UCAIug: Smart Grid SecurityUCAIug: Smart Grid SecurityFace-To-Face Meeting – July 2009 @ AEPFace-To-Face Meeting – July 2009 @ AEP

UtiliSec Working GroupUtiliSec Working GroupAMI-SEC Task ForceAMI-SEC Task Force

UtiliSec WG Chair:UtiliSec WG Chair:

Darren Reece HighfillDarren Reece Highfill

darren@sakersystems.comdarren@sakersystems.com

Customer

The Grid

AMI SystemSystemOperator

Meter DataManager

EnergyTrader

ISO

FieldTechDispatcher

CustomerRep

Vendors& Third Parties

AMI Security EcosystemAMI Security Ecosystem

Field Elements

Issues• Limited or no control over physical access• Wide range of logical access control• Resource constrained devices• Large quantity of devices

Requirements• Device Identity• Data Integrity• Customer Privacy

Considerations• Intelligence? (How much?)• Filtering?

Field Elements

Network Management• Ad-hoc Structure or Predefined (Prescriptive)? • Integrity, Availability of Provisioning Mechanism

Authentication Mechanism• End-to-End or Step-by-Step?• Bi-Directional (“Two-Way”)• Pre-Shared or Public Key?• Customer Devices

Countermeasures• Role-Based Access Control• Least Privilege, Need-To-Know• Unpredictable Credentials• Intrusion Detection• Tamper Detection

?Data Concentrator

• At a substation? Somewhere in the field?• Who owns the property? Is there a fence?• Does it use wireless technology?• What kind of access controls are implemented?

?Data Concentrator

• How many homes are served? What is peak load?• More than 300MW (~100,000 homes?) NERC CIP?• How does it authenticate / get authorized to the Data Center Aggregator?

Operations Center

System Management Console• Data Availability, Integrity• Filtered View – No Financial Data• Time Sensitive (Freshness)

Field Communications• Data Integrity• Temporal Privilege• Strict Procedures• Detailed Accounting

Meter Data ManagementSystem• Data Integrity, Confidentiality• Multiple Interfaces,

Heterogeneous Constraints

Customer Representative• Data Confidentiality, Integrity• Filtered View – Billing Related

Revenue• Data Integrity, Confidentiality• Non-Repudiation

Public InterfacePublic Interface

Website• Data Confidentiality• Public (General Info) and

Private (Customer) Views• Consumer Portal Best

Practices (e.g.: Financial Services)

Demand-ResponseDemand-Response

Energy Trader• Regulated Relationship

Availability & Control• Data Confidentiality, Integrity• Negotiated “Contract”• Similarities to Dealing with an External Entity

Vendors & Third PartiesVendors & Third Parties

External Entities• Data Confidentiality• Contractual Agreement• Least Privilege, Need-To-Know

Smart Grid LandscapeSmart Grid Landscape

UtiliSec Working GroupUtiliSec Working Group

• Motivation:Motivation:– Part of a utility-led, electric power industry community effort Part of a utility-led, electric power industry community effort

((UCAIugUCAIug) to define a ) to define a common set of requirementscommon set of requirements for the for the procurement of new technologiesprocurement of new technologies

• Status:Status:– Suite of 4 deliverables completed in 2008Suite of 4 deliverables completed in 2008

• AMI Security Risk AssessmentAMI Security Risk Assessment• AMI System Security Requirements (incorporates Architectural Description)AMI System Security Requirements (incorporates Architectural Description)• AMI Security Component CatalogAMI Security Component Catalog• AMI Security Implementation GuideAMI Security Implementation Guide

– AMI System Security Requirements document ratified December, AMI System Security Requirements document ratified December, 2008 (“1.0”)2008 (“1.0”)

•   Current Participation:Current Participation:– 200+ Subscribers to Listserv across 8 countries and 4 continents200+ Subscribers to Listserv across 8 countries and 4 continents– More than a dozen major North American utilities actively engagedMore than a dozen major North American utilities actively engaged– Broad mix of utilities, vendors, government, and academiaBroad mix of utilities, vendors, government, and academia

NIST CSCTGNIST CSCTG

• NIST chartered in EISA 2007 with development of NIST chartered in EISA 2007 with development of

Interoperability Framework for the smart gridInteroperability Framework for the smart grid

– Formed a series of Domain Expert Working Groups (DEWGs) to Formed a series of Domain Expert Working Groups (DEWGs) to

engage industryengage industry

– 2 face-to-face meetings in DC in past couple months2 face-to-face meetings in DC in past couple months

• NIST Cyber Security Coordination Task Group (CSCTG)NIST Cyber Security Coordination Task Group (CSCTG)

– Cyber security focus for Interoperability Framework developmentCyber security focus for Interoperability Framework development

Issues Addressed: NIST CSCTGIssues Addressed: NIST CSCTG

• Led by Annabelle Lee, NISTLed by Annabelle Lee, NIST

• Focusing on high-level requirements for securing the Focusing on high-level requirements for securing the

smart grid smart grid across all stakeholdersacross all stakeholders

– Utilities, Grid Operators, Regulators, Consumers, Third PartiesUtilities, Grid Operators, Regulators, Consumers, Third Parties

• Two active sub-groupsTwo active sub-groups

– ““Bottom-up”Bottom-up”

– Vulnerability AnalysisVulnerability Analysis

Issues Addressed: UtiliSecIssues Addressed: UtiliSec

• Chartered with developingChartered with developing

– Detailed requirementsDetailed requirements

– Best practices guidanceBest practices guidance

for utilities for utilities procuring, implementing, and deployingprocuring, implementing, and deploying smart grid smart grid

technologytechnology

• Technology-specific, but vendor-agnostic guidanceTechnology-specific, but vendor-agnostic guidance

• Feed and accelerate SDO work (IEC, IEEE, etc.)Feed and accelerate SDO work (IEC, IEEE, etc.)

• UCAIugUCAIug

Open Smart Grid (OpenSG) SubcommitteeOpen Smart Grid (OpenSG) Subcommittee

UtiliSec Working GroupUtiliSec Working Group

• Encompasses the AMI-SEC Task ForceEncompasses the AMI-SEC Task Force

– (previously under UtilityAMI)(previously under UtilityAMI)

• Following on and expanding work done by AMI-SECFollowing on and expanding work done by AMI-SEC

– AMI System Security Requirements (“AMI-SEC SSR”) published AMI System Security Requirements (“AMI-SEC SSR”) published

as “1.0” in December 2008as “1.0” in December 2008

UtiliSecUtiliSec

Working Group ResponsibilitiesWorking Group Responsibilities• Provide a charterProvide a charter• Submit a project schedule and a monthly status reportSubmit a project schedule and a monthly status report• Schedule meetings (in person or electronic)Schedule meetings (in person or electronic)• Structure sub-working groups or ad-hoc groups as necessaryStructure sub-working groups or ad-hoc groups as necessary• Seek OpenSG approval forSeek OpenSG approval for

– Formal Document ReleaseFormal Document Release– Charter approvalCharter approval– Approval of task force and lower level chairsApproval of task force and lower level chairs

• Working Group ConstitutionWorking Group Constitution

Organization & CommunicationsOrganization & Communications

• Information exchangeInformation exchange– Intra-organizationalIntra-organizational

• Issue hand-off formIssue hand-off form• Cross-representationCross-representation

– Inter-organizationalInter-organizational• ParticipationParticipation• OutreachOutreach

• Charter (1 slide PPT)Charter (1 slide PPT)

UtiliSec CharterUtiliSec Charter

• Chartered with developing detailed security and Chartered with developing detailed security and

assurance requirements and security best practices assurance requirements and security best practices

guidance for organizations throughout the lifecycle of guidance for organizations throughout the lifecycle of

smart grid technologysmart grid technology

• Technology-specific, but vendor-agnostic guidanceTechnology-specific, but vendor-agnostic guidance

• Feed and accelerate SDO work (IEC, IEEE, etc.)Feed and accelerate SDO work (IEC, IEEE, etc.)

AMI-SEC Task ForceAMI-SEC Task Force

• AMI-SEC is concerned with securing AMI system AMI-SEC is concerned with securing AMI system elements.elements.– Contextual Definition:Contextual Definition:

“…“…those measures that protect and defend AMI information and those measures that protect and defend AMI information and systems by assuring their ability to operate and perform in their systems by assuring their ability to operate and perform in their intended manner in the face of malicious actions.intended manner in the face of malicious actions.””

• PurposePurpose– Produce technical specificationProduce technical specification

• Used by utilities to assess and procureUsed by utilities to assess and procure

• Used by OpenAMI – part of AMI/DR Reference DesignUsed by OpenAMI – part of AMI/DR Reference Design

– Determine baseline level of detailDetermine baseline level of detail• Prescriptive in naturePrescriptive in nature

• Compliant products will have known functionality and robustnessCompliant products will have known functionality and robustness

Implementation GuideImplementation Guide

Leveraging ASAP into UtiliSecLeveraging ASAP into UtiliSec

• Project Description:Project Description:

– Utility-driven, public-private collaborative project to develop Utility-driven, public-private collaborative project to develop system-level security requirements for smart grid technologysystem-level security requirements for smart grid technology

• Needs Addressed:Needs Addressed:

– Utilities:Utilities: specification in RFP specification in RFP

– Vendors:Vendors: reference in build process reference in build process

– Government:Government: assurance of infrastructure security assurance of infrastructure security

– Commissions:Commissions: protection of public interests protection of public interests

• Approach:Approach:

– Architectural team Architectural team produce material produce material

– Usability Analysis team Usability Analysis team assess effectiveness assess effectiveness

– NIST, UtiliSec NIST, UtiliSec review, approve review, approve

• Deliverables:Deliverables:

– Strategy & Guiding Principles white paperStrategy & Guiding Principles white paper

– Security Profile BlueprintSecurity Profile Blueprint

– 3 Security Profiles: AMI, ADE, Communications3 Security Profiles: AMI, ADE, Communications

– Usability AnalysisUsability Analysis

ASAP-SG: SummaryASAP-SG: Summary

Schedule: Jun09 – Dec09

Budget: $3M

($1.5M Utilities + $1.5M DOE)

Performers: Utilities, EnerNex, Inguardians, SEI, ORNL

Partners: DOE

Release Path: NIST, UCAIug

Contacts:Bobby Brown bobby@enernex.com

Darren Highfill darren@sakersystems.com

Schedule: Jun09 – Dec09

Budget: $3M

($1.5M Utilities + $1.5M DOE)

Performers: Utilities, EnerNex, Inguardians, SEI, ORNL

Partners: DOE

Release Path: NIST, UCAIug

Contacts:Bobby Brown bobby@enernex.com

Darren Highfill darren@sakersystems.com

• Public-private collaborative projectPublic-private collaborative project

– DOE, NIST, & utilitiesDOE, NIST, & utilities

• Purposes:Purposes:

– Support the activities of Support the activities of

the NIST CSCTGthe NIST CSCTG

– Accelerate the work of Accelerate the work of

the UtiliSec WGthe UtiliSec WG

• Participants:Participants:

– Utilities, regulators, vendors, consultants, national Utilities, regulators, vendors, consultants, national

laboratories, & academialaboratories, & academia

ASAP-SGASAP-SG

Technical Coordination with NISTTechnical Coordination with NIST

Smart Grid Security Profile BlueprintSmart Grid Security Profile Blueprint

• Understandable and user-friendly framework, set of Understandable and user-friendly framework, set of

tools, and methodologytools, and methodology

• Derive and apply smart grid domain-specific security Derive and apply smart grid domain-specific security

profilesprofiles

• Delineates:Delineates:

– Repeatable security risk assessment methodologyRepeatable security risk assessment methodology

– High-level Smart Grid policy setHigh-level Smart Grid policy set

– Smart Grid policy to a domain requirement mapping processSmart Grid policy to a domain requirement mapping process

– Application security profile development processApplication security profile development process

Security ProfilesSecurity Profiles

• Prescriptive, actionable guidance for how to build-in and Prescriptive, actionable guidance for how to build-in and

implement security for smart grid functionalityimplement security for smart grid functionality

• Tailored to a set of specific smart grid functions, such asTailored to a set of specific smart grid functions, such as

– Advanced Metering InfrastructureAdvanced Metering Infrastructure

– Automated Data ExchangeAutomated Data Exchange

– Network TopologyNetwork Topology

– Outage ManagementOutage Management

– Etc.Etc.

Questions?

darren@sakersystems.com

UtiliSec Collaboration Sitehttp://osgug.ucaiug.org/utilisec