Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs [email protected]Utility co-chair: John Stewart, PM Grid ICT [email protected]Secure Remote Substation Access Interest Group Part 2: Development of Test Scenarios July 17, 2013
40
Embed
Secure Remote Substation Access Interest Group kickoff meetingsmartgrid.epri.com/doc/Remote-Substation-Access-Interest-Group... · Secure Remote Substation Access Interest Group ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs
Scenario 1: Integration with a “Password Vault” What is a “Password Vault”?
Benefits of a password management solution for shared/service/privileged account passwords: - Regular password changes improve security and compliance - Control which users have access to passwords - Allow detailed auditing of each use of these passwords
1) Problem statement (with background): - Multiple password vaults, different security or logging levels
for various systems, makes difficult for auditing/compliance - Current IT Enterprise password vault products do not interact
with substation IEDs
2) Ideal end state - Single integrated password vault to manage all
shared/service account passwords. - Remote Access solution would connect to IEDs using
passwords stored in Password Vault solution 3) Stated Assumptions - Utility has or is considering both products - Remote Access and Password Vault solutions have network
Scenario 2: Relay functional testing while maintaining CIP compliance 1) Problem statement: - Relay technicians use Doble or Manta test sets plugged into
technician’s laptop and require a simultaneous connection to the relay. Desire to log/record the actions by the relay tech to the remote access system. Remote access system is not currently included in this process.
2) Ideal end state - All interactions with relay are captured and correlated into
remote access system. - “Front panel access” is restricted 3) Stated Assumptions - Remote Access system is available for the intended relays
1) Problem statement (with background): - Historically passwords have been included in configuration files
allowing for password changes through configuration downloads - Password must be inserted into files prior to download to prevent
password sync issues 2) Ideal end state - Password management system dynamically integrates correct
password into config files on the fly during download - Remove passwords from configs entirely and manage separately or
through trust mgmt infrastructure (IT) 3) Stated Assumptions - IED passwords aren’t known in advance to configuration engineer - Assumes utility has a variety of IED FW combinations that preclude
1) Problem statement (with background): - IED password complexity can change with firmware revisions
(even for same model)
2) Ideal end state - Automated solutions must correctly identify and incorporate
these changes within script variables - All vendors understand nuances of models and firmware of
vendor IEDs
3) Stated Assumptions - Existing Sources for this information exist - Vendor release notes which vary significantly in detail - Vendors would be willing to share this information
4) Possible limitations to solution - Who takes ownership of this information? - Where would this master list reside? - This information has to be kept up to date - Funding: vendors or database upkeep
5) Related implementation issues
- Would require manual work by each utility to produce new scripts for firmware changes
- Changes in menu options, page layouts, command replies, etc can affect existing scripts.
IED Password Management Through remote substation access systems
Approach: • Identify the requirement, benefits and challenges associated with
implementing IED password management
Value: – Support CIP compliance and documentation for password change
requirements – Reduce risk of unauthorized access attempts by obscuring the password
• No more default or ‘utility standard’ passwords – Reduce the frequency of password updates – Reduce inefficiencies and costs through automated password changes.
Please observe these Antitrust Compliance Guidelines:
– Do not discuss pricing, production capacity, or cost information which is not publicly available; confidential market strategies or business plans; or other competitively sensitive information
– Be accurate, objective, and factual in any discussion of goods and services offered in the market by others.
– Do not agree with others to discriminate against or refuse to deal with a supplier; or to do business only on certain terms and conditions; or to divide markets, or allocate customers
– Do not try to influence or advise others on their business decisions and do not discuss yours except to the extent that they are already public
System Ownership • Who will assume overall ownership of the system?
– Single POC or group needed (champion) – Provides coordination between other users
• Many, many groups involved that can be considered “owners”: – Group that specifies and procures equipment? – Group that provides initial configuration? – Group that maintains equipment in the field? – IT: System upgrades, patching, disaster recovery, deployment to
users
• Other considerations to determine ownership: – Frequency of use: Who manages the configurations of the devices? – Volume: What is the quantity of IEDs to be managed? – Criticality: What is the criticality of these devices? – Availability: Is there 24/7 support from any of the organizations?
Cyber Security and Privacy 2012 Project: Assessment of Remote Access Solutions Purpose: Work with vendors and utilities to assess several products providing Interactive Remote Substation Access.
Approach: – Develop comprehensive list of requirements – Develop use cases/scenarios – Vendor deployment/development in Smart Grid
Substation Lab – Improved vendor products – Vendor final demonstrations
Presenting utility requirements with a ‘unified voice’