UCAIug Summit October 22-26, 2012 New Orleans, Louisiana New Orleans Downtown Marriott at the Convention Center.

UCAIug Summit October 22-26, 2012

New Orleans, Louisiana

New Orleans Downtown Marriott at the Convention Center

CIM Overview: CIM is an international standard globally accepted for modeling the information exchanges required in electric utility industry. The interoperability enabled by the CIM standards is a key factor for achieving the Smart Grid vision.

OpenSG Overview: The OpenSG User Group (OSGug) was formed to create a forum for the development of requirements for SmartGrid systems. The work focus has been defined by the pragmatic needs of the Utility and Vendor communities. Through these forums leading experts share their insights, create technical content, and resolve key technical issues.

Testing Overview: The UCAIug Quality Assurance Program provides for Formalized conformance testing of products supporting IEC 61850 standard will verify that supported functions of the IED are implemented correctly as defined in the IEC 61850 standard. The results of the tests are documented in a detailed test report. If an IED passes the mandatory tests a conformance certificate will be issued. The Testing community is actively working to add the CIM standards and Green Button to its Quality Assurance Program.

Green Button Overview: The Green Button is based a standard developed by the North American Energy Standards Board (NAESB). NAESB OpenESPI 1.0 Standardizes the Energy Services Provider Interface (ESPI). Green Button uses the OpenESPI 1.0 standard to implement the common-sense idea that electricity customers should be able to securely download their own easy-to-understand household energy usage information from their utility or electricity supplier website.

IEC 61850 Overview IEC 61850 is an international standard developed by the International Electro technical Commission (IEC) that provides a comprehensive framework for the implementation of power system automation within substations and across the power system. IEC 61850 is a mission critical part of achieving the Smart Grid vision.

Open Smart Grid (OpenSG)

Security Working Group Meeting

Message from Chair, Vice Chair, Secretary

OpenSG Security Working Group Members, welcome to the conference. For those

attending events throughout the week, please share any pertinent information you learn

with the group and thanks for your support and participation.

The goal of this conference for OpenSG Security Working Group is to have an open

discussion and determine next steps to include projects.

Ensure the message of Utility Centric is out and all utilities know the OpenSG is specifically

for the utilities

Solicit inputs from Utilities on what they need from OpenSG, specifically with regards to

Security

Solicit inputs on improvements, comments, suggestions for group items

Vote on Advanced Metering Infrastructure Profile Changes

Review EPRI Slides and where group can assist

Open Smart Grid Security Working Groups Overview (Some Groups are in Hibernation

Until Called Upon)Chair - JD Senger, OncorVice Chair - Bobby Brown, Booz Allen HamiltonSecretary - Scott Palmquist, Itron

SG Security WG – Task Forces

Usability Analysis Task Force Evaluation and refinement of Security Profiles and other

materials considered for ratification by the SG Security WG

CyberSec-Interop Task Force (In Hibernation) Spinoff from DOE National SCADA Test Bed Lemnos

Interoperable Security Project

AMI-SEC Task Force (In Hibernation) Produce technical specifications used by utilities to assess and

procure AMI

Embedded Systems Security Task Force (Charter Under Revision)

Security requirements for embedded components and devices used in utility field systems

Will Arensman

[email protected]

Tam Do

[email protected]

Galen Rasche

[email protected]

Standardized Security Objects for AMI

October 23, 2012

mailto:[email protected]



8© 2012 Electric Power Research Institute, Inc. All rights reserved.

Agenda:Standardized Security Objects for AMI

Background and Approach

Document Overview

Current Status

Next Steps

Working Group Activity


Background: Project Information

Part of EPRI Program P183: – Cyber Security and Privacy

Build on Cyber Security Initiative AMI task– Recent EPRI Report– AMI Common Alarms and Events

Increase the interoperability of AMI security objects

Better alert and alarms for improved situational awareness


Background: Project Information

Deliverables:• Technical Update: December 14, 2012

– Security Object Specifications for AMI Systems

Value:– Allow more event management vendors to more

effectively support AMI monitoring– Easier integration of multiple AMI vendors into

event management systems (SIEMs)

Building foundation for integrated smart grid monitoring


Approach

Engaging the Community:

• Common AMI Alarms and Events Document Draft– Released to OpenSG Security WG for review– Performed mapping to ANSI C12.19 events

• David Haynes (Aclara)• Proposing new event codes to committee at

October meeting

• Working with vendors and asset owners on development of standards


Approach

Open process– Develop consensus for

security objects with industry stakeholders

– Begin engagement with third-party SIEM vendors

1 – Solicit Community Participation· Circulate Project Description· Contact Utilities· Contact AMI Vendors

2 – Prepare Draft Document· Consensus on Technologies· Begin Documenting Metadata

3 – Revise Document· Input from Stakeholders· Draft Tables and Diagrams

4 – Distribute to Community· Consider Feedback· Revise Document

5 – Initial Release


Approach: Common Alerts and Events

• Authentication– C12.XX– Home Area Network

• Integrity– Event Log and Storage

Management

• Billing Data– Accounting– Meter Disconnect Switch

• Anomaly Detection– Metrology– Firmware

• Cryptographic Services– Key, Certificate Management

• Notifications, Signaling– Communication Interfaces– System Security– Physical, Device Security

Categories of Alerts and Events:


Document Overview

System Interfaces

High Level Functionality

Communication

Detailed Functionality


System Interfaces

• Meter to AMI Headend– C12.XX

• AMI Headend to SIEM– Candidate Technologies– Syslog, XML, Multispeak

Interfaces Examined:

Meter

C12.19, C12.22

AMI HeadendSecurity Information and Event

Management

Interface 2


High Level Functionality

• Describe basic concept of operation for each interface

• ANSI C12.19-2008/IEEE Std 1377-2012 – Emit alerts through exception processing and

event logs.

• AMI Headend to SIEM– Identify interface technology and describe high

level usage


Communication

Identify communication sequences:

• AMI interfaces are specialized and constrained– Bandwidth, latency– Efficiency is critical– Communicate security alarms and events

effectively

• Some events may need to be counted and communicated periodically

• Define this system interaction


Detailed Functionality

• Change of password – C12.19 message – "write service event to the password table" – PSEM Write Code, password table

• Provide tables with mapping, proposed metadata

• Where this mapping is not possible, additions to the C12.19 and C12.22 standards are suggested


Current Status and Focus

• On schedule– Deadline mid-November

• Solicit feedback– General comments– Metadata contributions– Communication sequence contributions– Interface technologies and standards

• Champions in other working groups


Next Steps

• Integrate feedback

• Finish and Release AMI Security Objects Document– Continue mapping to existing standards– Propose updates to standards when applicable

• Work with vendors and asset owners on development of standards


Working Group Activity


Together…Shaping the Future of Electricity

Continued Coordination with External Groups

NIST Cyber Security Working Group Electric Power Research Institute (EPRI) project

P183.009, Standardized Security Objects for AMI. P183.009

Industrial Control Systems Joint Working Group (ICSJWG) Vendor Subgroup

Green Button Any Updates on DOE funding for 2013? Next Steps

“Green Button” is the common-sense idea that electricity customers should be able to securely download their own easy-to-understand household energy usage information from their utility or electricity supplier website. Numerous companies are already developing web and smart phone applications and services for businesses and consumers that can use Green Button data to help consumers choose the most economical rate plan for their use patterns; deliver customized energy-efficiency tips; provide easy-to-use tools to size and finance rooftop solar panels; and conduct virtual energy audits that can cut costs for building owners and speed the initiation of retrofits. Developing innovative applications and services to help consumers understand and manage their energy use and understand the environmental impacts of that usage is a field ripe for innovation.

The attached document is a call for participation to any Accreditation Body, Certification Body, and Conformity and Interoperability Test Laboratories interested in participating in the UCAIug “Green Button” Testing Program. If your organization is interested in participating in this program, we encourage you to respond to the call for participation by end of business Friday, November 2nd , 2012.

We will be having a Face to Face meeting at the UCAIug 20112 Summit in New Orleans. The Summit runs from October 22-26. Wednesday, October 24th we will have the initial meeting to kick-off the UCAIug Green Button Testing Program. More information on the Summit is available at http://www.ucaiug.org/Meetings/NO2012/default.aspx .The OpenADE will be meeting all day on Thursday, October 25, 2012 working sessions to make progress on the Green Button testing requirements that will drive the test cases.

GREEN BUTTON

(OpenSG Members Please Advise if Attending)

http://www.greenbuttondata.org/greenadopt.html

http://en.openei.org/apps/?keyword=Green%20Button%20Apps

http://www.ucaiug.org/Meetings/NO2012/default.aspx

Advanced Metering Infrastructure Security Profile Update for Vote

Updated tables 2, line 4 in the AMI-Sec Security Profile. Approval of the modification vote to eligible voting members. Upon approval will rev the doc

to Version 2.1 and remove track changes.

Changes submitted - Page 13 in the table row labeled Line #4: to MDMS, the Summary of Communication lists "customer HAN equipment commands."

This is in conflict with the requirements section of the document, and should be changed to something along the lines of "customer HAN equipment

responses.“ We don't want HAN devices sending commands to any part of the AMI system.

Call to Vote for following eligible members: JD Senger, Tam Do, Rich Tolway, Scott Palmquist, John Lilley, Galen Rasche, Neil Greenfield, Glen Chason,

Mark Ellison, Irene Gassko, David Chambers, Naeem Ahsan, Darren Highfill, David Mitton (If you already sent me your vote I have on record)

Ongoing Objectives

Support relationships with other OpenSG working groups and task forces

Discuss future objectives of group Continued coordination with NIST, DOE and others Ensure utility centric and utilities inputs are

incorporated Discuss any interim work done by TFs

Ongoing Efforts

The ASAP-SG Team finished the first complete public draft of the Security Profile for Substation Automation.

http://osgug.ucaiug.org/utilisec/Shared%20Documents/Substation%20Automation%20Security%20Profile/SA%20Security%20Profile

%20-%20v0_15%20-%2020120930.docx

John Lilley (Sempra) will resurrect the Usability Analysis Task Force to review the draft document and comments. Once completed the SG

Security Working Group will vote on this document.

Embedded Systems Task Force activated and no longer in hibernation. Charter being revised and deliverables to group in November.

Update from Rohit

Ongoing Efforts

Energy Sector Cybersecurity Capability Maturity Model (ES-C2M2) Discussion

Risk Management (i.e., how systems are assessed and scored). Utilities appear struggle with this and/or don’t

have methods that are repeatable. NIST has some guidelines, but none are specific enough to base a real calculation. Having a risk program will also be key in

NERC CIP compliance.

Substation Automation Profile Update

For those of you interested in reviewing and commenting on the Substation Automation Security Profile, it is

posted on the SharePoint site at:

http://osgug.ucaiug.org/utilisec/Shared%20Documents/Forms/AllItems.aspx?RootFolder=%2futilisec%2fShared%20Documents%2fSubstation%20Automation%20Security%20Profile&FolderCTID=&View=%7b059E5611%2d3141%2d4B3E%2dAAA4%2dFE7645EE07EE%7d

Darren Highfill ([email protected])) has volunteered to be the comments wrangler and editor.

http://osgug.ucaiug.org/utilisec/Shared%20Documents/Forms/AllItems.aspx?RootFolder=/utilisec/Shared%20Documents/Substation%20Automation%20Security%20Profile&FolderCTID=&View=%7B059E5611-3141-4B3E-AAA4-FE7645EE07EE%7D





mailto:[email protected])

Closing Security Group Discussion

Members open discussion on all topics for the Security Working Group such as items of interest by members.

Utility Members are the reason the group is here, any Utility members that would like to discuss hot topics

the group should be focused on please advise.

Closing Comments