AMI-SEC Task Force New Orleans Face-to-Face Meeting @ Entergy System Security Architectural...
-
Upload
henry-webb -
Category
Documents
-
view
217 -
download
2
Transcript of AMI-SEC Task Force New Orleans Face-to-Face Meeting @ Entergy System Security Architectural...
AMI-SEC Task ForceAMI-SEC Task ForceNew Orleans Face-to-Face Meeting @ EntergyNew Orleans Face-to-Face Meeting @ Entergy
System Security Architectural DescriptionSystem Security Architectural Description
Darren Reece Highfill, CISSPDarren Reece Highfill, CISSP
EnerNex CorporationEnerNex Corporation
[email protected]@enernex.com
AgendaAgenda
• AMI-SEC RoadmapAMI-SEC Roadmap• UtiliSECUtiliSEC• Relevant Security Work (reference material)Relevant Security Work (reference material)• Use of Public NetworksUse of Public Networks• Security Use CasesSecurity Use Cases• System Security Architectural DescriptionSystem Security Architectural Description• Planning and Logistics Planning and Logistics
Formation
CharterInitial Discussions
ProcessDiscussions
Scope, Def’n
Init
Dev/Acq
Impl
Op/Maint
Decomm
IEC
IEEE
NIST
Risk Assm’nt
Arch Descr
Comp Catalog
Implt’nGuide
Sys Sec Reqmt’s
FAQ
SDLCExternal
Interfaces
Reports, Recd’nsTesting
ASAPSupport
OutreachOutreach
• RoadmapRoadmap– 11stst cut at drawing complete cut at drawing complete– Put together outlinePut together outline– Parking Lot itemsParking Lot items– Volunteers for contributionsVolunteers for contributions
• FAQFAQ– On the SharePoint site, needs contributionsOn the SharePoint site, needs contributions
• Marketing GroupMarketing Group– UtilityAMI / OpenAMI / UtiliSECUtilityAMI / OpenAMI / UtiliSEC– Press releasesPress releases– Other collateralOther collateral
Roadmap OutlineRoadmap Outline
• Problem StatementProblem Statement– Link to Charter, Scope, and Link to Charter, Scope, and
DefinitionDefinition– Pictures?Pictures?
• Target AudienceTarget Audience– How is the utility problem space How is the utility problem space
different (from e.g.: telecom)?different (from e.g.: telecom)?• Educational resourcesEducational resources• Reference materialReference material
– LandscapeLandscape• TechnologiesTechnologies• Why is AMI different from IT (or Why is AMI different from IT (or
SCADA)?SCADA)?
• BackgroundBackground– Purpose / Value PropositionPurpose / Value Proposition– GoalsGoals– RisksRisks– Benefits / ExpectationsBenefits / Expectations– ScopeScope– Roles, Responsibilities, External Roles, Responsibilities, External
PartiesParties– TimelineTimeline– CostCost
• ProcessProcess– How to find project resources How to find project resources
(e.g.: Tasks, Milestones, (e.g.: Tasks, Milestones, Deliverables / Work Items)Deliverables / Work Items)
– How to participate / contributeHow to participate / contribute– DependenciesDependencies
• Additional ResourcesAdditional Resources– FAQFAQ– ASAPASAP
AgendaAgenda
• AMI-SEC RoadmapAMI-SEC Roadmap• UtiliSECUtiliSEC
– Jeremy McDonaldJeremy McDonald
• Relevant Security Work (reference material)Relevant Security Work (reference material)• Use of Public NetworksUse of Public Networks• Security Use CasesSecurity Use Cases• System Security Architectural DescriptionSystem Security Architectural Description• Planning and Logistics Planning and Logistics
UtiliSec SmartGridSystem Security Specification
- Requirements Organized by Capability Robustness (i.e., Low, Med, High) - Organized by SmartGrid Application Framework (i.e., Loosely applied)
- Categorization based on Security Services (e.g., Confidentiality) - Defines Risk Assessment Process (Probability + Impact)
UtiliSec SmartGridRemote Disconnect
Protection Profile
UtiliSec SmartGridRemote Meter Read
Protection Profile
UtiliSec SmartGridPremise DR
Protection Profile
AMIProfiles
UtiliSec SmartGridRemote Switch
Protection Profile
UtiliSec SmartGridSensor
Protection Profile
UtiliSec SmartGridSensor
Protection Profile
SmartGrid Architecture Framework
(Application View, Data View, Communication View)
AgendaAgenda
• AMI-SEC RoadmapAMI-SEC Roadmap• UtiliSECUtiliSEC• Relevant Security Work (reference material)Relevant Security Work (reference material)
– Neil GreenfieldNeil Greenfield
• Use of Public NetworksUse of Public Networks• Security Use CasesSecurity Use Cases• System Security Architectural DescriptionSystem Security Architectural Description• Planning and Logistics Planning and Logistics
AgendaAgenda
• AMI-SEC RoadmapAMI-SEC Roadmap• UtiliSECUtiliSEC• Relevant Security Work (reference material)Relevant Security Work (reference material)• Use of Public NetworksUse of Public Networks
– Open DiscussionOpen Discussion
• Security Use CasesSecurity Use Cases• System Security Architectural DescriptionSystem Security Architectural Description• Planning and Logistics Planning and Logistics
Use of Public NetworksUse of Public Networks
• Regulatory Issues:Regulatory Issues:– ““Obligation to serve?”Obligation to serve?”
• In-addition-to, not instead-ofIn-addition-to, not instead-of– Third parties becoming de-facto utilities - regulatory gapThird parties becoming de-facto utilities - regulatory gap
• Scope definitionScope definition– Relevance to AMI-SEC: points of interfaceRelevance to AMI-SEC: points of interface
• Back officeBack office• HAN (if/when third party interfaces with HAN at the meter)HAN (if/when third party interfaces with HAN at the meter)
– Reliability vs. EconomicsReliability vs. Economics• Third party gateways into the homeThird party gateways into the home
– Energy managementEnergy management– Who owns / controls the gateway?Who owns / controls the gateway?– Load control – not allowed (indirect only)Load control – not allowed (indirect only)– C&I customersC&I customers
• Motivation: “natural security?”Motivation: “natural security?”• Information model (CIM)Information model (CIM)
– Need guidance of AMI-SEC when that is createdNeed guidance of AMI-SEC when that is created
AgendaAgenda
• AMI-SEC RoadmapAMI-SEC Roadmap• UtiliSECUtiliSEC• Relevant Security Work (reference material)Relevant Security Work (reference material)• Use of Public NetworksUse of Public Networks• Security Use CasesSecurity Use Cases
– Bobby Brown, Coalton BennettBobby Brown, Coalton Bennett
• System Security Architectural DescriptionSystem Security Architectural Description• Planning and Logistics Planning and Logistics
External Interactions View (Contextual)External Interactions View (Contextual)
AMICustomer Utility
Third Party
Customer Use Cases #1Customer Use Cases #1
Customer Accesses AMI Data:Stimulus: Customers view a variety of information gathered by AMIResponse: Customers make choices in response to various pricing and/or emergency stimuli
Security Objectives:• Customer wants their personal information only accessible by desired targets (e.g. utility)• Customer wants to receive their credit for enrolling in a demand response program (availability)
Customer Use Cases #2Customer Use Cases #2
•PrepayStimulus: Customers use the AMI system to prepay their accounts and read their current balance.Response: The AMI system tightly correlates the electric service to the status of the customer account
Customer Use Cases #3Customer Use Cases #3
Sub-Actors:• Residential Customer• Commercial Customer• Industrial Customer• Municipalities Customer
Utility Use CasesUtility Use Cases
• Remote Meter ReadsThe AMI system permits the utility to remotely read meter data in intervals so that customers may be billed on their time of use, and demand can therefore be shifted from peak periods to off-peak periods, improving energy efficiency.
• Remote Connect / DisconnectThe AMI system permits customers' electrical service to be remotely connected or disconnected for a variety of reasons, eliminating the need for utility personnel to visit the customer premises.
• Notification – Demand ReductionThe utility can notify customers through the AMI system that demand reduction is requested for the purposes of either improving grid reliability, performing economic dispatch (energy trading), or deferring buying energy.
Third Party Use CasesThird Party Use Cases
• Third Party AccessThird Parties (e.g. gas and water utilities, contract meter readers, aggregators) access AMI to read electrical meters, read gas and water meters, or control third-party equipment on customer premises.
AMI Use CasesAMI Use Cases
• Outage ManagementThe AMI system can be used to report outages with greater precision than other sources, or verify outage reports from other sources.
• Power Quality AnalysisThe AMI system can be used to analyze the quality of electrical power by reporting harmonic data, RMS variations, Voltage and VARs, and can communicate directly with distribution automation networks to improve power quality and fault recovery times.
• Distributed Generation ManagementThe AMI system can be used to detect, measure, regulate and dispatch distributed generation by customers.
• Energy TheftThe AMI system can be used to report when customers are stealing energy or tampering with their meter.
AgendaAgenda
• AMI-SEC RoadmapAMI-SEC Roadmap• UtiliSECUtiliSEC• Relevant Security Work (reference material)Relevant Security Work (reference material)• Use of Public NetworksUse of Public Networks• Security Use CasesSecurity Use Cases• System Security Architectural DescriptionSystem Security Architectural Description
– Bobby Brown, Coalton Bennett, James IversBobby Brown, Coalton Bennett, James Ivers
• Planning and Logistics Planning and Logistics
System Security Architectural DescriptionSystem Security Architectural Description
• Objectives and goalsObjectives and goals– Describe the abstract (logical, platform-agnostic) mitigation plan for Describe the abstract (logical, platform-agnostic) mitigation plan for
addressing requirements identified in the Risk Assessment / System addressing requirements identified in the Risk Assessment / System
Requirements Document.Requirements Document.
• ApproachApproach– Architectural Representation of Security SystemsArchitectural Representation of Security Systems
– Logical Function DescriptionsLogical Function Descriptions
– System, Subsystem, and Function BoundariesSystem, Subsystem, and Function Boundaries
• Reference: IEEE 1471-2000Reference: IEEE 1471-2000
• Tell the story of the architectureTell the story of the architecture
• AMI is unique from most systemsAMI is unique from most systems
– Heterogeneous environmentsHeterogeneous environments• Utility EnterpriseUtility Enterprise
• Customer PremiseCustomer Premise
• ““Unknown / Variable” Territory in-betweenUnknown / Variable” Territory in-between
– Heterogeneous sources and levels of controlHeterogeneous sources and levels of control• UtilityUtility
• CustomerCustomer
• Third PartiesThird Parties
System Security Architectural DescriptionSystem Security Architectural Description
• Story cannot be told without talking about Story cannot be told without talking about
environmental aspectsenvironmental aspects
• Views become cross-products of:Views become cross-products of:– Function (business)Function (business)
• e.g.: meter read, load shed, etc…e.g.: meter read, load shed, etc…
– Context / EnvironmentContext / Environment
• Proximity, controlProximity, control
– Service Category (security)Service Category (security)
• e.g.: premise, communications, network ops, utility opse.g.: premise, communications, network ops, utility ops
– User / StakeholderUser / Stakeholder
• ConcernsConcerns
System Security Architectural DescriptionSystem Security Architectural Description
What do we need next?What do we need next?
• IllustrationsIllustrations• Spreadsheet: business functions vs. use casesSpreadsheet: business functions vs. use cases• Get all of the business functions definedGet all of the business functions defined
– Do business functions fit within the views?Do business functions fit within the views?
• StepsSteps– ArchitectureArchitecture
• Complete the viewsComplete the views• Identify business functionsIdentify business functions• Validate view against functionsValidate view against functions
– Perform risk assessment against functionsPerform risk assessment against functions– Apply requirements against riskApply requirements against risk
• Create flowchart illustrating the processCreate flowchart illustrating the process
AgendaAgenda
• AMI-SEC RoadmapAMI-SEC Roadmap• UtiliSECUtiliSEC• Relevant Security Work (reference material)Relevant Security Work (reference material)• Use of Public NetworksUse of Public Networks• Security Use CasesSecurity Use Cases• System Security Architectural DescriptionSystem Security Architectural Description• Planning and Logistics Planning and Logistics
Planning / LogisticsPlanning / Logistics
• Next meeting datesNext meeting dates– F2FF2F
• August 22August 22ndnd, 9am-3pm EDT, 9am-3pm EDT– UtilityAMI WG meetings run 20UtilityAMI WG meetings run 20thth-22-22ndnd
• Hosted by EnerNex:Hosted by EnerNex:620 Mabry Hood Road620 Mabry Hood Road
Knoxville, TN 37932Knoxville, TN 37932
– Teleconferences:Teleconferences:• July 9July 9thth, 1-2pm EDT, 1-2pm EDT• July 23July 23rdrd, 1-2pm EDT, 1-2pm EDT• August 6August 6thth, 1-2pm EDT, 1-2pm EDT