Security Profile for Advanced Metering Infrastructure - Open Smart ...
Security Profile for Advanced Metering Infrastructure - Open Smart ...
Security Profile for Advanced Metering Infrastructure - Open Smart ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
their protection needs to be determined. Policies and procedures must be developed and<br />
implemented to protect the connection to the business or enterprise in<strong>for</strong>mation system.<br />
This might include disabling the connection except when specific access is requested <strong>for</strong><br />
a specific need, automatic timeout <strong>for</strong> the connection, etc.<br />
DHS-2.8.18.3 Requirement Enhancements:<br />
None.<br />
DHS-2.8.18.4 Rationale:<br />
External system connections provide a vector of attack into the AMI system, and<br />
there<strong>for</strong>e must be managed to the appropriate security level to ensure the security of the<br />
AMI system.<br />
DHS-2.8.19 <strong>Security</strong> Roles<br />
DHS-2.8.19.1 Requirement:<br />
The AMI system design and implementation must specify the security roles and<br />
responsibilities <strong>for</strong> the users of the system.<br />
DHS-2.8.19.2 Supplemental Guidance:<br />
<strong>Security</strong> roles and responsibilities <strong>for</strong> AMI system users must be specified, defined, and<br />
implemented based on the sensitivity of the in<strong>for</strong>mation handled by the AMI system.<br />
These roles may be defined <strong>for</strong> specific task and data handled.<br />
DHS-2.8.19.3 Requirement Enhancements:<br />
None.<br />
DHS-2.8.19.4 Rationale:<br />
Defining roles and responsibilities <strong>for</strong> user ensures alignment with security requirements.<br />
DHS-2.8.20 Message Authenticity<br />
DHS-2.8.20.1 Requirement:<br />
The AMI system must provide mechanisms to protect the authenticity of device-to-device<br />
communications.<br />
DHS-2.8.20.2 Supplemental Guidance:<br />
None<br />
DHS-2.8.20.3 Requirement Enhancements:<br />
Message authentication mechanisms should be implemented at the protocol level <strong>for</strong> both<br />
serial and routable protocols.<br />
<strong>Security</strong> <strong>Profile</strong> <strong>for</strong> <strong>Advanced</strong> <strong>Metering</strong> <strong>Infrastructure</strong> Version 1.0<br />
UtiliSec Working Group (UCAIug) December 10, 2009<br />
37