1 / 46

UCAIug Summit SG Security Session 16 November 2011 Austin, TX

UCAIug Summit SG Security Session 16 November 2011 Austin, TX. Opening Session Agenda Status Updates Distribution Reliability & Cyber Security. Agenda. SG Security Working Group. SG Security WG – Task Forces. Usability Analysis Task Force

cedric
Download Presentation

UCAIug Summit SG Security Session 16 November 2011 Austin, TX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UCAIug SummitSG Security Session16 November 2011Austin, TX Opening Session Agenda Status Updates Distribution Reliability & Cyber Security

  2. Agenda

  3. SG Security Working Group

  4. SG Security WG – Task Forces • Usability Analysis Task Force • Chair: John Lilley (SDG&E), Vice-Chair: Daniel Thanos (GE) • CyberSec-Interop Task Force • Chair: Dave Teumim (Teumim Technical), Vice-Chair: John Stewart (TVA) • AMI-SEC Task Force • Chair: Darren Highfill (SCE), Vice-Chair: Bobby Brown (EnerNex) • Embedded Systems Security Task Force • Chair: Mark Ward (PG&E), Vice-Chair: Rohit Khera (S&C Electric)

  5. SG Security – Recent Accomplishments • Usability Analysis Task Force • 2ndReview of Distribution Management Security Profile • Revision of Wide-Area Monitoring, Protection, & Control Security Profile • Embedded Systems Security Task Force • Working on Secure Device Profile for Embedded Systems • OpenADR Support • Draft DR Security Profile

  6. Objectives for November F2F Meeting • Support relationships with other OpenSG working groups and task forces • OpenADR • Security Conformity • Update on external activites • NERC, NESCOR, SGIP • ASAP-SG • New work: Substation Automation Security Profile • Open discussions • Vulnerability Handling

  7. Usability Analysis TF • Distribution Management Security Profile • Status: COMPLETE • Comments have been reviewed and incorporated into the document • Evaluation report issued • Ratification vote passed • Awaiting OpenSG Technical Committee approval

  8. Usability Analysis TF • WAMPAC (Synchrophasor) Security Profile • Status: NEARING COMPLETION • Comments have been reviewed and incorporated into the document • Evaluation Report is being finalized • Expect draft for vote soon…

  9. Continuation of CyberSec-Interop? • Interoperable Configuration Profiles • Valuable work products • Close alignment with goals of UCA, SGIP • Work/activity appears to have stalled • Need champion to carry work forward

  10. AMI-SEC Task Force • Re-work of AMI Security Profile by CSWG AMI Security Subgroup • Using ASAP-SG method • Are there other tasks?

  11. Embedded Systems Security TF • Work still continuing, but loss of momentum • Re-scope work to reap value from what has already been accomplished? • Re-examine sub-leads and meeting times

  12. Distribution Reliability • Classic definitions • Interruption indices: SAIDI, SAIFI, CAIFI • Number of momentary and sustained interruptions • Duration of interruptions • Number of customers interrupted

  13. Smart Grid Conceptual Model

  14. Distribution Domain

  15. Home Area Network

  16. Distribution Failures • Line Segments • Permanent vs. Temporary • Mean Time to Repair • Protective & Switching Devices • Probability of Failure • Protection Reliability • Reclose Reliability • Mean Time to Repair • Switching Reliability • Mean Time to Switch

  17. Distribution Reliability • Newer generation of indices • Power Quality (sag and swell) • SIARFI, SMARFI, STARFI • Customers with specific power needs • Largely industrial customers to-date • Moving toward service-oriented model?

  18. Customer Domain

  19. Ways to Improve • Maintenance • Corrective and Preventative • Installation of reclosers & breakers • Automation • Crew Management • Switching algorithms • Upstream and Downstream (back feeding) • System Reconfiguration • Islanding & Restoration

  20. UCAIug SummitSG Security Session17 November 2011Austin, TX Security Vulnerability Discussion

  21. Vulnerability Disclosure and Information Sharing

  22. Vulnerability Disclosure Progress ? • General practice • ICSJWG Whitepaper status • The Beresford Vulnerabilities, ICS-CERT, and Siemens • Digital Bond’s Response

  23. Information SharingWhat is this? • Some people know something bad about security of critical infrastructure • Only government agencies, asset owners, the discoverer, and the supplier directly involved are allowed to know. • Other people need to know this • Ever hear of proactive response to threats? • Government lawyers are here to help but don’t tell anybody what you know.

  24. Vulnerability Disclosure and Information Sharing • Who is going to shoot that &%$#&@ elephant!? • Can we hold anyone responsible for being irresponsible? • Do we want to hold anyone responsible?

  25. Vulnerability Disclosure and Information Sharing • Does anyone know the requirements for vulnerability disclosure and information sharing processes that would protect the security of critical infrastructure? • Sounds like an OSGug kind of thing to me?

  26. UCAIug OpenADR Taskforce Meeting Nov 16,17, 2011 Austin Face to Face Meeting

  27. Face to Face OpenADR Taskforce Agenda • Wed, 11/16 • 3:30 – 5:50 PAP09/OpenADR joint meeting • Thur, 11/17 • 8:00 -10:00 – Phase II SRS discussion • 100:30 - 12:00 Joint Security Meeting • 3:30-5:30 Phase II SRS wrap up, future planning

  28. Phase 2 Requirements • Phase 2 Business & User Requirements addressed by System Requirements • Phase 2 requirements B&U requirements are Dispositioned in one of five ways: • New service is identified. • Change to an existing service. • Existing service addresses the requirement. • Non-functional requirement. • Out of Scope.

  29. OpenADR Security Profile • Goal: Provide vetted OpenADR Security Profile November 2011 • Today’s Session (Working Session) • Review Security Profile Development Process • Review ASAP-SG Framework used • High level review of existing document • OpenADR functionality • Use Cases- taxonomy and failure points • Open Issues • Steps to conclusion for comments and approval

  30. OpenADR Security Profile Process • Developed by joint team from OpenADR TF and SG Security • Additional Stakeholders in OpenADR Alliance (OpenADR 2.0 Spec. & CoS) • Developed using ASAP-SG Framework • Framework overview from Darren

  31. ASAP-SGSUBSTATION AUTOMATION SECURITY PROFILE ROLE TO DEVICE MAPPING DISCUSSION UCAIug/SG Security F2F November 2011

  32. Substation Roles Identified • SENSOR • ACTUATOR • PROTECTION APPLICATION • MONITORING APPLICATION • CONTROL APPLICATION • CONTROL AUTHORITY • INFORMATION REPOSITORY • PROXY • USER INTERFACE • DEVICE MANAGER • USER • MAINTAINER

  33. Some Quick Notes About Roles • Many devices today can support numerous roles • A Utility may implement all or a subset of the devices capabilities (roles) • A role may be implemented more than once within a substation automation system

  34. Example Substation Architecture

  35. Role to Device Mapping Example PROTECTION RELAY and MERGING UNIT

  36. Role to Device Mapping Example COMMUNICATIONS PROCESSOR

  37. Role to Device Mapping Example DIGITAL FAULT RECORDER & METER

  38. Role to Device Mapping Example HUMAN MACHINE INTERFACE (HMI)

  39. SUBSTATION GATEWAY

  40. Role to Device Mapping Example REMOTE TERMINAL UNIT (RTU)

  41. Role to Device Mapping Example PROGRAMMABLE LOGIC CONTROLLER (PLC)

  42. Substation Automation Security Profile Processing & Communications of Measurements, Notifications, & Control Signals Within & Amongst Substation Components used to Operate, Control, & Protect the Electric Grid • Security of automated functions found in transmission and distribution substations, including system monitoring, switchgear control, and system protection • Considered “in scope”: • Equipment inside the substation perimeter (i.e., fence, building, or other enclosure) • Interfaces to substation equipment for communications with remote sites and other facilities • Direct communications between substations (e.g., transfer trip)

  43. UCAIug SummitSG Security Session18 November 2011Austin, TX Industry Updates Action Items & Closeout

  44. CSWG Update • Subgroups • DPG • Privacy • High Level Requirements • Architecture • Testing & Certification • AMI Security • F2F • GridInterop, December 5, 2011, 3:30-5:00 CT, Phoenix • Cyber Physical conference in April 23-24, 2012, Gaithersburg, MD • CSWG F2F April 24-25, 2012, Sterling, VA

  45. NERC Update • 2011 GridEx – Cybersecurity exercise completed yesterday • Smart Grid Task Force • Cyber Attack Task Force • Severe Impact Resiliency

  46. Questions? darren@utilisec.com SG Security WG Collaboration Site http://osgug.ucaiug.org/utilisec

More Related