Presentation is loading. Please wait.

Presentation is loading. Please wait.

AMI Security Roadmap April 13, 2007.

Published byJonathan McLaughlin Modified over 5 years ago

Similar presentations

Presentation on theme: "AMI Security Roadmap April 13, 2007."— Presentation transcript:

1 AMI Security Roadmap April 13, 2007

2 Security History and Status
Pre-RFP Initial security analysis focused on threat assessments, information classification, NERC CIP analysis, and functional expectations Conceptual security architecture based on business and regulatory requirements. This architecture showed the system capabilities and end to end cryptographic information flow Functionality represented within the conceptual architecture focused on: Preventing unauthorized access/control of the AMI network Secure meter registration and revocation AMI device authentication Customer data integrity/confidentiality Advanced intrusion detection Conceptual security architecture validated with technology and method specific design example (AMI Reference Architecture). Design used AMI Lightweight Cryptographic Services (ALCS) based on robust secret sharing techniques. Reference architecture used for internal validation only… Confirmed vendor responsibility Continuing concerns over vendors technical capability maturity RFP Requirements abstracted to highest functional representation to allow for vendor design flexibility Conceptual architecture and information shown as an example Capability maturity risk mitigation: Recommend partnering with a third party security vender Current Vendors RFP security response confirmed capability concerns (varied by vendor) In general, current industry/vendor security related capability maturity is low

3 Strategies and Principles
AMI security artifacts are specified and designed as a response to business requirements, regulatory requirements and environmental threats Uses Unified Information Assurance Framework (i.e., System engineering based methodologies) Functional requirements are appropriate given risk analysis AMI security services are part of unified business enterprise (i.e., TDBU, CSBU, IT) Use industry engagement (when appropriate) to further industry capabilities motivate vendors through standards design vetting establish best practices Use Evolutionary/Spiral development to roll capabilities out over a several releases (realistic expectations) Security capabilities enable functionality and ultimately add business value

4 Goals of AMI Security Design & Implementation
Security is viewed as an enabling function to increase capabilities over time Security Design is focused on mitigating the impact of the realization of AMI security requirements on the performance of the entire AMI solution Security is design in the context of the overall AMI System of Systems Context Threats and vulnerabilities are evaluated in the context of the risk to the business processes AMI enables Security Design in the context of the overall AMI System

5 Security Technology Capability Maturity (Updated)

6 Field Test: Capabilities and Architecture
Initial Configuration of Cryptographic Services Field Test Configuration primarily used for Performance related testing (Crypto Latency: Computational and Network) Vendors support Field Test Capabilities (Pre-placed keys)

7 Release One: Capabilities and Architecture
Initial Key Management Services Integration with Infrastructure Services (e.g., IDM, Access Controls) Complete Network Configuration (e.g., firewall and IPS services)

8 Release Two: Capabilities and Architecture
Add HAN Device Authentication & Confidentiality Key Management and Cryptographic Updates (RFP Compliances)

9 Release Three: Capabilities and Architecture
Complete set of Security Services Cryptographic Update: Complete Registration, Authentication, Distribution Integrated with IT PKI HAN Security Update

10 Unified Enterprise Context
Cryptographic scheme unified across enterprise Complete enterprise (AMI+DA+CSN) view through audit services All field elements are registered and authenticated Centralized security operations for field assets Leverages existing IT services (e.g., IDM) Common/shared management services

11 Internal engagement within SCE
Next Steps Internal engagement within SCE Security workshops (TDBU, CSBU, IT) Business policy alignment External engagement with Vendors Clarify vendor direction Clarify adherence to industry and SCE policies Ensure vendor integration within SCE enterprise External engagement with Industry Push and monitor security standards (e.g., Title-24, openHAN, utilityAMI, UtiliPoint, etc.) Use open Innovation approach to lead the way in AMI Security

Download ppt "AMI Security Roadmap April 13, 2007."

Similar presentations

UCAIug HAN SRS v2.0 Summary August 12, 2010. 2 Scope of HAN SRS in the NIST conceptual model.

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.

Vendor Briefing May 26, 2006 AMI Overview & Communications TCM.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
ISS IT Assessment Framework

ISS IT Assessment Framework
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL

Similar presentations

Ads by Google