Security Profile for Distribution Management




НазваниеSecurity Profile for Distribution Management
страница1/15
Дата конвертации04.02.2013
Размер0.93 Mb.
ТипДокументы
  1   2   3   4   5   6   7   8   9   ...   15

Security Profile for Distribution Management







Prepared for:

The SG Cyber Security Working Group







Prepared by:

The Advanced Security Acceleration Project for the Smart Grid (ASAP-SG)







Managed by:

EnerNex Corporation

620 Mabry Hood Road

Knoxville, TN 37923

USA

(865) 218-4600

www.enernex.com




ucaiug_logo









Version

1.0



Revision History

Rev

Date

Summary

Marked

0.01

20100513

Outline established.

N

0.02

20100520

Outline revised. Use Cases added.

N

0.03

20100624

Outline revised. Use Cases updated.

N

0.04

20100713

Front matter added or edited.

N

0.05

20100802

Incorporated content from various sources to fill in sections.

N

0.06

20100803

A few new and modified controls.

N

0.07

20100803

Fleshed out explanatory prose in several sections. Also edited role descriptions and added material describing the approach.

N

0.08

20100804

Integrated policy controls and additional explanatory prose in several sections. Added a few new controls and brought out network segmentation controls more explicitly.

N

0.09

20100807

Added references. Edits in 3.1, 4.1, and 4.2. Incorporated glossary.

N

0.10

20100811

Reordered technical controls to match order in mapping table. Fixed table and glossary formatting. Misc edits throughout. Incorporated material for 2.2.

N

0.11

20100812

Misc edits throughout.

N

0.12

20100816

Added DER mapping for 2.2. Misc edits throughout. Dismissed internal commentary.

N

0.13

20110314

Added edits from the Usability Analysis review

N

0.9

20110418

Updated document version number to reflect document status

N

0.91

20110912

Additional edits from secondary review

Y

0.92

20111014

Clean version for voting review

N

1.0

20120220

Ratified by the SG Security Working Group, UCAIug

N

Executive Summary

This guideline identifies best practices for securing automated distribution management (DM) functions in a smart grid environment, including steady state operations and optimization. This document addresses concerns related to using communications and automation in field equipment that controls the configuration and operation of the electric distribution system. Other electric system operation scenarios may also be addressed using this profile, as the various roles defined herein have been abstracted in such a way as to support mapping to different environments.

This document defines a set of use cases and a corresponding set of security controls for systems and components that implement the use cases. The security controls in this document are based in part on the controls from the Department of Homeland Security Catalog of Control Systems Security (U.S. Department of Homeland Security, March 2010). The underlying approach is to define the function of DM systems through abstract roles and use cases; define broad security objectives for DM systems; identify potential failures for each role in the context of the use cases; define security controls to address the failures; and assign controls to the roles. The roles have been designed abstractly to ensure applicability across a range of DM applications. Likewise, the use cases have been designed to be modular in order to facilitate combining them in different arrangements to describe different business models.

The primary audience of this document is organizations that are developing or implementing solutions providing various aspects of distribution management. This document is written at the normal level of utility security experience for system owners, system implementers and security engineers.

Table of Contents

Security Profile for Distribution Management 1

Introduction 10

Introduction 10

Scope 11

Field Equipment 11

Applications 12

Explicit Exclusions 13

Approach 13

Audience 14

How This Document Should Be Used 14

Disclaimer/Status 15

Functional Analysis 16

Functional Analysis 16

Roles 17

User 18

Maintainer 19

Central Application 19

Field Application 19

External Application 20

Information Repository 20

Control Authority 20

Actuator 21

Sensor 21

Role Mappings 21

Use Cases 27

Failure Analysis 65

Failure Analysis 65

Security and Operational Objectives 66

Failures 66

Security Controls 77

Security Controls 77

Required Network Segmentation 78

Policy Security Controls 81

Technical Security Controls 91

Appendix A:Use Case Notation Guide 112

Appendix B:Evaluating a Distribution Management System 115

Appendix C:Glossary and Acronyms 117

Appendix D:References 124

Appendix E:Magnified Use Cases 126


Table of Figures


Diagram: Use Case – Field Application Makes Decision 31

Diagram: Use Case – Field Application Requests Data from Sensor or Other Field Application 33

Diagram: Use Case – Actuator, Sensor, or External Application Sends Data to Information Repository 36

Diagram: Use Case – Information Repository Synchronizes with Another Information Repository 37

Diagram: Use Case – Information Repository Processes New Data 40

Diagram: Use Case – Central Application Processes New Data 43

Diagram: Use Case – User Directs Application to Take an Action 46

Diagram: Use Case – User Enters Data via Central Application 48

Diagram: Use Case – User Initiates Application Mode Change 51

Diagram: Use Case – User Initiates Application Parameter Change 53

Diagram: Use Case – Control Authority Processes Directive for Actuator 58

Diagram: Use Case – Central Application or Information Repository Requests Data from Field Application or Sensor 61

Diagram: Use Case – External Application Processes New Data 63

Diagram: Use Case – External Application Sends Directive to Control Authority 64

Diagram: Use Case – Field Application Makes Decision 127

Diagram: Use Case – Field Application Requests Data from Sensor or Other Field Application 128

Diagram: Use Case – Actuator, Sensor, or External Application Sends Data to Information Repository 129

Diagram: Use Case – Information Repository Synchronizes with Another Information Repository 130

Diagram: Use Case – Information Repository Processes New Data 131

Diagram: Use Case – Central Application Processes New Data 132

Diagram: Use Case – User Directs Application to Take an Action 133

Diagram: Use Case – User Enters Data via Central Application 134

135

Diagram: Use Case – User Initiates Application Mode Change 136

Diagram: Use Case – User Initiates Application Parameter Change 136

Diagram: Use Case – Control Authority Processes Directive for Actuator 138

Diagram: Use Case – Central Application or Information Repository Requests Data from Field Application or Sensor 139

140

Diagram: Use Case – External Application Processes New Data 141

141

Diagram: Use Case – External Application Sends Directive to Control Authority 142

Table of Tables


Acknowledgements

The Advanced Security Acceleration Project for Smart Grid (ASAP-SG) would like to thank:

  1. Supporting utilities, including American Electric Power, BC Hydro, Con Edison, Consumers Energy, Florida Power & Light, National Grid, Oncor, and Southern California Edison.

  2. Supporting organizations including The United States Department of Energy and the Electric Power Research Institute.

  3. The utility and vendor representatives that provided ASAP-SG with essential foundational knowledge and insight into the Distribution Management problem space, with a special thanks to Oncor and American Electric Power.

ASAP-SG would also like to thank the Department of Homeland Security (DHS) Cyber Security Division, National Institute of Standards and Technology (NIST) Computer Security Division, North American Reliability Corporation (NERC), and Smart Grid Today for the works that they have produced that served as reference material for the Security Profile for Distribution Management.

The ASAP-SG Architecture Team included resources from Consumers Energy, EnerNex Corporation, InGuardians, Oak Ridge National Laboratory, the Software Engineering Institute at Carnegie Mellon University, and Southern California Edison.

Authors

Glenn Allgood

Len Bass

Bobby Brown

Kevin Brown

Matthew Carpenter

Jim Cebula

Slade Griffin

Teja Kuruganti

Howard Lipson

Jim Nutaro

Justin Searle

Brian Smith

James Stevens


Edited by: Darren Highfill and James Ivers
  1   2   3   4   5   6   7   8   9   ...   15

Добавить в свой блог или на сайт

Похожие:

Security Profile for Distribution Management iconSecurity Profile for Wide-Area Monitoring, Protection, and Control

Security Profile for Distribution Management iconI nformation technology — Security techniques — Information security management systems — Requirements
Технологии информационные. Методы обеспечения защиты. Системы управления информации. Требования

Security Profile for Distribution Management iconEmergency Management and Homeland Security

Security Profile for Distribution Management iconMw-t1 Multimedia Security Technologies for Digital Rights Management

Security Profile for Distribution Management iconProceedings of The 5th Australian Information Security Management Conference

Security Profile for Distribution Management icon21st Century Complete Guide to Belarus Encyclopedic Coverage, Country Profile, History, dod, State Dept., White House, cia factbook (Two cd-rom set). Progressive management 2006

Security Profile for Distribution Management iconЭтап: Сетевая разведка: Рекогносцировка
Семинар по теме Управление рисками и безопасностью информационных систем Information Security and Risk Management

Security Profile for Distribution Management iconThe Moral Significance of 'Energy Security' and 'Climate Security'

Security Profile for Distribution Management iconK’s Security 1nc energy policy justified through security perpetuates inequalities, environmental degradation, and inhibits their long-term development – must be examined prior to their enactment

Security Profile for Distribution Management iconSampling distributions: Sampling Types of sampling – Sampling distributions – t distribution, f distribution, Chi-square distribution. (3)


Разместите кнопку на своём сайте:
lib.convdocs.org


База данных защищена авторским правом ©lib.convdocs.org 2012
обратиться к администрации
lib.convdocs.org
Главная страница