Professional Documents
Culture Documents
q
q
q
q
NIST 7628
IETF RFC6272
NIST SP800-53
IEC 62351
q
q
CNSRL
End-to-End Communication
q The Key to Smart Grid Architecture
CNSRL sonomainnovation.com
q
(Confidentiality)
(Integrity)
/
(Authenticity/Non-repudiation)
(Availability)
q
CNSRL
(2)
q
q
CNSRL
q
q
q (DHS)(DOE)
q
q Do not rely on proprietary protocols to protect your system
CNSRL
CNSRL
q Threat of Denial-of-Service
Dispatcher accessing power
substation control
Customer accessing his bank
account
CNSRL
q Limited Resources
Narrowband communication
Not enough computation power
q Geographical location
Wide-spread, remote sites
Difficult to conduct /implement security measures
CNSRL
q
q
q
CNSRL
CNSRL
q ANSI - American National Standards Institute
q CIGRE International Council on Large Energy Systems
q FERC Federal Energy Regulatory Commission
q IEEE Institute of Electrical and Electronics Engineers
q IEC International Electro-technical Commission
q IETF - Internet Engineering Task Force
q ISA International Society of Automation
q ISO - International Organization for Standardization
q NERC - North American Electric Reliability Corporation
q NIST National Institute of Standards and Technology
q PSRCPower Systems Reliability Committee
CNSRL
National Institute of Standards and Technology
(NIST)
q
q
q 2009/4
16
Phase 1 Roadmap and Smart Grid Release 1
Phase 2 Public-Private Partnership for Longer-Evolution
Phase 3 Testing and Certification Framework
(April, May, August)
CNSRL
q 20122NIST Smart
Grid Interoperability Standard Release 2.0
CNSRL
Critical Infrastructure
q Cyber Security
Coordination Task Group (CSCTG)
(NIST)
CNSRL
IEC
q 175
q TC57
(Supervisor Control And Data
Acquisition, SCADA)
57
q TC
WG 3 IEC 60870-5
WG 10 IED IEC 61850
WG 13 - IEC 61970
WG 14 - IEC 61968
WG 15 IEC 62351
WG 16 IEC 62325
WG 17 IEC 61850-7-420
WG 18 IEC 61850-7-410
WG 19 TC 57 CIM SCL
WG 20 PLC IEC 60495, IEC 60663
CNSRL
Cyber Security Documents
q DHS Catalog
q NIST SP 800-53
q NERC CIPs (1-9)
CNSRL
n
n
CNSRL
q Access Control
q Awareness and Training
q Audit and Accountability
q Security Assessment and Authorization
q Configuration Management
q Contingency Planning
q Identification and Authentication
q Incident Response
q Maintenance
q Media Protection
q Physical and Environmental Protection
q Planning
q Personnel Security
q Risk Assessment
q System and Service Acquisition
q System and Communication Protection
q System and Information Integrity
CNSRL q Program Management
NISTIR 7628
q NIST
CNSRL
NIST SP 800-53
CNSRL
NIST SP 800-53
q
q
CNSRL
RFC 6272
q
(Internet Protocol Suite, IPS)
RFC 627225
(Request for Comments, RFC)
CNSRL
IEC 61850
q A popular standard for communication in Energy/
Substation automation
q The successor of
IEC60870-4-104
DNP3
q Addressing
Standardized data format/model
Interoperability of devices from different
manufacturers
CNSRL
IEC 62351
q
q IEC 62351
IEC 61850DNP3.0IEC 60870-5IEC 60870-6
CNSRL
IEC 62351 Scope
q Developed for different profiles of the three
communication protocols:
IEC 60870-6 (ICCP, TASE.2)
IEC 60870-5 and its derivatives
IEC 61850
CNSRL
IEC 62351 Scope
q Developed for different profiles of the three communication
protocols:
IEC 60870-6 (ICCP, TASE.2)
IEC 60870-5 and its derivatives
IEC 61850
CNSRL
IEC 62351 Scope
q Developed for different profiles of the three communication
protocols:
IEC 60870-6 (ICCP, TASE.2)
IEC 60870-5 and its derivatives
IEC 61850
CNSRL
Mapping of IEC TC 57
Communication Standards to
IEC 62351 Parts 7-11
CNSRL
CNSRL
q IEC 62351 q NERC-CIP
addresses the substation generally for energy operators
automation systems q ISO 27000, NIST 800-53
q ISA 99, IEEE P1686 mainly targeted to IT
directly address industrial environments
automation systems. q NIST SP800-82, NIST
SP800-53
explicitly for industrial control
systems
CNSRL
q NIST 7628
q ISO-27001
1.
(Risk Assessment)
2.
(Risk Analysis)
3. (Ex:CIPIEEE
IEC , etc)
q NERC CIP
4a. 4b.
5.
CNSRL
CNSRL
q
q
CNSRL
TLS
q
q
q
q
CNSRL
(Public Key Infrastructure, PKI)
q
CNSRL
(2)
q
q PKI
q
CNSRL
PKI
q
Certificate Trust List PKI Trust Model
q
Hierarchical PKI Trust Model
q
Mesh PKI Trust Model
q
Bridged CA PKI Trust Model
CNSRL
PKI
q (Safety)
q (High Availability)
q (Real-Time Operation)
q (Legacy Support)
q (Scalability)
q (Upgradeability)
q (Policy Enforcement)
q (Flexibility)
q (Interoperability)
q (Existing Structure Integration)
q (Virtual Borders)
q (Naming Convention)
q (External Equipment)
CNSRL
Conclusions
q Many Existing Proposals & Solutions
q Many Challenges
q How can we make sure its safe & secure?
q Security Expert Proves Hacking the Smart Grid Is a Snap
by Ariel SchwartzWed Sep 2, 2009
http://www.fastcompany.com
rdist.root.org/category/hardware/
CNSRL
CNSRL