1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Series X TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 26 (03/2016) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.1111 Supplement on security functional architecture for smart grid se
2、rvices using telecommunication networks ITU-T X-series Recommendations Supplement 26 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING S
3、YSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Se
4、curity management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID securi
5、ty X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 PKI related Recommendations X
6、.1340X.1349 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579
7、Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing securit
8、y X.1680X.1699 For further details, please refer to the list of ITU-T Recommendations. X series Supplement 26 (03/2016) i Supplement 26 to ITU-T X-series Recommendations ITU-T X.1111 Supplement on security functional architecture for smart grid services using telecommunication networks Summary Suppl
9、ement 26 to the ITU-T X-series of Recommendations describes a security functional architecture for smart grid (SG) services using telecommunication networks. It identifies security risks and security requirements. Supplement 26 to Recommendation ITU-T X.1111 further defines a security functional arc
10、hitecture for smart grid services using telecommunication networks based on a general functional model. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X Suppl. 26 2016-03-23 17 11.1002/1000/12855 Keywords Security functional architecture, smart grid. * To access the Recomme
11、ndation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii X series Supplement 26 (03/2016) FOREWORD The International Telecommunication Union (ITU) is the United Nations
12、 specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on
13、them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of IT
14、U-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Administration“ is used
15、for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the publica
16、tion is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the publication is required of any party. INT
17、ELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whet
18、her asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this publication. However, implementers are cautioned t
19、hat this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2016 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. X
20、series Supplement 26 (03/2016) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Supplement 1 4 Abbreviations and acronyms 2 5 Conventions 3 6 Reference architecture and smart grid services 3 6.1 Smart meter infrastructure
21、 4 6.2 Demand response and consumer energy efficiency . 4 6.3 Electric vehicle . 4 6.4 Wide area situational awareness . 4 6.5 Distributed energy resources and energy storage systems . 4 6.6 Distribution grid management 4 7 Security risks categorization of smart grid services . 6 7.1 Device . 6 7.2
22、System 6 7.3 Protocol . 6 7.4 Service 6 7.5 Data . 7 8 Security requirements of smart grid services 11 9 Security functional architecture of smart grid services 15 9.1 Smart metering infrastructure, DR and DER . 15 9.2 Electric vehicle . 17 9.3 Wide area situational awareness . 18 9.4 Distribution g
23、rid management 19 Appendix I Reference architecture of smart grid 21 Appendix II Relationship between reference architecture of smart grids and smart grid services in this Supplement 25 Bibliography. 26 X series Supplement 26 (03/2016) 1 Supplement 26 to ITU-T X-series Recommendations ITU-T X.1111 S
24、upplement on security functional architecture for smart grid services using telecommunication networks 1 Scope This Supplement defines a security functional architecture for smart grid (SG) services using telecommunication networks. The following issues are specified in this Supplement: security ris
25、ks of smart grid services using telecommunication networks; security requirements for smart grid services using telecommunication networks; security functional architecture for smart grid services using telecommunication networks based on a smart grid functional model. 2 References None. 3 Definitio
26、ns 3.1 Terms defined elsewhere This Supplement uses the following terms defined elsewhere: 3.1.1 access control b-ITU-T X.1252: A procedure used to determine if an entity should be granted access to resources, facilities, services, or information based on pre-established rules and specific rights or
27、 authority associated with the requesting party. 3.1.2 data integrity b-ITU-T X.800: The property that data has not been altered or destroyed in an unauthorized manner. 3.1.3 privacy b-ITU-T X.1252: The right of individuals to control or influence what personal information related to them may be col
28、lected and managed, retained, accessed, and used or distributed. 3.1.4 advanced metering infrastructure (AMI) b-ITU-T G.9902: The primary means for utilities to interact with meters on customer sites. In addition to basic meter reading, AMI provides two-way communication which allows energy usage da
29、ta to be collected and analysed and it enables the interaction with advanced devices such as electricity meters, gas meters, heat meters, and water meters, through various communications media. 3.1.5 home area network (HAN) b-ITU-T G.9959: A network capable of connecting devices in home premises. 3.
30、2 Terms defined in this Supplement This Supplement defines the following terms: 3.2.1 demand response (DR): A smart grid feature that allows consumers to reduce or change their electrical use patterns during peak demand, usually in exchange for a financial incentive. Demand response provides mechani
31、sms and incentives for utility, business, industrial and residential customers to cut energy use during times of peak demand or when power reliability is at risk. Demand response is necessary to optimize the balance of power supply and demand. 3.2.2 distributed energy resources (DER): Energy generat
32、ion and energy storage facilities located at the customer premises or at power transmission and distribution systems. 2 X series Supplement 26 (03/2016) 3.2.3 electric vehicle supply equipment (EVSE): Equipment that charges a vehicular electric battery by direct current or an alternating current pow
33、er source. 3.2.4 energy management system (EMS): A computer system comprising a software platform providing basic support services and a set of applications providing the functionality needed for the effective operation of electrical generation and transmission facilities so as to ensure adequate se
34、curity of the energy supply at a minimum cost. 3.2.5 intelligent electronic device (IED): A term used in the electric power industry to describe microprocessor-based controllers of power system equipment, such as circuit breakers, transformers and capacitor banks. 3.2.6 regional transmission organiz
35、ation (RTO): An independent organization (profit or non-profit) established for the purpose of operating the transmission assets and providing wholesale transmission services within a defined (usually multi-state) geographic region. Typically, an RTO does not itself own the transmission facilities,
36、but instead operates them on behalf of the transmission-owning utilities. 3.2.7 remote terminal unit (RTU): A microprocessor-controlled electronic device that interfaces objects in the physical world to a distributed control system or a supervisory control and data acquisition (SCADA) system by tran
37、smitting the telemetry data to the system or altering the state of connected objects based on control messages received from the system. 3.2.8 smart grid (SG): A two-way electric power delivery network connected to an information and control network through sensors and control devices. The smart gri
38、d supports the intelligent and efficient optimization of the power network. 3.2.9 smart meter: A device in the premises to monitor and control the electrical power usage of home devices based on demand response (see clause 3.2.1) information from home devices. 3.2.10 supervisory control and data acq
39、uisition (SCADA): A computer system that monitors an industrial, infrastructure or facility-based control process. 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: AMI Advanced Metering Infrastructure CE Central Equipment CEMS Customer Energy Management Sys
40、tem CIS Customer Information System CPU Central Processing Unit DAS Distributive on Automation System DCU Data Collection Unit DDoS Distributed Denial-of-Service DER Distributed Energy Resources DoS Denial-of-Service DR Demand Response DRAS Demand Response Automation System DRMS Demand Response Mana
41、gement System EMS Energy Management System X series Supplement 26 (03/2016) 3 ESI Energy Service Interface ESS Energy Storage System EV Electric Vehicle EVSE Electric Vehicle Supply Equipment GIS Geographic Information System GW Gateway HAN Home Area Network HSM Hardware Security Module HVAC Heating
42、, Ventilating and Air Conditioning ICT Information and Communication Technology ID Identity IED Intelligent Electronic Device IP Internet Protocol ISO Independent System Operator MDMS Metering Data Management System OEM Original Equipment Manufacturer OMS Outage Management System PDC Phasor Data Con
43、centrator PMU Project Management Unit RTO Regional Transmission Organization RTU Remote Terminal Unit SCADA Supervisory Control and Data Acquisition SG Smart Grid SR Security Requirement WAMS Wide Area Measurement System WASA Wide Area Situational Awareness WMS Work Management System 5 Conventions I
44、n this Supplement, R indicates a risk. The digit on the right side of R is an indication of the security risk (e.g., R1). Thus, a security level (i.e., 1, 2, 3) refers to the classification in this Supplement. One of the notation examples in this Supplement is as follows: R1-2 indicates the security
45、 risk categorization of data disclosure for the moderate security level case. In this Supplement, SR indicates a security requirement. 6 Reference architecture and smart grid services This clause introduces the reference architecture of smart grids of clause 6.2 of b-ITU-T Smart-O-33 and explains ho
46、w smart grid services are treated in this Supplement. The relationship between the reference architecture of smart grids and smart grid services is also discussed in this clause. 4 X series Supplement 26 (03/2016) The reference architecture of smart grids is defined in b-ITU-T Smart-O-33 and explain
47、ed in Appendix I. The reference architecture of smart grids in b-ITU-T Smart-O-33 is related to a domain perspective, whereas this Supplement focuses on a service perspective. The smart grid provides various services based on information and communication technology (ICT). These smart grid services
48、cover common users of demand response (DR) and electric vehicles (EVs) as well as services for controlling the power grid, such as distribution grid management and wide-area power system monitoring. Such coverage is well beyond the services of the traditional power grid. The major service domains of
49、 the smart grid are specified in b-NIST IR 7628 as described in clauses 6.1 to 6.6. 6.1 Smart meter infrastructure Smart metering infrastructure is an advanced metering infrastructure (AMI) with bidirectional communications between provider and customer, which enables DR service and distributed energy resources service. It is called advanced metering infrastructure in b-NIST IR 7628. 6.2 Demand response and consumer energy efficiency Demand response (DR) is an active way of ass
