UCA International Users Group
Usability Analysis Task Force Evaluation ReportRevision 0.1
UCA International User’s Group
OpenSG SGSecurity Working Group
Usability Analysis Task Force
Usability Analysis Evaluation for
Security Profile for Wide Area Monitoring Protection and Control (WAMPAC)
Abstract
The Usability AnalysisTaskForce(TF) has been formed under the auspices of the UCAIugOpenSG SG SecurityWorking Group (WG). This document provides a usability analysis of the Security Profile for Wide Area Monitoring Protection and Control.
Security Profile for WAMPAC Evaluation ReportPage 1
UCA International Users Group
Usability Analysis Task Force Evaluation ReportRevision 0.1
Table of Contents
Chapter 1:Document Control
1.1Change Record
Chapter 2:Usability Analysis Evaluation Criteria
2.1Introduction
2.1.1Summary
2.2Usability Criteria
2.2.1Goals
2.2.2Requirement Mapping
2.2.3Use Cases
2.2.4Lifecycle
2.2.5Procurement
2.2.6Security Levels
2.2.7Component Wise Security
2.2.8System Architecture
Chapter 1:Document Control
1.1Change Record
Date / Author(s) / Version / Change Reference10/24/2011 / Usability Analysis Team / 0.1 / Draft for review by Usability Analysis Task Force
Chapter 2:Usability AnalysisEvaluation Criteria
2.1Introduction
The Usability Analysis Task Force is a designated task force operating under the Smart Grid Security Working Group (SG Security), which is constituted to operate under the OpenSG Technical Committee. One of the responsibilities of the Task Force is to review documents based on documented criteria with the perspective of verifying that the analyzed security documents are useful and usable by the Smart Grid industry.
The purpose of this document is to analyzethe Security Profile for Wide Area Monitoring Protection and Control (WAMPAC) from the perspective of a broad set of stakeholders and systems that the Smart Grid represents.
Many industry security requirement documents outline high level requirements and best practices but leave it for the reader to understand how to apply the security requirements to individual systems and components. This abstraction often introduces much confusion as many times the document reader is not a security specialist and often deals with conflicting notions and terminology the document will introduce. For example in the electrical industry the perception of security is different than that of the IT world. Security is vested in the physical protection and reliability of the power grid, and not the security of cyber assets. For this reason due care must be taken to address the terminology and notions any requirement document produces and map them to the primary domain we are seeking to build security for. The work must be done to map specific requirements to real systems and devices in way that is realistic and demonstrates an understanding of how these systems actually operate in the field.
Any recommended features must have clear justifications that are tied to industry recognized use cases. Where possible it is also highly desirable that specific standards be referenced that can meet the requirements specified at a technical and procedural level. If no such standards exist, it should also offer some guidance on what types of technologies and practices could suffice. It is thus important that the framework of security specified be risk based and have an appropriate level of controls commensurate with possible impacts to reliability and cost to the infrastructure. Having a security architecture that takes into account different security levels based on the nature of the network, application, and mitigating technologies that are in place is very desirable.
Usability means that the reader of the security profilecan quickly and easily accomplish their own tasks. These tasks can be as varied as achieving a better understanding of the subject matter, creating a request for proposal for product procurement, or testing an implementation for compliance.
2.1.1Summary
The WAMPAC Security Profile was found to be a readable, consistent guideline for implementing, operating, and assessing WAMPAC systems, specifically leveraging synchrophasors. Useful features of the profile in addition to the defined security controls include a mapping of the security controls to the National Institute of Standards (NIST) Interagency Report (IR) 7628, Guidelines for Smart Grid Cyber Security, simplified use cases and device roles, failure mode definitions, mapping of failure modes to use cases and roles, and a short guide on evaluating a WAMPAC system.
As part of the comment resolution and usability analysis process, the document has been modified. For detailed descriptions of the changes, please refer to the comment resolution spreadsheet.Comments ranged from editorial to clarification of definitions. In one case a new physical and environmental requirement was identified and added to the document.
2.2Usability Criteria
The following are high-level usability criteria that are desirable for security profile and security architecture documents for the smart grid domains.
2.2.1Goals
The security profile clearly specifies the scope and goals of the document. It provides guidelines for WAMPAC systems addressing the transfer and delivery of time-synchronized, moderate resolution (i.e., 10-240 samples per second), power-related waveform data across geographically diverse Transmission Operator and Reliability Coordinator locations.The document was modified to include Transmission Operator and Reliability Coordinator as part of the scope.
2.2.2Requirement Mapping
It is necessary that any high level requirements be mapped to specific technical requirements for devices and components found in representative systems. Requirements should be detailed when possible; examples include specific types of cryptography and modes to use. There has to be some degree of granularity to give vendors and buyers needed guidance.
The profile maps requirements within the profile to the security controls defined within the NIST IR 7628, Guidelines for Smart Grid Cyber Security, document
2.2.3Use Cases
Security requirements must be mapped to specific industry recognized use cases.
There are 16 uses cases identified for a WAMPAC system. Not all use cases will be use by all systems. The document provides a mapping back to actors or use cases as defined in the NIST IR 7628, Guidelines for Smart Grid Cyber Security.
As part of the comment resolution process, another use case was requested to specifically cover environmental data transportation to the internal environment. It is recommended that this use case will be added to a future WAMPAC Security Profile update.
2.2.4Lifecycle
There is no mapping of security controls to typical product lifecycle phases. This gap is not considered being a serious short coming, although it might be helpful for profile users in future revisions. There are controls that address the core operational security concerns such as disaster recovery, password management, change management, implementation, and others.
2.2.5Procurement
The document does not include a procurement specific section. Procurement requirements are identified in a few controls within the policy set. The technical controls have not been tailored towards the procurement process. Future revisions of the security profile should consider an appendix oriented towards procurement.
As a supplemental reference that hasn’t been included in the document, the implementer should consider using other references such NIST IR 7628,Guidelines for Smart Grid Cyber Security.
2.2.6Security Levels
The requirements have not been structured by escalating levels of security.There are mapping of the failure modes to roles, devices, and controls which enable an implementer to assess risk and adequacy of the controls and their alternatives based on their internal risk guidelines.
2.2.7Component Wise Security
Security controls are applied at a network, device, use case step and role level. An additional mapping at end of the document presents a detailed mapping by security control, device type, and failure mode.
2.2.8System Architecture
The system architecture appropriate to the security profile is defined by describing current functionality of the WAMPAC system and their current use cases. The description has been done generally so it is straightforward to apply at an individual utility level.
Security Profile for WAMPAC Evaluation ReportPage 1