Security Profile for Distribution Management
|
|
|
Prepared for:
The SG Cyber Security Working Group
|
|
|
Prepared by:
The Advanced Security Acceleration Project for the Smart Grid (ASAP-SG)
|
|
|
Managed by:
EnerNex Corporation
620 Mabry Hood Road
Knoxville, TN 37923
USA
(865) 218-4600
www.enernex.com
|
|
|
|
|
Version
1.0
|
Revision History
Rev
|
Date
|
Summary
|
Marked
|
0.01
|
20100513
|
Outline established.
|
N
|
0.02
|
20100520
|
Outline revised. Use Cases added.
|
N
|
0.03
|
20100624
|
Outline revised. Use Cases updated.
|
N
|
0.04
|
20100713
|
Front matter added or edited.
|
N
|
0.05
|
20100802
|
Incorporated content from various sources to fill in sections.
|
N
|
0.06
|
20100803
|
A few new and modified controls.
|
N
|
0.07
|
20100803
|
Fleshed out explanatory prose in several sections. Also edited role descriptions and added material describing the approach.
|
N
|
0.08
|
20100804
|
Integrated policy controls and additional explanatory prose in several sections. Added a few new controls and brought out network segmentation controls more explicitly.
|
N
|
0.09
|
20100807
|
Added references. Edits in 3.1, 4.1, and 4.2. Incorporated glossary.
|
N
|
0.10
|
20100811
|
Reordered technical controls to match order in mapping table. Fixed table and glossary formatting. Misc edits throughout. Incorporated material for 2.2.
|
N
|
0.11
|
20100812
|
Misc edits throughout.
|
N
|
0.12
|
20100816
|
Added DER mapping for 2.2. Misc edits throughout. Dismissed internal commentary.
|
N
|
0.13
|
20110314
|
Added edits from the Usability Analysis review
|
N
|
0.9
|
20110418
|
Updated document version number to reflect document status
|
N
|
0.91
|
20110912
|
Additional edits from secondary review
|
Y
|
0.92
|
20111014
|
Clean version for voting review
|
N
|
1.0
|
20120220
|
Ratified by the SG Security Working Group, UCAIug
|
N
|
Executive Summary
This guideline identifies best practices for securing automated distribution management (DM) functions in a smart grid environment, including steady state operations and optimization. This document addresses concerns related to using communications and automation in field equipment that controls the configuration and operation of the electric distribution system. Other electric system operation scenarios may also be addressed using this profile, as the various roles defined herein have been abstracted in such a way as to support mapping to different environments.
This document defines a set of use cases and a corresponding set of security controls for systems and components that implement the use cases. The security controls in this document are based in part on the controls from the Department of Homeland Security Catalog of Control Systems Security (U.S. Department of Homeland Security, March 2010). The underlying approach is to define the function of DM systems through abstract roles and use cases; define broad security objectives for DM systems; identify potential failures for each role in the context of the use cases; define security controls to address the failures; and assign controls to the roles. The roles have been designed abstractly to ensure applicability across a range of DM applications. Likewise, the use cases have been designed to be modular in order to facilitate combining them in different arrangements to describe different business models.
The primary audience of this document is organizations that are developing or implementing solutions providing various aspects of distribution management. This document is written at the normal level of utility security experience for system owners, system implementers and security engineers.
Table of Contents
Security Profile for Distribution Management 1
Introduction 10
Introduction 10
Scope 11
Field Equipment 11
Applications 12
Explicit Exclusions 13
Approach 13
Audience 14
How This Document Should Be Used 14
Disclaimer/Status 15
Functional Analysis 16
Functional Analysis 16
Roles 17
User 18
Maintainer 19
Central Application 19
Field Application 19
External Application 20
Information Repository 20
Control Authority 20
Actuator 21
Sensor 21
Role Mappings 21
Use Cases 27
Failure Analysis 65
Failure Analysis 65
Security and Operational Objectives 66
Failures 66
Security Controls 77
Security Controls 77
Required Network Segmentation 78
Policy Security Controls 81
Technical Security Controls 91
Appendix A:Use Case Notation Guide 112
Appendix B:Evaluating a Distribution Management System 115
Appendix C:Glossary and Acronyms 117
Appendix D:References 124
Appendix E:Magnified Use Cases 126
Table of Figures
Diagram: Use Case – Field Application Makes Decision 31
Diagram: Use Case – Field Application Requests Data from Sensor or Other Field Application 33
Diagram: Use Case – Actuator, Sensor, or External Application Sends Data to Information Repository 36
Diagram: Use Case – Information Repository Synchronizes with Another Information Repository 37
Diagram: Use Case – Information Repository Processes New Data 40
Diagram: Use Case – Central Application Processes New Data 43
Diagram: Use Case – User Directs Application to Take an Action 46
Diagram: Use Case – User Enters Data via Central Application 48
Diagram: Use Case – User Initiates Application Mode Change 51
Diagram: Use Case – User Initiates Application Parameter Change 53
Diagram: Use Case – Control Authority Processes Directive for Actuator 58
Diagram: Use Case – Central Application or Information Repository Requests Data from Field Application or Sensor 61
Diagram: Use Case – External Application Processes New Data 63
Diagram: Use Case – External Application Sends Directive to Control Authority 64
Diagram: Use Case – Field Application Makes Decision 127
Diagram: Use Case – Field Application Requests Data from Sensor or Other Field Application 128
Diagram: Use Case – Actuator, Sensor, or External Application Sends Data to Information Repository 129
Diagram: Use Case – Information Repository Synchronizes with Another Information Repository 130
Diagram: Use Case – Information Repository Processes New Data 131
Diagram: Use Case – Central Application Processes New Data 132
Diagram: Use Case – User Directs Application to Take an Action 133
Diagram: Use Case – User Enters Data via Central Application 134
135
Diagram: Use Case – User Initiates Application Mode Change 136
Diagram: Use Case – User Initiates Application Parameter Change 136
Diagram: Use Case – Control Authority Processes Directive for Actuator 138
Diagram: Use Case – Central Application or Information Repository Requests Data from Field Application or Sensor 139
140
Diagram: Use Case – External Application Processes New Data 141
141
Diagram: Use Case – External Application Sends Directive to Control Authority 142
Table of Tables
Acknowledgements
The Advanced Security Acceleration Project for Smart Grid (ASAP-SG) would like to thank:
Supporting utilities, including American Electric Power, BC Hydro, Con Edison, Consumers Energy, Florida Power & Light, National Grid, Oncor, and Southern California Edison.
Supporting organizations including The United States Department of Energy and the Electric Power Research Institute.
The utility and vendor representatives that provided ASAP-SG with essential foundational knowledge and insight into the Distribution Management problem space, with a special thanks to Oncor and American Electric Power.
ASAP-SG would also like to thank the Department of Homeland Security (DHS) Cyber Security Division, National Institute of Standards and Technology (NIST) Computer Security Division, North American Reliability Corporation (NERC), and Smart Grid Today for the works that they have produced that served as reference material for the Security Profile for Distribution Management.
The ASAP-SG Architecture Team included resources from Consumers Energy, EnerNex Corporation, InGuardians, Oak Ridge National Laboratory, the Software Engineering Institute at Carnegie Mellon University, and Southern California Edison.
Authors
Glenn Allgood
Len Bass
Bobby Brown
Kevin Brown
Matthew Carpenter
Jim Cebula
Slade Griffin
Teja Kuruganti
Howard Lipson
Jim Nutaro
Justin Searle
Brian Smith
James Stevens
Edited by: Darren Highfill and James Ivers
|
