cyber security working group november 2010

CYBER SECURITY WORKING GROUPNOVEMBER 2010Marianne [email protected] December 1, 2010

• Industry Update: FERC Standards Review (Annabelle Lee)• CSWG PAP liaisons and their involvement in the PAPs will be discussed• CSWG Standards subgroup lead will provide a review of what the

standards subgroup has accomplished and the standard template the CSWG uses for the standard review process

• CSWG 3-year Plan (Marianne Swanson)

AGENDA

2November 30-December 3, 2010

FERC STANDARDS UPDATEAnnabelle [email protected]


STANDARDS SUBGROUP & PAP LIAISONSFrances Cleaveland


CSWG Standards Subgroup

• Mission • Identify and assess the cyber security contained within standards

that are commonly used in smart grid applications to ensure adequate cyber security coverage is included

• Where adequate coverage is not included, to recommend changes that should be made to the standard or other standards that should be applied

• Have assessed 5 IEC standards and submitted them to FERC• Have just finished assessing 9 standards from the NIST Priority

Action Plans (PAPs)


• General introduction• Standards are at different layers in GWAC Stack• Cybersecurity must reflect the environment where a standard is

implemented, not the standard itself• Standards include recommended practices and guidelines

(could, should, may) , as well as “thou shalt” standards• Cybersecurity includes defense-in-depth – not only prevention,

but attack detection, notification, coping during an attack, and retaining a audit trail

• Cybersecurity aspects of the standard:• Assumptions• Cybersecurity content• Should the document contain cybersecurity?• Mapping of security requirements to the NISTIR 7628 Catalog• Approval/Disapproval• Recommendations for next actions on cybersecurity

Standards Review TemplateStandards Review Template


Important Note: Assess Standards at their Appropriate GWAC Stack Layer


• Liaison twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSWGLiaisonInformation

• Responsibilities• Does the PAP, in general, cover cyber security? • Is there a need for information assurance, protection,

confidentiality, integrity, and / or availability within the PAP work? • Is there a need for a network stack within the PAP? If yes, then

cybersecurity needs to be added and/or reviewed. • Is there a need for function definitions within the PAP? If yes, then

cybersecurity needs to be added and/or reviewed. • Is there a need for service definitions within the PAP? If yes, then

cybersecurity needs to be added and/or reviewed• Are there existing cyber security requirements within the PAP? If

yes, then cybersecurity needs to be reviewed and evaluated

CSWG PAP Liaison ResponsibilitiesCSWG PAP Liaison Responsibilities


• Responsibilities continued• Has the NISTIR 7628 been reviewed for applicable sections to the

PAP? If no, then should it be reviewed? If yes, was the NISTIR 7628 adequately covered?

• Have there been any PAP timelines, due dates and deliverables established? If yes, then the CSWG and the Standards subgroup need to be notified and coordination with the Standards subgroup needs to be established

• If the PAP needs to cover cybersecurity or partially covers cybersecurity and needs more, then the CSWG PAP liaison should: • Start actively participating in the PAP meetings and document

reviews• Report back to the CSWG and the CSWG Standards subgroup• Participate in the cyber security review of the documents for the PAP• Provide a brief status report on each Monday morning CSWG call

CSWG PAP Liaison Responsibilities (con’t)CSWG PAP Liaison Responsibilities (con’t)


Five IEC Interoperability Standards Reviewed by NIST for Cyber Security Gaps, then Passed to FERC

• IEC 60870-6 (better known as ICCP)• Security provided by IEC 62351-3 (TLS over TCP/IP) and -4 (for MMS)

• IEC 61970 (Common Information Model (CIM) for transmission wires modeling)• Abstract “Semantic Model” so no security needed in the standard

• IEC 61968 (CIM for distribution, AMI interfaces, asset management)• Abstract “Semantic Model” so no security needed in the standard• Recognition that security for CIM implementations is still lacking

• IEC 61850 (for substation automation, distribution automation, and Distributed Energy Resources (DER)• Security provided by IEC 62351-3 (TLS over TCP/IP), -4 (for MMS),

and -6 (for GOOSE)• IEC 62351 Cyber Security Series (1-8)


Nine “Standards” Released by NIST Priority Action Plans (PAPs)

• PAP 0: Meter Upgradeability Guidelines – addressed cyber security appropriately and mostly completely

• PAP 1: Internet Protocol Suite – IPsec and TLS. Recommended improved network and system management by “combining” SNMP and NetConf

• PAP 2: Wireless – identified cyber security measures at individual equipment level, but not at wireless system level

• PAP 4: Scheduling – ws-calendar is an abstract model, so no need to address cyber security in the standard

• PAP 5: Metering – identified some security issues with ANSI C12.xx


Nine “Standards” Released by NIST Priority Action Plans (PAPs) (cont’d)

• PAP 10: Energy Usage – the NAESB Energy Usage models are abstract, so no need to address cyber security in the standard

• PAP 11: Plug-In Electric Vehicles – 3 standards• Two SAE standards were acceptable from a cyber security

perspective with some recommendations (electrical charger connections and PEV Use Cases)

• Third SAE standard had cyber security and design problems (partially since SEP 2.0 does not exist yet). Corrections will be made.


Next Standards Assessment Efforts

• Next standards to be assessed will be the “AMI” Standards, including the ANSI C12.xx series

• In the works ---• PAP 3: Common Price Communication Model• PAP 7: Energy Storage and Distributed Energy

Resources (ES-DER) – defined in IEC 61850-7-420 and being mapped to both SEP 2.0 and DNP3

• PAP 8: Distribution Management – Use Cases being defined in IEC 61850 (interactions with field devices) and in CIM (application-to-application interactions)

• PAP 9: Standard Demand Response Signals• PAP 12: Mapping between IEC 61850 and DNP3


• Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSCTGStandards

• Meetings: Fridays 13:00 Eastern• Dial-in Information: 866-802-3515 X2817109#• Mailing list: [email protected] • To join the mailing list contact [email protected] • Chair contact information

• Frances Cleveland ([email protected])

Contact Information for Standards SubgroupContact Information for Standards Subgroup


CSWG 3-YEAR PLANMarianne [email protected]


Goal 1: Review identified standards against the requirements in the NIST Interagency Report (IR) 7628, Guidelines to Smart Grid Cyber Security

• National Electrical Manufacturers Association (NEMA) Upgradeability Standard (Q1 FY11)

• Smart Meter/ Advanced Metering Infrastructure (AMI) – related standards (Q2 FY 11)

• Institute of Electrical and Electronics Engineers (IEEE) 1547 and other standards related to renewable energy sources (Q3 FY 11)

• Electric vehicle-related standards (Q4 FY11)• Demand Response (DR) and Home Area Network (HAN)-related

standards (Q2 FY12)• Cyber Security-related standards (Q1 FY12)• New standards developed (Q1 FY11 – Q4 FY13)

CSWG 3-YEAR PLAN


Goal 2 – Design and build a conformity testing framework • Establish a Testing & Certification subgroup in the Cyber Security

Working Group (CSWG) (Q1 FY 11)• Build a conformance test method for security to test AMI

Upgradeability Standards (Q3 FY 12)• Design a virtual test environment for use and posting of test tools,

stubs, and drivers (Q4 FY12)• Work with industry on the usability of the virtual test environment

and improve the capability based on industry needs (Q4 FY13)• Develop derived test requirements (DTR) and test reference

material for security conformance activities of Federal Energy Regulatory Commission (FERC)-accepted standards (Q1FY12 – Q4 FY13)

CSWG 3-YEAR PLAN


Goal 2 – Design and build a conformity testing framework • Scope and charter for the Testing & Certification subgroup (Q1

FY11)• Documented test conformance methodology (Q3 FY 12)• DTR (Q4 FY 12)• Successful test demonstration (Q1 FY 13)• Test report showing results (Q1 FY 13)• DTR and test reference reports for security conformance (Q4 FY13)

CSWG 3-YEAR PLAN


Goal 3 – Conduct outreach, coordination, and collaboration• Continued coordination and chairing of the CSWG (Ongoing)• Conduct outreach and education meetings to stakeholders across

the United States (Ongoing)• Develop an introduction to the NISTIR 7628 (Q1 FY11)• Coordinate and collaborate with the Smart Grid Interoperability

Panel (SGIP) Priority Action Plans (PAPs) (Ongoing)• Coordinate and collaborate with OpenSG (Ongoing)• Begin initial discussion, collaboration with NERC, and ICS related

organizations/activities (Q2 FY11)• Provide guidance on implementing cyber security (Q2 FY 12 – Q2

FY13)

CSWG 3-YEAR PLAN


Goal 4 – Further development and refinement of specific Smart Grid areas• Further identification of research and development (R&D) areas

(Ongoing)• Explore SCAP implementation for Smart Grid applications; develop

SCAP Smart Grid protocols (Q3 FY11 – Q4 FY 13)• Develop complementary smart grid security architecture to the

SGIP-AC conceptual architecture (Q4 FY 11)• Expanding research and discussion potential privacy issues in

commercialized and industrial settings, and with electric vehicles (Q2 FY12)

• Accelerate the standardization of a set of AMI security requirements (Q4 FY11)

CSWG 3-YEAR PLAN


Goal 4 – Further development and refinement of specific Smart Grid areas• Pilot Smart Grid and industrial control systems (ICS) security

requirements (Q4 FY13)• Research data management and the possible relationship to cloud

computing (Q4 FY13)• Research the unique supply chain issues around electric sector-

specific products (Q4 FY12)

CSWG 3-YEAR PLAN (CONT’D.)


TESTING & CERTIFICATION

• Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSCTGTesting

• Meetings: Tuesdays at 11:00 Eastern• Dial-in Information: 866-793-6322 X3836162# • Mailing list: [email protected]• To join the mailing list contact [email protected] • Co-Chair contact information

– Nelson Hastings: [email protected] – Sandy Bacik: [email protected] – Robert Former: [email protected]


TESTING & CERTIFICATION• Completed

• SGIP Testing & Certification Committee Contributions• Interoperability Process Reference Manual contributions of a basic

security test definition and security testing best practices• WIP

• Compile list of security testing frameworks that provide repeatable testing structures

• Compile list of security testing questions for utilities to use in request for proposals (RFPs)

• Compile list of security test case topics• Compile list of general security test requirements based on the

NISTIR 7628 volume 1• Compile list of general security test requirements based on the

CSWG AMI-SEC subgroup requirements


• Thank you to everyone for your contributions and support

• Teleconference Day & Time: Mondays, 11am Eastern Time (-5:00 GMT)

• Call-in number: 866-745-6097 Participant passcode: 7413006

• Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG

WRAP-UP


cyber security working group november 2010

Documents

iec standards

pap timelines

pap work

ferc standards updateannabelle

standard template

annabelle leecswg pap

standard review processcswg

standard itselfstandards