DOC

AMI System Security Requirements - v0_93 - Draft for Vote

By Debra Gray,2014-09-14 10:04
7 views 0
UtiltyAMI_20081022_Face-to-Face_Meeting_Minutes

    UCAIUG: AMI-SEC-ASAP

    AMI System Security

    Requirements

    Specification

    V0.93 Draft for Vote

    ASAP

    12/08/2008

1 Executive Summary

    2 This document provides the utility industry and vendors with a set of security requirements for 3 Advanced Metering Infrastructure (AMI). These requirements are intended to be used in the 4 procurement process, and represent a superset of requirements gathered from current cross-5 industry accepted security standards and best practice guidance documents.

    6

    7 This document provides substantial supporting information for the use of these requirements 8 including scope, context, constraints, objectives, user characteristics, assumptions, and 9 dependencies. This document also introduces the concept of requirements for security states and 10 modes, with requirements delineated for security states.

    11

    12 These requirements are categorized into three areas: 1) Primary Security Services, 2) Supporting 13 Security Services and 3) Assurance Services. The requirements will change over time 14 corresponding with current security threats and countermeasures they represent. The AMI-SEC 15 Task Force presents the current set as a benchmark, and the authors expect utilities and vendors 16 to tailor the set to individual environments and deployments.

    17

    18 While these requirements are capable of standing on their own, this document is intended to be 19 used in conjunction with other 2008 deliverables from the AMI-SEC Task Force, specifically the 20 Risk Assessment, the Architectural Description, the Component Catalog (in development as of 21 this writing), and the Implementation Guide (to be developed late 2008). This document also 22 discusses the overall process for usage of this suite.

    23

    AMI System Security Specification Page i

24 Acknowledgements

    25 The AMI-SEC Task Force would like to acknowledge the work of the primary authors, 26 contributing authors, editors, reviewers, and supporting organizations. Specifically, the Task 27 Force would like to thank:

    28

    29 ; The AMI Security Acceleration Project (ASAP)

    30 o The Architectural Team including resources from Consumers Energy, 31 EnerNex Corporation, InGuardians, The Software Engineering Institute at 32 Carnegie Mellon University, and Southern California Edison

    33 o Supporting organizations including The Electric Power Research Institute and 34 The United States Department of Energy

    35 o Participating utilities, including American Electric Power, Austin Energy, BC 36 Hydro, Consumers Energy, Duke Energy, Kansas City Power & Light, Oncor, 37 Pacific Gas & Electric, San Diego Gas & Electric, Southern California Edison 38 ; The utilities, vendors, consultants, national laboratories, higher education institutions, 39 governmental entities, and other organizations that have actively contributed to and 40 participated in the activities of the AMI-SEC Task Force

    41

    42 Authors

    43 Bobby Brown

    44 Brad Singletary

    45 Bradford Willke

    46 Coalton Bennett

    47 Darren Highfill

    48 Doug Houseman

    49 Frances Cleveland

    50 Howard Lipson

    51 James Ivers

    52 Jeff Gooding

    53 Jeremy McDonald

    54 Neil Greenfield

    55 Sharon Li

    56

    AMI System Security Specification Page ii

57

    58 Table of Contents 59 Executive Summary .................................................................................................................... i 60 Acknowledgements .................................................................................................................... ii 61 1. Introduction .............................................................................................................................1 62 1.1 Purpose............................................................................................................................1 63 1.1.1 Strategic Importance ...................................................................................................1 64 1.1.2 Problem Domain .........................................................................................................2 65 1.1.3 Intended Audience ......................................................................................................3

    1.1.66 Scope...............................................................................................................................3 67 1.2. Document Overview ........................................................................................................4 68 1.3. Definitions, acronyms, and abbreviations .........................................................................6 69 1.4. References .......................................................................................................................6 70 2. General system description ..................................................................................................7 71 2.1. Use Cases ........................................................................................................................7 72 2.1.1. Billing ......................................................................................................................8 73 2.1.2. Customer ................................................................................................................ 10 74 2.1.3. Distribution System ................................................................................................ 11 75 2.1.4. Installation ............................................................................................................. 12 76 2.1.5. System ................................................................................................................... 13 77 2.2. System Context ............................................................................................................. 14

    2.3.78 System Constraints ........................................................................................................ 16 79 2.4. Security States and Modes ............................................................................................. 18

    2.4.1. System States ........................................................................................................... 1880 81 2.4.2. System Modes ......................................................................................................... 20 82 2.5. Security Objectives ........................................................................................................ 21 83 2.4.1. Holistic Security ...................................................................................................... 23

    2.6.84 User Characteristics ....................................................................................................... 23

    2.7.85 Assumptions and Dependencies ..................................................................................... 24 86 3. System Security Requirements .......................................................................................... 24

    3.1. Primary Security Services ............................................................................................... 2487 88 3.1.1. Confidentiality and Privacy (FCP) ........................................................................... 24 89 3.1.2. Integrity (FIN) ......................................................................................................... 25 90 3.1.3. Availability (FAV)................................................................................................... 28 91 3.1.4. Identification (FID) .................................................................................................. 28 92 3.1.5. Authentication (FAT)............................................................................................... 29 93 3.1.6. Authorization (FAZ) ................................................................................................ 32 94 3.1.7. Non-Repudiation (FNR) .......................................................................................... 33 95 3.1.8. Accounting (FAC) ................................................................................................... 34 96 3.2. Supporting Security Services .......................................................................................... 36

    3.2.1. Anomaly Detection Services (FAS) ......................................................................... 3697 98 3.2.2. Boundary Services (FBS) ......................................................................................... 37

    3.2.3. Cryptographic Services (FCS) .................................................................................. 3999 100 3.2.4. Notification and Signaling Services (FNS) ............................................................... 40 101 3.2.5. Resource Management Services (FRS) .................................................................... 40 102 3.2.6. Trust and Certificate Services (FTS) ........................................................................ 43

    AMI System Security Specification Page iii

103 3.3. Performance/Non-Functional .......................................................................................... 43

    104 3.4. Assurance ....................................................................................................................... 43 105 3.4.1. Development Rigor (ADR) ...................................................................................... 43 106 3.4.2. Organizational Rigor (AOR) .................................................................................... 47 107 3.4.3. Handling/Operating Rigor (AHR) ............................................................................ 57 108 3.4.4. Accountability (AAY) ............................................................................................. 60 109 3.4.5. Access Control (AAC) ............................................................................................. 63 110 Appendix A: Normative Information ......................................................................................... 65

    A.1. Scope ................................................................................................................................ 65111 112 A.2. Mission ............................................................................................................................. 66 113 A.4. Stakeholders & Concerns................................................................................................... 67 114 A.5. Security Analysis Approach............................................................................................... 68 115 A.6. Architecture Description Approach .................................................................................... 68 116 A.6.1. Viewpoints ................................................................................................................. 69 117 A.6.2. Views ......................................................................................................................... 70

    A.7 Contextual View ................................................................................................................. 70118

    A.8 Top Level Model ................................................................................................................ 70119 120 A.8.1. Customer Model ......................................................................................................... 71

    A.8.2. Third Party Model....................................................................................................... 73121 122 A.8.3. Utility Model .............................................................................................................. 74

    A.9 Security Domains View ...................................................................................................... 78123 124 A.9.1. Utility Edge Services Domain ..................................................................................... 80 125 A.9.2 Premise Edge Services Domain.................................................................................... 80

    A.9.3. Communication Services Domain ............................................................................... 80126 127 A.9.4. Managed Network Services Domain ........................................................................... 81

    A.9.5. Automated Network Services Domain ........................................................................ 81128 129 A.9.6. Utility Enterprise Services Domain ............................................................................. 81

    Annex A Business Functions as Stakeholders in AMI Systems .................................................0130 131 Introduction ................................................................................................................................1 132 Scope of AMI Systems ............................................................................................................1 133 Overview of Business Functions Utilizing AMI Systems .........................................................2 134 AMI Metering Business Functions ..............................................................................................1 135 Metering Services....................................................................................................................1 136 Periodic Meter Reading .......................................................................................................1 137 On-Demand Meter Reading .................................................................................................1 138 Net Metering for DER .........................................................................................................1 139 Bill - Paycheck Matching ....................................................................................................2 140 Pre-Paid Metering ...................................................................................................................2 141 Prepayment Tariffs ..............................................................................................................2

    Limited Energy Usage .........................................................................................................2142 143 Limited Demand ..................................................................................................................2 144 Revenue Protection .................................................................................................................3 145 Tamper Detection ................................................................................................................3 146 Anomalous Readings ...........................................................................................................3 147 Meter Status ........................................................................................................................3 148 Suspicious Meter .................................................................................................................3

    AMI System Security Specification Page iv

149 Remote Connect / Disconnect ..................................................................................................3

    150 Remote Connect for Move-In ..............................................................................................3 151 Remote Connect for Reinstatement on Payment ..................................................................4 152 Remote Disconnect for Move-Out .......................................................................................4 153 Remote Disconnect for Non-Payment ..................................................................................4 154 Remote Disconnect for Emergency Load Control ................................................................4 155 Unsolicited Connect / Disconnect Event ..............................................................................5 156 Meter Maintenance ..................................................................................................................5

    Connectivity Validation .......................................................................................................5157 158 Geo-Location ......................................................................................................................5 159 Battery Management ...........................................................................................................5 160 Distribution Operations Business Functions ................................................................................6 161 Distribution Automation (DA) .................................................................................................6 162 DA Equipment Monitoring and Control ...............................................................................6 163 Use of Smart Meters for Power System Information ............................................................6

    Power System Security/Reliability .......................................................................................6164

    Power System Protection .....................................................................................................6165 166 Site/Line Status ...................................................................................................................6

    Automation of Emergency Response ...................................................................................7167 168 Dynamic Rating of Feeders .................................................................................................7

    Outage Detection and Restoration ...........................................................................................7169 170 Outage Detection .................................................................................................................7 171 Scheduled Outage Notification ............................................................................................7

    Street Lighting Outage Detection .........................................................................................8172 173 Outage Restoration Verification ..........................................................................................8

    Planned Outage Scheduling .................................................................................................8174 175 Planned Outage Restoration Verification .............................................................................8

    Calculation of IEEE Outage Indices ....................................................................................8176 177 Call Center Unloading .........................................................................................................8 178 Load Management ...................................................................................................................9 179 Direct Load Control .............................................................................................................9 180 Demand Side Management ..................................................................................................9 181 Load Shift Scheduling .........................................................................................................9 182 Curtailment Planning ...........................................................................................................9 183 Selective Load Management through Home Area Networks .............................................. 10 184 Power Quality Management .................................................................................................. 10 185 Power Quality Monitoring ................................................................................................. 10 186 Asset Load Monitoring ...................................................................................................... 10 187 Phase Balancing ................................................................................................................ 10

    Load Balancing ................................................................................................................. 10188 189 Distributed Energy Resource (DER) Management ................................................................. 11 190 Direct Monitoring and Control of DER .............................................................................. 11 191 Shut-Down or Islanding Verification for DER ................................................................... 11 192 Plug-in Hybrid Vehicle (PHEV) Management ................................................................... 11 193 Net and Gross DER Monitoring ......................................................................................... 12 194 Storage Fill/Draw Management ......................................................................................... 12

    AMI System Security Specification Page v

195 Supply Following Tariffs ................................................................................................... 12

    196 Small Fossil Source Management ...................................................................................... 13 197 Distribution Planning ............................................................................................................ 13 198 Vegetation Management .................................................................................................... 13 199 Regional and Local Load Forecasting ................................................................................ 13 200 Simulations of Responses to Pricing and Direct Control Actions ....................................... 13 201 Asset Load Analysis .......................................................................................................... 13 202 Design Standards ............................................................................................................... 14

    Maintenance Standards ...................................................................................................... 14203 204 Rebuild Cycle .................................................................................................................... 14 205 Replacement Planning ....................................................................................................... 14 206 Work Management ................................................................................................................ 14 207 Work Dispatch Improvement ............................................................................................. 14 208 Order Completion Automation .......................................................................................... 15 209 Field Worker Data Access ................................................................................................. 15

    Reliability Centered Maintenance (RCM) Planning ........................................................... 15210

    Customer Interactions Business Functions ................................................................................. 16211 212 Customer Services ................................................................................................................. 16

    Remote Issue Validation .................................................................................................... 16213 214 Customer Dispute Management ......................................................................................... 16

    Outbound Customer Issue Notification .............................................................................. 16215 216 Customer Energy Advisory ............................................................................................... 16 217 Customer Price Display ..................................................................................................... 17

    Tariffs and Pricing Schemes .................................................................................................. 17218 219 Tariff Design ..................................................................................................................... 17

    Rate Case Support ............................................................................................................. 17220 221 Tariff Assessments ............................................................................................................ 18

    Cross Subsidization ........................................................................................................... 18222 223 Customer Segmentation ..................................................................................................... 18 224 Demand Response ................................................................................................................. 18 225 Real Time Pricing (RTP) ................................................................................................... 19 226 Time of Use (TOU) Pricing ............................................................................................... 19 227 Critical Peak Pricing .......................................................................................................... 19 228 External Parties Business Functions ............................................................................................1 229 Gas and Water Metering ..........................................................................................................1 230 Leak Detection ....................................................................................................................1 231 Water Meter Flood Prevention .............................................................................................1 232 Gas Leak Isolation ...............................................................................................................1 233 Pressure Management ..........................................................................................................1

    Third Party Access ..................................................................................................................1234 235 Third Party Access for Outsourced Utility Functions ...........................................................1 236 Third Party Security Management of HAN Applications .....................................................2 237 Appliance Monitoring .........................................................................................................2 238 Home Security Monitoring ..................................................................................................2 239 Home Control Gateway .......................................................................................................2 240 Medical Equipment Monitoring ...........................................................................................2

    AMI System Security Specification Page vi

    241 External Party Information ......................................................................................................3242 Regulatory Issues ................................................................................................................3 243 Investment Decision Support ...............................................................................................3 244 Education ................................................................................................................................3 245 Customer Education ............................................................................................................3 246 Utility Worker Education ....................................................................................................3 247 Third Party Access for Certain Utility Functions .....................................................................3 248 Cross-Functional System Management Business Processes .........................................................4

    Security Management ..............................................................................................................4249 250 Security Management of Stakeholder Business Functions ....................................................4 251 Security Management of the Meter ......................................................................................4 252 Security Management of the AMI System ...........................................................................4 253 Security Management of HAN Systems ...............................................................................4 254 AMI System Maintenance .......................................................................................................4 255 Network and System Management ......................................................................................4

    AMI System Upgrading .......................................................................................................4256

    AMI System Expansion .......................................................................................................4257 258 AMI System Performance Management ..................................................................................4

    Performance Monitoring ......................................................................................................4259 260 Static Performance Modification .........................................................................................5

    Dynamic Performance Balancing.........................................................................................5261 262

    AMI System Security Specification Page vii

263 1. Introduction

    264 As a key element in the evolution of the Smart Grid, the Advanced Metering Infrastructure (AMI) 265 is the convergence of the power grid, the communications infrastructure, and the supporting 266 information infrastructure. AMI security must exist in the real world with many interested parties 267 and overlapping responsibilities. This document focuses on the security services that are 268 important to secure the power grid, communications infrastructure and supporting information 269 infrastructure.

    270 1.1 Purpose

    271 The purpose of the AMI Security Specification is to provide the utility industry along with 272 supporting vendor communities and other stakeholders a set of security requirements that should 273 be applied to AMI implementations to ensure the high level of information assurance, 274 availability and security necessary to maintain a reliable system and consumer confidence. 275 While this specification focuses on AMI, the security requirements contained in the document 276 may be extended to other network-centric, Smart Grid solutions.

    277 1.1.1 Strategic Importance

    278 Utility companies of the future will deliver energy and information to customers through a 279 ―smart‖ energy supply chain created by the convergence of electric, communication and 280 information technologies that are highly automated for responding to the changing environment, 281 electricity demands and customer needs. The building blocks of this Smart Grid include AMI, 282 advanced transmission and distribution automation, distributed generation, electric vehicle 283 refueling infrastructure and renewable energy generation projects of today. 284

    285 The emergence of this new class of Smart Grid systems holds tremendous promise and requires 286 innovation and deployment of new technologies, processes and policies. Composed of many 287 independent systems, the Smart Grid will evolve by integrating existing islands of automation to 288 achieve value through the delivery of information to customers, grid operators, utility companies 289 and other stakeholders. A reliable and secure Smart Grid holds the promise of reducing green 290 house gas emissions and dependence on fossil fuels by enabling automated demand response, 291 providing customers a myriad of options to manage their energy costs through technology 292 enabled programs along with limiting outages with a self-healing resilient transmission and 293 distribution network and other strategically important functions.

    294

    295 The challenge of providing both a reliable and secure AMI solution lies in the diversity of 296 technologies, processes and approaches used to realize this vision. Managing change rising from 297 the complexity of diverse solutions with an effective and efficient systems integration process 298 will enable the AMI system. This requires a commitment to standards, best practices and a high 299 degree of architectural discipline. This document serves as an ad hoc standard supporting a 300 reliable and secure AMI solution as part of a robust Smart Grid solution. Specifically, this 301 document specifies platform independent security requirements, services and guidance required 302 to implement secure, resilient AMI solutions.

    1 | Page

303 1.1.2 Problem Domain

    304 As utility industry capabilities increase to serve the needs of a rapidly growing information 305 society, the breadth and sophistication of the threat environment these Smart Grid solutions 306 operate in also increases. By bridging heterogeneous networks capable of exchanging 307 information seamlessly across the AMI older proprietary and often manual methods of securing 308 utility services will disappear as each is replaced by more open, automated and networked 309 solutions. The benefits of this increased connectivity depends upon robust security services and 310 implementations that are necessary to minimize disruption of vital services and provide increased 311 reliability, manageability and survivability of the electric grid.

    312

    313 Recognizing the unique challenges of AMI enabled Smart Grid solutions is imperative to 314 deploying a secure and reliable solution. Unique characteristics of AMI implementations that set 315 them apart from other utility project include the following:

    316 ; AMI touches every consumer

    317 ; AMI is a command and control system

    318 ; AMI has millions of nodes

    319 ; AMI touches almost every enterprise system

    320 ; Many current AMI solutions are narrowband solutions

    321

    322 These network-centric characteristics, coupled with a lack of security standards and 323 implementation guidance, is the primary motivation for the development of this document. The 324 problem domains needing to be addressed within AMI implementations is relatively new to the 325 utility industry, however there is precedence for implementing large scale, network-centric 326 solutions with high information assurance requirements. The defense, cable and 327 telecommunication industries offer a number of examples of requirements, standards and best 328 practices directly applicable to AMI implementations.

    329

    330 The challenge is to secure AMI in a holistic manner, noting that such an approach requires the 331 buy-in of many stakeholders. Stakeholders can be viewed in three groups:

    332 ; Stakeholders within the enterprise who have an interest in generating value from technology 333 investments:

    334 Those who make investment decisions

    335 Those who decide about requirements

    336 Those who use technology services

    337 ; Internal and external stakeholders who provide technology services:

    338 Those who manage the technology organization and processes

    339 Those who develop capabilities

    340 Those who operate the services

    341 ; Internal and external stakeholders who have a control/risk responsibility: 342 Those with security, privacy and/or risk responsibilities

    343 Those performing compliance functions

    344 Those requiring or providing assurance services

    345

    346 To meet the requirements of the stakeholder community, a framework for technology 347 governance and control should:

    348 ; Provide a business focus to enable alignment between business and technology objectives

    AMI System Security Specification Page 2

Report this document

For any questions or suggestions please email
cust-service@docsford.com