UCAIug Summit October 22-26, 2012
New Orleans, Louisiana
New Orleans Downtown Marriott at the
Convention Center
CIM Overview: CIM is an international standard globally accepted for modeling the
information exchanges required in electric utility industry. The interoperability enabled by
the CIM standards is a key factor for achieving the Smart Grid vision.
OpenSG Overview: The OpenSG User Group (OSGug) was formed to create a forum for
the development of requirements for SmartGrid systems. The work focus has been defined
by the pragmatic needs of the Utility and Vendor communities. Through these forums
leading experts share their insights, create technical content, and resolve key technical
issues.
Testing Overview: The UCAIug Quality Assurance Program provides for Formalized
conformance testing of products supporting IEC 61850 standard will verify that supported
functions of the IED are implemented correctly as defined in the IEC 61850 standard. The
results of the tests are documented in a detailed test report. If an IED passes the mandatory
tests a conformance certificate will be issued. The Testing community is actively working
to add the CIM standards and Green Button to its Quality Assurance Program.
Green Button Overview: The Green Button is based a standard developed by the North
American Energy Standards Board (NAESB). NAESB OpenESPI 1.0 Standardizes the
Energy Services Provider Interface (ESPI). Green Button uses the OpenESPI 1.0 standard
to implement the common-sense idea that electricity customers should be able to securely
download their own easy-to-understand household energy usage information from their
utility or electricity supplier website.
IEC 61850 Overview IEC 61850 is an international standard developed by the International
Electro technical Commission (IEC) that provides a comprehensive framework for the
implementation of power system automation within substations and across the power
system. IEC 61850 is a mission critical part of achieving the Smart Grid vision.
Open Smart Grid
(OpenSG)
Security Working Group
Meeting
Message from Chair, Vice Chair, Secretary
OpenSG Security Working Group Members, welcome to the conference. For those
attending events throughout the week, please share any pertinent information you learn
with the group and thanks for your support and participation.
The goal of this conference for OpenSG Security Working Group is to have an open
discussion and determine next steps to include projects.
Ensure the message of Utility Centric is out and all utilities know the OpenSG is specifically
for the utilities
Solicit inputs from Utilities on what they need from OpenSG, specifically with regards to
Security
Solicit inputs on improvements, comments, suggestions for group items
Vote on Advanced Metering Infrastructure Profile Changes
Review EPRI Slides and where group can assist
Open Smart Grid Security Working Groups
Overview (Some Groups are in Hibernation
Until Called Upon)
Chair - JD Senger, Oncor
Vice Chair - Bobby Brown, Booz Allen Hamilton
Secretary - Scott Palmquist, Itron
SG Security WG – Task Forces




Usability Analysis Task Force

Evaluation and refinement of Security Profiles and other
materials considered for ratification by the SG Security WG
CyberSec-Interop Task Force (In Hibernation)

Spinoff from DOE National SCADA Test Bed Lemnos
Interoperable Security Project
AMI-SEC Task Force (In Hibernation)

Produce technical specifications used by utilities to assess
and procure AMI
Embedded Systems Security Task Force (Charter Under
Revision)

Security requirements for embedded components and
devices used in utility field systems
Standardized Security Objects for AMI
October 23, 2012
Will Arensman
warensman@swri.com
Tam Do
tdo@swri.com
Galen Rasche
grasche@epri.com
Agenda:
Standardized Security Objects for AMI
Background and Approach
Document Overview
Current Status
Next Steps
Working Group Activity
© 2012 Electric Power Research Institute, Inc. All rights reserved.
8
Background: Project Information
Part of EPRI Program P183:
– Cyber Security and Privacy
Build on Cyber Security Initiative AMI task
– Recent EPRI Report
– AMI Common Alarms and Events
Increase the interoperability of AMI security
objects
Better alert and alarms for improved situational awareness
© 2012 Electric Power Research Institute, Inc. All rights reserved.
9
Background: Project Information
Deliverables:
• Technical Update: December 14, 2012
– Security Object Specifications for AMI Systems
Value:
– Allow more event management vendors to more
effectively support AMI monitoring
– Easier integration of multiple AMI vendors into
event management systems (SIEMs)
Building foundation for integrated smart grid monitoring
© 2012 Electric Power Research Institute, Inc. All rights reserved.
10
Approach
Engaging the Community:
• Common AMI Alarms and Events Document Draft
– Released to OpenSG Security WG for review
– Performed mapping to ANSI C12.19 events
• David Haynes (Aclara)
• Proposing new event codes to committee at
October meeting
• Working with vendors and asset owners on
development of standards
© 2012 Electric Power Research Institute, Inc. All rights reserved.
11
Approach
1 – Solicit Community Participation
·
Circulate Project Description
·
Contact Utilities
·
Contact AMI Vendors
Open process
– Develop consensus for
security objects with
industry stakeholders
– Begin engagement with
third-party SIEM vendors
2 – Prepare Draft Document
·
Consensus on Technologies
·
Begin Documenting Metadata
3 – Revise Document
·
Input from Stakeholders
·
Draft Tables and Diagrams
4 – Distribute to Community
·
Consider Feedback
·
Revise Document
5 – Initial Release
© 2012 Electric Power Research Institute, Inc. All rights reserved.
12
Approach: Common Alerts and Events
Categories of Alerts and Events:
• Authentication
– C12.XX
– Home Area Network
• Anomaly Detection
– Metrology
– Firmware
• Integrity
– Event Log and Storage
Management
• Cryptographic Services
– Key, Certificate Management
• Notifications, Signaling
– Communication Interfaces
– System Security
– Physical, Device Security
• Billing Data
– Accounting
– Meter Disconnect Switch
© 2012 Electric Power Research Institute, Inc. All rights reserved.
13
Document Overview
System Interfaces
High Level Functionality
Communication
Detailed Functionality
© 2012 Electric Power Research Institute, Inc. All rights reserved.
14
System Interfaces
Interfaces Examined:
• Meter to AMI Headend
• AMI Headend to SIEM
– C12.XX
– Candidate Technologies
– Syslog, XML, Multispeak
C12.19, C12.22
Interface 2
AMI Headend
Meter
© 2012 Electric Power Research Institute, Inc. All rights reserved.
15
Security Information and Event
Management
High Level Functionality
• Describe basic concept of operation for each
interface
• ANSI C12.19-2008/IEEE Std 1377-2012
– Emit alerts through exception processing and
event logs.
• AMI Headend to SIEM
– Identify interface technology and describe high
level usage
© 2012 Electric Power Research Institute, Inc. All rights reserved.
16
Communication
Identify communication sequences:
• AMI interfaces are specialized and constrained
– Bandwidth, latency
– Efficiency is critical
– Communicate security alarms and events
effectively
• Some events may need to be counted and
communicated periodically
• Define this system interaction
© 2012 Electric Power Research Institute, Inc. All rights reserved.
17
Detailed Functionality
• Change of password
– C12.19 message
– "write service event to the password table"
– PSEM Write Code, password table
• Provide tables with mapping, proposed metadata
• Where this mapping is not possible, additions to the
C12.19 and C12.22 standards are suggested
© 2012 Electric Power Research Institute, Inc. All rights reserved.
18
Current Status and Focus
• On schedule
– Deadline mid-November
• Solicit feedback
– General comments
– Metadata contributions
– Communication sequence contributions
– Interface technologies and standards
• Champions in other working groups
© 2012 Electric Power Research Institute, Inc. All rights reserved.
19
Next Steps
• Integrate feedback
• Finish and Release AMI Security Objects Document
– Continue mapping to existing standards
– Propose updates to standards when applicable
• Work with vendors and asset owners on
development of standards
© 2012 Electric Power Research Institute, Inc. All rights reserved.
20
Working Group Activity
© 2012 Electric Power Research Institute, Inc. All rights reserved.
21
Together…Shaping the Future of Electricity
© 2012 Electric Power Research Institute, Inc. All rights reserved.
22
Continued Coordination with External Groups






NIST Cyber Security Working Group
Electric Power Research Institute (EPRI) project
P183.009, Standardized Security Objects for AMI.
P183.009
Industrial Control Systems Joint Working Group
(ICSJWG) Vendor Subgroup
Green Button
Any Updates on DOE funding for 2013?
Next Steps
GREEN BUTTON
(OpenSG Members Please Advise if Attending)
“Green Button” is the common-sense idea that electricity customers should be able to
securely download their own easy-to-understand household energy usage information from
their utility or electricity supplier website. Numerous companies are already developing
web and smart phone applications and services for businesses and consumers that can
use Green Button data to help consumers choose the most economical rate plan for their
use patterns; deliver customized energy-efficiency tips; provide easy-to-use tools to size
and finance rooftop solar panels; and conduct virtual energy audits that can cut costs for
building owners and speed the initiation of retrofits. Developing innovative applications and
services to help consumers understand and manage their energy use and understand the
environmental impacts of that usage is a field ripe for innovation.
The attached document is a call for participation to any Accreditation Body, Certification
Body, and Conformity and Interoperability Test Laboratories interested in participating in
the UCAIug “Green Button” Testing Program. If your organization is interested in
participating in this program, we encourage you to respond to the call for participation by
end of business Friday, November 2nd , 2012.
We will be having a Face to Face meeting at the UCAIug 20112 Summit in New
Orleans. The Summit runs from October 22-26. Wednesday, October 24th we will have
the initial meeting to kick-off the UCAIug Green Button Testing Program. More information
on the Summit is available at http://www.ucaiug.org/Meetings/NO2012/default.aspx .The
OpenADE will be meeting all day on Thursday, October 25, 2012 working sessions to
make progress on the Green Button testing requirements that will drive the test cases.
Advanced Metering Infrastructure
Security Profile Update for Vote
Updated tables 2, line 4 in the AMI-Sec Security Profile. Approval of the
modification vote to eligible voting members. Upon approval will rev
the doc to Version 2.1 and remove track changes.
Changes submitted - Page 13 in the table row labeled Line #4: to MDMS,
the Summary of Communication lists "customer HAN equipment
commands." This is in conflict with the requirements section of the
document, and should be changed to something along the lines of
"customer HAN equipment responses.“ We don't want HAN devices
sending commands to any part of the AMI system.
Call to Vote for following eligible members: JD Senger, Tam Do, Rich
Tolway, Scott Palmquist, John Lilley, Galen Rasche, Neil Greenfield, Glen
Chason, Mark Ellison, Irene Gassko, David Chambers, Naeem Ahsan,
Darren Highfill, David Mitton (If you already sent me your vote I have on
record)
Ongoing Objectives





Support relationships with other OpenSG working
groups and task forces
Discuss future objectives of group
Continued coordination with NIST, DOE and others
Ensure utility centric and utilities inputs are
incorporated
Discuss any interim work done by TFs
Ongoing Efforts
The ASAP-SG Team finished the first complete public draft of the
Security Profile for Substation Automation.
http://osgug.ucaiug.org/utilisec/Shared%20Documents/Substation%
20Automation%20Security%20Profile/SA%20Security%20Profile%
20-%20v0_15%20-%2020120930.docx
John Lilley (Sempra) will resurrect the Usability Analysis Task Force
to review the draft document and comments. Once completed the
SG Security Working Group will vote on this document.
Embedded Systems Task Force activated and no longer in
hibernation. Charter being revised and deliverables to group in
November. Update from Rohit
Ongoing Efforts
Energy Sector Cybersecurity Capability Maturity Model
(ES-C2M2) Discussion
Risk Management (i.e., how systems are assessed and
scored). Utilities appear struggle with this and/or don’t
have methods that are repeatable. NIST has some
guidelines, but none are specific enough to base a real
calculation. Having a risk program will also be key in
NERC CIP compliance.
Substation Automation Profile Update
For those of you interested in reviewing and commenting on
the Substation Automation Security Profile, it is posted on the
SharePoint site at:
http://osgug.ucaiug.org/utilisec/Shared%20Documents/Forms/
AllItems.aspx?RootFolder=%2futilisec%2fShared%20Docume
nts%2fSubstation%20Automation%20Security%20Profile&Fol
derCTID=&View=%7b059E5611%2d3141%2d4B3E%2dAAA4%2
dFE7645EE07EE%7d
Darren Highfill (darren@utilisec.com)) has volunteered to be
the comments wrangler and editor.
Closing Security Group Discussion
Members open discussion on all topics for the Security
Working Group such as items of interest by members.
Utility Members are the reason the group is here, any
Utility members that would like to discuss hot topics
the group should be focused on please advise.
Closing Comments