Name of presenter Title. Date

Transcription

1 Name of presenter Title Date

2 Deriving security requirements from smart grid/smart metering use cases Willem Strabbing Managing Director 6 December, Amsterdam

3 Agenda Deriving security requirements from smart grid/smart metering use cases Use Cases in the Smart Meter Coordination Group and Smart Grid Coordination Group related to Smart Metering European approach for defining security requirements based on Use Cases Certification of implementations

4 M441 and M490 M441 mandate Smart Metering SM-CG Interoperability, reference architecture, standards 1st report 2010, 2nd 2011, last 2012: Use Cases and P&S approach M490 mandate Smart Grids SG-CG Interoperability, reference architecture, standards Sustainable standardisation process Privacy & Security approach 1st report 2010 (JWG), new drafts 2011, last 2012

5 The SMCG reference architecture Metering End Device ( E / G W H ) MID requirements Metrology Display Additional functions Simple external consumer di splay Home Automation End Device H ome automation functions Meter communication functions H1 H A communication functions G 1 C M WAN NN LN L H 2 H 3 Local Network Access Point ( LNAP ) C C N Neigbourhood Network Access Point ( NNAP ) G 1 G 2 AMI Head End System

6 Internal / External Actors External actors were labelled by a letter A/B/C/D/E because the actual roles of the system users are dependant on local market organisation Metering End Device (E / G W H) MID requirements Metrology I B C D Display Additional functions Meter communication functions Simple external consumer display H1 Home Automation End Device Home automation functions HA communication functions G1 C M E.g.: Actor A = external actor interacting with system via the HES. Could be Grid Operator, Meter Data Collector, etc... WAN NN LN C C Local Network Access Point (LNAP) Neigbourhood Network Access Point (NNAP) N H2 H3 E L G1 G2 AMI Head End System A

7 What is a Use Case A way to model the functional behavior of a system Describe the interactions of the external actors (users) with the system Describe the interactions among the internal actors (components) of the system Contain also the Technical Requirements for interactions and the related standards Have a standard (IEC) template

8 Status of the SMCG Use Cases A SMCG Task Force started in 2011 with existing Smart Metering Use Cases and Technical Requirements (SCE, DSMR, SMDG, OMS, OpenMeter) Supported by TC13, TC294, TC205 Final delivarables Guidelines Use Cases report Repository of primary and secundary Use Cases Generic Technical requirements Finished by , official handover to SMCG this week

9 Agenda Deriving security requirements from smart grid/smart metering use cases Use Cases in the Smart Meter Coordination Group and Smart Grid Coordination Group related to Smart Metering European approach for defining security requirements based on Use Cases Certification of implementations

10 Detailed SG-CG structure Mandate Scope Smart Grid Coordination Group (former JWG) EC Reference Group EC Level SG-CG Level M/441 M/468 coordination First Set of Standards Team New joint WGs Existing WGs Process Team New joint WGs Existing WGs Steering Committee Architecture Team New joint WGs Existing WGs Security Team New joint WGs Existing WGs Further Tasks TC Level Report 2.0 Liaisons Promotion NIST JISC China Etc.

11 Smart Grid Architecture Model Business Objectives Polit. / Regulat.. Framework Business Layer Function Layer Interoperability Dimension Information Layer Outline of Usecase Subfunctions Data Model Data Model Communication Layer Protocol Protocol Market Enterprise Component Layer Operation Generation Transmission Distribution Domains DER Customer Premise Process Field Station Zones

12 Defining security requirements: the SGIS toolbox Define the systems (ICT) architecture Map the architecture and Use Case steps on the SGAM (domains/zones/layer) Analyze the risks data asset per zone Determine the security levels Determine the security requirements per data asset per zone

13 DR/DSM functional IT layer Energy Management Actor A Energy management gateway CEMS Smart Appliance / generator H3 H2 Actor B MDM HES NNAP Smart Metering gateway (LNAP) Smart meter functionality External consumer display M441 architecture H1

14 DR/DSM functional IT layer Actor A Energy management gateway CEMS Smart Appliance / generator H3 H2 Actor B MDM HES NNAP Smart Metering gateway (LNAP) Smart meter functionality External consumer display H1

15 Mapping on Domains/Zones Domain = Customer Premise

16 Analyze the risk impact

17 Defining the security levels

18 Defining security levels (II)

19 Defining security levels (III)

20 Security requirements NISTIR-7628 SGIS - SL Security Requirements Reference Category Low 1 Medium 2 High 3 Critical 4 Highest 5 ACCESS CONTROL SG.AC Access Control Policy and Procedures SG.AC.1 Governance Remote Access Policy and Procedures SG.AC.2 Governance Account Management SG.AC.3 Governance Access Enforcement SG.AC.4 Governance Information Flow Enforcement SG.AC.5 Technical Separation of Duties SG.AC.6 Technical Least Privilege SG.AC.7 Technical Unsuccessful Login Attempts SG.AC.8 Technical Smart Grid Information System Use Notification SG.AC.9 Technical Previous Logon Notification SG.AC.10 Technical Concurrent Session Control SG.AC.11 Technical Session Lock SG.AC.12 Technical Remote Session Termination SG.AC.13 Technical Permitted Actions without Identification or Authentication SG.AC-14 Technical Remote Access SG.AC-15 Technical Wireless Access Restrictions SG.AC-16 Technical Access Control for Portable and Mobile Devices SG.AC-17 Technical

21 Next steps Organise workshops with utilities to exercise the toolbox Improve the SGIS toolbox based on results from workshops Define a European reference set of P&S Requirements for Smart Metering (SM-CG, Q1 2013) Explore a possible certification approach (Q1 2013) Perform certification pilots (Q3+Q4 2013)

22 Thank you for your attention For more information Willem Strabbing, Managing Director Howard Porter, International Alliances Director Zoi Mylona, Marketing and Operations Officer Nicolle Raven, Policy Officer European Smart Metering Industry Group Boulevard A. Reyers 80, B-1030 Brussels, Belgium DDI: secretariat@esmig.eu