Smart Grid System Security Specifications
Yüklə 0,93 Mb.
|
- Bu səhifədəki naviqasiya:
- Executive Summary
- Acknowledgements
Executive SummaryThis document provides the utility industry and vendors with a set of security requirements for Advanced Metering Infrastructure (AMI). These requirements are intended to be used in the procurement process, and represent a superset of requirements gathered from current cross-industry accepted security standards and best practice guidance documents. This document provides substantial supporting information for the use of these requirements including scope, context, constraints, objectives, user characteristics, assumptions, and dependencies. This document also introduces the concept of requirements for security states and modes, with requirements delineated for security states. These requirements are categorized into three areas: 1) Primary Security Services, 2) Supporting Security Services and 3) Assurance Services. The requirements will change over time corresponding with current security threats and countermeasures they represent. The AMI-SEC Task Force presents the current set as a benchmark, and the authors expect utilities and vendors to tailor the set to individual environments and deployments. While these requirements are capable of standing on their own, this document is intended to be used in conjunction with other 2008 deliverables from the AMI-SEC Task Force, specifically the Risk Assessment, the Architectural Description, the Component Catalog (in development as of this writing), and the Implementation Guide (to be developed late 2008). This document also discusses the overall process for usage of this suite. AcknowledgementsThe AMI-SEC Task Force would like to acknowledge the work of the primary authors, contributing authors, editors, reviewers, and supporting organizations. Specifically, the Task Force would like to thank:
The AMI-SEC Task Force would also like to thank the Department of Homeland Security Cyber Security Division, National Institute of Standards and Technology Computer Security Division, North American Reliability Corporation and The Common Criteria for the works that they have produced that served as reference material for the AMI Systems Security Requirements document. Authors Bobby Brown Brad Singletary Bradford Willke Coalton Bennett Darren Highfill Doug Houseman Frances Cleveland Howard Lipson James Ivers Jeff Gooding Jeremy McDonald Neil Greenfield Sharon Li Table of Contents Executive Summary i Acknowledgements ii 1. Introduction 1 1.1 Purpose 1 1.1.1 Strategic Importance 1 1.1.2 Problem Domain 1 1.1.3 Intended Audience 3 1.1. Scope 3 1.2. Document Overview 4 1.3. Definitions, acronyms, and abbreviations 6 1.4. References 6 2.General system description 7 2.1. Use Cases 7 2.1.1. Billing 8 2.1.2. Customer 10 2.1.3. Distribution System 11 2.1.4. Installation 13 2.1.5. System 14 2.2. System Context 15 2.3. System Constraints 17 2.4. Security States and Modes 19 2.4.1. System States 19 2.4.2. System Modes 21 2.5. Security Objectives 22 2.5.1. Holistic Security 24 2.6. User Characteristics 24 2.7. Assumptions and Dependencies 25 3.System Security Requirements 25 3.1. Primary Security Services 25 3.1.1. Confidentiality and Privacy (FCP) 25 3.1.2. Integrity (FIN) 26 3.1.3. Availability (FAV) 29 3.1.4. Identification (FID) 30 3.1.5. Authentication (FAT) 30 3.1.6. Authorization (FAZ) 33 3.1.7. Non-Repudiation (FNR) 34 3.1.8. Accounting (FAC) 35 3.2. Supporting Security Services 37 3.2.1. Anomaly Detection Services (FAS) 38 3.2.2. Boundary Services (FBS) 38 3.2.3. Cryptographic Services (FCS) 40 3.2.4. Notification and Signaling Services (FNS) 41 3.2.5. Resource Management Services (FRS) 41 3.2.6. Trust and Certificate Services (FTS) 44 3.3. Assurance 44 3.3.1. Development Rigor (ADR) 44 3.3.2. Organizational Rigor (AOR) 48 3.3.3. Handling/Operating Rigor (AHR) 58 3.3.4. Accountability (AAY) 61 3.3.5. Access Control (AAC) 64 Appendix A: Architectural Description 66 A.1. Scope 66 A.2. Mission 67 A.3. Stakeholders & Concerns 67 A.4. Security Analysis Approach 68 A.5. Architecture Description Approach 69 A.5.1. Viewpoints 69 A.5.2. Views 70 A.6 Contextual View 70 A.7 Top Level Model 71 A.7.1. Customer Model 72 A.7.2. Third Party Model 74 A.7.3. Utility Model 75 A.8 Security Domains View 79 A.8.1. Utility Edge Services Domain 80 A.8.2 Premise Edge Services Domain 81 A.8.3. Communication Services Domain 81 A.8.4. Managed Network Services Domain 81 A.8.5. Automated Network Services Domain 82 A.8.6. Utility Enterprise Services Domain 82 Appendix B – Supplemental Material: Business Functions as Stakeholders in AMI Systems 1 B.1 Introduction 1 B.1.2 Scope of AMI Systems 1 B.2 Overview of Business Functions Utilizing AMI Systems 2 B.3 AMI Metering Business Functions 3 B.3.1 Metering Services 3 B.3.2 Pre-Paid Metering 5 B.3.3 Revenue Protection 5 B.3.4 Remote Connect / Disconnect 6 B.3.5 Meter Maintenance 7 B.4 Distribution Operations Business Functions 8 B.4.1 Distribution Automation (DA) 8 B.4.2 Outage Detection and Restoration 9 B.4.3 Load Management 11 B.4.4 Power Quality Management 12 B.4.5 Distributed Energy Resource (DER) Management 12 B.4.6 Distribution Planning 15 B.4.7 Work Management 16 B.5 Customer Interactions Business Functions 17 B.5.1 Customer Services 17 B.5.2 Tariffs and Pricing Schemes 18 B.5.3 Demand Response 19 B.6 External Parties Business Functions 21 B.6.1 Gas and Water Metering 21 B.6.2 Third Party Access 21 B.6.3 External Party Information 22 B.6.4 Education 23 B.6.5 Third Party Access for Certain Utility Functions 23 Table of Figures Figure 1 – Deliverables Process Flow 5 Figure 2 – AMI Security Domain Model 15 Figure 3 - Example of a System State Flow Diagram 20 Figure 4 – AMI Top Level Model 71 Figure 5 - Customer Model 72 Figure 6 - Third Party Model 74 Figure 7 - Utility Model 75 Figure 8 - AMI Service Domains 79 Figure 9 - Scope of AMI Systems 2 Figure 10 - Business Functions Utilizing the AMI/Enterprise Bus Interface 3 Yüklə 0,93 Mb. Dostları ilə paylaş:
|