240 likes | 486 Views
Cyber Security working Group November 2010. Marianne Swanson Marianne.swanson@nist.gov December 1, 2010. Agenda. Industry Update: FERC Standards Review (Annabelle Lee) CSWG PAP liaisons and their involvement in the PAPs will be discussed
E N D
Cyber Security working GroupNovember 2010 Marianne Swanson Marianne.swanson@nist.gov December 1, 2010
Agenda • Industry Update: FERC Standards Review (Annabelle Lee) • CSWG PAP liaisons and their involvement in the PAPs will be discussed • CSWG Standards subgroup lead will provide a review of what the standards subgroup has accomplished and the standard template the CSWG uses for the standard review process • CSWG 3-year Plan (Marianne Swanson) November 30-December 3, 2010 2
FERC Standards Update Annabelle Lee annabelle.lee@ferc.gov November 30-December 3, 2010 3
Standards Subgroup & PAP Liaisons Frances Cleaveland November 30-December 3, 2010 4
CSWG Standards Subgroup • Mission • Identify and assess the cyber security contained within standards that are commonly used in smart grid applications to ensure adequate cyber security coverage is included • Where adequate coverage is not included, to recommend changes that should be made to the standard or other standards that should be applied • Have assessed 5 IEC standards and submitted them to FERC • Have just finished assessing 9 standards from the NIST Priority Action Plans (PAPs) November 30-December 3, 2010 5
Standards Review Template • General introduction • Standards are at different layers in GWAC Stack • Cybersecurity must reflect the environment where a standard is implemented, not the standard itself • Standards include recommended practices and guidelines (could, should, may) , as well as “thou shalt” standards • Cybersecurity includes defense-in-depth – not only prevention, but attack detection, notification, coping during an attack, and retaining a audit trail • Cybersecurity aspects of the standard: • Assumptions • Cybersecurity content • Should the document contain cybersecurity? • Mapping of security requirements to the NISTIR 7628 Catalog • Approval/Disapproval • Recommendations for next actions on cybersecurity November 30-December 3, 2010 6
Important Note: Assess Standards at their Appropriate GWAC Stack Layer November 30-December 3, 2010 7
CSWG PAP Liaison Responsibilities • Liaison twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSWGLiaisonInformation • Responsibilities • Does the PAP, in general, cover cyber security? • Is there a need for information assurance, protection, confidentiality, integrity, and / or availability within the PAP work? • Is there a need for a network stack within the PAP? If yes, then cybersecurity needs to be added and/or reviewed. • Is there a need for function definitions within the PAP? If yes, then cybersecurity needs to be added and/or reviewed. • Is there a need for service definitions within the PAP? If yes, then cybersecurity needs to be added and/or reviewed • Are there existing cyber security requirements within the PAP? If yes, then cybersecurity needs to be reviewed and evaluated November 30-December 3, 2010 8
CSWG PAP Liaison Responsibilities (con’t) • Responsibilities continued • Has the NISTIR 7628 been reviewed for applicable sections to the PAP? If no, then should it be reviewed? If yes, was the NISTIR 7628 adequately covered? • Have there been any PAP timelines, due dates and deliverables established? If yes, then the CSWG and the Standards subgroup need to be notified and coordination with the Standards subgroup needs to be established • If the PAP needs to cover cybersecurity or partially covers cybersecurity and needs more, then the CSWG PAP liaison should: • Start actively participating in the PAP meetings and document reviews • Report back to the CSWG and the CSWG Standards subgroup • Participate in the cyber security review of the documents for the PAP • Provide a brief status report on each Monday morning CSWG call November 30-December 3, 2010 9
Five IEC Interoperability Standards Reviewed by NIST for Cyber Security Gaps, then Passed to FERC IEC 60870-6 (better known as ICCP) Security provided by IEC 62351-3 (TLS over TCP/IP) and -4 (for MMS) IEC 61970 (Common Information Model (CIM) for transmission wires modeling) Abstract “Semantic Model” so no security needed in the standard IEC 61968 (CIM for distribution, AMI interfaces, asset management) Abstract “Semantic Model” so no security needed in the standard Recognition that security for CIM implementations is still lacking IEC 61850 (for substation automation, distribution automation, and Distributed Energy Resources (DER) Security provided by IEC 62351-3 (TLS over TCP/IP), -4 (for MMS), and -6 (for GOOSE) IEC 62351 Cyber Security Series (1-8) November 30-December 3, 2010 10
Nine “Standards” Released by NIST Priority Action Plans (PAPs) PAP 0: Meter Upgradeability Guidelines – addressed cyber security appropriately and mostly completely PAP 1: Internet Protocol Suite – IPsec and TLS. Recommended improved network and system management by “combining” SNMP and NetConf PAP 2: Wireless – identified cyber security measures at individual equipment level, but not at wireless system level PAP 4: Scheduling – ws-calendar is an abstract model, so no need to address cyber security in the standard PAP 5: Metering – identified some security issues with ANSI C12.xx November 30-December 3, 2010 11
Nine “Standards” Released by NIST Priority Action Plans (PAPs) (cont’d) PAP 10: Energy Usage – the NAESB Energy Usage models are abstract, so no need to address cyber security in the standard PAP 11: Plug-In Electric Vehicles – 3 standards Two SAE standards were acceptable from a cyber security perspective with some recommendations (electrical charger connections and PEV Use Cases) Third SAE standard had cyber security and design problems (partially since SEP 2.0 does not exist yet). Corrections will be made. November 30-December 3, 2010 12
Next Standards Assessment Efforts Next standards to be assessed will be the “AMI” Standards, including the ANSI C12.xx series In the works --- PAP 3: Common Price Communication Model PAP 7: Energy Storage and Distributed Energy Resources (ES-DER) – defined in IEC 61850-7-420 and being mapped to both SEP 2.0 and DNP3 PAP 8: Distribution Management – Use Cases being defined in IEC 61850 (interactions with field devices) and in CIM (application-to-application interactions) PAP 9: Standard Demand Response Signals PAP 12: Mapping between IEC 61850 and DNP3 November 30-December 3, 2010 13
Contact Information for Standards Subgroup • Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSCTGStandards • Meetings: Fridays 13:00 Eastern • Dial-in Information: 866-802-3515 X2817109# • Mailing list: csctgstds@nist.gov • To join the mailing list contact tanya.brewer@nist.gov • Chair contact information • Frances Cleveland (fcleve@xanthus-consulting.com) November 30-December 3, 2010 14
CSWG 3-Year Plan Marianne Swanson Marianne.swanson@nist.gov November 30-December 3, 2010 15
CSWG 3-Year Plan Goal 1: Review identified standards against the requirements in the NIST Interagency Report (IR) 7628, Guidelines to Smart Grid Cyber Security • National Electrical Manufacturers Association (NEMA) Upgradeability Standard (Q1 FY11) • Smart Meter/ Advanced Metering Infrastructure (AMI) – related standards (Q2 FY 11) • Institute of Electrical and Electronics Engineers (IEEE) 1547 and other standards related to renewable energy sources (Q3 FY 11) • Electric vehicle-related standards (Q4 FY11) • Demand Response (DR) and Home Area Network (HAN)-related standards (Q2 FY12) • Cyber Security-related standards (Q1 FY12) • New standards developed (Q1 FY11 – Q4 FY13) November 30-December 3, 2010 16
CSWG 3-Year Plan Goal 2 – Design and build a conformity testing framework • Establish a Testing & Certification subgroup in the Cyber Security Working Group (CSWG) (Q1 FY 11) • Build a conformance test method for security to test AMI Upgradeability Standards (Q3 FY 12) • Design a virtual test environment for use and posting of test tools, stubs, and drivers (Q4 FY12) • Work with industry on the usability of the virtual test environment and improve the capability based on industry needs (Q4 FY13) • Develop derived test requirements (DTR) and test reference material for security conformance activities of Federal Energy Regulatory Commission (FERC)-accepted standards (Q1FY12 – Q4 FY13) November 30-December 3, 2010 17
CSWG 3-Year Plan Goal 2 – Design and build a conformity testing framework • Scope and charter for the Testing & Certification subgroup (Q1 FY11) • Documented test conformance methodology (Q3 FY 12) • DTR (Q4 FY 12) • Successful test demonstration (Q1 FY 13) • Test report showing results (Q1 FY 13) • DTR and test reference reports for security conformance (Q4 FY13) November 30-December 3, 2010 18
CSWG 3-Year Plan Goal 3 – Conduct outreach, coordination, and collaboration • Continued coordination and chairing of the CSWG (Ongoing) • Conduct outreach and education meetings to stakeholders across the United States (Ongoing) • Develop an introduction to the NISTIR 7628 (Q1 FY11) • Coordinate and collaborate with the Smart Grid Interoperability Panel (SGIP) Priority Action Plans (PAPs) (Ongoing) • Coordinate and collaborate with OpenSG (Ongoing) • Begin initial discussion, collaboration with NERC, and ICS related organizations/activities (Q2 FY11) • Provide guidance on implementing cyber security (Q2 FY 12 – Q2 FY13) November 30-December 3, 2010 19
CSWG 3-Year Plan Goal 4 – Further development and refinement of specific Smart Grid areas • Further identification of research and development (R&D) areas (Ongoing) • Explore SCAP implementation for Smart Grid applications; develop SCAP Smart Grid protocols (Q3 FY11 – Q4 FY 13) • Develop complementary smart grid security architecture to the SGIP-AC conceptual architecture (Q4 FY 11) • Expanding research and discussion potential privacy issues in commercialized and industrial settings, and with electric vehicles (Q2 FY12) • Accelerate the standardization of a set of AMI security requirements (Q4 FY11) November 30-December 3, 2010 20
CSWG 3-Year Plan (cont’d.) Goal 4 – Further development and refinement of specific Smart Grid areas • Pilot Smart Grid and industrial control systems (ICS) security requirements (Q4 FY13) • Research data management and the possible relationship to cloud computing (Q4 FY13) • Research the unique supply chain issues around electric sector-specific products (Q4 FY12) November 30-December 3, 2010 21
Testing & Certification • Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSCTGTesting • Meetings: Tuesdays at 11:00 Eastern • Dial-in Information: 866-793-6322 X3836162# • Mailing list: csctgtest@nist.gov • To join the mailing list contact tanya.brewer@nist.gov • Co-Chair contact information • Nelson Hastings: nelson.hastings@nist.gov • Sandy Bacik: sandy.bacik@enernex.com • Robert Former: Robert.Former@itron.com November 30-December 3, 2010 22
Testing & Certification • Completed • SGIP Testing & Certification Committee Contributions • Interoperability Process Reference Manual contributions of a basic security test definition and security testing best practices • WIP • Compile list of security testing frameworks that provide repeatable testing structures • Compile list of security testing questions for utilities to use in request for proposals (RFPs) • Compile list of security test case topics • Compile list of general security test requirements based on the NISTIR 7628 volume 1 • Compile list of general security test requirements based on the CSWG AMI-SEC subgroup requirements November 30-December 3, 2010 23
Wrap-up • Thank you to everyone for your contributions and support • Teleconference Day & Time: Mondays, 11am Eastern Time (-5:00 GMT) • Call-in number: 866-745-6097 Participant passcode: 7413006 • Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG November 30-December 3, 2010 24