UCAIug Summit October 22 26 2012 New Orleans

UCAIug Summit October 22 -26, 2012 New Orleans, Louisiana New Orleans Downtown Marriott at the Convention Center

CIM Overview: CIM is an international standard globally accepted for modeling the information exchanges required in electric utility industry. The interoperability enabled by the CIM standards is a key factor for achieving the Smart Grid vision. Open. SG Overview: The Open. SG User Group (OSGug) was formed to create a forum for the development of requirements for Smart. Grid systems. The work focus has been defined by the pragmatic needs of the Utility and Vendor communities. Through these forums leading experts share their insights, create technical content, and resolve key technical issues. Testing Overview: The UCAIug Quality Assurance Program provides for Formalized conformance testing of products supporting IEC 61850 standard will verify that supported functions of the IED are implemented correctly as defined in the IEC 61850 standard. The results of the tests are documented in a detailed test report. If an IED passes the mandatory tests a conformance certificate will be issued. The Testing community is actively working to add the CIM standards and Green Button to its Quality Assurance Program. Green Button Overview: The Green Button is based a standard developed by the North American Energy Standards Board (NAESB). NAESB Open. ESPI 1. 0 Standardizes the Energy Services Provider Interface (ESPI). Green Button uses the Open. ESPI 1. 0 standard to implement the common-sense idea that electricity customers should be able to securely download their own easy-to-understand household energy usage information from their utility or electricity supplier website. IEC 61850 Overview IEC 61850 is an international standard developed by the International Electro technical Commission (IEC) that provides a comprehensive framework for the implementation of power system automation within substations and across the power system. IEC 61850 is a mission critical part of achieving the Smart Grid vision.

Open Smart Grid (Open. SG) Security Working Group Meeting

Message from Chair, Vice Chair, Secretary Open. SG Security Working Group Members, welcome to the conference. For those attending events throughout the week, please share any pertinent information you learn with the group and thanks for your support and participation. The goal of this conference for Open. SG Security Working Group is to have an open discussion and determine next steps to include projects. Ensure the message of Utility Centric is out and all utilities know the Open. SG is specifically for the utilities Solicit inputs from Utilities on what they need from Open. SG, specifically with regards to Security Solicit inputs on improvements, comments, suggestions for group items Vote on Advanced Metering Infrastructure Profile Changes Review EPRI Slides and where group can assist

Open Smart Grid Security Working Groups Overview (Some Groups are in Hibernation Until Called Upon) Chair - JD Senger, Oncor Vice Chair - Bobby Brown, Booz Allen Hamilton Secretary - Scott Palmquist, Itron

SG Security WG – Task Forces n n Usability Analysis Task Force n Evaluation and refinement of Security Profiles and other materials considered for ratification by the SG Security WG Cyber. Sec-Interop Task Force (In Hibernation) n Spinoff from DOE National SCADA Test Bed Lemnos Interoperable Security Project AMI-SEC Task Force (In Hibernation) n Produce technical specifications used by utilities to assess and procure AMI Embedded Systems Security Task Force (Charter Under Revision) n Security requirements for embedded components and devices used in utility field systems

Standardized Security Objects for AMI October 23, 2012 Will Arensman warensman@swri. com Tam Do tdo@swri. com Galen Rasche grasche@epri. com

Agenda: Standardized Security Objects for AMI Background and Approach Document Overview Current Status Next Steps Working Group Activity © 2012 Electric Power Research Institute, Inc. All rights reserved. 8

Background: Project Information Part of EPRI Program P 183: – Cyber Security and Privacy Build on Cyber Security Initiative AMI task – Recent EPRI Report – AMI Common Alarms and Events Increase the interoperability of AMI security objects Better alert and alarms for improved situational awareness © 2012 Electric Power Research Institute, Inc. All rights reserved. 9

Background: Project Information Deliverables: • Technical Update: December 14, 2012 – Security Object Specifications for AMI Systems Value: – Allow more event management vendors to more effectively support AMI monitoring – Easier integration of multiple AMI vendors into event management systems (SIEMs) Building foundation for integrated smart grid monitoring © 2012 Electric Power Research Institute, Inc. All rights reserved. 10

Approach Engaging the Community: • Common AMI Alarms and Events Document Draft – Released to Open. SG Security WG for review – Performed mapping to ANSI C 12. 19 events • David Haynes (Aclara) • Proposing new event codes to committee at October meeting • Working with vendors and asset owners on development of standards © 2012 Electric Power Research Institute, Inc. All rights reserved. 11

Approach Open process – Develop consensus for security objects with industry stakeholders – Begin engagement with third-party SIEM vendors © 2012 Electric Power Research Institute, Inc. All rights reserved. 12

Approach: Common Alerts and Events Categories of Alerts and Events: • Authentication – C 12. XX – Home Area Network • Anomaly Detection – Metrology – Firmware • Integrity – Event Log and Storage Management • Cryptographic Services – Key, Certificate Management • Notifications, Signaling – Communication Interfaces – System Security – Physical, Device Security • Billing Data – Accounting – Meter Disconnect Switch © 2012 Electric Power Research Institute, Inc. All rights reserved. 13

Document Overview System Interfaces High Level Functionality Communication Detailed Functionality © 2012 Electric Power

System Interfaces Examined: • Meter to AMI Headend • AMI Headend to SIEM – C 12. XX © 2012 Electric Power Research Institute, Inc. All rights reserved. – Candidate Technologies – Syslog, XML, Multispeak 15

High Level Functionality • Describe basic concept of operation for each interface • ANSI C 12. 19 -2008/IEEE Std 1377 -2012 – Emit alerts through exception processing and event logs. • AMI Headend to SIEM – Identify interface technology and describe high level usage © 2012 Electric Power Research Institute, Inc. All rights reserved. 16

Communication Identify communication sequences: • AMI interfaces are specialized and constrained – Bandwidth, latency – Efficiency is critical – Communicate security alarms and events effectively • Some events may need to be counted and communicated periodically • Define this system interaction © 2012 Electric Power Research Institute, Inc. All rights reserved. 17

Detailed Functionality • Change of password – C 12. 19 message – "write service event to the password table" – PSEM Write Code, password table • Provide tables with mapping, proposed metadata • Where this mapping is not possible, additions to the C 12. 19 and C 12. 22 standards are suggested © 2012 Electric Power Research Institute, Inc. All rights reserved. 18

Current Status and Focus • On schedule – Deadline mid-November • Solicit feedback – General comments – Metadata contributions – Communication sequence contributions – Interface technologies and standards • Champions in other working groups © 2012 Electric Power Research Institute, Inc. All rights reserved. 19

Next Steps • Integrate feedback • Finish and Release AMI Security Objects Document – Continue mapping to existing standards – Propose updates to standards when applicable • Work with vendors and asset owners on development of standards © 2012 Electric Power Research Institute, Inc. All rights reserved. 20

Working Group Activity © 2012 Electric Power Research Institute, Inc. All rights reserved. 21

Together…Shaping the Future of Electricity © 2012 Electric Power Research Institute, Inc. All rights

Continued Coordination with External Groups n n n NIST Cyber Security Working Group Electric Power Research Institute (EPRI) project P 183. 009, Standardized Security Objects for AMI. P 183. 009 Industrial Control Systems Joint Working Group (ICSJWG) Vendor Subgroup Green Button Any Updates on DOE funding for 2013? Next Steps

GREEN BUTTON (Open. SG Members Please Advise if Attending) “Green Button” is the common-sense idea that electricity customers should be able to securely download their own easy-to-understand household energy usage information from their utility or electricity supplier website. Numerous companies are already developing web and smart phone applications and services for businesses and consumers that can use Green Button data to help consumers choose the most economical rate plan for their use patterns; deliver customized energy-efficiency tips; provide easy-to-use tools to size and finance rooftop solar panels; and conduct virtual energy audits that can cut costs for building owners and speed the initiation of retrofits. Developing innovative applications and services to help consumers understand manage their energy use and understand the environmental impacts of that usage is a field ripe for innovation. The attached document is a call for participation to any Accreditation Body, Certification Body, and Conformity and Interoperability Test Laboratories interested in participating in the UCAIug “Green Button” Testing Program. If your organization is interested in participating in this program, we encourage you to respond to the call for participation by end of business Friday, November 2 nd , 2012. We will be having a Face to Face meeting at the UCAIug 20112 Summit in New Orleans. The Summit runs from October 22 -26. Wednesday, October 24 th we will have the initial meeting to kick-off the UCAIug Green Button Testing Program. More information on the Summit is available at http: //www. ucaiug. org/Meetings/NO 2012/default. aspx. The Open. ADE will be meeting all day on Thursday, October 25, 2012 working sessions to make progress on the Green Button testing requirements that will drive the test cases.

Advanced Metering Infrastructure Security Profile Update for Vote Updated tables 2, line 4 in the AMI-Sec Security Profile. Approval of the modification vote to eligible voting members. Upon approval will rev the doc to Version 2. 1 and remove track changes. Changes submitted - Page 13 in the table row labeled Line #4: to MDMS, the Summary of Communication lists "customer HAN equipment commands. " This is in conflict with the requirements section of the document, and should be changed to something along the lines of "customer HAN equipment responses. “ We don't want HAN devices sending commands to any part of the AMI system. Call to Vote for following eligible members: JD Senger, Tam Do, Rich Tolway, Scott Palmquist, John Lilley, Galen Rasche, Neil Greenfield, Glen Chason, Mark Ellison, Irene Gassko, David Chambers, Naeem Ahsan, Darren Highfill, David Mitton (If you already sent me your vote I have on record)

Ongoing Objectives n n n Support relationships with other Open. SG working groups and task forces Discuss future objectives of group Continued coordination with NIST, DOE and others Ensure utility centric and utilities inputs are incorporated Discuss any interim work done by TFs

Ongoing Efforts The ASAP-SG Team finished the first complete public draft of the Security Profile for Substation Automation. http: //osgug. ucaiug. org/utilisec/Shared%20 Documents/Substation% 20 Automation%20 Security%20 Profile/SA%20 Security%20 Profile% 20 -%20 v 0_15%20 -%2020120930. docx John Lilley (Sempra) will resurrect the Usability Analysis Task Force to review the draft document and comments. Once completed the SG Security Working Group will vote on this document. Embedded Systems Task Force activated and no longer in hibernation. Charter being revised and deliverables to group in November. Update from Rohit

Ongoing Efforts Energy Sector Cybersecurity Capability Maturity Model (ES-C 2 M 2) Discussion Risk Management (i. e. , how systems are assessed and scored). Utilities appear struggle with this and/or don’t have methods that are repeatable. NIST has some guidelines, but none are specific enough to base a real calculation. Having a risk program will also be key in NERC CIP compliance.

Substation Automation Profile Update For those of you interested in reviewing and commenting on the Substation Automation Security Profile, it is posted on the Share. Point site at: http: //osgug. ucaiug. org/utilisec/Shared%20 Documents/Forms/ All. Items. aspx? Root. Folder=%2 futilisec%2 f. Shared%20 Docume nts%2 f. Substation%20 Automation%20 Security%20 Profile&Fold er. CTID=&View=%7 b 059 E 5611%2 d 3141%2 d 4 B 3 E%2 d. AAA 4%2 d FE 7645 EE 07 EE%7 d Darren Highfill (darren@utilisec. com)) has volunteered to be the comments wrangler and editor.

Closing Security Group Discussion Members open discussion on all topics for the Security Working Group such as items of interest by members. Utility Members are the reason the group is here, any Utility members that would like to discuss hot topics the group should be focused on please advise. Closing Comments