Professional Documents
Culture Documents
Pre-RFP
Initial security analysis focused on threat assessments, information classification, NERC CIP
analysis, and functional expectations
Conceptual security architecture based on business and regulatory requirements. This
architecture showed the system capabilities and end to end cryptographic information flow
Functionality represented within the conceptual architecture focused on:
Preventing unauthorized access/control of the AMI network
Secure meter registration and revocation
AMI device authentication
Customer data integrity/confidentiality
Advanced intrusion detection
Conceptual security architecture validated with technology and method specific design
example (AMI Reference Architecture). Design used AMI Lightweight Cryptographic Services
(ALCS) based on robust secret sharing techniques. Reference architecture used for internal
validation only…
Confirmed vendor responsibility
Continuing concerns over vendors technical capability maturity
RFP
Requirements abstracted to highest functional representation to allow for vendor design
flexibility
Conceptual architecture and information shown as an example
Capability maturity risk mitigation: Recommend partnering with a third party security vender
Current
© Copyright 2007, SouthernRFP
Vendors California
security response confirmed capability concerns (varied bywww.sce.com/ami
vendor)
Edison
Strategies and Principles
Initial Configuration
of Cryptographic
Services
Field Test
Configuration
primarily used for
Performance
related testing
(Crypto Latency:
Computational and
Network)
Vendors support
Field Test
Capabilities (Pre-
placed keys)
Initial Key
Management
Services
Integration with
Infrastructure
Services (e.g.,
IDM, Access
Controls)
Complete
Network
Configuration (e.
g., firewall and
IPS services)
Complete set of
Security Services
Cryptographic
Update: Complete
Registration,
Authentication,
Distribution
Integrated with IT
PKI
HAN Security
Update
Cryptographic
scheme unified
across enterprise
Complete
enterprise
(AMI+DA+CSN)
view through audit
services
All field elements
are registered and
authenticated
Centralized
security
operations for field
assets
Leverages
existing IT
services (e.g.,
IDM)
Common/shared
management
services