AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables,...
-
Upload
barnaby-hood -
Category
Documents
-
view
214 -
download
1
Transcript of AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables,...
![Page 1: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/1.jpg)
AMI-SEC Task ForceAMI-SEC Task ForceOctober 23October 23rdrd Face-To-Face Meeting – Knoxville, TN Face-To-Face Meeting – Knoxville, TN
Roadmap, ASAP Deliverables, & OutreachRoadmap, ASAP Deliverables, & Outreach
Darren Reece Highfill, CISSPDarren Reece Highfill, CISSP
EnerNex CorporationEnerNex Corporation
[email protected]@enernex.com
![Page 2: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/2.jpg)
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
![Page 3: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/3.jpg)
SSR – Requirements HierarchySSR – Requirements Hierarchy
![Page 4: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/4.jpg)
SSR – Primary Security ServicesSSR – Primary Security Services
• Confidentiality and Privacy (FCP)Confidentiality and Privacy (FCP)• Integrity (FIN)Integrity (FIN)• Availability (FAV)Availability (FAV)• Identification (FID)Identification (FID)• Authentication (FAT)Authentication (FAT)• Authorization (FAZ)Authorization (FAZ)• Non-Repudiation (FNR)Non-Repudiation (FNR)• Auditing (FAU)Auditing (FAU)
![Page 5: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/5.jpg)
SSR – Supporting Security ServicesSSR – Supporting Security Services
• Anomaly Detection Services (FAS)Anomaly Detection Services (FAS)• Boundary Services (FBS)Boundary Services (FBS)• Cryptographic Services (FCS)Cryptographic Services (FCS)• Notification and Signaling Services (FNS)Notification and Signaling Services (FNS)• Resource Management Services (FRS)Resource Management Services (FRS)• Trust and Certificate Services (FTS)Trust and Certificate Services (FTS)
![Page 6: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/6.jpg)
SSR – AssuranceSSR – Assurance
• Development Rigor (ADR)Development Rigor (ADR)• Organizational Rigor (AOR)Organizational Rigor (AOR)• Handling/Operating Rigor (AHR)Handling/Operating Rigor (AHR)• Accountability (AAY)Accountability (AAY)• Access Control (AAC)Access Control (AAC)
![Page 7: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/7.jpg)
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
![Page 8: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/8.jpg)
What is an AMI Security Component?What is an AMI Security Component?
Hardware and/or Software that meet the following Hardware and/or Software that meet the following criteria: criteria: – Must cover at least one requirements (SSR) category Must cover at least one requirements (SSR) category
and at least one security domainand at least one security domain– Must enable relevant security policyMust enable relevant security policy– Must not be a policyMust not be a policy– Can be an algorithmCan be an algorithm– Cannot be a productCannot be a product– Assures business value or system functionAssures business value or system function– Must be available in the marketMust be available in the market
![Page 9: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/9.jpg)
SSR – Component Catalog MappingSSR – Component Catalog Mapping
Co
mm
un
ica
tio
n S
erv
ice
s
ManagedNetworkServices
UtilityEnterpriseServices
AutomatedNetworkServices
UtilityEdge
Services
PremiseEdge
Services
ComponentComponent
![Page 10: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/10.jpg)
Example ComponentsExample Components
• AES Encryption AES Encryption StrategyStrategy
• A5 Encryption A5 Encryption StrategyStrategy
• CAVE Encryption CAVE Encryption StrategyStrategy
• RSA Encryption RSA Encryption StrategyStrategy
• DSA Encryption DSA Encryption StrategyStrategy
• RC4 Stream RC4 Stream Encryption StrategyEncryption Strategy
• Blowfish Block Blowfish Block Encryption StrategyEncryption Strategy
• 3DES Block 3DES Block Encryption StrategyEncryption Strategy
• IDEA Block IDEA Block Encryption StrategyEncryption Strategy
• Stream Encryption Stream Encryption StrategyStrategy
• Block Encryption Block Encryption StrategyStrategy
• Encrypted StorageEncrypted Storage• Storage Encryption Storage Encryption
ModeMode• Storage Encryption Storage Encryption
StrategyStrategy• Authenticating Authenticating
Encryption ModeEncryption Mode• Network Packet Network Packet
FilterFilter• ProxyProxy• Network Application Network Application
Reverse ProxyReverse Proxy• Application Layer Application Layer
GatewayGateway
• Host Packet Host Packet FilterFilter
• Hardware Hardware Encryption Encryption ManagerManager
• Software Software Encryption Encryption ManagerManager
• RADIUS RADIUS ServerServer
• RADIUS RADIUS ProtocolProtocol
• TACACS+ TACACS+ ServerServer
• TACACS+ TACACS+ ProtocolProtocol
• LDAP ServerLDAP Server• LDAPLDAP
• Identity ServerIdentity Server• Authentication Authentication
ServerServer• Authorization Authorization
ServerServer• Policy Enforcement Policy Enforcement
ManagerManager• Intrusion Detection Intrusion Detection
SystemSystem• Network IDSNetwork IDS• Host IDSHost IDS• Network IPSNetwork IPS• Network IDSNetwork IDS• Wireless IDSWireless IDS• IEEE 802.11iIEEE 802.11i• IEEE 802.11aeIEEE 802.11ae• IEEE 802.11afIEEE 802.11af
Are each of these components? Where do they map?
π
![Page 11: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/11.jpg)
Example Component CatalogExample Component Catalog
Comp ID
Comp Name
Comp Descr
FCP … AAC Prim Edge
… Util Entps
Notes
1 Abc … Y . N Y . Y …
2 Def … N . N Y . Y …
3 Hij … Y . N Y . N …
4 Klm … N . Y N . N …
5 Nop … Y . N Y . N …
6 Qrs … N . Y N . N …
7 Tuv … Y . N Y . Y …
![Page 12: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/12.jpg)
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
![Page 13: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/13.jpg)
Deliverable Suite UsageDeliverable Suite Usage
![Page 14: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/14.jpg)
2009 Transformation2009 Transformation
![Page 15: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/15.jpg)
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
![Page 16: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/16.jpg)
Outreach – Washington, DCOutreach – Washington, DC
• Objective:Objective: Increase awareness in Washington, DC Increase awareness in Washington, DC that the electric power industry is proactively addressing that the electric power industry is proactively addressing this important issue in a productive mannerthis important issue in a productive manner
• Inform policy-makers:Inform policy-makers:1.1. Security for AMI is importantSecurity for AMI is important
2.2. Utilities are proactively and collaboratively addressing the Utilities are proactively and collaboratively addressing the issueissue
3.3. We have produced the first round of guidance for AMI and are We have produced the first round of guidance for AMI and are working on expansion for the Smart Gridworking on expansion for the Smart Grid
![Page 17: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/17.jpg)
Outreach – Washington, DCOutreach – Washington, DC
![Page 18: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/18.jpg)
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
![Page 19: AMI-SEC Task Force October 23 rd Face-To-Face Meeting – Knoxville, TN Roadmap, ASAP Deliverables, & Outreach Darren Reece Highfill, CISSP EnerNex Corporation.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649de35503460f94ada7fc/html5/thumbnails/19.jpg)
Planning / LogisticsPlanning / Logistics