1 / 14

Intelligrid “The need for a comprehensive security framework”

Intelligrid “The need for a comprehensive security framework”. Presented to EUTC November 2008. Dennis Holstein (OPUS Publishing) Thomas Kropp (DYONYX) Keith Stouffer (NIST). The vision of Intelligrid. An extensive scope reaching from the generating plant to appliances in the home

karah
Download Presentation

Intelligrid “The need for a comprehensive security framework”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intelligrid“The need for a comprehensive security framework” Presented to EUTC November 2008 Dennis Holstein (OPUS Publishing) Thomas Kropp (DYONYX) Keith Stouffer (NIST)

  2. The vision of Intelligrid • An extensive scope reaching from the generating plant to appliances in the home • Requirements space highly complex (legacy and future systems) • Focus is on: • Who is involved • What data is exchanged • How the data is exchanged (Quality of Service requirements) • Security is a complicated and multi-faceted topic created by the interdependency of: • Security Domain security policy • Security Implementations • Communication technology • Intelligrid provides an architecture upon which to build interoperable technical solutions Intelligrid Security Framework

  3. Suggestions from Intelligrid analysis Some examples • Approximately 26 security policies identified • Intelligrid leaves the analysis up to the user to determine what services need to be addressed • The trade space to perform the analysis is multi-dimensional and requires • High degree of security expertise and power system domain expertise • A System Dynamics Model is needed to develop a relative rank ordering of viable options O=optional, M=mandatory Intelligrid Security Framework

  4. Comm technology recommendations Intelligrid Security Framework

  5. Technologies that need to be created • No standard for audit record format or mechanism to retrieve and aggregate such records • No standard to enforce physical access • Physical access is presumed in many security scenarios • Users must develop their own physical access control and monitoring system • No technological mechanism through which to exchange security service definitions/availability from one domain to another • No technological mechanism through which to request a given communication path or quality of security • Technologies are available to determine the path that a given communication packet traveled (e.g. source routing • More disturbing is that no authoritative work regarding the use of security as a quality of service to be provided Intelligrid Security Framework

  6. Major concern - Certificate Revocation Lists • No well-defined methodology or technology to disseminate Certificate Revocation Lists (CRLs) within a security domain • Only minimal work in regards to the actual behavior from a communication perspective once a in-use certificate has been revoked • Suggest that communication be terminated a certificate has been revoked • Loss of communication at an inopportune time must be carefully considered Intelligrid Security Framework

  7. The challenges are clear – some suggestions • First and foremost we need a comprehensive security solution • Address all domains within the scope of Intelligrid • Need to focus on an “infosec” solution not a “comsec” solution • Don’t think in terms of point-to-point communications • Think in terms of data which has a point of presence and should be available to all who have legitimate need for its use • Security should be applied as close to the source of data creation as possible • Access control and use rights should be carried with the data for its lifetime regardless of the communication path or its storage repository • Cost of confidentiality must be balanced with system performance Intelligrid Security Framework

  8. Identity Management Platform/Device Management PK/PKI Operational Environ Who are you? Where are you? Federation Device Permission Management Authorization Authorization ANSI X9.69 What are you allowed to do? Putting all together – security view Note: ANSI X9.73 and X9.96 complement X9.69, conversion to ISO/IEC 22896 in work Intelligrid Security Framework

  9. Secure communication through data protection Individual Characteristics Data Characteristics • Identity – Who is this person? What role does he play in the organization? How is he identified (token, biometric, key fob)? • Environment – Where is he? What kind of network connection does he have? What kind of security is on his computer? • Authorization – What is this person allowed to see or do in reference to sensitive information? • Availability – How easily can the data be accessed? • Integrity – How reliable is the data? • Where did it come from and has it been altered in any way? • Confidentiality – Are only those authorized to see the data allowed access? Is it protected from everyone else? ANSI X9.69 technology is a, standards-based, cryptographic key management technology that provides role-based access control of information enforced by cryptography. Intelligrid Security Framework

  10. Discriminators of X9.69 implementation • End-to-end security, not just in the Tunnel • Protects the object, permitting granular management of info • System owner has tools to set own risk management rules • Allows for information sharing of work in process • Object management and need-to-know access, permits controlled, interactive processing • Access to information objects, is designed for a need-to-know environment and is rigidly enforced • Travelers can retain Privacy when working off-line • Keys not distributed; and Recovery is 100% • Simple, comprehensive, Key Management System, allows for flexibility and works with or without a PKI. • Standard, industry approved cryptographic algorithms supported Intelligrid Security Framework

  11. Secure Information Sharing and Collaboration • A threat is received at the Federal Level and analyzed. A Threat Alert needs to be dispersed to all agencies and accessed on a need-to-know and need-to-share basis. Different Access Control Credentials are applied to different parts of the Threat Alert. The Threat Alert is distributed to all agencies - only those recipients with the proper Roles & Permissions will be able to access all or part of document. Intelligrid Security Framework

  12. In summary • Intelligrid security options are discussed in the EPRI reports • Sorting out the options is a daunting task • You have to have considerable security expertise with a very strong understanding of power system operations • Commercial solutions are available • ANSI X9.69-based security is a comprehensive solution that can extend though all domains of Intelligrid • We then have a cost-effective coherent security solution for Intelligrid • Security management is pushed to the lowest level – nearest the application • Legacy systems need implementations that do not require changes to existing hardware and software Intelligrid Security Framework

  13. Source references • Intelligridhttp://intelligrid.epri.com/ • ANSI http://webstore.ansi.org/subscriptions/ • ISO http://www.iso.org/iso/en/ Intelligrid Security Framework

  14. Thank you for your attention Dennis Holsteinholsteindk@ieee.org Thomas Kropptom.kropp@dyonyx.com Keith Stoufferkeith.stouffer@nist.gov

More Related