AMI-SEC_Face-to-Face_Presentation_20080625_bb

Download Report

Transcript AMI-SEC_Face-to-Face_Presentation_20080625_bb

AMI-SEC Task Force
New Orleans Face-to-Face Meeting @ Entergy
System Security Architectural Description
Darren Reece Highfill, CISSP
EnerNex Corporation
[email protected]
Agenda
•
•
•
•
•
•
•
AMI-SEC Roadmap
UtiliSEC
Relevant Security Work (reference material)
Use of Public Networks
Security Use Cases
System Security Architectural Description
Planning and Logistics
Formation
Initial
Discussions
Charter
Scope,
Def’n
Process
Discussions
External
Interfaces
SDLC
IEC
Init
IEEE
Dev/Acq
FAQ
Risk
Assm’nt
NIST
Arch
Descr
Comp
Catalog
Implt’n
Guide
Impl
Sys Sec
Reqmt’s
Op/Maint
Testing
Decomm
Reports,
Recd’ns
ASAP
Support
Outreach
• Roadmap
–
–
–
–
1st cut at drawing complete
Put together outline
Parking Lot items
Volunteers for contributions
• FAQ
– On the SharePoint site, needs contributions
• Marketing Group
– UtilityAMI / OpenAMI / UtiliSEC
– Press releases
– Other collateral
Roadmap Outline
• Problem Statement
– Link to Charter, Scope, and
Definition
– Pictures?
• Target Audience
– How is the utility problem space
different (from e.g.: telecom)?
• Educational resources
• Reference material
– Landscape
• Technologies
• Why is AMI different from IT (or
SCADA)?
• Background
–
–
–
–
–
–
Purpose / Value Proposition
Goals
Risks
Benefits / Expectations
Scope
Roles, Responsibilities, External
Parties
– Timeline
– Cost
• Process
– How to find project resources
(e.g.: Tasks, Milestones,
Deliverables / Work Items)
– How to participate / contribute
– Dependencies
• Additional Resources
– FAQ
– ASAP
Agenda
• AMI-SEC Roadmap
• UtiliSEC
– Jeremy McDonald
•
•
•
•
•
Relevant Security Work (reference material)
Use of Public Networks
Security Use Cases
System Security Architectural Description
Planning and Logistics
SmartGrid
Architecture Framework
(Application View, Data View, Communication View)
UtiliSec SmartGrid
System Security Specification
- Requirements Organized by Capability Robustness (i.e., Low, Med, High)
- Organized by SmartGrid Application Framework (i.e., Loosely applied)
- Categorization based on Security Services (e.g., Confidentiality)
- Defines Risk Assessment Process (Probability + Impact)
UtiliSec SmartGrid
Remote Disconnect
Protection Profile
UtiliSec SmartGrid
Remote Meter Read
Protection Profile
UtiliSec SmartGrid
Premise DR
Protection Profile
UtiliSec SmartGrid
Remote Switch
Protection Profile
UtiliSec SmartGrid
Sensor
Protection Profile
UtiliSec SmartGrid
Sensor
Protection Profile
AMI
Profiles
Agenda
• AMI-SEC Roadmap
• UtiliSEC
• Relevant Security Work (reference material)
– Neil Greenfield
•
•
•
•
Use of Public Networks
Security Use Cases
System Security Architectural Description
Planning and Logistics
Agenda
•
•
•
•
AMI-SEC Roadmap
UtiliSEC
Relevant Security Work (reference material)
Use of Public Networks
– Open Discussion
• Security Use Cases
• System Security Architectural Description
• Planning and Logistics
Use of Public Networks
• Regulatory Issues:
– “Obligation to serve?”
• In-addition-to, not instead-of
– Third parties becoming de-facto utilities - regulatory gap
• Scope definition
– Relevance to AMI-SEC: points of interface
• Back office
• HAN (if/when third party interfaces with HAN at the meter)
– Reliability vs. Economics
• Third party gateways into the home
–
–
–
–
Energy management
Who owns / controls the gateway?
Load control – not allowed (indirect only)
C&I customers
• Motivation: “natural security?”
• Information model (CIM)
– Need guidance of AMI-SEC when that is created
Agenda
•
•
•
•
•
AMI-SEC Roadmap
UtiliSEC
Relevant Security Work (reference material)
Use of Public Networks
Security Use Cases
– Bobby Brown, Coalton Bennett
• System Security Architectural Description
• Planning and Logistics
External Interactions View (Contextual)
Third
Party
Customer
AMI
Utility
Customer Use Cases #1
Customer Accesses AMI Data:
Stimulus: Customers view a variety of information
gathered by AMI
Response: Customers make choices in response to
various pricing and/or emergency stimuli
Security Objectives:
• Customer wants their personal information only
accessible by desired targets (e.g. utility)
• Customer wants to receive their credit for enrolling in
a demand response program (availability)
Customer Use Cases #2
•Prepay
Stimulus: Customers use the AMI system to
prepay their accounts and read their current
balance.
Response: The AMI system tightly correlates the
electric service to the status of the customer
account
Customer Use Cases #3
Sub-Actors:
• Residential Customer
• Commercial Customer
• Industrial Customer
• Municipalities Customer
Utility Use Cases
• Remote Meter Reads
The AMI system permits the utility to remotely read meter data in
intervals so that customers may be billed on their time of use, and
demand can therefore be shifted from peak periods to off-peak
periods, improving energy efficiency.
• Remote Connect / Disconnect
The AMI system permits customers' electrical service to be remotely
connected or disconnected for a variety of reasons, eliminating the
need for utility personnel to visit the customer premises.
• Notification – Demand Reduction
The utility can notify customers through the AMI system that
demand reduction is requested for the purposes of either improving
grid reliability, performing economic dispatch (energy trading), or
deferring buying energy.
Third Party Use Cases
• Third Party Access
Third Parties (e.g. gas and water utilities,
contract meter readers, aggregators) access AMI
to read electrical meters, read gas and water
meters, or control third-party equipment on
customer premises.
AMI Use Cases
• Outage Management
The AMI system can be used to report outages with greater
precision than other sources, or verify outage reports from other
sources.
• Power Quality Analysis
The AMI system can be used to analyze the quality of electrical
power by reporting harmonic data, RMS variations, Voltage and
VARs, and can communicate directly with distribution automation
networks to improve power quality and fault recovery times.
• Distributed Generation Management
The AMI system can be used to detect, measure, regulate and
dispatch distributed generation by customers.
• Energy Theft
The AMI system can be used to report when customers are stealing
energy or tampering with their meter.
Agenda
•
•
•
•
•
•
AMI-SEC Roadmap
UtiliSEC
Relevant Security Work (reference material)
Use of Public Networks
Security Use Cases
System Security Architectural Description
– Bobby Brown, Coalton Bennett, James Ivers
• Planning and Logistics
System Security Architectural Description
•
Objectives and goals
–
•
•
Describe the abstract (logical, platform-agnostic) mitigation plan for
addressing requirements identified in the Risk Assessment / System
Requirements Document.
Approach
–
Architectural Representation of Security Systems
–
Logical Function Descriptions
–
System, Subsystem, and Function Boundaries
Reference: IEEE 1471-2000
System Security Architectural Description
•
Tell the story of the architecture
•
AMI is unique from most systems
– Heterogeneous environments
•
Utility Enterprise
•
Customer Premise
•
“Unknown / Variable” Territory in-between
– Heterogeneous sources and levels of control
•
Utility
•
Customer
•
Third Parties
System Security Architectural Description
•
Story cannot be told without talking about
environmental aspects
•
Views become cross-products of:
–
Function (business)
•
–
Context / Environment
•
–
Proximity, control
Service Category (security)
•
–
e.g.: meter read, load shed, etc…
e.g.: premise, communications, network ops, utility ops
User / Stakeholder
•
Concerns
What do we need next?
• Illustrations
• Spreadsheet: business functions vs. use cases
• Get all of the business functions defined
– Do business functions fit within the views?
• Steps
– Architecture
• Complete the views
• Identify business functions
• Validate view against functions
– Perform risk assessment against functions
– Apply requirements against risk
• Create flowchart illustrating the process
Agenda
•
•
•
•
•
•
•
AMI-SEC Roadmap
UtiliSEC
Relevant Security Work (reference material)
Use of Public Networks
Security Use Cases
System Security Architectural Description
Planning and Logistics
Planning / Logistics
• Next meeting dates
– F2F
• August 22nd, 9am-3pm EDT
– UtilityAMI WG meetings run 20th-22nd
• Hosted by EnerNex:
620 Mabry Hood Road
Knoxville, TN 37932
– Teleconferences:
• July 9th, 1-2pm EDT
• July 23rd, 1-2pm EDT
• August 6th, 1-2pm EDT