Security Conformity

March 10, 2011 SF Bay Area

Agenda for Thursday, March 10th

• Discuss Security Testing & Certification Authority• Review Security Testing Methodology• Overview TCC and CSWG Testing & Certification Subgroup• Revise Security Conformance & Charter

Interoperability Testing and Certification Authority (ITCA)

• Which security standard are considering defining an ITCA for? • What about researching an ITCA responsible for security

testing for certifying existing standards such as OpenADE, OpenADR, OpenHAN?

• Standards Setting Organizations responsible for ensuring security is incorporated in standard

• This ITCA could claim that it satisfies certain set of requirements

Other Issues

• What are good security metrics?• Need a good definition of testing vs. audits and assessments

Testing & Metrics

• GAO Report – “no metrics for evaluating cyber security”• Utilities, Vendors, Commissions all want• Open Source Security Testing Methodology Manual (OSSTMM)

by Institute for Security and Open Methodologies• NIST SP800-115 Technical Guide to InfoSec Testing &

Assessment and,• NIST SP800-42 Guideline on Network Security Testing

Other Issues

• What are good security metrics?• Need a good definition of testing vs. audits and assessments

?

Smart Grid SecurityTesting Council

NISTIR7628

AMI SP

OSSTMMCSWG T/C

OSSTMM Purpose

• Test conducted thoroughly• Test included all necessary channels• Posture for test complied with laws and regulations• Results are measurable• Results are consistent and repeatable• Results contain only facts derived from tests themselves

Security Test Audit Report

• Serves as proof of a factual test• Holds Analyst responsible for test• Provides clear result to client• Provides comprehensive overview• Provides understandable metrics

Security

Security is a function of a separation.

Three logical and proactive ways to create separation:1. Move the asset to create a physical or logical barrier

between it and the threats.2. Change the threat to a harmless state.3. Destroy the threat.

Definitions

• Vector = direction of the interaction• Attack Surface = Lack of specific separations and functions

that exist for a vector• Attack Vector = A sub-scope of a vector created in order to

approach the security testing of a complex scope in an organized manner

• Safety = A form of protection where the threat or its effects are controlled (e.g., breaker)

Definitions cont.

• Controls = Impact & loss controls (see notes)• Operations = the lack of security needed to be interactive,

useful, public, open, or available• Limitations = the current state of perceived and known limits

for channels, operations, and controls as verified within the audit (e.g., rusty lock; see notes)

• Perfect Security = the balance of security and controls with operations and limitations

Testing Scope

Channel OSSTMM Section Description

PHYSSEC Human Comprises the human element of communication where interaction is either physical or psychological.

Physical Physical security testing where the channel is both physical and nonelectronic in nature. Comprises the tangible element of security where interaction requires physical effort or an energy transmitter to manipulate.

SPECSEC Wireless Communications

Comprises all electronic communications, signals, and emanations which take place over the known EM spectrum. This includes ELSEC as electronic communications, SIGSEC as signals, and EMSEC which are emanations untethered by cables.

COMSEC Data Networks Comprises all electronic systems and data networks where interaction takes place over established cable and wired network lines.

Telecommunications Comprises all telecommunication networks, digital or analog, where interaction takes place over established telephone or telephone-like network lines.

Risk AnalysisAnalyzes Threats

Security Analysis

Cracks

Measures Attack Surface

(each target’s asset known to exist within the scope)

(the # of places where interaction can occur)

(measured as each relationship that exists wherever the target accepts interaction freely from another target within the scope)

Visibility

+ Access

+ Trust__

Porosity

Security Metrics

RAV Worksheet

Click here

Review CSWG Testing & Certification

• Is NISTIR 7628 Testable / Actionable?• Is AMI Security Profile 2.0 Testable / Actionable?• SGIP TCC Coordination Tasks• Miscellaneous Tasks

Outward Support

• CSWG Testing & Certification Sub-group• SG Security CyberSec-Interop

Review Security Conformity TF Charter

• Establish security conformance requirements for laboratories desiring to certify smart grid components and systems and;

• Establish clear scoping boundaries, perform research to identify existing models, and propose a high-level philosophy of approach.

• Chair: Bobby Brown, EnerNex• Vice-chair: needed (Sandy Bacik)

Next Steps?