WON Security Guideline

Transcription

1 WON Security Guideline Data Exchange Work Group October 7, rth 400 West, Suite 200 Salt Lake City, Utah

2 WON Security Guideline 1 Table of Contents Purpose... 1 Background... 1 Security Responsibilities... 1 Approved Protocols and Applications... 1 WON Perimeter Security Policy... 2 Wireless Technology... 4 Authentication... 4 Virus Scanning or Application Whitelisting... 4 Operating System Support... 4 Information Exchange... 4 Banners... 4 Physical Security... 5 Glossary... 5

3 WON Security Guideline 1 Purpose The purpose of this document is to provide clear and consistent expectations for security procedures to all users on the WECC Operations Network (WON). Background The WON was established to facilitate the exchange of operational data between Reliability Coordinators (RC), Transmission Operators (TOP), Balancing Authorities (BA), and other member utilities to facilitate exchanging power system reliability data. This network is a collection of connected entities that communicate over the WON to exchange power system-related data. This data includes analog values (e.g., bus voltages, line flows, generator outputs) and status information (e.g., circuit breaker statuses, switch statuses). Access to the WON is granted only to members of WECC that have a reliability responsibility to the WECC interconnected electrical system that requires access to currently-approved, real-time power system data and have executed the WECC Operations Network Connection and Data Use Agreement (attachment 1). Others may be granted a special exemption to these criteria at the discretion of the WECC Data Exchange Work Group (DEWG). Security Responsibilities All locations operating a WON connection shall employ all applicable standards and due diligence to protect the WON telecommunications infrastructure from unauthorized use or access, at a minimum, the entities shall follow the guidelines below. This includes the use of all applicable NERC Standards, other applicable standards, and industry-accepted practices. Approved Protocols and Applications The following is a list of protocols and applications that have been approved by the WECC for use on the WON. Encryption of the allowed protocols is permitted, but not required. Any other protocol or application is not allowed.

4 WON Security Guideline 2 Table 1: WON Protocols and Applications Protocols/Application Inter Control Center Protocol (ICCP) (TASE2) WECCNet Messaging Antivirus Signature Updates Southwest Reserve Sharing Rocky Mountain Reserve Sharing Voice over Internet Protocol (VOIP) Reliability Coordination Offices Distributed Network Protocol 3 (DNP3) Network Time Protocol (NTP) Phasor Measurement System Virus Scanning Required Yes Yes Yes A member utility desiring to use an application or protocol not on this list must submit a proposal for its inclusion in this list to the WECC DEWG. The DEWG will review the proposal and submit a recommendation to the Critical Infrastructure Information Management Subcommittee (CIIMS) either for or against the proposal. The CIIMS will make the final determination as to whether the proposal will be accepted or not. WON Perimeter Security Policy The WON network shall be firewalled from Management, Administrative, and other networks and use proper Access Control Lists (ACL) for ports and services. Utilities shall have a policy for intrusion detection consistent with industry standards. o Firewalls Firewalls or some device performing access control shall exist on all connections between the WON and a member s Supervisory Control and Data Acquisition/Energy Management System (SCADA/EMS) or internal networks require a firewall and related access controls. Firewalls shall be configured to restrict inbound and outbound communication to specific WECC assigned Internet Protocol (IP) addresses and to be limited to the protocols identified in Table 1. o Routers

5 WON Security Guideline 3 Utilities shall only use their assigned WON IP addresses. o Placement The following diagram illustrates the minimum firewall requirements. The drawing shows all servers located behind the firewall, the WECCNet messaging client and other standalone systems may be located outside the firewall. WECCNet WECCNet o Messaging PC The WECCnet Messaging PC may reside on the WON directly or behind a Firewall with the SCADA/EMS system. The WECCnet Messaging PC shall not have another connection to it allowing it to become a bridge to another local area network (LAN), i.e. allowing the corporate LAN to have a connection to the Messaging PC. Reasonable precautions shall be taken to protect the PC from unauthorized access.

6 WON Security Guideline 4 Wireless Technology Wireless LAN (e.g., x) equipment is prohibited on the WON. Members shall not connect any wireless LAN devices to the WON. Authentication Password guidelines for WON-connected devices and approved applications: Length Eight-character minimum Numeric At least one Upper Case At least one Dictionary Words Prohibited Expiration Annually Virus Scanning or Application Whitelisting Password Protection Hashed within the Config The use of virus scanning software is required as shown in Table 1. The WECCnet messaging PC requires the use of virus scanner/anti-malware software or application whitelisting. For entities that do not provide their own antivirus software, WECC provides access to a DEWG-approved solution. Operating System Support Computers connected directly to the WON must be maintained with supported operating system security patches. Any members using an unsupported operating system version must upgrade to a supported version. Information Exchange Any administrative information about the WON, such as IP addresses, network diagram, or Association Information Exchange Form, shall be password protected or encrypted before transmission via any electronic means. Banners All devices connected to the WON shall have the following WECC-approved login banner or equivalent installed.

7 WON Security Guideline 5 WECC-approved login banner: This system is for authorized users only. Anyone using this system expressly consents to being monitored and is advised that if such monitoring reveals possible criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials. Physical Security WECC requires that computers and networking equipment associated with the WON connections be physically secured from unauthorized access. Operation of these computers or networking equipment shall require valid user name and password access. WECC may periodically contract for security testing of the WON. Glossary WON Computer/Device Any devices connected via TCP/IP networking to the WECC Operations Network EHV Data Pool A data repository of generation, flow, voltage, and frequency information on the whole Western Interconnected System provided for and by member companies via the ICCP data exchange protocol. DEWG The Data Exchange Work Group (DEWG) is responsible for supporting the data needs of the Reliability Coordinator function and other entities identified by the WECC OC and for developing and overseeing methodologies to facilitate the exchange of real-time, modeling, and other operational data to help ensure reliable electric power system operations. The Data Exchange Work Group is a member group established by the Operating Committee (OC) and the critical Infrastructure and Information Management Subcommittee (CIIMS). WECCNet Messaging System A data messaging system used by WECC participating entities (e.g. Utilities, Reliability Coordinator), dispatchers and network administrators. The system is used to convey information related to WECC electrical system elements including, but not limited to; informational notices, outages, and emergency and abnormal conditions, as well as restorations. Whitelisting Application whitelisting is a methodology used to prevent unauthorized programs from running. The purpose is to protect systems from harmful applications. The whitelist is a simple list of applications that have been granted permission to run. When an application tries to run, it is checked against the list and, if found, allowed to run. Blacklisting, the opposite approach to whitelisting, is the method used by most antivirus programs.

8 WON Security Guideline 6 Approved By: Approving Committee, Entity or Person Date Operating Committee December 3, 2015 Critical Infrastructure and Information Management Subcommittee October 8, 2013 Data Exchange Work Group October 7, 2015 Operating Committee (OC) March 25, 2014 Data Exchange Work Group (DEWG) February 11, 2014

9 WECC Operations Network Connection and Data Use Agreement Revised: October 13, 2015 Background The WON was established to facilitate the exchange of operational data between Reliability Coordinators (RC), Transmission Operators (TOP), Balancing Authorities (BA), and other member utilities to facilitate exchanging power system reliability data. This network is a collection of connected entities that communicate over the WON to exchange power system-related data. This data includes analog values (e.g., bus voltages, line flows, generator outputs) and status information (e.g., circuit breaker statuses, switch statuses). Access to the WON is granted only to members of WECC that have a reliability responsibility to the WECC interconnected electrical system that requires access to currently-approved, real-time power system data. Others may be granted a special exemption to these criteria at the discretion of the WECC Data Exchange Work Group (DEWG). Requirements for WON Connection A. The organization is a member of WECC. B. The organization has a reliability responsibility to the WECC interconnected electrical system that requires access to currently approved, real-time power system data. C. The organization agrees to treat WON data consistent with (1) the terms of the WECC Universal Synchrophasor and Operating Reliability Data Sharing Agreement (UDSA), dated March 6, 2012, which was assigned by WECC to Peak Reliability and which has expired, and (2) Peak Reliability's Bridge Data Sharing Policy (Policy), dated March 19, 2015, as it revises such UDSA, until such time that Peak Reliability develops and parties execute a new Universal Data Sharing Agreement to replace the foregoing UDSA and Policy, at which point the organization agrees to treat WON data in accordance with the terms of the new Peak Reliability Universal Data Sharing Agreement. D. The organization agrees to exchange only approved, reliability-related information on the WON. E. The organization agrees to follow the requirements of the Guideline for WECC Operations Network de: Responsibilities and Procedures. F. The organization agrees to follow the requirements of the WON Security Guideline. The DEWG shall review those requests for an exemption to the Requirements for WON Connection listed below and shall vote to approve or deny those requests at noticed meetings of the DEWG. All exemptions approved by the DEWG shall be listed in Appendix A. WESTERN ELECTRICITY COORDINATING COUNCIL 155 rth 400 West, Suite 200 Salt Lake City, Utah

10