Beruflich Dokumente
Kultur Dokumente
Introduction
The DNP Technical Committee is providing a member to the International Electrotechnical Commission (IEC) Working Group on Data and Communications Security, at the Working Group's request. Technical Committee 57, Working Group 15 has agreed that it should address DNP security issues because DNP was originally derived from the IEC 60870-5 specifications. Also a factor in the group's decision was DNP's widespread use and the Working Group's desire to address security issues throughout as much of the utility industry as possible. A member of the technical committee will therefore serve as DNP Liaison to Working Group 15.
The first task to be accomplished in this effort will be the development of a Protection Profile document describing a plan for addressing DNP and IEC 60870-5 security needs. The Working Group plans to produce security standards within the next two years. A PowerPoint presentation describing the mandate, status, and methodology of IEC TC57 Working Group 15 in more detail has been posted to the User Group web site, Member Forum, PowerPoint Presentations. Thank you to Grant Gilchrist for his efforts in providing this.
TC57 WG15
Whats in a Name?
IEC: International Electrotechnical Commission Technical Committee 57: Power System Control and Associated Communications Working Group 15: Data and Communications Security
TC57 WG15
Everythings changing: Use of radios allows eavesdropping Use of others networks: X.25, CDPD, frame relay, etc. Integration into Corporate I.T. Control, monitoring over Internet Deregulation creates financial incentives for attacks
TC57 WG15
Mandate
Finalize the report of Ad-hoc Working Group 6 into an IEC Technical Report Generate New Work Items for TC57 working groups Limited to security of TC57 protocols and their derivatives Implement those security work items other TC57 groups choose not to.
TC57 WG15
Number IEC 60870-5 IEC 60870-6 IEC 61334 IEC 61850 IEC 61970, 61968
13,14
1Based
on 60870-5 and is in widespread use; therefore in scope 2In scope insofar as the APIs provide networking capability
TC57 WG15
Ad-Hoc WG 6 Report
Tutorial on Security:
Defines terms Lists threats Lists vulnerabilities in TC57 protocols Describes analysis process
TC57 WG15
Ad-Hoc WG 6 Recommendations
Create permanent WG15 with tasks: Use consequence-based analysis Provide multiple levels of security Focus on application layer Work together with other WGs Address key management Address the complete system Use ISO Standard 15408 process
TC57 WG15
Consequence-Based Analysis
TC57 WG15
Based on ISO 15408: Common Criteria Describe the Target of Evaluation Identify assumptions about the context Identify security threats Identify security goals to counter threats Make recommendations to meet the goals Document in a Protection Profile Create Security Target(s) to implement it.
TC57 WG15
Examples of Assumptions
The target is physically secure The link cannot be eavesdropped upon All operators are authorized users All users on an authorized device are authorized Security is always well-administered
TC57 WG15
Examples of Threats
Denial of Service Replay Traffic Analysis Impersonation Hijacking connections Disgruntled insiders Access to strong points via weak points
TC57 WG15
Examples of Goals
TC57 WG15
Examples of Requirements
Authentication Methods Digital Signatures Encryption
Algorithms Key Sizes
TC57 WG15
Contains:
May share one between several protocol suites May be more than one per protocol (i.e. levels) The WG may produce one, or many
TC57 WG15
An implementation of the Protection Profile The bits and bytes to implement the requirements Specific to one Target of Evaluation (protocol) Can be tested against the threats
TC57 WG15
Process Summary
Define Target of Evaluation
Assumptions Threats Goals Recommendations Protection Profile
Security Target
TC57 WG15
The Plan
Security Targets developed afterwards Liaisons to the other working groups, bodies
Do they accept the work, or do we do it?
TC57 WG15
Deliverables
The AHWG 6 Technical Report New Work Item Proposals Protection Profiles, Security Targets, Roadmap May document in either:
The protocols spec A WG15 standard
TC57 WG15
Membership
Tor Aalborg, Statnett SF (Norway) Lars Andersson ABB (Switzerland) Rudolf Bauman, EGL (Switzerland) Rolf Carlson, Sandia National Labs (USA) - U.S. TAG Lead Frances Cleveland, UCI (USA) - WG14 Herb Falk, SISCO (USA) - Convenor Frank Frenzel, ABB (Germany) Grant Gilchrist, GE Harris (Canada) - DNP Technical Committee Stan Klein, Stan Klein Associates (USA) Norm Nielson, SRI Consulting (Stanford) (USA) John Ryan, The Electricity Association (UK) - WG9 Thomas Schaub, Siemens (Switzerland) - WG3, WG9 Werner Schmitz,Siemens (Germany) Andy Turke, Siemens (USA) - WG7 Barry Shephard, Schneider Electric (UK) - WG10, WG11, WG12 Joe Weiss, EPRI (USA) - EPRI, Instrument Society of America
TC57 WG15
Be thorough Be clear and concise Consult all stakeholders Make it interoperable Make it safe and secure!