smart the grid track c security session 1 10:50 am 1
Post on 19-Dec-2015
219 views
TRANSCRIPT
SmartThe
Grid
Track C
Security
Session 1
10:50 AM 1
SmartThe
Grid
Smart Grid Interim Roadmap Document Review
Session One Document Review
April 28, 2009
2
SmartThe
GridGuidelines and Info for Sessions
• Nominate scribe• Time is precious – keep on schedule; avoid
getting lost in weeds• News Media is present in sessions• No electronic recording of sessions• Note: This workshop is a draft in progress• Key findings will be posted outside the room
3
SmartThe
GridSession One Objectives
• Build consensus on the vision of the Smart Grid
• Build consensus on the partitioning of the Smart Grid
• Review the Draft Smart Grid Roadmap• Summary of events
4
SmartThe
GridIntroductions
• Chair: Annabelle Lee – Senior Cyber Security Strategist for NIST Computer Security Division and Chair of NIST Cyber Security Coordination Task Group
• Co-chair: Matt Carpenter – Senior Security Analyst for InGuardians Security Testing of Smart Grid and SCADA; SANS Instructor; Red Team Lead
5
SmartThe
GridDefining Terms
• Cyber Security• Security• Framework• Architecture
6
SmartThe
Grid
External Corporations
Corporate UtilityMarket
participants
IntelliGrid Environments
7
SmartThe
Grid
Utility Structure vs. Smart Grid Interfaces
Normal Program
Critical Peak EventEmergency
Stage 1Emergency
Stage 2 Current Temp
$
Status
NORMALPENDING
ACTIVEOVER
-RIDE!
03/03/2007 8:48am
Program: AWAY
Market / Regulatory
Corporate
Transmission
Distribution
Consumer/Load
Field Area (FAN)
Home or Premise Area (HAN)
Wide Area (WAN)
Enterprise (ESB)
Extranet
Note: Energy sources can be found in T, D, or C8
SmartThe
GridRoadmap Outline (DRAFT) – Top Level
(Discussion and Comments on Overall Roadmap Structure)
EXECUTIVE SUMMARY
1. PURPOSE AND SCOPE
2. SMART GRID VISION
3. SMART GRID HIGH-LEVEL ARCHITECTURE
4. SMART GRID APPLICATIONS AND USER REQUIREMENTS
5. SMART GRID ARCHITECTURE REQUIREMENTS AND INTERFACES
6. SMART GRID STANDARDS DESCRIPTION AND ASSESSMENT
7. PRIORITIZED ACTIONS AND TIMELINES TO ADDRESS IDENTIFIED ISSUES
8. DEFINITIONS
9. REFERENCES
9
SmartThe
GridRoadmap Document Review
• Chapter 1 Purpose and Scope– 1.1 Background
– 1.2 Context of This Document
– 1.3 NIST Roles and Plans
10
SmartThe
GridRoadmap Document Review
Chapter 2 Smart Grid Vision– 2.1 What is the Smart Grid
– 2.2 Smart Grid Characteristics: Drivers and Opportunities
– 2.3 Smart Grid Challenges
11
SmartThe
GridRoadmap Document Review
• Chapter 3 The Smart Grid High Level Architecture– 3.1 Architecture Definition– 3.2 Architecture Scope– 3.3 Cyber Security Architecture Concepts– 3.4 Architecture Destinations and Metrics– 3.5 Smart Grid Development Governance– 3.6 Smart Grid Interfaces– 3.7 Smart Grid Infrastructure Methods and Tools– 3.8 Architectural Principles– 3.9 Analysis Process Methodology
12
SmartThe
Grid
Section 3.3:Smart Grid Security Framework and Methodology
April 28, 2009
link
13
SmartThe
Grid
Security Management and Security Controls
• The security management for the Information Infrastructure consists of a cycle of:– Risk Assessment of the information and development of the
security requirements – Security Policy establishment and selection of security
controls necessary to meet the security requirements– Deployment of the selected Security Controls
– Training in and enforcement of security policies and control – Auditing of the security activities– Re-assessment of the risks,
vulnerabilities, and thus the revising of the security requirements and controls.
• NIST SP 800-39 & SP800-53
SecurityManagement of
InformationInfrastructure
RiskAssessment
14
SmartThe
GridSecurity Methodology
• Security methodology for Risk Assessment:– Identify Vulnerabilities in the Information Infrastructure– Assess the Impacts of security compromises
• With this approach, the probability of security threats actually occurring, which would be nearly impossible to quantify, is not included in the risk assessment except as an assumption that indeed these threats are real and likely in some form or another.
• NIST SP800-82 identifies and categorizes certain Industrial Control Systems (ICS) vulnerabilities into: – Policy and Procedure Vulnerabilities– Platform Vulnerabilities– Network Vulnerabilities– Communication Vulnerabilities
• Impacts are specific to particular assets and the roles they play in the Information Infrastructure
15
SmartThe
GridSecurity Controls
• NIST SP800-53 identifies 17 types of security controls, categorized into 3 areas:
– Security Management• Planning• Risk Assessment• System and Services Acquisition• Security Assessment and Authorization
– Operational Security• Awareness and Training• Contingency Planning• Configuration Management• Media Protection• Physical and Environmental Protection• System and Information Integrity• Personnel Security (and Safety)• Maintenance• Incidence Response
– Technical Security• Identification and Authentication• Access Control• System and Communications Protection• Audit and Accountability
16
SmartThe
Grid
Track C
Security
Session 4
8:30 AM 17
SmartThe
Grid
Release 1 Standards -Low Hanging Fruit
April 28 – 29 Smart Grid Interim Roadmap Workshop
18
SmartThe
Grid
Year
sM
onth
s
InternationalNationalTwo-partyde facto
Alliance
de jure
User’s Group
Standards
Agreements
Specifications
Requirements
Tim
e to
Dev
elop
Year
sM
onth
s
InternationalNationalTwo-partyde facto
Alliance
de jure
User’s Group
Standards
Agreements
Specifications
Requirements
Tim
e to
Dev
elop
A Continuum of Standards
19
SmartThe
GridThe Smart Grid Interface Cube
Information Model
Application Services
Security
Network Management
Time Synch
Networking
Connectivity
E-Commerc
e
Enterpris
e
Customer
(H2G, B
2G, I2G)
Distributio
n
Transmission
Wide-Area Situational AwarenessDemand Response
Electric StorageElectric Transportation
Markets Distributed Generation
Etc…
20
SmartThe
GridInteroperability Occurs When Boxes Join
Information Model
Application Services
Security
Network Management
Time Synch
Networking
Connectivity
Enterpris
e
Customer
(H2G, B
2G, I2G)
Distributio
n
Transmission
Wide-Area Situational AwarenessDemand Response
Electric StorageElectric Transportation
Markets Distributed Generation
Etc…
E-Commerc
e
21
SmartThe
Grid
Relevant Standards Process
• Review strawman lists of Standards that cover the domain (and relationship to others)
• Group Members can add to the list of standards that need to be included
• Outcome: a refined initial list of standards that need to be considered for smart grid. Discussion of these standards can lead to discussion of Architecture issues relative to these standards
22
SmartThe
GridQuestions
• Are there any Candidate standards that have 100% agreement – no brainers?
• Are there standards that are reasonably close, but may need caveats, additions, updates, constraints, or other qualifications? What are those qualifications?
• Are there standards that should not be in Release 1?• Are there standards not in the Candidate list that
should be?
23
SmartThe
GridRelevant Standards
• Release 1 Standards - low hanging fruit, covering assessments, interoperability issues, and gaps, including – NERC CIP 002, 003-009 – IEC 62351– AMI-SEC System Security Requirements– OpenHAN SRS– FIPS 140-2 – Deals with Crypto– NIST SP800-53 (-82 “Guidance” not standard)– ISA SP99– DHS Procurement Language for Control Systems– ISO 27000 series– Development Security Standards? (OWASP)
– ANSI C12.22 / Zigbee Smart Energy Profile– IEEE 802.11i– XMPP
24
SmartThe
Grid
Initial Candidate ListLow Hanging Fruit Standards
• ANSI C12.19 / IEEE 1377 / MC1219
• IEEE C37.118
• IEC 61968/61970 (CIM)
• MultiSpeak
• IEEE 1547
• BACnet – ASHRAE/ANSI 135, ISO 16484-5
• IEC 61850
• IEC 60870-6 TASE.2
• DNP3
• IEC 62351
• NERC CIP 002-009
• NIST Security Standards – FIPS 140-1, NIST SP800-53, NIST SP800-82, etc.
• IEEE 802 family
• IETF Internet Standards – TCP/IP, VPNs, TLS, SNMP, etc.
• IEC PAS 62559
25
SmartThe
GridGroup Discussion
• Are there any Candidate standards that have 100% agreement – no brainers?
• Are there standards that are reasonably close, but may need caveats, additions, updates, constraints, or other qualifications? What are those qualifications?
• Are there standards that should not be in Release 1?• Are there standards not in the Candidate list that
should be?
26
SmartThe
Grid
Track C
Security
Session 3
1:00 PM 27
SmartThe
Grid
Smart Grid Security Frameworks, Methodologies and Architecture
April 28 – 29 Smart Grid Interim Roadmap Workshop
28
SmartThe
GridSecurity Approach
• Security Frameworks• Security Methodologies• Security Architecture
29
SmartThe
GridScope of Session 2
• Discussion of security methodologies and security frameworks– NIST SP800-82 – Industrial Control Systems– NIST SP800-53 – Federal Systems Security Controls– NIST SP800-39 – Risk Management
• Security Architecture documents
30
SmartThe
GridQuestions
• What aspects of the documents presented are good/useful/adequate for security of the Smart Grid?
• What aspects are not adequate? Are there other documents that address them?
• What should the security framework for the Smart Grid include?
• What should the methodology be for Risk Assessment, e.g. assessing only the vulnerabilities and the impacts, rather than the likelihood of any threats?
• What should security management of the Smart Grid entail, particularly as new, often untrusted Stakeholders interconnect?
31
SmartThe
GridConsiderations
• Legacy Systems• Evolving Standards• Others?
32
SmartThe
Grid
Track CSecurity
Session 4
8:30 PM
33
SmartThe
Grid
Smart Grid Vulnerabilities and Impacts
April 28 – 29 Smart Grid Interim Roadmap Workshop
34
SmartThe
GridSession 3: Architecture Requirements
• Identifying vulnerabilities and impacts to the Smart Grid, which are critical to moving forward on the security architecture
35
SmartThe
Grid
External Corporations
Corporate UtilityMarket
participants
IntelliGrid Environments
36
SmartThe
GridVulnerability
• Goals:• * Plan to move forward with Roadmap Document• * Volunteers• * Identify Vulnerabilities and Impacts• * Incomplete and/or Inappropriate Policy and • Mutual Dis-trust and Defense-in-depth
• Procedures• * Configuration Management• * Testing/Assessment• * Logging and Monitoring• * Incident Response Procedures and Training•
37
SmartThe
Grid
• Identity• Entity (Actor) Authentication
– Devices to devices– Users to devices– Device to network– Host to device– User to Service/Application– Etc., etc.
• Authorization• Configuration
38
SmartThe
Grid
• * Platform Misconfiguration• * IDS/IPS not installed, configured or updating• * Firewall• * Default Configuration• * Unecessary Services Running• * Incomplete or Inappropriate Patch Management• * Incomplete or No patching process• * Patching process not followed regularly
39
SmartThe
Grid
• Platform Hardware Vulnerabilities• * Underlying Architecture Flaws• * Underlying Design Flaws• * Hardware Failure• * Inadaquate Physical Protections (Physical
Vulnerability as a primary heading?)• * Loss of Environmental Control
40
SmartThe
Grid
• * Platform Software Vulnerabilities• * Design Flaws• * Race Conditions• * Weak Authentication• * Weak Authorizations• * Implementation Flaws (Programmer Error)• * Buffer Overflows• * Integer over/underruns• * Misconfiguration• * AV•
41
SmartThe
Grid
• * Network Vulnerabilities• * Weak Network Security Architecture• * Network Configuration• * Lack of, or Inappropriate Access-Controls• * Network Hardware• * Network Perimeter• * Communication• * Clear-text Communications• * Proprietary Protocols• * Wireless Connection
42
SmartThe
GridQuestions
• Can a security architecture be developed based on the general or well-known requirements or are the detailed security requirements in the critical path?
• What are the general or well-known security requirements?
• What are the key vulnerabilities?• What are the key impacts?• What additional requirements are needed beyond
vulnerabilities and impacts?
43
SmartThe
Grid
Track C
Security
Session 5
10:20 AM 44
SmartThe
Grid
Identified Issues, Prioritized Actions and Timelines
April 28 – 29 Smart Grid Interim Roadmap Workshop
45
SmartThe
Grid
Session 5 – Prioritized Actions and Timelines
Objective:• Identify Areas of follow-on work necessary to include
in the roadmap
46
SmartThe
GridProcess
• Define Areas of work that need to get done to further the development of the smart grid for the domain. This includes the processes to develop a set of “National Level Architecture Requirements”
• The following are examples of follow on work that could seed domain discussions on the topic. – Use Cases/Application requirements to be developed– Analyses necessary including Architecture Requirements,
Actor and nomenclature normalization– Integration and Harmonization of Standards that need to
take place– Reference Designs and Implementations that are needed to
assist the development and integration of the standards– RD&D topics and projects that need to be developed.
47
SmartThe
GridQuestions
• What are the issues that should be included in the list of actions?
• What actions should be taken on each of these issues?
• What is the proposed timeline for these actions, given the need to involve SDOs, additional Stakeholders, and the constraints of the up-coming May Workshop?
48