security profile for openadr - Open Smart Grid - OpenSG - UCA ...

More documents

Recommendations

Info

Table of Contents INTRODUCTION....................................................................................................................................................10 1.1 SCOPE ........................................................................................................................................................ 11 1.1.1 Explicit Exclusions................................................................................................................................ 12 1.2 APPROACH .................................................................................................................................................. 12 1.3 AUDIENCE & RECOMMENDED USE................................................................................................................... 14 1.3.1 Electric Utility and Demand Response Aggregators............................................................................ 15 1.3.2 OpenADR Vendors ............................................................................................................................... 15 2 FUNCTIONAL ANALYSIS...............................................................................................................................16 2.1 LOGICAL ARCHITECTURE................................................................................................................................. 17 2.2 ROLE DEFINITIONS ........................................................................................................................................ 19 2.2.1 Demand Response (DR) Controlling Entity .......................................................................................... 19 2.2.2 Demand Response (DR) Resource........................................................................................................ 20 2.2.3 Demand Response (DR) Asset ............................................................................................................. 20 2.3 ROLE MAPPINGS........................................................................................................................................... 21 2.4 USE CASES................................................................................................................................................... 21 Use Case 1: Demand Response Resource Registers with a Demand Response Controlling Entity..................... 24 Use Case 2: DR Controlling Entity Notifies DR Resource of DR Event (Point-to-point Push).............................. 26 Use Case 3: DR Controlling Entity Notifies DR Resource of DR Event – (Broadcast).......................................... 28 Use Case 4: DR Resource Requests New DR Event from DR Controlling Entity (Point-to-point Pull)................. 30 Use Case 5: DR Resource Requests New DR Event from DR Controlling Entity (Anonymous Pull)..................... 32 Use Case 6: DR Controlling Entity Schedules DR Resource for Periodic Feedback (Point-to-point Push)........... 34 Use Case 7: DR Resource Notifies DR Controlling Entity of Event Performance with Feedback by Request (Point-to-point Pull) ........................................................................................................................................... 36 Use Case 8: DR Resource Notifies DR Controlling Entity of Event Performance with Feedback Self-Scheduled (Point-to-point Push) ......................................................................................................................................... 38 3 FAILURE ANALYSIS ......................................................................................................................................40 3.1 FAILURE ANALYSIS PROCESS............................................................................................................................ 40 3.2 SECURITY AND OPERATIONAL OBJECTIVES.......................................................................................................... 41 3.2.1 Contextual Assumptions...................................................................................................................... 42 3.2.2 Security Principles................................................................................................................................ 43 3.3 FAILURES..................................................................................................................................................... 45 4 SECURITY CONTROLS...................................................................................................................................50 4.1 SCOPE OF SECURITY CONTROLS........................................................................................................................ 50 4.2 CONTROL DEFINITIONS................................................................................................................................... 51 4.2.1 Access Control ..................................................................................................................................... 53 4.2.2 Audit and Accountability..................................................................................................................... 54 4.2.3 Configuration Management................................................................................................................ 55 4.2.4 Continuity of Operation....................................................................................................................... 56 4.2.5 Identification & Authentication........................................................................................................... 57 4.2.6 Physical & Environment Security......................................................................................................... 58 4.2.7 System & Communications Protection ................................................................................................ 58 4.2.8 System & Information Integrity........................................................................................................... 60 SECURITY PROFILE FOR OPENADR Version – 0.02 UCA International Users Group December 15, 2011 iv
4.2.9 Controls Mapped to Roles ................................................................................................................... 61 APPENDIX A: RELATION TO THE NIST INTERAGENCY REPORT 7628 ................................................................65 A.1 TRACEABILITY............................................................................................................................................... 65 A.2 NIST IR 7628 ACTORS TO WAMPAC ROLES MAPPING...................................................................................... 66 A.3 NIST IR 7628 SECURITY OBJECTIVES TO OPEN ADR SECURITY PRINCIPLES MAPPING ............................................... 68 A.4 NIST IR 7628 TECHNICAL REQUIREMENTS MAPPED OPEN ADR CONTROLS............................................................ 69 APPENDIX B: USE CASE NOTATION GUIDE .....................................................................................................78 APPENDIX C: USING THE SECURITY PROFILE TO EVALUATE AN OPENADR DEPLOYMENT...............................80 APPENDIX D: GLOSSARY AND ACRONYMS .....................................................................................................82 APPENDIX E: REFERENCES..............................................................................................................................90 APPENDIX F: OPENADR CRYPTOGRAPHIC SECURITY PROFILE ........................................................................93 F.1 METHOD..................................................................................................................................................... 93 F.2 REFERENCES................................................................................................................................................. 94 F.3 HASH.......................................................................................................................................................... 95 CONSIDERATIONS........................................................................................................................................................ 95 RECOMMENDATION..................................................................................................................................................... 95 F.4 SYMMETRIC ENCRYPTION ............................................................................................................................... 95 CONSIDERATIONS........................................................................................................................................................ 95 RECOMMENDATION..................................................................................................................................................... 95 F.5 PUBLIC KEY/DIGITAL SIGNATURE ..................................................................................................................... 96 CONSIDERATIONS........................................................................................................................................................ 96 RECOMMENDATIONS ................................................................................................................................................... 96 CIPHER SUITES............................................................................................................................................................ 96 SECURITY PROFILE FOR OPENADR Version – 0.02 UCA International Users Group December 15, 2011 v
Page 1 and 2: SECURITY PROFILE FOR OPENADR SECURI
Page 3: Executive Summary This document pre
Page 7 and 8: Table of Tables TABLE 1 - CONTROLS:
Page 9 and 10: Authors Bruce Bartell Darren Highfi
Page 11 and 12: 22 23 24 25 26 27 28 29 30 31 32 33
Page 13 and 14: 79 80 81 82 83 84 85 86 87 88 89 90
Page 15 and 16: 142 143 144 145 146 147 148 149 150
Page 17 and 18: 200 201 202 203 204 205 206 207 208
Page 19 and 20: 243 244 245 246 247 248 249 250 251
Page 21 and 22: 304 305 306 307 308 309 310 311 312
Page 23 and 24: 358 359 360 361 362 363 364 365 366
Page 25 and 26: 412 413 414 415 416 417 418 419 420
Page 27 and 28: 455 456 457 458 459 460 461 462 463
Page 29 and 30: 502 503 504 505 506 507 508 509 510
Page 31 and 32: 541 542 543 544 545 546 547 548 549
Page 33 and 34: 581 582 583 584 585 586 587 588 589
Page 35 and 36: 622 623 624 625 626 627 628 629 630
Page 37 and 38: 665 666 667 668 669 670 671 672 673
Page 39 and 40: 700 701 702 703 704 705 706 707 sd
Page 41 and 42: 731 732 733 734 735 736 737 738 739
Page 43 and 44: 803 804 805 806 807 808 809 810 811
Page 45 and 46: 842 843 844 845 846 847 848 849 850
Page 47 and 48: F8 sends an incorrect type of mess
Page 49 and 50: 859 SF1 DR Resource is physically u
Page 51 and 52: 881 882 883 884 885 886 887 888 889
Page 53 and 54: 955 956 957 958 959 960 961 962 •
Page 55 and 56:
966 967 968 Control Control ID ID I
Page 57 and 58:
973 974 975 4.2.5 Identification &
Page 59 and 60:
981 Control Control ID ID ID Short
Page 61 and 62:
984 985 Control Control ID ID ID Sh
Page 63 and 64:
Controlling Control Control ID ID S
Page 65 and 66:
987 988 989 990 991 992 993 994 995
Page 67 and 68:
1022 1023 1024 1025 1026 1027 1028
Page 69 and 70:
1048 1049 1050 1051 1052 NIST IR 76
Page 71 and 72:
NIST NIST IR IR IR 7628 7628 7628 R
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
1065 1066 SECURITY PROFILE FOR OPEN
Page 79 and 80:
1074 1075 1076 1077 1078 1079 1080
Page 81 and 82:
1104 1105 1106 1107 1108 1109 1110
Page 83 and 84:
1131 1132 1133 1134 1135 1136 1137
Page 85 and 86:
1197 1198 1199 1200 1201 1202 1203
Page 87 and 88:
1265 1266 1267 1268 1269 1270 1271
Page 89 and 90:
1331 1332 1333 1334 1335 1336 1337
Page 91 and 92:
1364 1365 1366 1367 1368 1369 1370
Page 93 and 94:
1420 1421 1422 1423 1424 1425 1426
Page 95 and 96:
1470 1471 1472 1473 1474 1475 1476
Page 97:
1529 1530 1531 1532 1533 1534 suite
show all

security profile for openadr - Open Smart Grid - OpenSG - UCA ...

Create successful ePaper yourself

Delete template?

Save as template?