Smart Grid Security Architecture Development based on IntelliGrid Methodologies

AuthorsJoe HughesTechnical Managerjhughes@epri.comMadhava SushilendraSr. Project Managermsushilendra@epri.com

Hard Real-Time Intra-Substations

Distribution Field Equipment Comm

Inter-Control Center

Control Center Customer Equip Inter-Corporation

Inter-Customer Sites

Hard Real-Time Inter-Substations

Data Acquisition Control Centers ESPs

Control Center Corporations

DER Monitoring and Control

Customer ESP

High security intra-substation

Intra-Control Center

RTOs Market Participants

Intra-Corporation Intra-Customer Site

HV Generation Plant

External Corporations

Corporate UtilityMarket

participants

Management and Security Architecture Challenges: 1.The Industry is a Blend of Different Distributed

Computing Environments

3© 2007 Electric Power Research Institute, Inc. All rights reserved.

Security and Management Topics Cut Across IntelliGrid Architecture Domains

Transmission Architecture

Distribution Architecture

Consumer Communications

Architecture

Security and Management

4© 2007 Electric Power Research Institute, Inc. All rights reserved.

Management and Security Architecture Challenges: Enterprise Management Policy Sources In Progress

Energy Industry

Level Policies

Regional

Level Policies

Federal

Level Policies

International

Level Policies

International Level Agreements, Rules of Governance,

Resolutions, Business and Regulatory Practices

Federal Policies on key topics, National Security, Communications Regulations, Critical Infrastructure

Protection…Other…

Energy Industry-Wide Policies: RTO and

Market Operations…

UN, European Union, International

Standards, ITU, ISO, IEC, CIGRE…Other

FCC, DHS, DOD, DOC, GAO, GSA,

FBI, NSA…

FERC, NERC, NARUC, NIST,

DOE, DHS

RTO/ISO Operations

CAL ISO, PJM, MISO, North

American Architects

5© 2007 Electric Power Research Institute, Inc. All rights reserved.

Management and Security Architecture Challenges: 3.Consistent Approach to Architecture Governance Needed for Energy Industry

• Federal Enterprise Architecture

• Department of Defense Architecture Framework

• Energy Industry Architecture

• Federal CIO Council

• GSA, OMB, NIST

• Department of Defense Joint Architecture Working Group

• Branches of Military Service

• Regulators, North American Electric Reliability Council

• Utility Management

• ISO/RTO’s, Other, TBD

Governance OrganizationsArchitectures

6© 2007 Electric Power Research Institute, Inc. All rights reserved.

Key Standards Organizations Involved in the Development of Industry Level Infrastructure

ISO IECInternationalstandards-developing organizations

National Organizations

Trade, technical,and government

Consortia anduser groups

JTC 1

ANSI(US) EIA/CEMA IEEEASHRAE

SAE

UCA International

Zigbee Alliance

AEIC MeterGroup

BACnet™Users

ITU

IEC 61970/68CIM Users

IEC 61850Users Open AMI

AHAM

Utility AMI Open HAN

BACnet™Mfrs

JTC 1 WG 25

*Representative Sample

ASHRAE SSPC 135 UIWG

ANSI C12Series

EPRI IWG

ISA

IETF

CENELEC

Other Projects

NIST

RD&D

ProjectsEPRI ProjectsNIST Projects DOD ProjectsDOE Projects

7© 2007 Electric Power Research Institute, Inc. All rights reserved.

Management and Security Related Standards Development (Sample)

• IEC TC 57 WG 15: (IEC/TR 62210) Also embedded within IEC 61850

• ISO Common Criteria (ISO/IEC 15408)

• ITU X.805 also designated as ISO 18028-2

• ISA: ANSI/ISA-99.00.01-2007

• NIST 800 Series Documents and Federal Information Processing Standards (i.e. SP 800-82, SP 800-53)

• IETF: Several RFC’s

• ANSI C12: Embedded in Metering Standards

• ASHRAE SSPC 135

• Other

8© 2007 Electric Power Research Institute, Inc. All rights reserved.

Integration Across Both Information Technology (IT) and Field Equipment (“Real-Time”) is Required

Customer IntegrationDistribution automation

Substation automation

Transmission Ops WAMAC

PP integration

DER integration

Pow

er S

yste

mR

esou

rces

Rea

l Tim

e A

pplic

atio

nsC

omm

unic

atio

n In

fras

truc

ture

Dat

a M

anag

emen

tEn

terp

rise

App

licat

ions

Power procurementMarket operations

Regional TransmissionOperator

Distribution Control Center External corporations

DER integration

9© 2007 Electric Power Research Institute, Inc. All rights reserved.

Examples of Intelligrid Architecture Recommendations

Apply ASHRAE

BACnet™ for Building

Automation

Apply ANSI C12 for Revenue Metering

Apply IEC 61850 for Real-Time Controls

Apply IEC 61970 and 61968 for

Enterprise Data Sharing

R&D: Harmonize IEC 61850 and 61970 Standards

Develop and implement consistent systems management and security policies

10© 2007 Electric Power Research Institute, Inc. All rights reserved.

Recommended Approaches: Develop Functional and Non-Functional Requirements Together

• Applications:

– System must support the requirements coming from power engineering and industry application needs

• Systems and Network Management:

– Networks and intelligent equipment must be able to scale and managed: Fault, Configuration, Accounting, Performance, Security, Application Management

• Security:

– System must include adherence to existing and emerging security policies including system “hardening” as well as managing residual risk