Secure by design: An approach for a virtual power plant

Transcription

1 Secure by design: An approach for a virtual power plant M.Sc. Stefan Siegl, Assoc. Prof. Nils Ulltveit-Moe

2 SEMIAH - Scalable Energy Management Infrastructure for Aggregation of Households Starting date: March 1, 2014 Duration: 36 months Funding: 3,763, European Union s Seventh Framework Programme Goal: Shift energy consumption from peak to off-peak hours and adapt consumption to high generation of electricity from renewable energy sources The concept will enable aggregation of all households connected to the system Security and privacy functions will be integrated in all elements

3 Agenda Requirements (Security) By default for the company Expectation of the customer Threat Modeling Abuse Cases Environment Certificates Laws, standards, guidelines Design Security Design Principle Secure Design Patterns Implementation, Verification, Deployment/Maintenance

4 An example of a system model of a virtual power plant OTC Kein Markt OTC OTC Kein Kein Markt Markt OTC Kein Markt

5 An example of a system model of a virtual power plant OTC OTC Kein Kein Markt Markt OTC Kein Markt

6 An example of a system model of a virtual power plant OTC OTC Kein Kein Markt Markt

7 An example of a system model of a virtual power plant

8 Security Requirements: NISTIR 7628 Guidelines for Smart Grid Cyber Security

9 Security Requirements: NISTIR 7628 Guidelines for Smart Grid Cyber Security OTC Kein Markt

10 Mapping system model of vpp to logical reference model (NIST) 6: Interface between control systems in different organizations 9: Interface with B2B connections between systems usually involving financial or market transaction 10: Interface between control system and non-control coporate systems 19: Interface between operations decision support systems

11 Mapping system model of vpp to logical reference model (NIST) SC-05, SC-06, SC-07, SC-08, SC-09, SI-07, IA-05, IA-06. AC-13 AC-14, IA-04, SC-05, SC-06, SC-07, SC-08, SI-07 AC-14, IA-04, SC- 05, SC-06, SC-07, SC-08, SC-09,SI-07 AC-14, IA-04, SC-05, SC-06, SC-07, SC-08, SC-26, SI-07

12 Security Requirements: NISTIR 7628 Guidelines for Smart Grid Cyber Security Interface Category 9

13 Mapping security requirements to secure design patterns Security Requirement Authentication (IA-04) Access Control (SC-26,SC-09) DoS-Protection (SC-05) Secure-Channel (SC-09,SC-26) Monitoring (SI-07) Secure Design Pattern Patterns for Authentication Patterns for Access Control Patterns for Networks (IDS and Firewall), elastic service Patterns for Network, Web Services and/or Middleware Security Security Logger and Auditor

14 Secure Design Patterns applied to the vpp Patterns for Authentication & Secure Channel VPN e.g.: - TLS + Client Certificate - TLS + Credentials - IPSec VPN - WS-Trust/Policy - XML Encryption/Signature -

15 Secure Design Patterns applied to the vpp Patterns for Access Control RBAC Alternative: - Attribute-Based - Identity-Based

16 Secure Design Patterns applied to the vpp Patterns for Access Control RBAC Alternative: - Attribute-Based - Identity-Based Who defines access control? - Discretionary Access Control - Mandatory Access Control

17 Secure Design Patterns applied to the vpp Patterns for Access Control RBAC Alternative: - Attribute-Based - Identity-Based Who defines access control? - Discretionary Access Control - Mandatory Access Control How should the rights be defined? - Access Matrix - Access Control Lists - Capabilities

18 Secure Design Patterns applied to the vpp Security Pattern for Networks and Access Control Which type of IDS? - Network- and/or - host-based How to detect attacks? - Signature-based - Behavior-based DoS-Protection: Filtering OTC Kein Markt

19 Secure Design Patterns applied to the vpp Security Pattern for Access Control DoS-Protection: Filtering Security Logger and Auditor

20 Secure Design Patterns applied to the vpp Summary Don t misunderstandthis diagram: Security can not be added like a library. It must be considered the whole development lifecycle.

21 Security and Privacy considerations in SEMIAH

22 Conclusion and future work We have proposed an approach for achieving a Virtual Power Plant that aims at being secure by design Our approach is based on high-level security requirements derived from NISTIR 7628 The security of a system can be increased by following IT-Security requirements at the beginning of the development lifecycle, as well as by following existing good practices for IT security management (ISO27k/BSI) SEMIAH will consider the collected security requirements to ensure and increase the security of existing virtual power plants Requirements (Security) -> derived from NISTIR 7628 Design -> Secure Design Patterns

23 Thank you