), compliant products will Determine baseline level of detail (prescriptive in nature), compliant products will
have known functionality and robustnesshave known functionality and robustness– Chair: Darren Highfill (SCE), Vice-Chair: Bobby Brown (EnerNex)Chair: Darren Highfill (SCE), Vice-Chair: Bobby Brown (EnerNex)
• Embedded Systems Security Task ForceEmbedded Systems Security Task Force– Security requirements for embedded components and devices used in utility field Security requirements for embedded components and devices used in utility field
systemssystems– Chair: Rohit Khera (PG&E), Vice-Chair: Daniel Thanos (GE)Chair: Rohit Khera (PG&E), Vice-Chair: Daniel Thanos (GE)
• Project Description:Project Description:
– Utility-driven, public-private collaborative project to develop Utility-driven, public-private collaborative project to develop system-level security requirements for smart grid technologysystem-level security requirements for smart grid technology
• Needs Addressed:Needs Addressed:
– Utilities:Utilities: specification in RFP specification in RFP
– Vendors:Vendors: reference in build process reference in build process
– Government:Government: assurance of infrastructure security assurance of infrastructure security
– Commissions:Commissions: protection of public interests protection of public interests
• Approach:Approach:
– Architectural team Architectural team produce material produce material
– Usability Analysis team Usability Analysis team assess effectiveness assess effectiveness
– NIST, UtiliSec NIST, UtiliSec review, approve review, approve
• Deliverables:Deliverables:
– Strategy & Guiding Principles white paperStrategy & Guiding Principles white paper
– Security Profile BlueprintSecurity Profile Blueprint
– 6 Security Profiles6 Security Profiles
– Usability AnalysisUsability Analysis
ASAP-SG: SummaryASAP-SG: Summary
Schedule: June 2009 – May 2011
Budget: $3M/year($1.5M Utilities + $1.5M DOE)
Performers: Utilities, EnerNex, Inguardians, SEI, ORNL
Partners: DOE, EPRI
Release Path: NIST, UCAIug
Contacts:Bobby Brown [email protected]
Darren Highfill [email protected]
Schedule: June 2009 – May 2011
Budget: $3M/year($1.5M Utilities + $1.5M DOE)
Performers: Utilities, EnerNex, Inguardians, SEI, ORNL
Partners: DOE, EPRI
Release Path: NIST, UCAIug
Contacts:Bobby Brown [email protected]
Darren Highfill [email protected]
Funding & WorkflowFunding & Workflow
• Feeding and accelerating smart grid Feeding and accelerating smart grid standards developmentstandards development
• Model of public-private partnershipModel of public-private partnership
ASAP-SG Security ProfilesASAP-SG Security Profiles
• Prescriptive, actionable guidancePrescriptive, actionable guidance
– How to build-in and implement securityHow to build-in and implement security
• Tailored to a set of specific smart grid functions, such asTailored to a set of specific smart grid functions, such as
– Advanced Metering InfrastructureAdvanced Metering Infrastructure
– Third Party Data AccessThird Party Data Access
– Distribution ManagementDistribution Management
– Wide Area Management (Synchrophasors)Wide Area Management (Synchrophasors)
– Home Area NetworksHome Area Networks
– Substation AutomationSubstation Automation
PROPOSED
PROPOSED
COMPLETE
COMPLETE
COMPLETE
UNDERWAY
Security Requirements Relevant to SGSecurity Requirements Relevant to SG
