Скачать 0.93 Mb.
This guideline identifies best practices for securing automated distribution management (DM) functions in a smart grid environment, including steady state operations and optimization. This security profile addresses concerns related to using communications and automation in field equipment that controls the configuration and operation of the electric distribution system. Other electric system operation scenarios may also be addressed using this profile, as the various roles defined herein have been abstracted in such a way as to support mapping to different environments.
This document defines a set of use cases and a corresponding set of security controls for systems and components that implement the use cases. The security controls in this document are based in part on the controls from the Department of Homeland Security Catalog of Control Systems Security (U.S. Department of Homeland Security, March 2010). The underlying approach is to study real-world DM systems; define the function of DM systems by presenting a reference architecture that defines abstract roles and use cases; map the architecture's roles to real-world DM systems; define broad security objectives for DM systems; identify potential failures for each role in the context of the use cases; define security controls to address the failures; and assign controls to the roles.
An understanding of the roles is essential to applying the security controls defined in this document. Roles have been designed abstractly to ensure applicability across a range of DM applications. The key roles are those of a sensor, an actuator, and an application—each of which represents functionality that may be implemented by physical devices. A sensor is able to gather data about physical equipment in a DM system. An actuator is able to take action on physical equipment in a DM system. An application is able to make decisions, with or without human supervision, about what actions should be taken in a DM system. These roles are elaborated and decomposed (e.g., distinguishing between field applications and centrally deployed applications) in section .
It is important to note that a single device or product may implement multiple roles. Moreover, each role could be implemented in different ways, using different technologies, and by different vendors. By assigning security controls to the abstract roles, no bias is expressed in any of these dimensions. This document address security concerns by requiring that products implementing the functionality of a given role satisfy all security controls associated with that role. If a product implements the functionality of multiple roles, it must implement all of the security controls assigned to each of the roles.
This security profile addresses automated distribution management (DM) functions including steady state operations and optimization. The document considers “distribution automation” to refer to a specific portion of distribution management related to automated system reconfiguration such as SCADA, and therefore within scope for this security profile.
From a field equipment perspective, the scope is bounded on the utility end by the distribution substation. While the transition from distribution to transmission may vary from one organization to another, distribution management field equipment lies primarily between the last substation and the point of service for the customer. In general, the substation fence serves as a scoping boundary with at least two notable exceptions:
The boundary on the customer end is defined logically as some distribution management functions will inherently involve communication with customer-owned equipment. Distribution management and control functions in direct communication with appropriate customer equipment are considered in scope. Some examples:
At an application level, many distribution functions can be implemented with a range of different architectures involving varying degrees of distributed control. Some functions may be primarily enterprise applications while other functions involve a combination of enterprise functionality with distributed controls that operate relatively autonomously (although coordinated). The distinction between enterprise level functionality and distributed control systems is addressed for the specific categories of functions in terms of how this influences the security requirements.
Specific functions that were considered in the development of this security profile include:
While closely related to distribution management for some organizations, this document explicitly considers the functions of system protection (high speed response to a fault condition) and advanced metering to be out of scope for this profile. Advanced metering is covered under the Security Profile for Advanced Metering Infrastructure. System protection (i.e. automated high-speed response to a fault condition) will be covered under its own security profile under the topic of substation automation. However, management of protection settings for coordination within and configuration of protection equipment is within scope of this security profile.
Технологии информационные. Методы обеспечения защиты. Системы управления информации. Требования
Семинар по теме Управление рисками и безопасностью информационных систем Information Security and Risk Management