OpenSG SG Conformity – Security Conformity July 22, 2010 Bobby Brown.

OpenSG SG Conformity – Security ConformityJuly 22, 2010Bobby Brown

AgendaThursday, July 22nd

• Overview Security Conformance & Charter• Align with Conformity WG

– Use Cases OpenHAN, OpenADE, OpenADR– Identify Security Functions/Services

• Identify Requirements and Standards• Discuss Development of Abstract Security Test Cases• Support TCC and CSWG Testing & Certification Subgroup

Review Security Conformity TF Charter

• Establish security conformance requirements for laboratories desiring to certify smart grid components and systems and;

• Establish clear scoping boundaries, perform research to identify existing models, and propose a high-level philosophy of approach.

• Chair: Bobby Brown, EnerNex representing Consumers Energy, [email protected]

• Vice-Chair: needed

Conformance Definitions

a) “Is any activity to determine, directly or indirectly, that a process, product, or service meets relevant standards and fulfills relevant requirements.” ISO/IEC Guide 2:2004

b) Conforms if… “has not been proven to be non-conformant with standard x”

Which Areas?

• Work closely with Conformity Groups– OpenHAN– OpenADR– OpenADE

Which Requirements & Standards?

• OpenSG – OpenHAN, OpenADE, OpenADR• OpenSG – Security Profiles• Testing & Certification Committee

List of Standards- SGIP_TCC_Interoperability_Issue_Assessment_Process_V02.pdf

Identify Generic Security Functions/Services

• Authentication• Logging/Auditing• Alerting• Secure Data Transfer• Authorization

Example PatternofSecure WirelessAccess onPrivate Network

Develop Abstract Test Cases

• Template

Outward Support

• SGIP Testing & Certification Committee• CSWG Testing & Certification Sub-group• SG Security CyberSec-Interop

Meeting Logistics

• Currently every Friday at 2:00PM Eastern Time– propose to meet with Conformity WG for now

• [email protected]

Contact [email protected] to be added to ListServ

Thank you!

Bobby Brown, [email protected]