This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content




НазваниеThis is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content
страница1/14
Дата19.10.2012
Размер0.73 Mb.
ТипДокументы
  1   2   3   4   5   6   7   8   9   ...   14

powerpluswatermarkobject358394343



NOTE: This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. THIS DOCUMENT IS NOT CONTENT COMPLETE. Substantial portions of this document remain to be refined, reviewed, and/or filled out – notably the entire Controls section (Section 4).
Security Profile for Substation Automation







Prepared for:

The UCAIug SG Security Working Group







Prepared by:

The Advanced Security Acceleration Project for the Smart Grid (ASAP-SG)







Managed by:

EnerNex Corporation

620 Mabry Hood Road

Knoxville, TN 37923

USA

(865) 218-4600

www.enernex.com














Version

0.04



Revision History

Rev

Date

Summary

Marked

0.04

20120502

Preliminary draft for flow and logic – not content-complete

N





































































































































Executive Summary

This document presents the security profile for electric grid substation automation technology, and addresses security concerns associated with automated and manual interaction in support of system protection (inter and intra-substation), system control (local and remote), system optimization (e.g., voltage and reactive power), and system monitoring (i.e., equipment health) performed by equipment located in transmission and distribution substations. The recommendations made herein are based on stated system architectural and functional assumptions, and offer a singular security baseline for overall use of substation automation technology with tailored subsets of recommendations where variations in system deployment or usage occur.

This document defines a reference architecture, a set of roles to define system functionality and communications, and a set of security controls for systems and components that implement the roles. The security controls in this document are inspired by and intended to cover the application of technical requirements found in NIST Interagency Report (IR) 7628: Guidelines for Smart Grid Cyber Security to substation automation systems and technology. The underlying approach behind this document was therefore to (1) study real-world use of substation automation systems, (2) define the function of these systems by presenting a reference architecture that defines abstract roles and their interactions through state machines and communications analyses, (3) map the architecture's roles to real-world substation automation systems, (4) define broad security objectives for substation automation systems, (5) identify potential failure modes for each role in the context of the state machines and communications analyses, (6) define security controls to address the failure modes, and (7) assign controls to the roles.

The primary audiences for this document are system owners, system implementers, and security engineers within organizations that are developing or implementing solutions requiring or providing substation automation functionality.

Table of Contents

1 Introduction 10

1.1 Scope 11

1.1.1 Equipment 12

1.1.2 Processing 12

1.1.3 Applications 12

1.1.4 Explicit Exclusions 12

1.2 Approach 13

1.3 Audience & Recommended Use 16

1.3.1 Electric Utility 16

1.3.2 Substation Automation (and Derivative Technology) Vendors 16

2 Functional Analysis 17

2.1 Logical Architecture 18

2.1.1 “Inform” Communications 19

2.1.2 “Operate” Communications 19

2.1.3 “Config” Communications 20

2.2 Role Definitions 21

2.2.1 Proxy 22

2.2.2 Substation User Interface 22

2.2.3 Substation Information Repository 22

2.2.4 Substation Control Authority 22

2.2.5 Actuator 22

2.2.6 Sensor 22

2.2.7 Protection Application 23

2.2.8 Control Application 23

2.2.9 Monitoring Application 23

2.2.10 Command and Control Application 24

2.2.11 Business Analysis Application/Repository 24

2.2.12 Distribution Asset 24

2.3 Role Mappings 25

2.3.1 Example Substation Architecture 25

2.3.2 Protection Relay and Merging Unit 25

2.3.3 Communications Processor 26

2.3.4 Digital Fault Recorder and Meter 27

2.3.5 Human Machine Interface 28

2.3.6 Substation Gateway 29

2.3.7 Remote Terminal Unit (RTU) 29

2.3.8 Programmable Logic Controller (PLC) 30

2.4 State Machines 30

2.4.1 Actuator State Machine 31

2.4.2 Control Application State Machine 32

2.4.3 Monitoring Application State Machine 34

2.4.4 Protection Application State Machine 36

2.4.5 Proxy State Machine 38

2.4.6 Sensor State Machine 40

2.4.7 Control Authority State Machine 41

2.4.8 Substation Information Repository State Machine 42

2.4.9 Substation User Interface State Machine 44

2.5 Zone Definitions 46

2.5.1 Enterprise Visibility 47

2.5.2 Field Visibility & Control 48

2.5.3 Supervisory Control 49

2.5.4 Local Substation Autonomy 50

2.5.5 Protection 51

2.6 Substation Automation Networks 53

3 Failure Analysis 55

3.1 Failure Analysis Process 55

3.1.1 Role-based Failure Mode Identification 56

3.1.2 Communication Analysis Process 59

3.1.3 Zone-Based Analysis Process 60

3.2 Security and Operational Objectives 60

3.2.1 Contextual Assumptions 60

3.2.2 Core Operational Assumptions 61

3.2.3 Security Principles 61

3.3 Failure Modes 63

3.3.1 Role-Based Failure Modes 63

3.3.2 Communication Failure Modes 64

3.3.3 Zone-Based Failure Modes 67

4 Security Controls 72

4.1 Control Definitions 72

4.1.1 Access Control 74

4.1.2 Audit & Accountability 75

4.1.3 Configuration Management 76

4.1.4 Continuity of Operations 76

4.1.5 Identification & Authorization 77

4.1.6 Physical & Environmental 78

4.1.7 System & Communication Protection 78

4.1.8 System & Information Integrity 81

4.2 Security Controls Mapping 83

4.2.1 Controls Mapped to Roles 84

4.2.2 Controls Mapped to Network Segments 88


Table of Figures

Figure 1 – Overview of Security Profile Development Approach 13

Figure 2 – Substation Automation Security Profile Artifact Relationships 15

Figure 3 – Logical Architecture – Inform 19

Figure 4 – Logical Architecture – Operate 20

Figure 5 – Logical Architecture – Config 21

Figure 6 – Example Substation Architecture 25

Figure 7 – Protection Relay and Merging Unit 26

Figure 8 – Communications Processor 27

Figure 9 – Digital Fault Recorder and Meter 28

Figure 10 – Human Machine Interface 28

Figure 11 – Substation Gateway 29

Figure 12 – Remote Terminal Unit (RTU) 30

Figure 13 – Programmable Logic Controller 30

Figure 14 – Actuator State Machine 31

Figure 15 – Control Application State Machine 32

Figure 16 – Monitoring Application State Machine 34

Figure 17 – Protection Application State Machine 36

Figure 18 – Proxy State Machine 38

Figure 19 – Sensor State Machine 40

Figure 20 – Control Authority State Machine 41

Figure 21 – Substation Information Repository State Machine 43

Figure 22 – Substation User InterfaceState Machine 44

Figure 23 – Zone Analysis 47

Figure 24 – Substation Automation Networks 53



Table of Tables

Table 1 – Substation Automation Functions in Scope for this Security Profile 12

Table 2 – Role-Based Failure Modes 63

Table 3 – Communication Failure Modes 65

Table 4 – Zone-Based Failure Modes 68

Table 5 – Controls: Access Control 74

Table 6 – Controls: Audit & Accountability 75

Table 7 – Controls: Configuration Management 76

Table 8 – Controls: Continuity of Operations 76

Table 9 – Controls: Identification & Authorization 77

Table 10 – Controls: Physical & Environmental 78

Table 11 – Controls: System & Communication Protection 78

Table 12 – Controls: System & Information Integrity 81

Table 13 – Controls Mapped to Roles 84



Acknowledgements

The Advanced Security Acceleration Project for Smart Grid (ASAP-SG) would like to thank:

  1. Supporting utilities, including American Electric Power and Southern California Edison.

  2. Supporting organizations, including: The United States Department of Energy, the Electric Power Research Institute, and UtiliSec.

  3. The utility and vendor representatives that provided ASAP-SG with essential foundational knowledge and insight into the Substation Automation problem space, with a special thanks to Southern California Edison.

ASAP-SG would also like to thank the National Institute of Standards and Technology (NIST) Computer Security Division and the North American Reliability Corporation (NERC) for the works that they have produced that served as reference material for the Security Profile for Substation Automation.

The ASAP-SG Architecture Team included resources from EnerNex Corporation, UtiliSec, Oak Ridge National Laboratory, the Software Engineering Institute at Carnegie Mellon University, and Southern California Edison.

Authors

Glenn Allgood

Len Bass

Bobby Brown

James Ivers

Teja Kuruganti

Howard Lipson

Jim Nutaro

Justin Searle

Brian Smith


Edited by: Darren Highfill
  1   2   3   4   5   6   7   8   9   ...   14

Похожие:

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconSummary and Purpose of Document This document presents the Long range Forecasting Progress Report for 2005 in the U. K. Meteorological Office. Action proposed

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content icon2001. Type of document: Draft rivo id number: 109 Aarts, P. G. Guidelines for Programmes Psychosocial and Mental Health Care Assistance in (Post) Disaster and Conflict Areas. Draft. 2001

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconThis draft document is not be quoted without the author's permission

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconManufacturing Technologies Career Field Technical Content Standards Document

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconNote: This document was created from a non-spell-checked ocr scanned version of the original document. Therefore, it is likely that you will find spelling

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content icon1About This Document 1Scope of the Document

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconNote added by jpl webmaster: This document was prepared by lpi. The content has not been approved or adopted by, nasa, jpl, or the California Institute of

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconNote for Philip: Each section of the content is preceded by the columned table, copied over from your original document. The main body text for each section is outside of the table

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconUpdate to a Preliminary Draft of 27 July 1997

This is a preliminary draft made available for the purpose of allowing industry to see the flow and logic of the document. This document is not content iconPurpose and Content of the Course

Разместите кнопку на своём сайте:
Библиотека


База данных защищена авторским правом ©lib.znate.ru 2014
обратиться к администрации
Библиотека
Главная страница