Upload
ngotram
View
219
Download
12
Embed Size (px)
Citation preview
Substations represent a critical element of the national infrastructure aimed at the security and wellness of the population.
2
Presenters
• Overview of standards related to cyber security – Marc Lacroix
• Substation physical security standard – Craig Preuss
• Development of IEEE PC 37-240 – Mike Dood
• Introduction to Lemnos - Scott D. Sternfeld
Objectives
• Presentation of major threats, physical or virtual, that may impact the integrity of the substation.
• Introduction to recent development of standards, intended to mitigate such threats, will be presented.
• Share their experience in the implementation of mitigation approaches.
• Future standards development, such as Lemnos, will be described.
ISO 27001
• “Information technology – Security techniques – Information security management systems – Requirements”
– specifies a set of information security management requirements designed to be used for certification purposes.
9
IEEE 1686
• The standard defines functions and features that must be provided in substation intelligent electronic devices to accommodate critical infrastructure protection programs. It addresses security in terms of access, operation, configuration, firmware revision, and data retrieval from IEDs.
10
CIGRE D22.2
• Treatment of Information Security for Electric Power Utilities
– Risk Assessment of Information and Communication Systems
– Security Frameworks for Electric Power Utilities
– Security Technologies Guideline
12
NIST 800-53
• Recommended Security Controls for Federal Information Systems
– Provides guidelines for selecting and specifying technical and organizational security controls and connected processes for information systems supporting the executive agencies of the federal government to meet the requirements of FIPS 200
13
NERC CIP CIP Title / Content
001 Sabotage Reporting
Reporting disturbances or unusual occurrences, suspected or determined to be caused by sabotage to appropriate authorities
002 Critical Cyber Asset Identification
Identification and documentation of Critical Cyber Assets using risk-based assessment methodologies
003 Security Management Controls
Documentation and implementation of Cyber Security Policy reflecting commitment and ability to secure Critical Cyber Assets
004 Personnel and Training
Maintenance and documentation of security awareness programs to ensure personnel knowledge on proven security practices
005 Electronic Security Protection
Identification and protection of Electronic Security Perimeters and their access points surrounding Critical Cyber Assets
006 Physical Security Program
Creation and maintenance of physical security controls, including processes, tools, and procedures to monitor perimeter access
007
Systems Security Management
Definition and maintenance of methods, procedures, and processes to secure Cyber Assets within the Electronic Security Perimeter to do
not adversely affect existing Cyber Security Controls.
008 Incident Reporting & Response Planning
Development and maintenance of a Cyber Security Incident response plan that addresses classification, response actions and reporting
009 Recovery Plans for Critical Cyber Assets
Creation and review of recovery plans for Critical Cyber Assets
010 Bulk Electrical System Cyber System Categorization (draft)
Categorization of BES systems that execute or enable functions essential to reliable operation of the BES into three different classes.
011 Bulk Electrical System Cyber System Protection (draft)
Mapping of security requirements to BES system categories defined in CIP-010
62351
IEC 62351 Definition of Security Services Standardization Status
Part 1 Introduction and overview Technical Specifications
Part 2 Glossary of terms Technical Specifications
Part 3 Profiles Including TCP/IP Technical Specifications
Part 4 Profiles Including MMS Technical Specifications
Part 5 Security for IEC 60870-5 and Derivatives Technical Specifications
15
62351
IEC 62351 Definition of Security Services Standardization Status
Part 6 Security for IEC 61850 Technical Specifications
Part 7 Network and system management (NSM) data object models
Technical Specifications
Part 8 Role-Based Access Control for Power systems management
Technical Specifications
Part 9 Data and Communication Security - Key Management
In preparation
Part 10 Security architecture guidelines Technical Specifications
Part 11 Security for XML Documents In preparation
16
Security Domains Security Domain
Required Protection Level
Applies to Example Systems
Public Low Assets, supporting the communication over public networks
3rd party networks, Internet
Corporate Medium Assets, supporting the business operation with baseline security not essential to the power system reliability and availability
Office level business network
Business Critical
High Assets, supporting the critical operation, which are not critical to power system reliability and availability.
Finance network, human resource systems, ERP systems
System Operation Critical
Very high Assets directly related to the availability and reliability of power generation and distribution infrastructure
Control systems, SCADA networks
25