ucaiug summit sg security session 16 november 2011 austin, tx
DESCRIPTION
UCAIug Summit SG Security Session 16 November 2011 Austin, TX. Opening Session Agenda Status Updates Distribution Reliability & Cyber Security. Agenda. SG Security Working Group. SG Security WG – Task Forces. Usability Analysis Task Force - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/1.jpg)
UCAIug SummitSG Security Session
16 November 2011Austin, TX
Opening SessionAgenda
Status UpdatesDistribution Reliability & Cyber Security
![Page 2: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/2.jpg)
AgendaDay Timeslot Subject Group
Tuesday 1530-1730 SG Security Boot Camp SG Sec WG
Wednesday 0800-1200 Opening Plenary UCAIug
1300-1500 Agenda & Status updatesUsability Analysis TFDistribution Reliability & Cyber Security
SG Sec WG
Thursday 0800-1000 Vulnerability Handling & Information Sharing SG Sec WG
1030-1200 SG Security / OpenADR* Joint Session 1530-1730 Substation Automation Security Profile SG Sec WG
Friday 0800-1000 External Activities: NERC , NESCOR, SGIP…Closeout / Actions Forward
SG Sec WG
![Page 3: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/3.jpg)
SG Security Working Group
Chair Darren Highfill, SCE
Vice-Chair Bobby Brown, EnerNex
Secretary Scott Palmquist, Itron
![Page 4: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/4.jpg)
SG Security WG – Task Forces• Usability Analysis Task Force
– Chair: John Lilley (SDG&E), Vice-Chair: Daniel Thanos (GE)
• CyberSec-Interop Task Force– Chair: Dave Teumim (Teumim Technical), Vice-Chair: John Stewart (TVA)
• AMI-SEC Task Force– Chair: Darren Highfill (SCE), Vice-Chair: Bobby Brown (EnerNex)
• Embedded Systems Security Task Force– Chair: Mark Ward (PG&E), Vice-Chair: Rohit Khera (S&C Electric)
![Page 5: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/5.jpg)
SG Security – Recent Accomplishments
• Usability Analysis Task Force– 2nd Review of Distribution Management Security Profile– Revision of Wide-Area Monitoring, Protection, & Control Security Profile
• Embedded Systems Security Task Force– Working on Secure Device Profile for Embedded Systems
• OpenADR Support– Draft DR Security Profile
![Page 6: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/6.jpg)
Objectives for November F2F Meeting
• Support relationships with other OpenSG working groups and task forces– OpenADR– Security Conformity
• Update on external activites– NERC, NESCOR, SGIP
• ASAP-SG– New work: Substation Automation Security Profile
• Open discussions– Vulnerability Handling
![Page 7: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/7.jpg)
Usability Analysis TF• Distribution Management Security Profile– Status: COMPLETE– Comments have been reviewed and incorporated into the
document– Evaluation report issued– Ratification vote passed– Awaiting OpenSG Technical Committee approval
![Page 8: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/8.jpg)
Usability Analysis TF
• WAMPAC (Synchrophasor) Security Profile– Status: NEARING COMPLETION– Comments have been reviewed and incorporated into
the document– Evaluation Report is being finalized– Expect draft for vote soon…
![Page 9: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/9.jpg)
Continuation of CyberSec-Interop?
• Interoperable Configuration Profiles– Valuable work products– Close alignment with goals of UCA, SGIP
• Work/activity appears to have stalled• Need champion to carry work forward
![Page 10: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/10.jpg)
AMI-SEC Task Force
• Re-work of AMI Security Profile by CSWG AMI Security Subgroup– Using ASAP-SG method
• Are there other tasks?
![Page 11: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/11.jpg)
Embedded Systems Security TF
• Work still continuing, but loss of momentum• Re-scope work to reap value from what has
already been accomplished?• Re-examine sub-leads and meeting times
![Page 12: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/12.jpg)
Distribution Reliability• Classic definitions– Interruption indices: SAIDI, SAIFI, CAIFI
• Number of momentary and sustained interruptions• Duration of interruptions• Number of customers interrupted
![Page 13: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/13.jpg)
Smart Grid Conceptual Model
![Page 14: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/14.jpg)
Distribution Domain
![Page 15: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/15.jpg)
Home Area Network
![Page 16: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/16.jpg)
Distribution Failures• Line Segments
– Permanent vs. Temporary– Mean Time to Repair
• Protective & Switching Devices– Probability of Failure– Protection Reliability– Reclose Reliability– Mean Time to Repair– Switching Reliability– Mean Time to Switch
![Page 17: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/17.jpg)
Distribution Reliability• Newer generation of indices– Power Quality (sag and swell)– SIARFI, SMARFI, STARFI
• Customers with specific power needs– Largely industrial customers to-date– Moving toward service-oriented model?
![Page 18: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/18.jpg)
Customer Domain
![Page 19: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/19.jpg)
Ways to Improve• Maintenance
– Corrective and Preventative
• Installation of reclosers & breakers
• Automation
• Crew Management• Switching algorithms
– Upstream and Downstream (back feeding)
• System Reconfiguration– Islanding & Restoration
![Page 20: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/20.jpg)
UCAIug SummitSG Security Session
17 November 2011Austin, TX
Security Vulnerability Discussion
![Page 21: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/21.jpg)
Vulnerability Disclosure and Information Sharing
![Page 22: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/22.jpg)
Vulnerability Disclosure Progress ?
• General practice
• ICSJWG Whitepaper status
• The Beresford Vulnerabilities, ICS-CERT, and Siemens
• Digital Bond’s Response
![Page 23: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/23.jpg)
Information SharingWhat is this?
• Some people know something bad about security of critical infrastructure
• Only government agencies, asset owners, the discoverer, and the supplier directly involved are allowed to know.
• Other people need to know this – Ever hear of proactive response to threats?
• Government lawyers are here to help but don’t tell anybody what you know.
![Page 24: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/24.jpg)
Vulnerability Disclosure and Information Sharing
• Who is going to shoot that &%$#&@ elephant!?
• Can we hold anyone responsible for being irresponsible?
• Do we want to hold anyone responsible?
![Page 25: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/25.jpg)
Vulnerability Disclosure and Information Sharing
• Does anyone know the requirements for vulnerability disclosure and information sharing processes that would protect the security of critical infrastructure?
• Sounds like an OSGug kind of thing to me?
![Page 26: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/26.jpg)
UCAIug OpenADR Taskforce Meeting
Nov 16,17, 2011Austin Face to Face Meeting
![Page 27: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/27.jpg)
Face to Face OpenADR Taskforce Agenda
• Wed, 11/16 – 3:30 – 5:50 PAP09/OpenADR joint meeting
• Thur, 11/17 – 8:00 -10:00 – Phase II SRS discussion – 100:30 - 12:00 Joint Security Meeting– 3:30-5:30 Phase II SRS wrap up, future planning
![Page 28: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/28.jpg)
Phase 2 Requirements• Phase 2 Business & User Requirements addressed by System Requirements
• Phase 2 requirements B&U requirements are Dispositioned in one of five ways:
1 New service is identified.
2 Change to an existing service.
3 Existing service addresses the requirement.
4 Non-functional requirement.
5 Out of Scope.
![Page 29: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/29.jpg)
OpenADR Security Profile• Goal: Provide vetted OpenADR Security Profile November 2011• Today’s Session (Working Session)
– Review Security Profile Development Process– Review ASAP-SG Framework used– High level review of existing document
• OpenADR functionality• Use Cases- taxonomy and failure points
– Open Issues– Steps to conclusion for comments and approval
![Page 30: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/30.jpg)
OpenADR Security Profile Process
• Developed by joint team from OpenADR TF and SG Security
• Additional Stakeholders in OpenADR Alliance (OpenADR 2.0 Spec. & CoS)
• Developed using ASAP-SG Framework– Framework overview from Darren
![Page 31: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/31.jpg)
ASAP-SGSUBSTATION AUTOMATION SECURITY PROFILE
ROLE TO DEVICE MAPPING DISCUSSION
UCAIug/SG Security F2FNovember 2011
![Page 32: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/32.jpg)
32
Substation Roles Identified SENSOR ACTUATOR PROTECTION APPLICATION MONITORING APPLICATION CONTROL APPLICATION CONTROL AUTHORITY
INFORMATION REPOSITORY PROXY USER INTERFACE DEVICE MANAGER USER MAINTAINER
![Page 33: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/33.jpg)
Some Quick Notes About Roles
• Many devices today can support numerous roles• A Utility may implement all or a subset of the
devices capabilities (roles)• A role may be implemented more than once
within a substation automation system
33
![Page 34: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/34.jpg)
Example Substation Architecture
34
![Page 35: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/35.jpg)
Role to Device Mapping Example
35
PROTECTION RELAY and MERGING UNIT
![Page 36: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/36.jpg)
36
COMMUNICATIONS PROCESSOR
Role to Device Mapping Example
![Page 37: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/37.jpg)
37
DIGITAL FAULT RECORDER & METER
Role to Device Mapping Example
![Page 38: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/38.jpg)
38
HUMAN MACHINE INTERFACE (HMI)
Role to Device Mapping Example
![Page 39: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/39.jpg)
39
SUBSTATION GATEWAY
![Page 40: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/40.jpg)
40
REMOTE TERMINAL UNIT (RTU)
Role to Device Mapping Example
![Page 41: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/41.jpg)
41
PROGRAMMABLE LOGIC CONTROLLER (PLC)
Role to Device Mapping Example
![Page 42: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/42.jpg)
Substation Automation Security Profile• Security of automated functions found in transmission and distribution substations, including system
monitoring, switchgear control, and system protection
• Considered “in scope”:– Equipment inside the substation perimeter (i.e., fence, building, or other enclosure)– Interfaces to substation equipment for communications with remote sites and other facilities– Direct communications between substations (e.g., transfer trip)
Processing &Communications of
Measurements,Notifications, &Control Signals
Operate,Control, &
Protect
Within & AmongstSubstation Components
used to
the Electric Grid
![Page 43: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/43.jpg)
UCAIug SummitSG Security Session
18 November 2011Austin, TX
Industry UpdatesAction Items & Closeout
![Page 44: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/44.jpg)
CSWG Update• Subgroups
– DPG– Privacy– High Level Requirements– Architecture– Testing & Certification– AMI Security
• F2F– GridInterop, December 5, 2011, 3:30-5:00 CT, Phoenix– Cyber Physical conference in April 23-24, 2012, Gaithersburg, MD– CSWG F2F April 24-25, 2012, Sterling, VA
![Page 45: UCAIug Summit SG Security Session 16 November 2011 Austin, TX](https://reader035.vdocuments.site/reader035/viewer/2022081520/568165be550346895dd8bef8/html5/thumbnails/45.jpg)
NERC Update
• 2011 GridEx – Cybersecurity exercise completed yesterday
• Smart Grid Task Force• Cyber Attack Task Force• Severe Impact Resiliency