IEC TC57 WG15 - Security Status & Roadmap , July 2008

1. IEC TC57 WG15 - SecurityStatus & Roadmap,July 2008 Frances Cleveland Convenor WG15

2. Scope of WG15 on Security • Undertake the development of standards for security of the communication protocols defined by the IEC TC 57, specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series. • Undertake the development of standards and/or technical reports on end-to-end security issues. WG15 Status October 2007

3. Integrity Availability Confidentiality Non-Repudiation Unauthorized Access to Information Denial of Action that took place, or Claim of Action that did not take place Unauthorized Modification or Theft of Information Denial of Service or Prevention of Authorized Access Modification Intercept/Alter Repudiation - Desired - Actively Being Addressed Security Functionsvs.Threats Listening Interactions Planted in System Eavesdropping Traffic Analysis EM/RF Interception Indiscretions by Personnel Media Scavenging Masquerade Bypassing Controls Authorization Violation Physical Intrusion Man-in-the-Middle Integrity Violation Theft Replay Virus/Worms Trojan Horse Trapdoor Service Spoofing After-the-Fact Stolen/Altered Repudiation Denial of Service Resource Exhaustion Integrity Violation WG15 Status October 2007

4. Tele-comm Identity Establishment, Quality, and Mapping Role-Based Access Control Certificate and Key Management Security Functions, Threats, and WG15 Work Pattern Integrity Availability Confidentiality Non-Repudiation Unauthorized Access to Information Denial of Action that took place, or Claim of Action that did not take place Unauthorized Modification or Theft of Information Denial of Service or Prevention of Authorized Access Data Backup Audit Logging Intrusion Detection Systems (IDS) Authentication Firewalls with Access Control Lists (ACL) Anti-Virus/ Spy-ware Credential Establishment, Conversion, and Renewal IEC62351 Security for TASE.2, DNP, 61850 Public Key Infrastructure (PKI) Network and System Management (NSM) Passwords Certificates New Work Transport Level Security (TLS) Virtual Private Network (VPN) WPA2/80211.i for wireless AGA 12-1 “bump-in-the-wire” Digital Signatures CRC Symmetric and Asymmetric Encryption (AES, DES) Security Management Security Testing, Monitoring, Change Control, and Updating Security Compliance Reporting Security Risk Assessment of Assets Being Addressed by many other bodies During-Attack Coping and Post-Attack Recovery Security Policy Exchange Security Incident and Vulnerability Reporting Security Attack Litigation Cigre, Utilities Corporate Security Policy and Management

5. Status of Security Documents, May 2007 • IEC 62351: Data and Communications Security • Part 1: Introduction • Part 2: Glossary • Part 3: Security for profiles including TCP/IP • Part 4: Security for profiles including MMS • Part 5: Security for IEC 60870-5 and derivatives • Part 6: Security for IEC 61850 profiles • Part 7: Objects for Network Management Issued as CD, (NWIP) Submitted as DTS ver 2 January 2007. Comments being awaited Submitted as Technical Specifications in Dec 2006, being finalized by IEC WG15 Status October 2007

6. Operators, Engineers, & Other Users Central Generating Step-Up 2. Information Infrastructure Plant Transformer Distribution Transmission Distribution Control Center Gas Substation Substation Substation Diesel Turbine Engine Distribution Micro- Substation turbine Data Concentrator Commercial Diesel Fuel Photo Engine cell voltaics Cogeneration Batteries Wind Industrial Residential Commercial For increased power system reliability and security in the future, the two closely intertwined infrastructures must be designed, implemented, and managed as a whole … 1.Power System Infrastructure WG15 Status October 2007

7. Security Monitoring Architecture Using NSM WG15 Status October 2007

8. NERC’s Top Ten Vulnerabilities for Control Systems 1. Inadequate policies, procedures, and culture that govern control system security. 2. Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms. 3. Remote access to the control system without appropriate access control. 4. System administration mechanisms and software used in control systems are not adequately scrutinized or maintained. 5. Use of inadequately secured WiFi wireless communication for control. 6. Use of a non-dedicated communications channel for command and control and/or inappropriate use of control system network bandwidth for non-control purposes. 7. Insufficient application of tools to detect and report on anomalous or inappropriate activity. 8. Unauthorized or inappropriate applications or devices on control system networks. 9. Control systems command and control data not authenticated. 10. Inadequately managed, designed, or implemented critical support infrastructure WG15 Status October 2007

9. Format of Normative Clauses of Part 7 – Using 61850 Naming and Style WG15 Status October 2007

10. TC57 Security (62351) Roadmap As of July 2008 • Remote Changing of Update Keys for IEC 60870-5 • Implementation Specification for IEC 60870-5 • Conformance testing and interoperability testing • Security for Access to CIM (Interfaces and RBAC) • Security Architecture • IEC TC65C WG10 • ISA, CIGRE D2.22 • EPRI,NERC, PCSF • National Labs • IEEE PSRC • IEEE Security P1711, P1686, P1689 • TC57 WG03 • TC57 WG07? WG15 Status October 2007

11. Role-Based Access Control • The scope of the proposed work is to define a specification for the use of Role Based Access Control not only in field devices but also for a whole system, consisting of field devices, station control and network control – the complete pyramid, in order to support end to end security. The specification will refer to the standards IEC 61970 CIM, IEC 61850 and IEC 62351 and also to ANSI INCITS 359-2004. WG15 Status October 2007