1 / 15

Cyber Security Interoperability Task Force UCA Iug/OpenSG/SG Security Working Group

Cyber Security Interoperability Task Force UCA Iug/OpenSG/SG Security Working Group. What is Lemnos?. Lemnos is a DOE funded project to provide a security interoperability framework for use in the ENERGY SECTOR Lemnos Partners EnerNex Corporation (Prime Contractor)

quemby-huber
Download Presentation

Cyber Security Interoperability Task Force UCA Iug/OpenSG/SG Security Working Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Interoperability Task ForceUCA Iug/OpenSG/SG Security Working Group

  2. What is Lemnos? • Lemnos is a DOE funded project to provide a security interoperability • framework for use in the ENERGY SECTOR • Lemnos Partners • EnerNex Corporation (Prime Contractor) • Tennessee Valley Authority (Utility) • Sandia National Labs (FFRDC) • Schweitzer Engineering Laboratories (Vendor) • Builds upon OPSAID which is previous DOE project • Develops INTEROPERABE CONFIGURATION PROFILES for • widely accepted Internet protocols • Supports the interoperability of security devices from different vendors by using a common set of device configuration parameters 2

  3. NSTB National SCADA Test Bed enhancing control systems security in the energy sector Office of Electricity Delivery and Energy Reliability Lemnos Sponsors National Energy Technology Labs

  4. Lemnos Partners and Participating Vendors

  5. Lemnos Approach Define functional requirements based on asset owner needs STEP 1 Select open source specifications (IETF RFCs) to meet the identified functional requirements STEP 2 Develop interoperable configuration profiles for these specifications tailored for the energy sector control systems environment STEP 3 Test and validate the interoperable configuration profiles STEP 4 5

  6. Lemnos – Step 1 Define Functional Requirements Requirements identified based on asset owner needs Examples include: 6

  7. Lemnos – Step 2 Select Open Source Specifications For each functional requirement, the philosophy is to select the most commonly used, well-proven, open source solution. Examples include: 7

  8. Lemnos – Step 3 Develop Interoperable Configuration Profiles Define choice Within the RFCs are a myriad of choices Examples for IPsec include: 8

  9. Lemnos - Step 4 Test , Validate, and Demonstrate Demonstrate cyber security interoperability using the Interoperable Configuration Profiles Long term tests to validate stability Multi-vendor architecture Simulated utility architecture Validate that the added security does not impact the reliability of the hosted power system applications Public demonstration of Interoperability ISA Expo 2009 Distributech 2010 9

  10. An Interoperable Configuration Profile for IPSec - Draft Specification (Rev 3) • Use ESP (Encapsulating Security Payload) • Use TUNNEL mode • Use HMAC for authentication and integrity • Use IKE Version 1 (moving to IKE Version 2 in 2011 ? ) • Use DH-5 (Diffie-Hellman Group 5) • Configuration Parameters • ike_life: 10800s; (10,800 seconds life for key until exchange) • ipsec_life: 3600s; ( time till key re-negotiation) • keyingtries: 3; (renegotiate keys 3 times) • dpd_action: restart; (dead peer detection action) • dpd_delay: 60s; (dead peer detection time “hello” interval in seconds) • policy: PSK+ENCRYPT+TUNNEL+PFS+UP; • Use PFS (perfect forward secrecy ); for enhanced key exchange security

  11. Lemnos Benefits • End User Perspective • Enables End Users to choose BEST IN CLASS solutions for various facilities (versus a “one size fits all”) • For Example, an electric utility may needs to address: • Communications Hub/Control Center • Substation LAN • Generating Plant DCS • Outdoor and Pole-top • Reduction in setup/deployment time and effort • Lower Total Cost of Ownership • Reduction in configuration errors

  12. Lemnos Benefits • Vendor Perspective • Permits shortened development cycle by providing reference design • OPSAID reference design available to public • Robustness of open source versus proprietary solutions • Uses configurations proven in lab and field to secure control system communications in a way that doesn’t trade of reliability • Enhances the vendors ability to meet the customer’s needs • Provides a common understanding between customer and vendor

  13. Additional Work for 2010 - 2011 • Focus on: • Standardizing components of Syslog messages • Secure engineering access • SSH/SSL • Centralized authentication & authorization • LDAP 13

  14. Discussion

  15. Project Contacts • EnerNex Corporation • Brian Smith - bpsmith@enernex.com • Tennessee Valley Authority • John Stewart - jwstewart@tva.gov • Sandia National Laboratories • Ron Halbgewachs - rdhalbg@sandia.gov • Adrian Chavez - adrchav@sandia.gov • Dave Teumim - dave431@enter.net (Sandia Contractor) • Schweitzer Engineering Laboratories • Rhett Smith - Rhett_Smith@selinc.com 15

More Related