Security Profile for Distribution Management
| |
| Prepared for: The SG Cyber Security Working Group |
|
| Prepared by: The Advanced Security Acceleration Project for the Smart Grid (ASAP-SG) |
|
| Managed by: EnerNex Corporation 620 Mabry Hood Road Knoxville, TN 37923 USA (865) 218-4600 www.enernex.com |
|
 |
|
|
Version 1.0 |
Revision History Rev | Date | Summary | Marked | 0.01 | 20100513 | Outline established. | N | 0.02 | 20100520 | Outline revised. Use Cases added. | N | 0.03 | 20100624 | Outline revised. Use Cases updated. | N | 0.04 | 20100713 | Front matter added or edited. | N | 0.05 | 20100802 | Incorporated content from various sources to fill in sections. | N | 0.06 | 20100803 | A few new and modified controls. | N | 0.07 | 20100803 | Fleshed out explanatory prose in several sections. Also edited role descriptions and added material describing the approach. | N | 0.08 | 20100804 | Integrated policy controls and additional explanatory prose in several sections. Added a few new controls and brought out network segmentation controls more explicitly. | N | 0.09 | 20100807 | Added references. Edits in 3.1, 4.1, and 4.2. Incorporated glossary. | N | 0.10 | 20100811 | Reordered technical controls to match order in mapping table. Fixed table and glossary formatting. Misc edits throughout. Incorporated material for 2.2. | N | 0.11 | 20100812 | Misc edits throughout. | N | 0.12 | 20100816 | Added DER mapping for 2.2. Misc edits throughout. Dismissed internal commentary. | N | 0.13 | 20110314 | Added edits from the Usability Analysis review | N | 0.9 | 20110418 | Updated document version number to reflect document status | N | 0.91 | 20110912 | Additional edits from secondary review | Y | 0.92 | 20111014 | Clean version for voting review | N | 1.0 | 20120220 | Ratified by the SG Security Working Group, UCAIug | N | Executive Summary This guideline identifies best practices for securing automated distribution management (DM) functions in a smart grid environment, including steady state operations and optimization. This document addresses concerns related to using communications and automation in field equipment that controls the configuration and operation of the electric distribution system. Other electric system operation scenarios may also be addressed using this profile, as the various roles defined herein have been abstracted in such a way as to support mapping to different environments. This document defines a set of use cases and a corresponding set of security controls for systems and components that implement the use cases. The security controls in this document are based in part on the controls from the Department of Homeland Security Catalog of Control Systems Security (U.S. Department of Homeland Security, March 2010). The underlying approach is to define the function of DM systems through abstract roles and use cases; define broad security objectives for DM systems; identify potential failures for each role in the context of the use cases; define security controls to address the failures; and assign controls to the roles. The roles have been designed abstractly to ensure applicability across a range of DM applications. Likewise, the use cases have been designed to be modular in order to facilitate combining them in different arrangements to describe different business models. The primary audience of this document is organizations that are developing or implementing solutions providing various aspects of distribution management. This document is written at the normal level of utility security experience for system owners, system implementers and security engineers. Table of Contents Security Profile for Distribution Management 1 Introduction 10 Introduction 10 Scope 11 Field Equipment 11 Applications 12 Explicit Exclusions 13 Approach 13 Audience 14 How This Document Should Be Used 14 Disclaimer/Status 15 Functional Analysis 16 Functional Analysis 16 Roles 17 User 18 Maintainer 19 Central Application 19 Field Application 19 External Application 20 Information Repository 20 Control Authority 20 Actuator 21 Sensor 21 Role Mappings 21 Use Cases 27 Failure Analysis 65 Failure Analysis 65 Security and Operational Objectives 66 Failures 66 Security Controls 77 Security Controls 77 Required Network Segmentation 78 Policy Security Controls 81 Technical Security Controls 91 Appendix A:Use Case Notation Guide 112 Appendix B:Evaluating a Distribution Management System 115 Appendix C:Glossary and Acronyms 117 Appendix D:References 124 Appendix E:Magnified Use Cases 126
Table of Figures
Diagram: Use Case – Field Application Makes Decision 31 Diagram: Use Case – Field Application Requests Data from Sensor or Other Field Application 33 Diagram: Use Case – Actuator, Sensor, or External Application Sends Data to Information Repository 36 Diagram: Use Case – Information Repository Synchronizes with Another Information Repository 37 Diagram: Use Case – Information Repository Processes New Data 40 Diagram: Use Case – Central Application Processes New Data 43 Diagram: Use Case – User Directs Application to Take an Action 46 Diagram: Use Case – User Enters Data via Central Application 48 Diagram: Use Case – User Initiates Application Mode Change 51 Diagram: Use Case – User Initiates Application Parameter Change 53 Diagram: Use Case – Control Authority Processes Directive for Actuator 58 Diagram: Use Case – Central Application or Information Repository Requests Data from Field Application or Sensor 61 Diagram: Use Case – External Application Processes New Data 63 Diagram: Use Case – External Application Sends Directive to Control Authority 64 Diagram: Use Case – Field Application Makes Decision 127 Diagram: Use Case – Field Application Requests Data from Sensor or Other Field Application 128 Diagram: Use Case – Actuator, Sensor, or External Application Sends Data to Information Repository 129 Diagram: Use Case – Information Repository Synchronizes with Another Information Repository 130 Diagram: Use Case – Information Repository Processes New Data 131 Diagram: Use Case – Central Application Processes New Data 132 Diagram: Use Case – User Directs Application to Take an Action 133 Diagram: Use Case – User Enters Data via Central Application 134 135 Diagram: Use Case – User Initiates Application Mode Change 136 Diagram: Use Case – User Initiates Application Parameter Change 136 Diagram: Use Case – Control Authority Processes Directive for Actuator 138 Diagram: Use Case – Central Application or Information Repository Requests Data from Field Application or Sensor 139 140 Diagram: Use Case – External Application Processes New Data 141 141 Diagram: Use Case – External Application Sends Directive to Control Authority 142 Table of Tables
Acknowledgements The Advanced Security Acceleration Project for Smart Grid (ASAP-SG) would like to thank: Supporting utilities, including American Electric Power, BC Hydro, Con Edison, Consumers Energy, Florida Power & Light, National Grid, Oncor, and Southern California Edison. Supporting organizations including The United States Department of Energy and the Electric Power Research Institute. The utility and vendor representatives that provided ASAP-SG with essential foundational knowledge and insight into the Distribution Management problem space, with a special thanks to Oncor and American Electric Power. ASAP-SG would also like to thank the Department of Homeland Security (DHS) Cyber Security Division, National Institute of Standards and Technology (NIST) Computer Security Division, North American Reliability Corporation (NERC), and Smart Grid Today for the works that they have produced that served as reference material for the Security Profile for Distribution Management. The ASAP-SG Architecture Team included resources from Consumers Energy, EnerNex Corporation, InGuardians, Oak Ridge National Laboratory, the Software Engineering Institute at Carnegie Mellon University, and Southern California Edison. Authors Glenn Allgood Len Bass Bobby Brown Kevin Brown Matthew Carpenter Jim Cebula Slade Griffin Teja Kuruganti Howard Lipson Jim Nutaro Justin Searle Brian Smith James Stevens
Edited by: Darren Highfill and James Ivers |