IEEE Standard for Substation IED Cyber Security IEEE

IEEE Standard for Substation IED Cyber Security IEEE- 1686 Presented by Sam Sciacca – Working Group C 1 Chair Substations C 0 Subcommittee Click here to go back Click anywhere to continue

Purpose of Document • Define cyber security functions and features • Serve as a procurement specification for new IEDs or analysis of existing IEDs • Produce a common reference point for terms and verbiage regarding cyber security Click here to go back Click anywhere to continue

Reasons for the Effort • Increased cyber security requirements • NERC Critical Infrastructure Protection (CIP 002 -1 through 009 -1) • Confusion among users and vendors as to what IED cyber security should include Click here to go back Click anywhere to continue

NERC CIP • Goals oriented – security, reliability, accountability • Does not require the application of specific technologies • Provides no baseline of product features (Claims of products to be “NERC CIP Compliant” or “Conform to NERC CIP standards” are baseless) • Concerned with both intentional and unintentional acts Click here to go back Click anywhere to continue

Underlining Premises of IEEE-1686 • Substation cyber security programs will be companyspecific • Determination of what devices require cyber security is outside of the scope of the effort • Not all features will be required in every program • Addresses only embedded security features of the IED and the IED configuration software Click here to go back Click anywhere to continue

Objectives of IEEE-1686 • Establish a suite of IED features and functions which can be incorporated in a cyber security program • Define the features and functions in a non-ambiguous manner • Serve as the format of a procurement or evaluation specification • Raise vendor awareness as to desirable features and functions which they may wish to consider providing in new generations of equipment. Click here to go back Click anywhere to continue

Proper Use of IEEE-1686 Requires 3 important elements: 1. Proper citation of the standard. 2. Table of Compliance to the standard 3. Analysis and verification by the User of the IED offering Click here to go back Click anywhere to continue

Improper Citation of IEEE-1686 “IED must conform to all applicable sections of IEEE-1686” Click here to go back Click anywhere to continue

IEEE-1686 IED Requirements • • Strong password construction No undisclosed bypass or “back door” Multiple access levels Non-modifiable audit trail Supervisory permissive control IEEE 37. 231 compliance (Firmware Control) Alarm Generation Click here to go back Click anywhere to continue

IEEE-1686 IED Configuration Software Concepts • Authentication/copy control • Multiple access levels - View Configuration Data - Change Configuration Data - Full Access (User/ID Password changes) • IED Communications Port Enabling/Disabling Click here to go back Click anywhere to continue

IEEE-1686 Audit Trail • • • Login Manual Log Out Timed Log Out Config Access Config Change Supervisory Permission Click here to go back Click anywhere to continue • Value Forcing • Firmware Change • User. ID/Password Change • Audit Log Access • Time/Date Change • Alarm Incident

IEEE-1686 IED Alarm Events • Unsuccessful login attempt • Reboot • Use of unauthorized configuration software Click here to go back Click anywhere to continue

IEEE-1686 Status Approved and available for use Click here to go back Click anywhere to continue

Identified Areas of Further Work • Definition and recommended practice for strong or multifactor authentication • Definition and recommended practice for substation electronic perimeters Click here to go back Click anywhere to continue

Substations C 0 Subcommittee • Data Acquisition Processing and Control Systems Subcommittee (“SCADA Subcommittee”) • Michael Dood, Chair • Open to IEEE-PES Members and Guests • Meets at Substation Annual Meeting (Spring), IEEE-PES Annual Meeting, and most PSRC meetings Click here to go back Click anywhere to continue