View
219
Download
2
Category
Tags:
Preview:
Citation preview
2
Smart Grid Cyber Security Strategy
Establishment of a Cyber Security Coordination Task Group (CSCTG)
Established in March 2009
CSCTG transitioned to the Smart Grid Interoperability Panel – Cyber Security Working Group (SGIP–CSWG)
Almost 400 participantsChair - Annabelle Lee, NISTVice Chairs – Dave Dalva, CISCO and Alan Greenberg, BoeingSecretary – Mark Enstrom, NeustarEnerNex Support – Sandy BacikWeekly telecon
Teleconference Day & Time: Mondays, 11am EDTCall-in number:866-745-6097Participant passcode: 7413006
3
Smart Grid Cyber Security Strategy (2)
Have established the following sub-groupsVulnerability class analysisBottom-up assessmentPrivacyStandards assessmentHigh level requirementsCryptography and key managementFunctional/security architecture developmentResearch and Development
4
Smart Grid Cyber Security Strategy and Requirements
First draft posted as a NIST Interagency Report (NISTIR) 7628 in September 2009
Development of the document lead by NISTDocument written by the CSCTG and the Advanced Security Acceleration
Project – Smart Grid teamRepresents significant coordination among federal agencies, the private
sector, regulators, and academicsDocument includes material that will be used in selecting and tailoring
security requirementsDocument includes:
A cyber security strategy that includes a high level risk assessment for the Smart Grid High level security requirementsBackground materials that were used in performing the risk assessment and the analysis material used to select the security requirements
5
Smart Grid Cyber Security Strategy and Requirements (2)
Second draft posted on February 2, 2010Second draft will be posted for a 60-day comment period
Time-period to begin when Federal Register Notice (FRN) published Draft includes:
Overall cyber security strategyBottom-up security assessmentPrivacy assessmentSecurity relevant use casesVulnerability class analysisHigh level requirements for the entire Smart GridOverall functional logical architecture and lower level
logical interface diagramsInitial analysis of standardsR and D topics
Comments and disposition will also be posted
6
Smart Grid Cyber Security Strategy and Requirements (3)
Final version planned for June 2010Will include:
Revisions based on the comments receivedUpdated sections
Bottom-Up analysisVulnerability classesPrivacy assessmentSecurity-relevant use casesLogical interface diagramsResearch and Development (R&D)High level requirements – including tailored
security requirementsNew sections
Overall security architectureDesign considerations to assist implementersCryptography and key management
SGIP Organization
SGIP Membership
Standing Committees
Governing Board SGIP Officers
Test & Certification Committee (SGTCC)
ArchitectureCommittee
(SGAC)
Permanent Working Groups
Cyber Security Working Group
(CSWG)
Priority Action Plan Teams
PAP 2
Domain Expert Working Groups
H2G TnD B2G
I2G PEV2G BnP
SGIP Administrator
PAP 1 PAP 3
PAP 5PAP 4 PAP …
NIST
10
Liaisons and UpdatesPMO – Alan GreenbergTest and Certification Committee – Dave DalvaArchitecture Committee – Sandy Bacik and Justin Searle
11
CSWG RoadmapThis roadmap defines the tasks and estimated timeline for CSWG work over the next 2-3 yearsTasks
Task 1. Selection of use cases with cyber security considerationsTask 2. Performance of a risk assessment
Bottom-up analysisTop-down analysis
Task 3. Specification of high level security requirementsPrivacy assessment
Task 4a. Development of a security architectureTask 4b. Assessment of Smart Grid standardsTask 5. Conformity assessment
12
CSWG Roadmap (2)Phase 1
Forming of CSCTG and sub-groupsSGIP making a permanent working group – CSWGFirst draft of the NISTIR 7628 (09/2009)Coordination with other federal agencies
Phase 2Second draft of the NISTIR 7628 (02/2010)Coordination with:
SGIP GB Architecture Committee SGIPTest and Certification CommitteePAPs
NISTIR 7628 version 1.0 (06/2010)User guide on using the NISTIROutreach to other organizations
13
CSWG Roadmap (3)Phase 3
Continue outreach effortsExpand working relationships with SGIP GB, SGIP, Committees, PAPs,
and other working groupsNISTIR 7628 updatesCSWG face to face meetingsMaintaining the SGIP-CSWG roadmap
14
Outreach and Coordination….Coordination with PAPs:
Strategy for coordinationSend to SGIPGB
Expectations from PAP teamsWhat does this mean?How do the PAPs interact with CSWG?
Outreach….EEIMicrosoft, AT&TNAESBNARUC, PUCsUniversitiesDefense community – DOD, NSA, etc.Government laboratoriesInternational – EU, OECD, etc.APPA (munis)etc.
Recommended