ami-sec task force october 23 rd face-to-face meeting – knoxville, tn roadmap, asap deliverables,...
Post on 11-Jan-2016
214 Views
Preview:
TRANSCRIPT
AMI-SEC Task ForceAMI-SEC Task ForceOctober 23October 23rdrd Face-To-Face Meeting – Knoxville, TN Face-To-Face Meeting – Knoxville, TN
Roadmap, ASAP Deliverables, & OutreachRoadmap, ASAP Deliverables, & Outreach
Darren Reece Highfill, CISSPDarren Reece Highfill, CISSP
EnerNex CorporationEnerNex Corporation
darren@enernex.comdarren@enernex.com
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
SSR – Requirements HierarchySSR – Requirements Hierarchy
SSR – Primary Security ServicesSSR – Primary Security Services
• Confidentiality and Privacy (FCP)Confidentiality and Privacy (FCP)• Integrity (FIN)Integrity (FIN)• Availability (FAV)Availability (FAV)• Identification (FID)Identification (FID)• Authentication (FAT)Authentication (FAT)• Authorization (FAZ)Authorization (FAZ)• Non-Repudiation (FNR)Non-Repudiation (FNR)• Auditing (FAU)Auditing (FAU)
SSR – Supporting Security ServicesSSR – Supporting Security Services
• Anomaly Detection Services (FAS)Anomaly Detection Services (FAS)• Boundary Services (FBS)Boundary Services (FBS)• Cryptographic Services (FCS)Cryptographic Services (FCS)• Notification and Signaling Services (FNS)Notification and Signaling Services (FNS)• Resource Management Services (FRS)Resource Management Services (FRS)• Trust and Certificate Services (FTS)Trust and Certificate Services (FTS)
SSR – AssuranceSSR – Assurance
• Development Rigor (ADR)Development Rigor (ADR)• Organizational Rigor (AOR)Organizational Rigor (AOR)• Handling/Operating Rigor (AHR)Handling/Operating Rigor (AHR)• Accountability (AAY)Accountability (AAY)• Access Control (AAC)Access Control (AAC)
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
What is an AMI Security Component?What is an AMI Security Component?
Hardware and/or Software that meet the following Hardware and/or Software that meet the following criteria: criteria: – Must cover at least one requirements (SSR) category Must cover at least one requirements (SSR) category
and at least one security domainand at least one security domain– Must enable relevant security policyMust enable relevant security policy– Must not be a policyMust not be a policy– Can be an algorithmCan be an algorithm– Cannot be a productCannot be a product– Assures business value or system functionAssures business value or system function– Must be available in the marketMust be available in the market
SSR – Component Catalog MappingSSR – Component Catalog Mapping
Co
mm
un
ica
tio
n S
erv
ice
s
ManagedNetworkServices
UtilityEnterpriseServices
AutomatedNetworkServices
UtilityEdge
Services
PremiseEdge
Services
ComponentComponent
Example ComponentsExample Components
• AES Encryption AES Encryption StrategyStrategy
• A5 Encryption A5 Encryption StrategyStrategy
• CAVE Encryption CAVE Encryption StrategyStrategy
• RSA Encryption RSA Encryption StrategyStrategy
• DSA Encryption DSA Encryption StrategyStrategy
• RC4 Stream RC4 Stream Encryption StrategyEncryption Strategy
• Blowfish Block Blowfish Block Encryption StrategyEncryption Strategy
• 3DES Block 3DES Block Encryption StrategyEncryption Strategy
• IDEA Block IDEA Block Encryption StrategyEncryption Strategy
• Stream Encryption Stream Encryption StrategyStrategy
• Block Encryption Block Encryption StrategyStrategy
• Encrypted StorageEncrypted Storage• Storage Encryption Storage Encryption
ModeMode• Storage Encryption Storage Encryption
StrategyStrategy• Authenticating Authenticating
Encryption ModeEncryption Mode• Network Packet Network Packet
FilterFilter• ProxyProxy• Network Application Network Application
Reverse ProxyReverse Proxy• Application Layer Application Layer
GatewayGateway
• Host Packet Host Packet FilterFilter
• Hardware Hardware Encryption Encryption ManagerManager
• Software Software Encryption Encryption ManagerManager
• RADIUS RADIUS ServerServer
• RADIUS RADIUS ProtocolProtocol
• TACACS+ TACACS+ ServerServer
• TACACS+ TACACS+ ProtocolProtocol
• LDAP ServerLDAP Server• LDAPLDAP
• Identity ServerIdentity Server• Authentication Authentication
ServerServer• Authorization Authorization
ServerServer• Policy Enforcement Policy Enforcement
ManagerManager• Intrusion Detection Intrusion Detection
SystemSystem• Network IDSNetwork IDS• Host IDSHost IDS• Network IPSNetwork IPS• Network IDSNetwork IDS• Wireless IDSWireless IDS• IEEE 802.11iIEEE 802.11i• IEEE 802.11aeIEEE 802.11ae• IEEE 802.11afIEEE 802.11af
Are each of these components? Where do they map?
π
Example Component CatalogExample Component Catalog
Comp ID
Comp Name
Comp Descr
FCP … AAC Prim Edge
… Util Entps
Notes
1 Abc … Y . N Y . Y …
2 Def … N . N Y . Y …
3 Hij … Y . N Y . N …
4 Klm … N . Y N . N …
5 Nop … Y . N Y . N …
6 Qrs … N . Y N . N …
7 Tuv … Y . N Y . Y …
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
Deliverable Suite UsageDeliverable Suite Usage
2009 Transformation2009 Transformation
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
Outreach – Washington, DCOutreach – Washington, DC
• Objective:Objective: Increase awareness in Washington, DC Increase awareness in Washington, DC that the electric power industry is proactively addressing that the electric power industry is proactively addressing this important issue in a productive mannerthis important issue in a productive manner
• Inform policy-makers:Inform policy-makers:1.1. Security for AMI is importantSecurity for AMI is important
2.2. Utilities are proactively and collaboratively addressing the Utilities are proactively and collaboratively addressing the issueissue
3.3. We have produced the first round of guidance for AMI and are We have produced the first round of guidance for AMI and are working on expansion for the Smart Gridworking on expansion for the Smart Grid
Outreach – Washington, DCOutreach – Washington, DC
AgendaAgenda
• IntroductionsIntroductions• RoadmapRoadmap
– Review of commentsReview of comments– Update of Scope, CharterUpdate of Scope, Charter
• System Security RequirementsSystem Security Requirements– OverviewOverview– Detail discussionDetail discussion
• Component CatalogComponent Catalog• Architectural DescriptionArchitectural Description
– Review / approvalReview / approval• Deliverable suite usageDeliverable suite usage• OutreachOutreach
– SmartGridiPediaSmartGridiPedia– NISTNIST– ASAPASAP
• Meeting Schedule for 2009Meeting Schedule for 2009
Planning / LogisticsPlanning / Logistics
top related