Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

SG Security F2F Knoxville -Opening and UATF-feb2012

advertisement 
UCAIug Summit
SG Security Session
28 February 2012
Knoxville, TN
Opening Session
Agenda
Status Updates
Embedded Systems Security TF
UCAIug IPR Policy
• UCAIug Public or Private Documents may or may not contain the
information included in the IPR Disclosure Form.
• Any Sharing of any Contribution during any UCAIug Activity shall be
deemed to have occurred on a non-confidential basis.
• No valid copyright, trade secret or patent right shall be deemed to have
been waived by such Sharing
• Any Contributor who knows that IPR is or may be included in his
Contribution to UCAIug Document must disclose such IPR
• UCAIug was not formed for and is unable to verify the validity of any IPR
and that all such information is being provided “AS IS”.
SG Security Overview
•
Chair
– Darren Highfill, SCE
•
Vice Chair
– Bobby Brown, EnerNex
•
Secretary
– Scott Palmquist, Itron
update
SG Security WG – Task Forces
•
Usability Analysis Task Force
–
–
•
CyberSec-Interop Task Force (in hibernation)
–
–
–
•
Spinoff from DOE National SCADA Test Bed Lemnos Interoperable Security Project
Development of interoperable security configuration profiles
Chair: Dave Teumim (Teumim Technical), Vice-Chair: John Stewart (TVA)
AMI-SEC Task Force (in hibernation)
–
–
–
•
Evaluation and refinement of Security Profiles and other materials considered for ratification by the
SG Security WG
Chair: John Lilley (SDG&E), Vice-Chair: Daniel Thanos (GE)
Produce technical specifications used by utilities to assess and procure AMI
Will review AMI Security Profile v3 after draft release by NIST CSWG
Chair: Darren Highfill (SCE), Vice-Chair: Bobby Brown (EnerNex)
Embedded Systems Security Task Force
–
–
Security requirements for embedded components and devices used in utility field systems
Chair: Rohit Khera (PG&E), Vice-Chair: Daniel Thanos (GE)
Progress since Austin
•
Continued coordination with external groups
– IEC TC57 (Power Systems) WG15 (Communications Security)
– NIST Cyber Security Working Group
– Industrial Control Systems Joint Working Group (ICSJWG) Vendor Subgroup
•
Usability Analysis Task Force
– Revision and approval of Distribution Management Security Profile
•
CyberSec Interop Task Force
– (Work currently taking place under EPRI program)
•
Embedded Systems Security Task Force
– Working on Secure Device Profile for Embedded Systems
•
Discussions about Vulnerability Handling
– Digital Bond’s Project Basecamp: disclosure of PLC exploits
Objectives for Spring 2012 F2F Meeting
• Support relationships with other OpenSG working groups and task forces
– OpenADR
• Review interim work done by TFs
– Security Profiles: Wide Area Monitoring, Protection, & Control (Synchrophasors)
– Device Profiles for Embedded Security
– Review ASAP-SG progress on Substation Automation Security Profile
• Open topics: where does this take us?
– Control system vulnerability handling
– CERT Resilience Management Model
Slide 6
Darren Highfill, SCE
SG Sec – Session 1
• Additions/modifications to the agenda?
• Update from the ICSJWG
• Embedded Systems Security Task Force
Agenda
Day
Timeslot
Subject
Group
Monday
1500-1700
SG Security Boot Camp
SG Sec WG
Tuesday
0800-1000
Opening Plenary
UCAIug
1030-1200
Agenda & Status Updates
Embedded Systems Security TF
SG Sec WG
1300-1500
ASAP-SG Research: State Machine Analysis
SG Sec WG
0800-1000
Usability Analysis TF
SG Sec WG
1030-1200
SG Security / OpenADR*
Joint Session
1300-1500
Control System Vulnerabilities
SG Sec WG
0800-1000
CERT-RMM
SG Sec WG
1030-1200
External Activities Update
Closeout / Actions Forward
SG Sec WG
Wednesday
Thursday
Ralph Mackiewicz, SISCO
ICSJWG UPDATE
Rohit Khera, S&C Electric
EMBEDDED SYSTEMS SECURITY TF
UCAIug Summit
SG Security Session
29 February 2012
Knoxville, TN
Working Sessions
Usability Analysis TF
Joint Session with OpenADR
Control System Vulnerabilities
John Lilley, San Diego Gas & Electric
USABILITY ANALYSIS TASK FORCE
UA TF Meeting Schedule
• Meetings
– Every two weeks
– Monday, 10 am Pacific
– Next meeting
• Monday, 3/5/2012, 10 am Pacific
• Active participants from utility, manufacturing,
and service companies
Completed Activities
• Completed definition of analysis criteria
• Security profiles completed and approved
– AMI Security Profile (v1 and v2)
– Third Party Data Access Security Profile
– Distribution Management Security Profile
• Security profiles completed and pending approval
– WAMPAC Security Profile
Current & Future Activities
• Distribution Management Security Profile
– During voting process received comments
• WAMPAC Security Profile analysis
– Support working group approval process
• Substation Automation
– Collect and resolve comments
– Provide revised document, resolved comments, and a usability
analysis report to working group
Distribution Management Security Profile
• Feedback on comments received during voting
– Requirements vs. Guidelines
– Power system resiliency vs. Security Controls
– Risk evaluation should include impact of not
mitigating an identified risk
• Discussion of follow up action items (if any)
WAMPAC Security Profile
• Comment resolution activity review
• Summary of profile and comments
• Current approval status
– Comments resolved, document updated, usability
analysis report completed
– Next step: Open SG WG pre-vote review period
WAMPAC Security Profile
• Timeline / Status
– May 2011: ASAP-SG Draft provided to SG Sec WG
– Aug. 2010: Usability Analysis TF review
• Scope
– Phasor measurements used in electric system operational decisions
(off-line, real-time manual, and automated processes)
• Technical Features
– Refined failure analysis
• Failures broken into common and system-specific
– Refined network segmentation recommendations
– Control generation
• DHS as inspiration
• Re-write at system-specific level
– "What does it mean to implement this control for WAMPAC?"
– Selection based on mitigation of failures
Document Essentials
Scope
• Functionality Covered
• Applications, Interfaces, & Sub-Components
• Explicit Examples
Logical Architecture
•
•
•
•
Communications Architecture
Roles
Use Cases
Mapping to Concrete Applications
Security Considerations
• Contextual & Operational Assumptions
• Security Principles
• Failure Analysis
Security Controls
• Network Segmentation
• Control Definitions
• Mapping of Controls to Roles & Segments
Scope
Roles and Functionality
Application of Logical Architecture:
Post-Event Analysis
WAMPAC Logical Architecture
Use Cases
PMU
Use Case 2 – Alignment Processes PMU Data
Start
1A: PMU sends
data to Alignment
Data Store
Alignment
2: Alignment
monitors clock
Phasor Gateway
Communications
Architecture
3: Alignment
validates incoming
data packet
4: Archive
incoming data?
Yes
Yes
5: Alignment sends
data frames to
Data Store
7: Alignment
discards data
Use Case 5
Start
1B: Phasor
Gateway forwards
PMU data to
Alignment
6: Data old
(max lag time
exceeded)?
No
8: Alignment
buffers data until
all data received
or max lag time
reached
End
Use Case 3
Recommended Network Segmentation
Role Assignment to Segments
Mapping Controls to Roles
Control Definition
Security Profile Development Process
Mapping Use Cases
• Link structure varies
depending upon level
of granularity in text
vs. implementation
• Traceability provided
regardless
• Analysis for coverage
should be performed
after catalog of
profiles is more
complete
{
Mapping Roles to Actors
Security Principles  NISTIR Use Case Objectives
NISTIR Controls as Inspiration & to Ensure Coverage
• Start with relevant NISTIR
control to address identified
failure scenario
• Re-write control specifically
for implementation
• Ensure control is testable
• Use NISTIR to ensure
coverage
Comparison & Validation
Interface Categories
Controls
Actors
Map
Validate
Controls
Roles
Failure Analysis
SG Security WG activities
• After document returns from task force:
– One week review period
– One week voting period
• If approved, document is presented by WG
chair to Technical Committee for endorsement
Substation Automation Security Profile
• Profile is under development by ASAP-SG
• Status update was provided yesterday
• Open Discussion topic
– Lessons learned to aid in upcoming profile review
Substation Automation - Inform
Substation Automation - Operate
Substation Automation - Config
SA Operational Assumptions
1.
2.
3.
4.
5.
6.
The primary mission of the substation automation system is to protect
personnel safety.
The secondary mission of the SA system is to protect the integrity of
power system assets.
The tertiary mission of the SA system is to maintain and/or restore electric
power service to as many customers as possible.
Local substation functions should be able to continue operations in the
absence of external communications.
Automated system protection decisions should not be executed based
solely on data from non-utility assets.
Protection should not be disabled on energized equipment.
a)
b)
7.
Maintenance?
No ability to remotely disable protection - requires someone on-site.
For a given Actuator, there is at most one Control Application that can
send control actions to that Actuator. (NOTE: Protection Applications do
not follow this constraint.)
SA Security Principles
1.
Security controls should not interfere with the missions of the
SA system.
a)
b)
c)
d)
e)
SA protection functions are particularly sensitive to reduced
availability and added latency.
SA monitoring and control functions are particularly sensitive to
reduced availability.
Security controls must not inhibit manual emergency override
capabilities.
Security controls should provide clear visibility/indication of the
sequence of security events, automated control actions taken, and
expedient operator actions for restoration/recovery of substation
automation systems.
Security controls should provide for the maximum amount of
operational flexibility (e.g., updates of ACL's should not require a
full re-evaluation of the entire system).
SA Security Principles (continued)
2.
Security controls should protect the system from unauthorized
actions that could endanger personnel or equipment.
a)
Users should not be allowed to perform any action that falls outside of
their assigned role.
I.
II.
b)
No unauthorized or unauthenticated remote access should be granted by
a SA system device or component.
I.
II.
c)
Remote access should be restricted to designated systems and locations.
All remote access should utilize designated points for ingress/egress.
No unauthorized or unauthenticated control commands should be
processed by a SA system device or component.
I.
II.
d)
Generally, local operation takes precedence over remote operation.
Configuration and operation of the system should be performed by separate roles.
Only control commands from designated systems and locations should be executed.
Control commands should use designated points for ingress/egress.
No unauthorized or unauthenticated changes to system behavior or
operation should be permitted.
SA Security Principles (continued)
3. Security controls should provide evidence of SA system
behavior and operation.
a) [Considerations: Regulatory requirements]
4. Any SA system device or component should be able to
validate the authenticity and integrity of all data
acquired from another SA device or component.
a) [Considerations: Peer-to-Peer comms]
5. Asset owners should not solely rely on security
measures outside their direct observation and control.
a) Responsibility for system behavior, operations, and associated
monitoring may be outsourced; however accountability remains
with the system owner/operator.
6. Operations should be degraded in a defined order of
precedence (i.e., protection is more important than
control, is more important than monitoring…).
General Discussion
• How have the security profiles been used?
• What experiences can be shared with this group?
• Suggested changes to the analysis criteria,
analysis process, or other document review
activities?
Summary
• Distribution Management Security Profile
– Comments from voters
• WAMPAC Security Profile
– Review and voting by WG
• Substation Automation Security Profile
– Under development by ASAP-SG
How to participate
• Meetings: Every other Monday
• Next Meeting: Mon, 3/5/2011, 10am Pacific
• Distribution List:
– UTILISEC-USABILITY@SmartGridListServ.ORG
• Contact Information
–
–
–
–
John Lilley, Chair, jlilley@sempra.com
Daniel Thanos, Vice Chair, Daniel.Thanos@ge.com
Scott Palmquist, Secretary, Scott.Palmquist@itron.com
Darren Highfill, SG Security Chair, darren@utilisec.com
Bruce Bartell, Xtensible Solutions
SG SEC – OPENADR JOINT SESSION
Reid Wightman, Digital Bond
CONTROL SYSTEM VULNERABILITIES
Darren Highfill, UtiliSec
CERT RESILIENCE MANAGEMENT
MODEL
SG Security Working Group
CLOSEOUT & ACTIONS FORWARD
Questions?
darren@utilisec.com
SG Security WG Collaboration Site
http://osgug.ucaiug.org/utilisec
Related documents
Substation Grounding Systems Analysis and Optimization
Substation Grounding Systems Analysis and Optimization
Reconstruction of substation of 35/6 kV "Crimea" Author: Voronov
Reconstruction of substation of 35/6 kV "Crimea" Author: Voronov
Lindfield Substation Environmental Overview
Lindfield Substation Environmental Overview
application checklist
application checklist
Mr. Suwarn Kumar Singh, Technological Evolution
Mr. Suwarn Kumar Singh, Technological Evolution
Harvey Mackay Column - The Compound Effect
Harvey Mackay Column - The Compound Effect
Thanos intro
Thanos intro
Download
advertisement