Presentation is loading. Please wait.

Presentation is loading. Please wait.

TC 57 IEC TC57 WG15 - Security Status & Roadmap, July 2008 Frances Cleveland Convenor WG15.

Published byEmma Yell Modified over 10 years ago

Similar presentations

Presentation on theme: "TC 57 IEC TC57 WG15 - Security Status & Roadmap, July 2008 Frances Cleveland Convenor WG15."— Presentation transcript:

1 TC 57 IEC TC57 WG15 - Security Status & Roadmap, July 2008 Frances Cleveland Convenor WG15

2 TC 57 WG15 Status October 2007 2 Topics  Scope of WG15  Current Status  Roadmap of Future Work

3 TC 57 WG15 Status October 2007 3 Scope of WG15 on Security  Undertake the development of standards for security of the communication protocols defined by the IEC TC 57, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series.  Undertake the development of standards and/or technical reports on end-to-end security issues.

4 TC 57 WG15 Status October 2007 4 Security Functions vs. Threats Unauthorized Access to Information Unauthorized Modification or Theft of Information Denial of Service or Prevention of Authorized Access Denial of Action that took place, or Claim of Action that did not take place Resource Exhaustion Integrity Violation Planted in System Virus/Worms Trojan Horse Trapdoor Service Spoofing Stolen/Altered Eavesdropping Traffic Analysis EM/RF Interception Indiscretions by Personnel Media Scavenging Listening After-the-Fact Denial of Service Interactions Masquerade Bypassing Controls Authorization Violation Physical Intrusion Man-in-the-Middle Integrity Violation Theft Replay Intercept/Alter Repudiation Modification Repudiation - Actively Being Addressed - Desired Confidentiality IntegrityAvailability Non-Repudiation

5 Security Functions, Threats, and WG15 Work Pattern Unauthorized Modification or Theft of Information Integrity Unauthorized Access to Information Confidentiality Denial of Service or Prevention of Authorized Access Availability Denial of Action that took place, or Claim of Action that did not take place Non-Repudiation Corporate Security Policy and Management Cigre, Utilities Security Management Security Testing, Monitoring, Change Control, and Updating Security Compliance Reporting Security Risk Assessment of Assets Security Policy Exchange Security Attack Litigation During-Attack Coping and Post-Attack Recovery Security Incident and Vulnerability Reporting Firewalls with Access Control Lists (ACL) Intrusion Detection Systems (IDS) Audit Logging Anti-Virus/ Spy-ware IEC62351 Security for TASE.2, DNP, 61850 Public Key Infrastructure (PKI) Transport Level Security (TLS) Virtual Private Network (VPN) AGA 12-1 “bump- in-the-wire” WPA2/80211.i for wireless Digital Signatures CRC Symmetric and Asymmetric Encryption (AES, DES) Network and System Management (NSM) Credential Establishment, Conversion, and Renewal CertificatesPasswords Authentication Data Backup Identity Establishment, Quality, and Mapping Role-Based Access Control Certificate and Key Management Tele- comm Being Addressed by many other bodies New Work

6 TC 57 WG15 Status October 2007 6 IEC 62351 Part 1: Introduction Mapping of TC57 Communication Standards to IEC 62351 Security Standards IEC 62351 Part 2: Glossary IEC 62351 Part 3: Profiles Including TCP/IP IEC 62351 Part 4: Profiles Including MMS IEC 62351 Part 5: IEC 60870-5 & Derivatives IEC 62351 Part 6: IEC 61850 IEC 60870-6 TASE.2 IEC 60870-5-104 & DNP3 IEC 60870-5-101 & Serial DNP IEC 61850 GOOSE, GSE, SMV IEC 61850 over MMS IEC 62351 Part 7: MIBs for Network Management

7 TC 57 WG15 Status October 2007 7  IEC 62351: Data and Communications Security  Part 1:Introduction  Part 2:Glossary  Part 3:Security for profiles including TCP/IP  Part 4:Security for profiles including MMS  Part 5:Security for IEC 60870-5 and derivatives  Part 6:Security for IEC 61850 profiles  Part 7:Objects for Network Management Status of Security Documents, May 2007 Submitted as Technical Specifications in Dec 2006, being finalized by IEC Submitted as DTS ver 2 January 2007. Comments being awaited Issued as CD, (NWIP)

8 TC 57 WG15 Status October 2007 8 For increased power system reliability and security in the future, the two closely intertwined infrastructures must be designed, implemented, and managed as a whole … Central Generating Plant Step-Up Transformer Distribution Substation Transmission Substation Distribution Substation Distribution Substation Commercial Industrial Commercial Gas Turbine Diesel Engine Cogeneration Diesel Engine Fuel cell Micro- turbine Wind Residential Photo voltaics Batteries Data Concentrator Control Center Operators, Engineers, & Other Users 2. Information Infrastructure 1.Power System Infrastructure

9 TC 57 WG15 Status October 2007 9 Security Monitoring Architecture Using NSM

10 TC 57 WG15 Status October 2007 10 NERC’s Top Ten Vulnerabilities for Control Systems 1. Inadequate policies, procedures, and culture that govern control system security. 2. Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms. 3. Remote access to the control system without appropriate access control. 4. System administration mechanisms and software used in control systems are not adequately scrutinized or maintained. 5. Use of inadequately secured WiFi wireless communication for control. 6. Use of a non-dedicated communications channel for command and control and/or inappropriate use of control system network bandwidth for non-control purposes. 7. Insufficient application of tools to detect and report on anomalous or inappropriate activity. 8. Unauthorized or inappropriate applications or devices on control system networks. 9. Control systems command and control data not authenticated. 10. Inadequately managed, designed, or implemented critical support infrastructure

11 TC 57 WG15 Status October 2007 11 Format of Normative Clauses of Part 7 – Using 61850 Naming and Style

12 TC 57 WG15 Status October 2007 12 TC57 Security (62351) Roadmap As of July 2008 Current WorkNWIPs to be IssuedOn-Going Coordination Parts 1, 3, 4, 6 – Finalized as TS Standards Party 2: Glossary – CDV Part 5: Security for IEC 60870-5 Protocols – CDV Part 7: Network and System Management /MIBs as CD Part 8: Role-Based Access Control Activities by 2008To be issued 2008Current and Future Remote Changing of Update Keys for IEC 60870-5 Implementation Specification for IEC 60870-5 Conformance testing and interoperability testing Security for Access to CIM (Interfaces and RBAC) Security Architecture IEC TC65C WG10 ISA, CIGRE D2.22 EPRI,NERC, PCSF National Labs IEEE PSRC IEEE Security P1711, P1686, P1689 TC57 WG03 TC57 WG07?

13 TC 57 WG15 Status October 2007 13 Role-Based Access Control  The scope of the proposed work is to define a specification for the use of Role Based Access Control not only in field devices but also for a whole system, consisting of field devices, station control and network control – the complete pyramid, in order to support end to end security. The specification will refer to the standards IEC 61970 CIM, IEC 61850 and IEC 62351 and also to ANSI INCITS 359-2004.

Download ppt "TC 57 IEC TC57 WG15 - Security Status & Roadmap, July 2008 Frances Cleveland Convenor WG15."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Join Us Now at: Enabling Interoperability for the Utility Enterprise And TESTING.

Join Us Now at: Enabling Interoperability for the Utility Enterprise And TESTING.
Geneva, Switzerland, 15-16 September 2014 Smart Grid cyber security within IEC TC57 WG15 Fernando Alvarez, Cyber Security Technical PM ABB Switzerland.

Geneva, Switzerland, September 2014 Smart Grid cyber security within IEC TC57 WG15 Fernando Alvarez, Cyber Security Technical PM ABB Switzerland.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland

Xanthus Consulting International Smart Grid Cyber Security: Support from Power System SCADA and EMS Frances Cleveland
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cyber Security in Implementing Modern Grid Automation Systems Vijayan SR CIGRE SC D2 Tutorials & Colloquium on SMART GRID Mysore, 13 – 15 November 2013.

Cyber Security in Implementing Modern Grid Automation Systems Vijayan SR CIGRE SC D2 Tutorials & Colloquium on SMART GRID Mysore, 13 – 15 November 2013.
Smart The Grid Plenary Panel: Smart Grid Interim Roadmap Draft and Processes Joe Hughes, EPRI Erich Gunther, Enernex Frances Cleveland, Xanthus Consulting.

Smart The Grid Plenary Panel: Smart Grid Interim Roadmap Draft and Processes Joe Hughes, EPRI Erich Gunther, Enernex Frances Cleveland, Xanthus Consulting.
Chapter 1 – Introduction

Chapter 1 – Introduction
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks

Similar presentations

Ads by Google