Scribd Logo
Upload

Welcome to Scribd!

  • 2007 0510 SCE AMI Security Roadmap v1 0

    Uploaded by

    George Milliken
    83 views11 pages
    AMI HAN Smart Grid InfoSec Road Map

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AMI HAN Smart Grid InfoSec Road Map

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    83 views11 pages

    2007 0510 SCE AMI Security Roadmap v1 0

    Uploaded by

    George Milliken
    AMI HAN Smart Grid InfoSec Road Map

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    AMI Security Roadmap

    April 13, 2007


    Security History and Status

    Pre-RFP
    Initial security analysis focused on threat assessments, information classification, NERC CIP
    analysis, and functional expectations
    Conceptual security architecture based on business and regulatory requirements. This
    architecture showed the system capabilities and end to end cryptographic information flow
    Functionality represented within the conceptual architecture focused on:
    Preventing unauthorized access/control of the AMI network
    Secure meter registration and revocation
    AMI device authentication
    Customer data integrity/confidentiality
    Advanced intrusion detection
    Conceptual security architecture validated with technology and method specific design
    example (AMI Reference Architecture). Design used AMI Lightweight Cryptographic Services
    (ALCS) based on robust secret sharing techniques. Reference architecture used for internal
    validation only…
    Confirmed vendor responsibility
    Continuing concerns over vendors technical capability maturity
    RFP
    Requirements abstracted to highest functional representation to allow for vendor design
    flexibility
    Conceptual architecture and information shown as an example
    Capability maturity risk mitigation: Recommend partnering with a third party security vender
    Current
    © Copyright 2007, SouthernRFP
    Vendors California
    security response confirmed capability concerns (varied bywww.sce.com/ami
    vendor)
    Edison
    Strategies and Principles

    AMI security artifacts are specified and designed as a response to


    business requirements, regulatory requirements and environmental
    threats
    Uses Unified Information Assurance Framework (i.e., System engineering based
    methodologies)
    Functional requirements are appropriate given risk analysis
    AMI security services are part of unified business enterprise (i.e.,
    TDBU, CSBU, IT)
    Use industry engagement (when appropriate) to further industry
    capabilities
    motivate vendors through standards
    design vetting
    establish best practices
    Use Evolutionary/Spiral development to roll capabilities out over a
    several releases (realistic expectations)
    Security capabilities enable functionality and ultimately add business
    value
    © Copyright 2007, Southern California www.sce.com/ami
    Edison
    Goals of AMI Security Design & Implementation

    Security is viewed as an enabling


    function to increase capabilities
    over time
    Security Design is focused on
    mitigating the impact of the
    realization of AMI security
    requirements on the performance of
    theAMIentire
    Security Design in the context of the overall System AMI solution

    Security is design in the context of


    the overall AMI System of Systems
    Context
    Threats and vulnerabilities are
    evaluated in the context of the risk
    to the business processes AMI
    enables

    © Copyright 2007, Southern California www.sce.com/ami


    Edison
    Security Technology Capability Maturity (Updated)

    © Copyright 2007, Southern California www.sce.com/ami


    Edison
    Field Test: Capabilities and Architecture

    Initial Configuration
    of Cryptographic
    Services
    Field Test
    Configuration
    primarily used for
    Performance
    related testing
    (Crypto Latency:
    Computational and
    Network)
    Vendors support
    Field Test
    Capabilities (Pre-
    placed keys)

    © Copyright 2007, Southern California www.sce.com/ami


    Edison
    Release One: Capabilities and Architecture

    Initial Key
    Management
    Services
    Integration with
    Infrastructure
    Services (e.g.,
    IDM, Access
    Controls)
    Complete
    Network
    Configuration (e.
    g., firewall and
    IPS services)

    © Copyright 2007, Southern California www.sce.com/ami


    Edison
    Release Two: Capabilities and Architecture

    Add HAN Device


    Authentication &
    Confidentiality
    Key Management
    and Cryptographic
    Updates (RFP
    Compliances)

    © Copyright 2007, Southern California www.sce.com/ami


    Edison
    Release Three: Capabilities and Architecture

    Complete set of
    Security Services
    Cryptographic
    Update: Complete
    Registration,
    Authentication,
    Distribution
    Integrated with IT
    PKI
    HAN Security
    Update

    © Copyright 2007, Southern California www.sce.com/ami


    Edison
    Unified Enterprise Context

    Cryptographic
    scheme unified
    across enterprise
    Complete
    enterprise
    (AMI+DA+CSN)
    view through audit
    services
    All field elements
    are registered and
    authenticated
    Centralized
    security
    operations for field
    assets
    Leverages
    existing IT
    services (e.g.,
    IDM)
    Common/shared
    management
    services

    © Copyright 2007, Southern California www.sce.com/ami


    Edison
    Next Steps

    Internal engagement within SCE


    Security workshops (TDBU, CSBU, IT)
    Business policy alignment
    External engagement with Vendors
    Clarify vendor direction
    Clarify adherence to industry and SCE policies
    Ensure vendor integration within SCE enterprise
    External engagement with Industry
    Push and monitor security standards (e.g., Title-24, openHAN, utilityAMI,
    UtiliPoint, etc.)
    Use open Innovation approach to lead the way in AMI Security

    © Copyright 2007, Southern California www.sce.com/ami


    Edison

    You might also like