SmartThe

Grid

Track C

Security

Session 1

10:50 AM 1

SmartThe

Grid

Smart Grid Interim Roadmap Document Review

Session One Document Review

April 28, 2009

2

SmartThe

GridGuidelines and Info for Sessions

• Nominate scribe• Time is precious – keep on schedule; avoid

getting lost in weeds• News Media is present in sessions• No electronic recording of sessions• Note: This workshop is a draft in progress• Key findings will be posted outside the room

3

SmartThe

GridSession One Objectives

• Build consensus on the vision of the Smart Grid

• Build consensus on the partitioning of the Smart Grid

• Review the Draft Smart Grid Roadmap• Summary of events

4

SmartThe

GridIntroductions

• Chair: Annabelle Lee – Senior Cyber Security Strategist for NIST Computer Security Division and Chair of NIST Cyber Security Coordination Task Group

• Co-chair: Matt Carpenter – Senior Security Analyst for InGuardians Security Testing of Smart Grid and SCADA; SANS Instructor; Red Team Lead

5

SmartThe

GridDefining Terms

• Cyber Security• Security• Framework• Architecture

6

SmartThe

Grid

External Corporations

Corporate UtilityMarket

participants

IntelliGrid Environments

7

SmartThe

Grid

Utility Structure vs. Smart Grid Interfaces

Normal Program

Critical Peak EventEmergency

Stage 1Emergency

Stage 2 Current Temp

$

Status

NORMALPENDING

ACTIVEOVER

-RIDE!

03/03/2007 8:48am

Program: AWAY

Market / Regulatory

Corporate

Transmission

Distribution

Consumer/Load

Field Area (FAN)

Home or Premise Area (HAN)

Wide Area (WAN)

Enterprise (ESB)

Extranet

Note: Energy sources can be found in T, D, or C8

SmartThe

GridRoadmap Outline (DRAFT) – Top Level

(Discussion and Comments on Overall Roadmap Structure)

EXECUTIVE SUMMARY

1. PURPOSE AND SCOPE

2. SMART GRID VISION

3. SMART GRID HIGH-LEVEL ARCHITECTURE

4. SMART GRID APPLICATIONS AND USER REQUIREMENTS

5. SMART GRID ARCHITECTURE REQUIREMENTS AND INTERFACES

6. SMART GRID STANDARDS DESCRIPTION AND ASSESSMENT

7. PRIORITIZED ACTIONS AND TIMELINES TO ADDRESS IDENTIFIED ISSUES

8. DEFINITIONS

9. REFERENCES

9

SmartThe

GridRoadmap Document Review

• Chapter 1 Purpose and Scope– 1.1 Background

– 1.2 Context of This Document

– 1.3 NIST Roles and Plans

10

SmartThe

GridRoadmap Document Review

Chapter 2 Smart Grid Vision– 2.1 What is the Smart Grid

– 2.2 Smart Grid Characteristics: Drivers and Opportunities

– 2.3 Smart Grid Challenges

11

SmartThe

GridRoadmap Document Review

• Chapter 3 The Smart Grid High Level Architecture– 3.1 Architecture Definition– 3.2 Architecture Scope– 3.3 Cyber Security Architecture Concepts– 3.4 Architecture Destinations and Metrics– 3.5 Smart Grid Development Governance– 3.6 Smart Grid Interfaces– 3.7 Smart Grid Infrastructure Methods and Tools– 3.8 Architectural Principles– 3.9 Analysis Process Methodology

12

SmartThe

Grid

Section 3.3:Smart Grid Security Framework and Methodology

April 28, 2009

link

13

SmartThe

Grid

Security Management and Security Controls

• The security management for the Information Infrastructure consists of a cycle of:– Risk Assessment of the information and development of the

security requirements – Security Policy establishment and selection of security

controls necessary to meet the security requirements– Deployment of the selected Security Controls

– Training in and enforcement of security policies and control – Auditing of the security activities– Re-assessment of the risks,

vulnerabilities, and thus the revising of the security requirements and controls.

• NIST SP 800-39 & SP800-53

SecurityManagement of

InformationInfrastructure

RiskAssessment

14

SmartThe

GridSecurity Methodology

• Security methodology for Risk Assessment:– Identify Vulnerabilities in the Information Infrastructure– Assess the Impacts of security compromises

• With this approach, the probability of security threats actually occurring, which would be nearly impossible to quantify, is not included in the risk assessment except as an assumption that indeed these threats are real and likely in some form or another.

• NIST SP800-82 identifies and categorizes certain Industrial Control Systems (ICS) vulnerabilities into: – Policy and Procedure Vulnerabilities– Platform Vulnerabilities– Network Vulnerabilities– Communication Vulnerabilities

• Impacts are specific to particular assets and the roles they play in the Information Infrastructure

15

SmartThe

GridSecurity Controls

• NIST SP800-53 identifies 17 types of security controls, categorized into 3 areas:

– Security Management• Planning• Risk Assessment• System and Services Acquisition• Security Assessment and Authorization

– Operational Security• Awareness and Training• Contingency Planning• Configuration Management• Media Protection• Physical and Environmental Protection• System and Information Integrity• Personnel Security (and Safety)• Maintenance• Incidence Response

– Technical Security• Identification and Authentication• Access Control• System and Communications Protection• Audit and Accountability

16

SmartThe

Grid

Track C

Security

Session 4

8:30 AM 17

SmartThe

Grid

Release 1 Standards -Low Hanging Fruit

April 28 – 29 Smart Grid Interim Roadmap Workshop

18

SmartThe

Grid

Year

sM

onth

s

InternationalNationalTwo-partyde facto

Alliance

de jure

User’s Group

Standards

Agreements

Specifications

Requirements

Tim

e to

Dev

elop

Year

sM

onth

s

InternationalNationalTwo-partyde facto

Alliance

de jure

User’s Group

Standards

Agreements

Specifications

Requirements

Tim

e to

Dev

elop

A Continuum of Standards

19

SmartThe

GridThe Smart Grid Interface Cube

Information Model

Application Services

Security

Network Management

Time Synch

Networking

Connectivity

E-Commerc

e

Enterpris

e

Customer

(H2G, B

2G, I2G)

Distributio

n

Transmission

Wide-Area Situational AwarenessDemand Response

Electric StorageElectric Transportation

Markets Distributed Generation

Etc…

20

SmartThe

GridInteroperability Occurs When Boxes Join

Information Model

Application Services

Security

Network Management

Time Synch

Networking

Connectivity

Enterpris

e

Customer

(H2G, B

2G, I2G)

Distributio

n

Transmission

Wide-Area Situational AwarenessDemand Response

Electric StorageElectric Transportation

Markets Distributed Generation

Etc…

E-Commerc

e

21

SmartThe

Grid

Relevant Standards Process

• Review strawman lists of Standards that cover the domain (and relationship to others)

• Group Members can add to the list of standards that need to be included

• Outcome: a refined initial list of standards that need to be considered for smart grid. Discussion of these standards can lead to discussion of Architecture issues relative to these standards

22

SmartThe

GridQuestions

• Are there any Candidate standards that have 100% agreement – no brainers?

• Are there standards that are reasonably close, but may need caveats, additions, updates, constraints, or other qualifications? What are those qualifications?

• Are there standards that should not be in Release 1?• Are there standards not in the Candidate list that

should be?

23

SmartThe

GridRelevant Standards

• Release 1 Standards - low hanging fruit, covering assessments, interoperability issues, and gaps, including – NERC CIP 002, 003-009 – IEC 62351– AMI-SEC System Security Requirements– OpenHAN SRS– FIPS 140-2 – Deals with Crypto– NIST SP800-53 (-82 “Guidance” not standard)– ISA SP99– DHS Procurement Language for Control Systems– ISO 27000 series– Development Security Standards? (OWASP)

– ANSI C12.22 / Zigbee Smart Energy Profile– IEEE 802.11i– XMPP

24

SmartThe

Grid

Initial Candidate ListLow Hanging Fruit Standards

• ANSI C12.19 / IEEE 1377 / MC1219

• IEEE C37.118

• IEC 61968/61970 (CIM)

• MultiSpeak

• IEEE 1547

• BACnet – ASHRAE/ANSI 135, ISO 16484-5

• IEC 61850

• IEC 60870-6 TASE.2

• DNP3

• IEC 62351

• NERC CIP 002-009

• NIST Security Standards – FIPS 140-1, NIST SP800-53, NIST SP800-82, etc.

• IEEE 802 family

• IETF Internet Standards – TCP/IP, VPNs, TLS, SNMP, etc.

• IEC PAS 62559

25

SmartThe

GridGroup Discussion

• Are there any Candidate standards that have 100% agreement – no brainers?

• Are there standards that are reasonably close, but may need caveats, additions, updates, constraints, or other qualifications? What are those qualifications?

• Are there standards that should not be in Release 1?• Are there standards not in the Candidate list that

should be?

26

SmartThe

Grid

Track C

Security

Session 3

1:00 PM 27

SmartThe

Grid

Smart Grid Security Frameworks, Methodologies and Architecture

April 28 – 29 Smart Grid Interim Roadmap Workshop

28

SmartThe

GridSecurity Approach

• Security Frameworks• Security Methodologies• Security Architecture

29

SmartThe

GridScope of Session 2

• Discussion of security methodologies and security frameworks– NIST SP800-82 – Industrial Control Systems– NIST SP800-53 – Federal Systems Security Controls– NIST SP800-39 – Risk Management

• Security Architecture documents

30

SmartThe

GridQuestions

• What aspects of the documents presented are good/useful/adequate for security of the Smart Grid?

• What aspects are not adequate? Are there other documents that address them?

• What should the security framework for the Smart Grid include?

• What should the methodology be for Risk Assessment, e.g. assessing only the vulnerabilities and the impacts, rather than the likelihood of any threats?

• What should security management of the Smart Grid entail, particularly as new, often untrusted Stakeholders interconnect?

31

SmartThe

GridConsiderations

• Legacy Systems• Evolving Standards• Others?

32

SmartThe

Grid

Track CSecurity

Session 4

8:30 PM

33

SmartThe

Grid

Smart Grid Vulnerabilities and Impacts

April 28 – 29 Smart Grid Interim Roadmap Workshop

34

SmartThe

GridSession 3: Architecture Requirements

• Identifying vulnerabilities and impacts to the Smart Grid, which are critical to moving forward on the security architecture

35

SmartThe

Grid

External Corporations

Corporate UtilityMarket

participants

IntelliGrid Environments

36

SmartThe

GridVulnerability

• Goals:• * Plan to move forward with Roadmap Document• * Volunteers• * Identify Vulnerabilities and Impacts• * Incomplete and/or Inappropriate Policy and • Mutual Dis-trust and Defense-in-depth

• Procedures• * Configuration Management• * Testing/Assessment• * Logging and Monitoring• * Incident Response Procedures and Training•

37

SmartThe

Grid

• Identity• Entity (Actor) Authentication

– Devices to devices– Users to devices– Device to network– Host to device– User to Service/Application– Etc., etc.

• Authorization• Configuration

38

SmartThe

Grid

• * Platform Misconfiguration• * IDS/IPS not installed, configured or updating• * Firewall• * Default Configuration• * Unecessary Services Running• * Incomplete or Inappropriate Patch Management• * Incomplete or No patching process• * Patching process not followed regularly

39

SmartThe

Grid

• Platform Hardware Vulnerabilities• * Underlying Architecture Flaws• * Underlying Design Flaws• * Hardware Failure• * Inadaquate Physical Protections (Physical

Vulnerability as a primary heading?)• * Loss of Environmental Control

40

SmartThe

Grid

• * Platform Software Vulnerabilities• * Design Flaws• * Race Conditions• * Weak Authentication• * Weak Authorizations• * Implementation Flaws (Programmer Error)• * Buffer Overflows• * Integer over/underruns• * Misconfiguration• * AV•

41

SmartThe

Grid

• * Network Vulnerabilities• * Weak Network Security Architecture• * Network Configuration• * Lack of, or Inappropriate Access-Controls• * Network Hardware• * Network Perimeter• * Communication• * Clear-text Communications• * Proprietary Protocols• * Wireless Connection

42

SmartThe

GridQuestions

• Can a security architecture be developed based on the general or well-known requirements or are the detailed security requirements in the critical path?

• What are the general or well-known security requirements?

• What are the key vulnerabilities?• What are the key impacts?• What additional requirements are needed beyond

vulnerabilities and impacts?

43

SmartThe

Grid

Track C

Security

Session 5

10:20 AM 44

SmartThe

Grid

Identified Issues, Prioritized Actions and Timelines

April 28 – 29 Smart Grid Interim Roadmap Workshop

45

SmartThe

Grid

Session 5 – Prioritized Actions and Timelines

Objective:• Identify Areas of follow-on work necessary to include

in the roadmap

46

SmartThe

GridProcess

• Define Areas of work that need to get done to further the development of the smart grid for the domain. This includes the processes to develop a set of “National Level Architecture Requirements”

• The following are examples of follow on work that could seed domain discussions on the topic. – Use Cases/Application requirements to be developed– Analyses necessary including Architecture Requirements,

Actor and nomenclature normalization– Integration and Harmonization of Standards that need to

take place– Reference Designs and Implementations that are needed to

assist the development and integration of the standards– RD&D topics and projects that need to be developed.

47

SmartThe

GridQuestions

• What are the issues that should be included in the list of actions?

• What actions should be taken on each of these issues?

• What is the proposed timeline for these actions, given the need to involve SDOs, additional Stakeholders, and the constraints of the up-coming May Workshop?

48