Presentation is loading. Please wait.

Presentation is loading. Please wait.

© OASIS 2010 Security, Privacy, the SmartGrid and open standards Jamie Clark, OASIS Bob Griffin, EMC Hal Lockhart, Oracle Santa Clara, CA May 2010.

Published byRegina Lynch Modified over 9 years ago

Similar presentations

Presentation on theme: "© OASIS 2010 Security, Privacy, the SmartGrid and open standards Jamie Clark, OASIS Bob Griffin, EMC Hal Lockhart, Oracle Santa Clara, CA May 2010."— Presentation transcript:

1 © OASIS 2010 Security, Privacy, the SmartGrid and open standards Jamie Clark, OASIS Bob Griffin, EMC Hal Lockhart, Oracle Santa Clara, CA May 2010

2 © OASIS 2010 ● OASIS is a member- led, international non- profit standards consortium for global e-business & the information economy ● Over 650 members ● Over 70 technical committees producing royalty-free and RAND standards "The largest standards group for electronic commerce on the Web." 15% Government & Academic 35% Users & influencers 50% Technology Providers Introduction James Bryce Clark, General Counsel, OASIS jamie.clark@oasis-open.org www.twitter.com/JamieXML

3 Description

4 ebXML MSG, ebXML IIC, WS-RX, WSQM, [WS- Reliability] BIAS Integration, DSS-X, EKMI, PKI, SAML, WS-SX, [DSS], [WS- Security], [XCBF] SCA- Policy, SPML, WS- Federation, XACML, [DSML] DCML (x2), WSDM, WSRF, WS-Notification ASAP, CAM, ebXML-BP, Semantic Exec, SCA- BPEL, WSCAF, WS-TX, [BTP]. [WSBPEL] ebXML RegRep, UDDI RELAX NG, XSLT Conformance ElectionML, Emergency, Forest, IHC, Legal XML(4), Materials, OBIX, PLCS, PPS, RCXML, TaxXML,TransWS, XLIFF, [Auto Repair], [AVDL], [eGov] Code Lists, DITA, SCA-C, SCA-J, SearchWS, XDI, XRI, [Entity Res], [Topic Maps] ebXML CPPA, HumanML, SCA-Assembly, SDD, UIMA, UIML, WSRP BCM, ebSOA, FWSI, SCA-Bindings, SOA-RM, Test Assertions, [Conformance] CIQ, CGM, DocBook, OpenDocument, ODF Adoption, UBL, UnitsML, UOML Energy Interop, EMIX, WS-Calendar

5 © OASIS 2010 What is an Open Standard? An open standard is: publicly available in stable, persistent versions developed and approved under a published, transparent process open to public input: public comments, public archives, no NDAs, multiple stakeholder sides licensable under to explicit, feasible IPR terms Anything else is proprietary: Using methods from a single company, or close group, may be fine: but different risks than using standards Government and industry RFPs increasingly demand open standards, for modularity & sourcing

6 © OASIS 2010 Real-world installations are composed of multiple standards IP TCP URIs SMTP IMAP / POP3 HTML ASCII / Unicode Typical e-mail

7 © OASIS 2010 Big networks (like the Internet and the SmartGrid) necessarily are modular: multiple legitimate ways to do things

8 © OASIS 2010 Multiple standards may co-exist Simpler More complex Lightweight codeHeavyweight code, more functionality Easier to tool, deployBigger tools, higher cost Loose coupling to other methodsMore exclusive Limited use caseHighly scalable Innovation & interoperability require modularity & flexibility

9 © OASIS 2010 SmartGrid Topology for Dummies Devices ? Privacy AMI HAN

10 © OASIS 2010 Privacy: what are we collecting? Data from distinct devices Data from aggregate load signatures When do you usually come home? After last call, maybe? Are your kids home? Are they home alone? Is your alarm system armed? How often do you take baths? Are you taking one right now?

11 © OASIS 2010 Instances of data control & access Designed control & monitoring uses Designed control beyond expected limits -- shutoffs from above -- "upgrades" from above Unintended access (hacking) -- wardriving, Google Maps survey cars Undisclosed designed uses Do your appliances "phone home"? Like webcookies: in addition to the data conversation you know, how many others are going on? Data mining for marketing; warranty filtering; etc.

12 © OASIS 2010 Legal & regulatory tools for privacy (EU) Data ownership Use of PII (health, social security numbers, accounts & internet devices) Privacy notices & contract breach "Fair information practices" per the FTC Fourth Amendment searches & overintrusiveness Trade secrets (?) Location services from mobile devices (?) Anonymization

13 © OASIS 2010 SmartGrid Topology for Dummies Devices ? Security AMI HAN

14 © OASIS 2010 NIST/DoE SGIP Cybersecurity WG http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/ CyberSecurityCTG NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements In beta; comment period closing June 2 Principles for practices & use of data standards Builds on DHS Catalog of Control Systems Security: Recommendations for Standards Developers (March 2010): developing mappings for HAN, AMI http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/ CSCTGHighLevelRequirements

15 © OASIS 2010 DHS Catalog of Control Systems Security... Published Security Policies Organizational & Management Practices Personnel Issues Hiring, Roles, Transfer, Accountability, Termination Physical Security Gate/access control Logs & records Emergency systems, environmental systems & shutoffs Deliveries, Removals, Portable Media Location of sensitive controls & assets...

16 © OASIS 2010 DHS Catalog of Control Systems Security... Acquisition RFP, purchases, supply chain assurance & lifecycles Mergers & newly acquired businesses Documentation control Software management, licensing, outsourcing Configuration Managament Policies, Baselines, Change control, Function limits Planning & Risk Mitigation...

17 © OASIS 2010 DHS Catalog of Control Systems Security... Systems & Communication Protection Integrity, Authenticity, Cryptography, Function isolation Situational issues (mobile, VoIP, cloud, virtualization, &c) Information (Document) Management System Maintenance, Backup, Recovery Training Incident Response Data Medium Protection...

18 © OASIS 2010... DHS Catalog of Control Systems Security System Integrity Alerts, Errors, Spam, Malware, etc. Access Control Policies, Identifiers, Authenticators, Enforcement Audit & Accountability Monitoring of Security Policy Compliance Risk Management Security Program Management

19 Stable, tested, well- tooled open standards do fulfill many of these SmartGrid needs

20 © OASIS 2010 Security, Privacy, the SmartGrid and open standards Jamie Clark, OASIS Bob Griffin, EMC Hal Lockhart, Oracle Santa Clara, CA May 2010

Download ppt "© OASIS 2010 Security, Privacy, the SmartGrid and open standards Jamie Clark, OASIS Bob Griffin, EMC Hal Lockhart, Oracle Santa Clara, CA May 2010."

Similar presentations

OASIS and Web Services Standards: Patrick J. Gannon President and CEO www.oasis-open.org.

OASIS and Web Services Standards: Patrick J. Gannon President and CEO
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Interoperability at the Business Layer ISWC Industry Day – Information Juggernaut National University of Ireland - Galway 7 November 2005 Patrick Gannon.

Interoperability at the Business Layer ISWC Industry Day – Information Juggernaut National University of Ireland - Galway 7 November 2005 Patrick Gannon.
Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,
UCAIug HAN SRS v2.0 Summary August 12, 2010. 2 Scope of HAN SRS in the NIST conceptual model.

UCAIug HAN SRS v2.0 Summary August 12, Scope of HAN SRS in the NIST conceptual model.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Prescriptive Guidance for SOA Peter Roden Director of Technology Development OASIS.

Prescriptive Guidance for SOA Peter Roden Director of Technology Development OASIS.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Securing the Digital Frontier: The Need For Robust Cyber-Security Standards Dr. Carol Cosgrove-Sacks, Senior Advisor, International Standards Policy OASIS.

Securing the Digital Frontier: The Need For Robust Cyber-Security Standards Dr. Carol Cosgrove-Sacks, Senior Advisor, International Standards Policy OASIS.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Identity Management Standards from OASIS Patrick Gannon President & CEO Patrick Gannon President & CEO Architecting Identity Management The Open Group,

Identity Management Standards from OASIS Patrick Gannon President & CEO Patrick Gannon President & CEO Architecting Identity Management The Open Group,
XML’s Role as a Standard for Building Automation Patrick Gannon President & CEO Patrick Gannon President & CEO CABA XML Symposium Orlando, 9 February 2005.

XML’s Role as a Standard for Building Automation Patrick Gannon President & CEO Patrick Gannon President & CEO CABA XML Symposium Orlando, 9 February 2005.
© OASIS 2010 Managing the Maze of SmartGrid standards Jamie Clark, OASIS Dave Wollman, NIST Zahra Makoui, Pacific Gas & Electric Santa Clara, CA May 2010.

© OASIS 2010 Managing the Maze of SmartGrid standards Jamie Clark, OASIS Dave Wollman, NIST Zahra Makoui, Pacific Gas & Electric Santa Clara, CA May 2010.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Mapping OASIS Technical Work: Where’s Reliability? New Orleans, April 2004.

Mapping OASIS Technical Work: Where’s Reliability? New Orleans, April 2004.
Achieving Sustainable Business Benefits with SOA and Web Services Standards OASIS Open Standards Day Singapore 21 October 2005 Patrick Gannon President.

Achieving Sustainable Business Benefits with SOA and Web Services Standards OASIS Open Standards Day Singapore 21 October 2005 Patrick Gannon President.

Similar presentations

Ads by Google