1 / 20

Texas Data Transport Work Group Review

Texas Data Transport Work Group Review. RMS Meeting May 29, 2002. Agenda. TDTWG Goal TDTWG History TDTWG Plans Review Existing System & Issues Review ERCOT Phase 1 and 2 Solutions Implementation Strategy Frequently Asked Questions & Issues Questions and Approvals.

jane
Download Presentation

Texas Data Transport Work Group Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Texas Data Transport Work Group Review RMS Meeting May 29, 2002

  2. Agenda • TDTWG Goal • TDTWG History • TDTWG Plans • Review Existing System & Issues • Review ERCOT Phase 1 and 2 Solutions • Implementation Strategy • Frequently Asked Questions & Issues • Questions and Approvals

  3. Texas Data Transport Work Group Our Goal is a Transport Standard for the Texas Market Participants that is optimal in: • Security • Reliability • Efficiency • Simplicity • Cost

  4. Texas Data Transport Work GroupHistory • September 2000 : • PUCT Work Group formed to develop data transport standard for point-to-point • ERCOT involvement delayed until after market opening • October 2000 : • Consensus reached by TDTWG to standardize on GISB EDM for point-to-point • PUCT approves recommendation of TDTWG • November – December 2000 : • Drafted strawman document, revised, and reviewed • January 2001 • Completed document and reached approval consensus • February 2001 • Began testing of GISB EDM • July 2001 • Under RMS direction, TDTWG begins review of GISB EDM improvements and recommendations for ERCOT

  5. Texas Data Transport Work GroupHistory • September 25, 2001 : • “The group unanimously agreed to pursue the GISB EDM solution ‘with additional features’ …” • October 2001 : • TDTWG works with ERCOT to formulate plan to ultimately replace FTP • November 2001 : • ERCOT FTP Replacement plan approved by RMS • Includes NAESB / GISB EDM 1.6 with improvements • March 2002 : • NAESB EDM work group approves TDTWG/ERCOT proposed improvements for 1.6 inclusion • April 2002 : • ERCOT FTP Replacement phase 1 successfully tested • May 2002 : • ERCOT seeks funding approval from RMS on implementing NAESB / GISB EDM 1.6 • TDTWG publishes FTP replacement document documenting and justifying advantages of FTP replacement plan

  6. Texas Data Transport Work GroupPlans Continue and complete work on: • “Best Practices” for transaction bundling, enveloping and transmission • Present working document to Texas SET • ERCOT Implementation Guideline for FTP Replacement Scripts – review for improvements and approve • TDTWG Implementation Guideline for NAESB/GISB EDM 1.6 • Provide details of implementation to minimize costs of MP’s (e.g. OpenPGP – use of and encryption algorithm details) • Provide certification testing details to TTPT

  7. GISB EDM FTP FTP GISB EDM Market Participant B FTP Market Participant C Current System Overview ERCOT Encryption/Decryption Processing (B) FTP Mail (A) Market Participant A Translation/ Meter Data Enrollment Invoices ( C ) Process Monitoring (D)

  8. Issues with FTP Solution • Potential Security Risks • Sensitive Data passed in the clear • Vulnerable to sniffing by middleman • FTP server is vulnerable to attack • Lack of guaranteed delivery • Error prone file transmissions • Failures during MPUT/MGET operations can result in files being resent • Can result in “incomplete” file transmissions • No control over file naming conventions (duplicate names) • Not Firewall friendly

  9. Issues with FTP Solution • Has Auditing “Blind spots” • No transport acknowledgement receipts • No transport message identifiers • Encryption key management and access controls • Two Systems Required for most MP’s: • GISB EDM (Point to Point) • FTP (ERCOT) • PGP is costly - ($10,000/server)

  10. Market Participant Feedback • FTP process is unreliable and error prone • Some have suggested replacing FTP with GISB EDM v1.4, the solution currently used for point-to-point transaction data exchange

  11. Issues with GISB EDM Solution • Security Risks (per Sandia report) • Usernames/Passwords passed in clear • same problem as FTP • Vulnerable to man in the middle attacks, sniffing • same problem as FTP • Vulnerable to replay attacks • same problem as FTP • Cost of PGP ($10,000/server) • Cost of GISB solution ($50,000+) can be prohibitive for small market participants • No payload identification for XML • Requires Internet accessible server 24x7 • No support for mailboxing/pull (currently push only solution)

  12. Ideal Solution • Highly reliable solution, like GISB EDM • High degree of security to protect all sensitive data and prevent hacker attacks • Scalable/high performance • Multi-platform support • Firewall friendly • Comprehensive logging, tracking and auditing • Minimal impact on Market participants (easy to implement/smooth migration) • Ability to track a transactions status throughout entire processing life cycle (transport through application processing) • Implement guaranteed delivery mechanism and eliminate potential for incomplete file transfers and duplicate file transmissions • Support for both Push and Pull models • Low cost for Market Participant • Implement-able ASAP in order to address security issues

  13. Proposed Solution • GISB EDM with the following additional features: • Secure Sockets Layer (SSL) • Unique Message identifiers for tracking & security purposes • Support for XML • Support for Open PGP • TDTWG and ERCOT worked with GISB/NAESB to implement these additional features – now in EDM 1.6

  14. TDTWG GISB EDM (v1.4) TDTWG GISB EDM (v1.4) HTTPS “PULL” Market Participant B Market Participant C Phase 1 Solution - System Overview ERCOT Encryption/Decryption Processing (B) HTTPS Mail (A) HTTPS “PULL” Market Participant A Translation/ Meter Data Enrollment Invoices ( C ) HTTPS “PULL” Process Monitoring (D)

  15. TDTWG GISB EDM With Additional Features (v1.6) Market Participant A TDTWG GISB EDM With Additional Features (v1.6) Market Participant B Market Participant C Phase 2 Solution - System Overview ERCOT Encryption/Decryption Processing (B) “Enhanced” GISB EDM (A) Translation/ Meter Data Enrollment Invoices ( C ) HTTPS Mail HTTPS “PULL” Process Monitoring (D)

  16. Timing • Phase 1 Solution - ERCOT HTTPS (FTP replacement) April 2002 – Certification Testing May 2002 – Production Implementation • Phase 2 Solution - NAESB/GISB EDM 1.6: Complete Migration Depends on ERCOT Implementation & Vendors 4Q 2002 Possible

  17. Frequently Asked Questions/Issues • Is FTP security a true problem or just a potential problem? • Yes – and we have had known occurrences. • Why not just implement the current GISB EDM 1.4 or 1.5 TDTWG solution at ERCOT? • Both GISB EDM Versions 1.4 and 1.5 have security problems like FTP - as documented in the Sandia report on GISB EDM. In addition, GISB EDM would be a significant cost burden to the smaller MP’s (e.g. NOIE’s) so a low cost “pull” script is still a requirement for ERCOT. • Does an MP have to buy PGP now in order to communicate via FTP with ERCOT? • Yes, and it is reported to be increasing in price from $10,000 per server to $10,000 per CPU.

  18. Frequently Asked Questions/Issues • What is being done about the PGP cost problem? • Both the FTP replacement at ERCOT and the GISB EDM additional features (v1.6) will specify “OpenPGP” as the encryption standard. OpenPGP is open source software with free available downloads. • Is ERCOT or the TDTWG developing a competing standard to GISB EDM? • No. ERCOT and TDTWG are actively working with GISB to make sure this does not occur and we have one standard. ERCOT proposed enhancements have been approved for NAESB/GISB EDM 1.6 • Is ERCOT competing with software vendors by distributing the FTP replacement? • ERCOT has stated no. These are replacement scripts to the FTP scripts originally sent out by ERCOT/Accenture – equivalent to a version 2 release. • Will the FTP replacement scripts be a major improvement in security? • Yes. ERCOT has stated that the same additional security features recommended by Sandia for GISB EDM are being implemented in the FTP replacement scripts.

  19. Frequently Asked Questions/Issues • Will ERCOT allow both the FTP and the FTP replacement (HTTPS “pull”) protocols during the March 2002 test flight? • ERCOT/Rob Connell stated in Nov 27 con call that this was under serious consideration • Will ERCOT allow MP’s to use FTP until the GISB EDM with additional features (v1.6) is available? • As was explained in the Nov 27 con call, the exact availability of GISB EDM v1.6 cannot be accurately estimated. ERCOT/Rob Connell explained the importance of the security and reliability (guaranteed delivery and tracking) of the FTP replacement protocol which may mandate implementing the FTP replacement before GISB EDM v1.6 is available. • Is GISB being renamed to EISB? • NO. At last report the new name effective 2002 will be North American Energy Standards Board. (NAESB)

  20. Questions?

More Related