Transcript IEC TC57 WG15 Status Report

TC 57
IEC TC57 WG15 - Security
Status & Roadmap,
July 2008
Frances Cleveland
Convenor WG15
TC 57
Scope of WG15 on Security
 Undertake the development of standards for security of
the communication protocols defined by the IEC TC 57,
specifically the IEC 60870-5 series, the IEC 60870-6
series, the IEC 61850 series, the IEC 61970 series,
and the IEC 61968 series.
 Undertake the development of standards and/or
technical reports on end-to-end security issues.
WG15 Status October 2007
3
Security Functions vs. Threats
TC 57
Confidentiality
Unauthorized
Access to
Information
Integrity
Availability
Unauthorized
Modification or Theft
of Information
Denial of Service or
Prevention of
Authorized Access
Listening
Interactions
Planted in System
Eavesdropping
Masquerade
Virus/Worms
Traffic Analysis
Bypassing
Controls
Trojan Horse
EM/RF
Interception
Denial of Action that took
place, or Claim of Action
that did not take place
After-the-Fact
Trapdoor
Authorization
Violation
Indiscretions
by Personnel
Non-Repudiation
Stolen/Altered
Service Spoofing
Repudiation
Physical
Intrusion
Media
Scavenging
Modification
Intercept/Alter
Repudiation
Man-in-the-Middle
Denial of Service
Integrity Violation
Resource
Exhaustion
Theft
- Desired
Replay
Integrity Violation
- Actively Being Addressed
WG15 Status October 2007
4
Security Functions, Threats, and WG15 Work Pattern
Integrity
Availability
Non-Repudiation
Unauthorized Modification
or Theft of Information
Denial of Service or
Prevention of
Authorized Access
Denial of Action that took place,
or Claim of Action that did not
take place
Confidentiality
Unauthorized
Access to
Information
Data
Backup
Identity
Establishment,
Quality, and Mapping
Authentication
Credential Establishment,
Conversion, and Renewal
Passwords
Role-Based Access Control
Public Key
Infrastructure (PKI)
IEC62351 Security
for TASE.2, DNP, 61850
Certificates
Telecomm
Virtual Private
Network (VPN)
Intrusion Detection
Systems (IDS)
Firewalls with Access
Control Lists (ACL)
Certificate and
Key Management
Anti-Virus/
Spy-ware
Network and System
Management (NSM)
New Work
Transport Level
Security (TLS)
Audit
Logging
WPA2/80211.i
for wireless
AGA 12-1 “bumpin-the-wire”
Digital
Signatures
Security Management
Symmetric and Asymmetric Encryption (AES, DES)
Security Testing, Monitoring,
Change Control, and Updating
Security Risk
Assessment of Assets
Security Compliance
Reporting
Being Addressed by many other bodiesCigre,
During-Attack Coping and
Post-Attack Recovery
Security Policy
Exchange
Security Incident and
Vulnerability Reporting
Corporate Security Policy and Management
Security Attack
Litigation
Utilities
CRC
TC 57
Status of Security Documents, May 2007
 IEC 62351: Data and Communications Security
 Part 1: Introduction
 Part 2: Glossary
 Part 3: Security for profiles including TCP/IP
 Part 4: Security for profiles including MMS
 Part 5: Security for IEC 60870-5 and derivatives
 Part 6: Security for IEC 61850 profiles
 Part 7: Objects for Network Management
Issued as CD, (NWIP)
Submitted as DTS ver 2 January 2007. Comments being awaited
Submitted as Technical Specifications in Dec 2006, being finalized by IEC
WG15 Status October 2007
7
TC 57
For increased power system reliability and
security in the future, the two closely
intertwined infrastructures must be designed,
implemented, and managed as a whole …
1.Power System Infrastructure
Operators, Engineers,
& Other Users
Central Generating
Plant
Step-Up
Transformer
Distribution
Substation
Control Center
2. Information Infrastructure
Gas
Turbine
Transmission
Substation
Distribution
Substation
Diesel
Engine
Distribution
Substation
Microturbine
Data Concentrator
Diesel
Engine
Commercial
Fuel
cell
Photo
voltaics
Cogeneration
Batteries
Wind
Industrial
Commercial
Residential
WG15 Status October 2007
8
TC 57
Security Monitoring
Architecture Using NSM
S ecu rity M o n ito rin g A rch itectu re, U sin g N S M D ata O b jects
C ontrol C enter
E ngineering
S ystem s
H istorical D atabase
and D ata Interface
T A S E .2 link to
E xternal S ystem s
ID S
Firew all
Firew all
S ecurity
C lient
O perator U ser
Interface
S C A D A S ystem
ID S
W AN
L eg en d :
S ubstation
Firew all
C lients
ID S
S ecurity
S erver
S ervers
S ubstation
M aster
C apacitor B ank
C ontroller
O ther
Firew all
PT
N S M D ata O bjects
Intrusion D etection
S ystem (ID S )
C ircuit
B reaker
CT
P rotection
R elay
Load T ap
C hanger
A utom ated
S w itch
V oltage
R egulator
Feeders
WG15 Status October 2007
9
TC 57
NERC’s Top Ten Vulnerabilities for
Control Systems
1. Inadequate policies, procedures, and culture that govern control
system security.
2. Inadequately designed control system networks that lack sufficient
defense-in-depth mechanisms.
3. Remote access to the control system without appropriate access
control.
4. System administration mechanisms and software used in control
systems are not adequately scrutinized or maintained.
5. Use of inadequately secured WiFi wireless communication for
control.
6. Use of a non-dedicated communications channel for command and
control and/or inappropriate use of control system network
bandwidth for non-control purposes.
7. Insufficient application of tools to detect and report on anomalous
or inappropriate activity.
8. Unauthorized or inappropriate applications or devices on control
system networks.
9. Control systems command and control data not authenticated.
10. Inadequately managed, designed, or implemented critical support
infrastructure
WG15 Status October 2007
10
TC 57
Format of Normative Clauses of Part 7 –
Using 61850 Naming and Style
Object
Da ta Type
De finiti on
Acce ss
M/ O
Configura tion Se ttings
E ndLst
OI List
List of end systems c onnect ed in net work.
r-w
O
NodLst
OI List
r-w
O
Pt hLst
OI List
List of interm ediate net work nodes, s uch
as routers, bridges, gat eways, etc
List of pat hs in net work
r-w
O
A CLLst
OI List
S et or update t he Access Cont rol List,
bas ed on the list of Object Identifiers
r-w
O
Pt hRoutLst
OI List
List of pat h routes and rout ing priorit ies t o
end devic es
r-w
O
ActS et
VS List
S et act ion st eps for equipment failures,
s uch as switch t o back up
r-w
O
Alarm s
E ndDct
Alarm
Det ection of a new end devic e in t he
net work
r-o
O
NodDct
Alarm
Det ection of a new net work node
r-o
O
Pt hDct
Alarm
Det ection of a new pat h
r-o
O
E ndLos
Alarm
Loss of connection wit h end device
r-o
O
NodLos
Alarm
Loss of connection wit h net work node
r-o
O
Pt hLos
Alarm
Loss of pat h
r-o
O
r-o
O
Value s
Control s
HrdP wr
Cont rol
Hardware
S witc h power on or off of a s pecified piece
of hardware – hard disc onnect from power
w-o
O
NodRs
Cont rol
S oft ware
Res et node through s oft ware capabilit ies
w-o
O
WG15 Status October 2007
11
TC 57
TC57 Security (62351) Roadmap
As of July 2008
NWIPs to be Issued
Current Work
•
•
•
•
•
Parts 1, 3, 4, 6 –
Finalized as TS
Standards
•
Party 2: Glossary –
CDV
• Implementation Specification
for IEC 60870-5
Part 5: Security for
IEC 60870-5
Protocols – CDV
Part 7: Network and
System
Management /MIBs
as CD
Part 8: Role-Based
Access Control
Activities by 2008
Remote Changing of Update
Keys for IEC 60870-5
• Conformance testing and
interoperability testing
• Security for Access to CIM
(Interfaces and RBAC)
• Security Architecture
On-Going
Coordination
• IEC TC65C WG10
• ISA, CIGRE D2.22
• EPRI,NERC, PCSF
• National Labs
• IEEE PSRC
• IEEE Security
P1711, P1686,
P1689
• TC57 WG03
• TC57 WG07?
To be issued 2008
WG15 Status October 2007
Current and Future
12
TC 57
Role-Based Access Control
 The scope of the proposed work is to define a
specification for the use of Role Based Access Control
not only in field devices but also for a whole system,
consisting of field devices, station control and network
control – the complete pyramid, in order to support end
to end security. The specification will refer to the
standards IEC 61970 CIM, IEC 61850 and IEC 62351
and also to ANSI INCITS 359-2004.
WG15 Status October 2007
13