1、Addressing Security Issues for the Smart Grid Infrastructure,Neil Greenfield, CISSP, CISA IT Security Engineering,AMI-SEC Task Force Meeting June 25, 2008 New Orleans, Louisiana,Definition - U.S. Critical Infrastructures,“.systems and assets, whether physical or virtual, so vital to the United State
2、s that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.” - USA Patriot Act (P.L. 107-56),Defense in Depth Focus Areas,Defend the network and infra
3、structure Backbone network availability Wireless network security System interconnections Defend the enclave boundary Network access protection Remote access Multilevel security Defend the computing environment End-user environment Application security Supporting infrastructures Key Management Infra
4、structure Detect and respond,Security Pieces & Parts,Identity & access management,Information risk management,Network,People,Process,Technology,Information security organization,Policy and compliance framework,Endpoints,Training awareness & personnel,Information asset management,Database,Business co
5、ntinuity and DR,Application infrastructure,Physical and environment sec,Systems,Incident & threat management,Messaging and content,Systems dev. & ops management,Data,Security Truisms,Protection Configuring our systems and networks as correctly as possible,Reaction Identify problems quickly, respond
6、to any problem and return to a safe state as rapidly as possible,Detection Identify when the configuration has changed or that some network traffic indicates a problem,Security Challenges,Reconfigurability and wireless nature may enable: Jamming (DoS) Device spoofing, configuration of a malicious de
7、vice (DoS, Tampering) Violation of regulatory constraints (DoS) Invalid configuration (DoS) Eavesdropping, insecure software download (Disclosure, Tampering) Exhaustion of system resources (DoS) Improper software functionality (Tampering),Security Threats,Blunders, errors, and omissions Fraud and th
8、eft, criminal activity Disgruntled employees, insiders Curiosity and ignorance, recreational and malicious hackers Industrial espionage Malicious code Foreign espionage and information warfare,Security Mechanism Examples,Jamming agile spectrum allocation Eavesdropping communication channel encryptio
9、n Internet attacks firewalls on connection to public network, strong user authentication Device spoofing, malfunctioning device, violation of regulatory constraints secure configuration, remote attestation,Security Requirements,Prevent loading, installation, instantiation of unauthorized software Ve
10、rify downloaded software from trusted vendor Ensure confidentiality and integrity of over-the-air software download and stored data Ensure the terminal operates within allowed frequency bands and power levels specified by regulators and power operators Provide trusted configuration information to su
11、bstations on request,DOH Vision Statement,The Energy Sector envisions a robust, resilient energy infrastructure in which continuity of business and services is maintained through secure and reliable information sharing, effective risk management programs, coordinated response capabilities, and trust
12、ed relationships between public and private security partners at all levels of industry and government.,- National Infrastructure Protection Plan Energy Sector, 2007,Security Standards Guidelines,ANSI/ISA99.00.012007 Security for Industrial Automation and Control Systems IEC TS 62351 Power Systems M
13、anagement and Associated Information Exchange Data and Communications Security ISO/IEC 13335 Information technology Security techniques Management of information and communications technology security ISO/IEC 21827 Information Technology Systems Security Engineering Capability Maturity Model (SSE-CM
14、M) ITU-T Recommendation X.805 Security Architecture for Systems Providing End-to-End Communications NIST Special Publication 800-27 Engineering Principles for Information Technology Security (A Baseline for Achieving Security) NIST Special Publication 800-53 Recommended Security Controls for Federal
15、 Information Systems Many others.,Security Tools More Than Just a Firewall,Authentication and Authorization Technologies Role-Based Authorization Tools Password Authentication Challenge/Response Authentication Physical/Token Authentication Smart Card Authentication Biometric Authentication Location-
16、Based Authentication Password Distribution and Management Technologies Device-to-Device Authentication,Filtering/Blocking/Access Control Technologies Network Firewalls Host-based Firewalls Virtual Networks,Encryption Technologies and Data Validation Symmetric (Secret) Key Encryption Public Key Encry
17、ption and Key Distribution Virtual Private Networks (VPNs),Management, Audit, Measurement, Monitoring, and Detection Tools Log Auditing Utilities Virus and Malicious Code Detection Systems Intrusion Detection Systems Vulnerability Scanners Forensics and Analysis Tools (FAT) Host Configuration Manage
18、ment Tools Automated Software Management Tools,Industrial Automation and Control Systems Computer Software Server and Workstation Operating Systems Real-time and Embedded Operating Systems Web Technologies,Physical Security Controls Physical Protection Personnel Security,ISO/IEC 21827 SSE-CMM,Intern
19、ational Standard for Systems Security Engineering Capability Maturity Model (SSE-CMM),SSE-CMM & Risk Process,SSE-CMM & Engineering Process,Specify Security Needs,Provide Security Input,Monitor Security Posture,Administer Security Controls,Configuration Information,Solutions, Guidance, etc.,Policy, R
20、equirements, Etc.,SSE-CMM & Assurance Process,SSE-CMM Levels,Level 1,Level 2,Level 3,Level 4,Level 5,Base practices are performed,Planning performance Tracking performance Disciplined performance Verifying performance,Defining a standard process Performing the defined process Coordinate security pra
21、ctices,Establishing measureable quality goals Objectively managing performance,Improving organization capability Improving process effectiveness,Security Program,Security program,People,Technology,Process,Policy definition,Enforcement,Monitoring and response,Measurement,ITU-T Recommendation X.805,Se
22、curity architecture for end-to-end network security,Security architecture for end-to-end communications,ITU-T Recommendation X.805 addresses three essential questions:,What are the distinct types of network equipment and facility groupings that need to be protected?,What are the distinct types of ne
23、twork activities that need to be protected?,What kind of protection is needed and against what threats?,Cyber Security Requirements High Level,Functional Requirements Auditing Cryptographic Support User Data Protection Event Monitoring Identification & Authentication Functional Management Security E
24、vent Monitoring Physical Protection System Configuration Resource Utilization Trusted Path/Channels,Assurance Requirements Configuration Management Delivery & Operation Guidance Documents Life Cycle Support Security Awareness Operation & Maintenance System Architecture Testing Vulnerability Assessme
25、nt Assurance Maintenance,Security Multi-Tiered Architecture,Reference source: Enterprise Security Architecture: A Business-Driven Approach, John Sherwood, Andrew Clark, David Lynas, 2005,Prevention Services,Prevention Services,Detection & Notification Services,Recovery & Restoration Services,Contain
26、ment Services,Detection & Notification Services,Detection & Notification Services,Recovery & Restoration Services,Evidence Collection & Event Tracking Services,Event Collection & Tracking Services,Evidence Collection & Event Tracking Services,Assurance Services,Security, Quality and the SDLC,Securit
27、y is an aspect of quality which should be addressed throughout the System Development Life Cycle (SDLC),System Development Life Cycle,Proposal,Plan,Construct,Test,Deliver,Close,Incorporating Security Into the SDLC,Begin with requirements Secure design Secure coding Security testing Secure deployment
28、 Security maintenance,Plan,Lessons Learned Review,ProductDefinition,ProjectOrganization,Elicitation,Analysis,Specification,Lessons Learned Review,ProductDefinition,ProjectOrganization,Elicitation,Analysis,Specification,Validation,Lessons Learned Review,ProductDefinition,ProjectOrg.,Design,Requiremen
29、ts Specification,PhaseReview,Secure System/Software Requirements,Begin with requirements What assets of value are accessible from the software? What are the threats to those assets? What protections must be provided for those assets?,Secure System/Software Design Elements,Authentication Authorizatio
30、n Auditing, logging, accountability Confidentiality and privacy Integrity Non-repudiation Availability,Secure Design Methodologies,Design review and risk analysis Threat modeling Use cases Misuse or abuse cases,Source: Ian Alexander, Independent Consultant, http:/www.scenarioplus.org.uk,Secure devel
31、opment,Language-specific secure coding checklists Develop company coding standards, and include security standards Create libraries of security functions that are used by all project teams Code reviews and walkthroughs Development tools Debuggers Source code analysis tools,Security testing,Fault inj
32、ection Fuzzers Proxy-based tools Automated penetration testing Security assessments and penetration tests,Test,Phase Review,UserAcceptance Testing (UAT),Pre-UATTesting,Integration Test,System Test,Perform. Test,Deployment Issues,Offer a secure mode of installation Disable all default accounts at the
33、 end of installation Force the user to set an administrative password Offer configurable auditing and logging levels,Deliver,Phase Review,Implemen- tation,Training,Warranty,Maintenance Issues,Enforce all secure system and software development processes for maintenance releases of code Make sure that
34、 engineers / developers / administrators fully understand the design and architecture of the entire product If the product is not fully understood, there is the probability that security vulnerabilities may be introduced,Monitor, Track and Control,Recommendations,Make security part of your SDLC Ensu
35、re someone (preferably more than one person) is responsible for security in each SDLC phase Create a virtual security team comprised of those individuals,Why Standardization? Security Visibility Among Business/Mission Partners,The Desired Security End State,AEPs gridSMARTSM initiative and the develo
36、pment and implementation of the modern electrical grid of the future is one of the key drivers behind employment and integration of Cyber Security controls and protection safeguards for networked communications, computerized intelligent electronic equipment and the data/information vital to the mana
37、gement of the gridSMARTSM environment.,gridSMARTSM Cyber Security Charter,gridSMARTSM Cyber Security Framework,Based upon standards and best practices: IntelliGrid / EPRI UCA International Usersgroup AMI Working Groups UtilityAMI, OpenAMI, AMI-SEC HAN Working Groups OpenHAN, UtilityHAN Department of Energy National Energy Technology Laboratory Department of Homeland Security NIST Computer Security Division ISO/IEC ITU Others,gridSMARTSM Cyber Security Features,Questions?,
