1 / 31

Smart Grid cyber security within IEC TC57 WG15

ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014). Smart Grid cyber security within IEC TC57 WG15. Fernando Alvarez, Cyber Security Technical PM ABB Switzerland. Topics. Industrial Cyber Security Essentials

claraolson
Download Presentation

Smart Grid cyber security within IEC TC57 WG15

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Smart Grid cyber securitywithin IEC TC57 WG15 Fernando Alvarez, Cyber Security Technical PM ABB Switzerland

  2. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  3. Cyber Security – Essentialswithout / before IEC 62351 Physical perimeter protectionFences, motion sensors, cameras Electronic perimeter protectionFirewalls, VPN Antivirus and IDS Unused ports & services disabledDebug services, USB ports, etc. Robustness tested releasesNo device crashes due DOS attacks

  4. Cyber Security – Essentials Is all this enough?

  5. IEC 62351 – Even more essential

  6. IEC 62351 – Even more essentialSecure the protocols w/authentication+

  7. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  8. Mission and Scope ofTC57 WG15 on Cyber Security • Undertake the development of standards for security of the communication protocols defined by the IEC TC 57 • Specifically the IEC 60870-5 series, the IEC 60870-6 series, the IEC 61850 series, the IEC 61970 series, and the IEC 61968 series. • Undertake the development of standardsand/or technical reports onend-to-end security issues. • IEC 62351

  9. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  10. TC57 WG15 Members • 76 members • Participants from 22 countries • Argentina • Canada • China • Croatia • Czech Republic • Denmark • Finland • France • Germany • Great Britain • India

  11. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  12. Mapping of TC57 Communication Standards to IEC 62351 Security Standards

  13. IEC 62351 Parts & Status

  14. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  15. TC57 Security (IEC 62351) Roadmap

  16. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  17. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  18. IEC 62351-7 ~ StandardizedNetwork and System Management Network and system management (NSM) data object models Coherent status and monitoring data of the power infrastructure/gridDifferent grid areas, diff. comm. channels,network segments, different protocols, etc. Using Simple Network Management Protocol (SNMP)

  19. IEC 62351-7 Network and System Management

  20. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  21. IEC 62351-8 ~ StandardizedRole-Based Access Control Standardized Central User AccountManagement in the automation, industrial, embedded world Standardized RBAC (Role Based Access Control) User tokens : X.509 certificates User certificates specify user’s roles, roles grouped in AoRs Pull (e.g. LDAP) & Push (e.g. SmartCards) methods supported

  22. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  23. IEC 62351-9 ~ StandardizedKey Management Methods Device/user X.509 digital certificates PKI methods and protocols Full key life cycle : fromCreation until the end-of-life GDOI (distribution of symmetrical keys)

  24. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  25. Liaisons with Other Security Activities • Liaison with ISO JTC 1 / SC 27 IT Security: • WG15 has provided lists of Smart Grid security standards and related documents to SC27. • WG15 has received documents in the 270xx series on general cybersecurity and has commented on the proposed 27019 standard on power industry cybersecurity. • WG15 welcomes the publication of ISO/IEC TR 27019 as an important step for the establishment of a sector specific ISMS and cyber security standard for the energy domain. WG15 expects to take an active liaison role during any revision of the TR or its transformation into an IS. TC 57 / WG15, as the IEC committee responsible for cyber security of the energy domain will support such revisions by contributing its  domain expertise on organizational, operational, and regulatory cyber  security  requirements  for  energy utilities. • SC27 liaison met with WG15 at our meeting in Venice and expects to attend additional meetings • Liaison D with M/490 SGIS: • WG15 is exchanging information with SGIS • Liaison D with UCAIug: • Discussions with members of SG-Security in UCAIug on areas of mutual interest are underway. • Liaison A with IEC TC65C which is standardizing the work of theISA SP99 Security Standards. • Some WG15 members have reviewed and commented on IEC 62443 drafts • Liaison D with the IEEE PES PSCC Security Subcommittee • Working with IEEE Substations on Cybersecurity Standard IEEE 1686

  26. Coordination with Security Groups • Coordination mostly through common membership: • NIST’s Smart Grid Interoperability Panel (SGIP) Smart Grid Cybersecurity Committee (SGCC) (used to be called CSWG) • SGIS • NERC CIPs • Cigré D2.34 • MultiSpeak Security / Security for Web Services(e.g. WS-Security) • NESCOR • IEC TC13 • ITU-T

  27. Topics Industrial Cyber Security Essentials Mission and Scope of TC57 WG15 Members IEC 62351 Parts & Status IEC 62351 Roadmap About IEC 62351 Parts 7, 8 and 9 Liaisons and Coordination Standardization Issues

  28. Cyber Security Standardization Issues • Although we have cybersecurity experts, they are very busy • Cybersecurity is a very dynamic, rapidly changing field which is quite new for the power & automation industries • Need to coordinate with other industries and standards groups • Need rapid development of new standards and updates to existing standards • Need guidelines for end-to-end security, but only for very specific aspects • Need both standards and technical reports • Need input from power system domain experts on security requirements • Need conformance and/or interoperability testing forIEC 62351 • Abstract conformance test cases should be in each Part, with IEC 61850-10 providing specifics for 61850 • Interoperability testing?

  29. Questions? Comments?

  30. Thanks

More Related