sfa community of practice a natural way of building
DESCRIPTION
A community of practice is natural way of building something through intuitive learning exercises ( lean development methodology) that people lack the knowledge to accomplish on their own. These barriers to enabling new markets have always existed from ancient times to present day. The "community of practice" bridges technology processes and people to naturally solve what people need to know and learn quickly.TRANSCRIPT
A Community of PracticeA natural way of building
Tuesday August 27, 2014
Vision
8/27/2014
“Community of Practice “ 2
To create a mass movement that will transform howsecurity is designed in and how the management ofintelligent devices operate within a common operatingenvironment.
Mission
To build a community of practicing professionals who arecommitted to achieving end to end security within theecosystem of all critical infrastructure by shaping thesecurity fabric reference architecture as an interoperablesystem of systems.
Our strategy is to provide certified interoperability to the key devices controlling the grid.
8/27/2014”
“Community of Practice” 3
Our solution would be embedded at each critical point in the energy infrastructure.
All points must connect to each other in an end-to-end system.
Management Agents
Introduction to the Security Fabric Alliance
The Security Fabric Alliance is a working association dedicated to practical deployment of the power grid and critical infrastructure complex system solution in the United States:
Utilities and telecommunications providers
Systems integrators
Manufacturers
Technology partners
National certification and interoperability entity
The alliance is intended to give the CEO of a utility the purview of up-to-the moment knowledge of the options available to make wise investment decisions regarding infrastructure deployment for optimal returns.
The variation includes the proper orientation for large, medium, and small utilities.
“Community of Practice”
Semantics
• Security Fabric Products
• Security Fabric Architecture
• Security Fabric Alliance
8/27/2014
“Community of Practice” 5
The embedded security system solution is composed of an interlocking arrangement of framework options
The framework of embedded system components that provide the basis for end-to-end security and remote device management
The Security Fabric Alliance is an informal collection of companies, organizations, and individuals that have through discussions designed conceptual reference architecture called the “Security Fabric”.
To establish the secure communications from the Controller to the Device Node using the Security Fabric elements, you need to do all seven… not just some.
4. Audit
– Records noteworthy events for later analysis
5. Confidentiality
– Encrypts sensitive data for matters of privacy.
6. Integrity
– Ensures that messages have not been altered.
7. Availability
– Prevents denial of service attacks
1. Identity Management
– Ensures the device identity is established genuinely
2. Mutual Authentication
– Allows both the Device Node and the Controller to verify the trustworthiness their identity to each other.
3. Authorization
– Manages permission to proceed with specific operations.
These are the seven tenets of security as described in the NIST-IR 7628 Guidelines\IST-IR
7628 Guidelines.
The OMG process is more about establishing marketsas opposed to just setting standards.
SFA ReferenceBuilds
Certification ofConformance &Interoperability
The OMG is planning to standardizethe Security Fabric
for all critical infrastructure.
There are many participants at different levelsin the Security Fabric Alliance.
ComponentsProductsSubsystems
ResearchIntegrationUtility
Customers
• Intel – servers with Quark + TPM • Wind River – Security Connect• Middleware
• RTI – DDS• GridStat • Indra - iSpeed• MultiSpeak
• TeamF1 – Secure Communications• Secure Crossing – Protocol Whitelisting• PsiNaptic – Secure Service Distribution• SNMP Research – SNMP Agent• Freescale – HSM w/Vybrid SoC• Xilinx – CompactRIO SOC• Green Hills Software - INTEGRITY• Altera - tamper proofing• Microsoft – Active Directory• Red Hat – Auth Hub
• General Electric – EMS• Alstom Grid – EMS • Viridity Energy – DR + DER
+ Microgrid • Energy One• Lemko – LTE systems• Intel Security – SIEM + GTI
• Intel – Encanto+ silicon support
• Sypris – Supply Chain Root of Trust
• TCIPG• EPRI – CIM Standards• MIT – Security &
Privacy Standards
• EPG – Phasor Data Portfolio• GridSense– NAN & Line Sensors• S&C IntelliTeam• SafeNet – Secure Key Management• Heart - Transverter• Freescale One Box• Cisco Cloud-in-a-Box
• Integrated Architectures – SEIT• MACE Fusion - DoD• Kryptos Logic – Red Team Certification• M2M Dynamics• Drummond Group – C&IT• Intel Security - Distribution
...First Stage……• ERCOT• ONCOR• AEP• NRECA• NRTC
Suppliers
• Verizon• Level3• AT&T• Internet2• BT
• ViaSat• Comcast• ARINC• Stratus• Symmetricom
…Second Stage……• APPA• SDG&E• PJM• NYISO• Southern Company• Duke Energy• CAISO
• Pecan Street• Mueller Community• Pike Powers
• PNNL – CyberSecurityTest Center
• Lincoln Labs• OMG SIG• Industrial Intrnet
Managed Services
• Tazca – Connect• CSG International• Digi International• N-Dimension
• SETI• Lockheed Martin• SAIC• Threat Connect
What is being asked for is a secure system of systems that blankets the complexity and delivers it autonomically.
Security Fabric
Interoperable
Embedded
Distributed
This is the embedded side of the operation in addition to the companion enterprise side.
Separation of the Industrial Internetfrom the Generic Internet
The Core Network
Generic Internet
Carrier EthernetWith Routing
DWDM Isolation
Cooperative Control CentersCore CityNode
Enterprise Systems
Industrial Devices
Substation Nodes
Router+
SubstationController
Ro
ute
r+
Carrier Ethernet Isolation
NAN Nodes
HAN Nodes
Wireless LTE700 MHz?
Wireless LTE2.5 GHz?PicoCell
Gateway
Sensor
Transverter
We will eventually use a combination of DWDM separation
plus Carrier Ethernet separation.
Understanding
Information
Decision
Data in – Action out
But sometimes semi-autonomic policy decisionsare made and executed in the field.
(at the small, the medium, and the large)
The policy logic is actually spread to each major active element.
MultiSpeakInitiative
The new Content Aware Firewall ( Secure Crossing) needs to be aware of what is flowing through the pipe(s).
Transport Plugins
Co
nte
nt
Aw
are
Fir
ew
all
–L
aye
rs 4
-6
IP C
om
mu
nic
ati
on
s S
tac
k –
La
ye
rs 2
-3IPsecVPN
EthernetController
UDPv4
UDPv6
Data Routing Services deals with:• Connections +
• Sessions
All packet prioritization andflow control are performed byData Routing Services.
The Content Aware Firewall deals with multiple layers and is state sensitive.
The Content Aware Firewall ( Secure Crossing )needs to be aware of: the Layer 6 socket level interface,
as well as the intended sessions that will be flowing over it at Layer 5,so that it can use UDP connections at Layer 4,
so that it can use the IPsec VPN to control encryption on the transport.
Co
nte
ntA
ware
Fir
ew
all
Layers
4-6
IP C
om
mu
nic
ati
on
s S
tack –
Layers
2-
3
IPsec V
PN
UDPv4
UDPv6
Connections
• Kerberos Get Credentials + Tickets• Get Extended Credentials• Kerberos Mutual Authentication• Get Precision Time• Register for Management +
Configuration Synchronization• Service Locator• Service Provider• Multicast Alert• Unicast Command• Event Notification• SNMP Get/Set• Application Event: Send and Receive:
• High Priority• Medium Priority• Low Priority
Sessions
The detailed requirements will be determinedduring the requirements assessment phase.
Inte
rface A
Inte
rface B
There are servers and agents in the industrial environment.
How does the Security Fabric work?
Essentially, the Security Fabric is an end-to-end approach to things.
xSystem &Network
Management
Controller
Device
DeviceThe
SecurityFabric
The Security Fabric is a semi-autonomous embedded devicemanagement agent and communications protocol set along witha central system and network management subsystemthat bring security and other controls to the embedded world.
Let’s build this as if we were building a house.
There are obviously going to need to be several different devices involved.
Controller
Device
Device
We want to add our security agent to each of them to do what we will do.
Our agent will be hidden right beside the application.
The devices need to be able to talk to each other securely, and trust each other on a limited basis.
Controller
Device
Device
This means that the solution will need to be a system as opposed to a piece part.
Intel and McAfee Confidential
The agents talk to one anotherin a resilient middleware..
And all systems need to be administered relative to the configuration and policies that control them.
xSystem &Network
Management
Controller
Device
DeviceThe
TailoredTrustworthy
Space
These three ingredients are the soul of the Security Fabric.
The Security Fabric follows the guidelines required by the NIST 7628 for the Department of Energy.
xSystem &Network
Management
Controller
Device
Device TheSecurityFabric
The industry as a whole is applauding this solution.
Managed Device
ApplicationDevice
Management
We always start by separating the management control agent from the payload application.
Managed Device
Applications
DeviceManagement
Secu
reC
om
mu
nic
atio
ns
Secu
reSt
ora
ge
Po
licy
Man
age
me
nt
Pe
rso
nal
Dat
a V
ault
The management agent always uses defense in depth.
Security Management
Hypervisor
Close-up on Partition Structure
DDS Routing Services
EthernetController
Policy Management
DDS Subagent
Device Application Threads
DDS Subagent
Connection Connection
OperatingSystem.
Transport Plugins
Ring 1: Security –HSM Interface
Ring 2: Policy Management
Participant:Management
Configuration& Route Mapping
Ring 1: DataReader
Ring 1: DataWriter
Routing Services is our inter-system + intra-device middleware;The DDS Subagent controls the private paths between
processes.
SecureIP I/ODriver UDPv4
UDPv6
GridStat
Intra-Device
DDS Subagent
Connection
Participant:Management
Ring 2: DataReader
Ring 2: DataWriter
ChangeManagem
ent
ProblemManagem
ent
HSMInterface
KerberosClient
+Session
KeyManage
ment
Security Protocols
PolicyExecution
Environment
What is really unfolding with the rise of the Internet of Things is the need for
The Semi-Autonomous Policy Management Agent
Each of the four compositionsof rulesets is administeredcentrally and released to theremote device securely.
The rulesets contain profiles,provisioned data, and Java-based rules.
All distribution bundles are signed and are subject tolocal attestation andtransition control.
AutonomousPolicy Management
Agent
IBM Autonomic Computing Model
The control of the smart grid is all about managing semi-autonomous devices.
The Security Fabric is all about safely deploying this concept.
The customer has to be able to delegate responsibility in small incrementsto the remote device to avoid the problem of unintended consequences.
www.securityfabricalliance.org
Designed in Security Discussion