Lemnos Interoperable Security Project & Cybersec-Interop TF

1. Lemnos Interoperable Security Project &Cybersec-Interop TF Status & Update 7/20/2011 Brian Smith & Slade Griffin EnerNex

2. Lemnos Project Background • Funded by DOE under the Cybersecurity for Energy Delivery Systems (CEDS) Research and Development Program • Ultimate goal is to make interoperability of devices supporting cyber security functions less difficult to the end users • Often labor intensive and requiring extensive security expertise by the end user • Installed configurations often different for various vendor pairs • Lemnos emphasizes the development and use of a common set of configuration parameters

3. Lemnos Process • Identifies various security functions needed within a Utility’s control system • Matches security functions to specific Internet Engineering Task Force (IETF) RFCs • Develops INTEROPERABLE CONFIGURATION PROFILES (ICP) for identified RFCs • Identifies specific requirements for RFC • Tests to validate the ICPs

4. Lemnos Project Partners • EnerNex (Prime Contractor to DOE) • Sandia National Laboratories (FFRDC) • Directly funded by DOE • Tennessee Valley Authority (Utility/End User) • Schweitzer Engineering Laboratories • Sub contractor to EnerNex

5. Participating Vendors • Participating Vendors To Date • Cisco • Encore Networks • GarrettCom • Industrial Defender • N-Dimension • Phoenix Contact • Ruggedcom • Siemens

6. Current Lemnos Project Status • Security functions and protocols identified to date • Messaging (Syslog) • Centralized Authentication (LDAP) • Secure channel (IPsec) • Secure remote access (SSH) • Lab testing and field testing continues • DOE funding ending this year • Looking for potential industry sponsorship for future work • Looking for utility input to identify priorities

7. Upcoming Lemnos Milestones • Testing at TVA • Ongoing (continuing on into Q3/Q4 2011) • Lab and field testing of commercial product by SEL • Lab Testing with Participating Vendors at EPRI Smart Grid Substation Lab in Knoxville, TN • June 2011 (COMPLETE) • IPsec and Syslog • August 2011 • IPsec, Syslog, SSH, LDAP

8. EPRI Testing Architecture IPsec and Syslog

9. EPRI Testing Architecture SSH

10. Lemnos and CyberSec-Interop TF • Goal is to establish relationship between the Lemnos Project and SG Security/Cybersec-Interop TF similar to what has been done with ASAP-SG • Cybersec-Interop TF provides long term stewardship of the ICPs • Preserves the Lemnos work after project completion • ICPs will be provided to OpenSG as they are completed by the Lemnos Project Team • OpenSG will vet, adopt, and maintain the ICPs and make them available to industry • Develop new ICPs in the future

11. Moving Forward • Challenges for Cybersec-Interop TF after handoff from Lemnos • Versioning of the ICPs • Moving forward, options in the IETF RFC’s will become deprecated to maintain alignment with NISTIR 7628 and other industry guidance • Difficult to maintain backwards compatibility • Interoperability may be at the ICP version level • Certification and Conformance • Additional details needed in ICPs?

12. For more Information • Brian Smith, EnerNex (Lemnos Project Manager) • bsmith@enernex.com • Slade Griffin, EnerNex • slade@enernex.com • Dave Teumim, Teumim Technical (Cybersec-Interop TF Chair) • dave431@enter.net