What is a PKI and Why Do We Need One?

Transcription

1 NAESB RMQ Executive Committee October 19, 2015

2 Trade Secret This document and attachments contain confidential and proprietary information of Open Access Technology International, Inc. This information is not to be used, disseminated, distributed, or otherwise transferred without the expressed written permission of Open Access Technology International, Inc. Proprietary Notice All OATI products and services listed are trademarks and service marks of Open Access Technology International, Inc. All rights reserved. Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 2

3 Are the Electric Grids Secure? Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 3

4 Are the Electric Grids Secure? Yes, but don t want to make it a challenge Most reliable grids in the world North American Electric Grid is highly interconnected and resilient Requires Physical Security and Cyber Security New Technologies present new challenges Wholesale and Retail are becoming less distinct Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 4

5 What is PKI? PKI stands for Private Key Infrastructure Cyber (electronic) security element Authenticates holders of digital certificates as trusted entities Encrypts data/information transfers Private Key and Public Key Used with a variety of transactions Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 5

6 Why are PKI Digital Certificates Used? Authenticate a digital certificate holder Encrypt data transmissions Prevent unauthorized entrant into transactions Protect data during transmission Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 6

7 How Do PKI Digital Certificates Work? Let s assume that Patrick has a digital certificate and wants to go to a web-based software application such as OASIS. 1. Patrick goes to website that hosts the web-based OASIS application 2. The website asks for Patrick s certificate 3. Patrick & the website verify each other s certificates 4. The website s public key encrypts data. The website s private key decrypts the data 5. After Patrick is authenticated, Patrick now has access to the web-based OASIS application 6. Now the web-based OASIS application decides what Patrick can do (Authorizations/ Roles/Permissions) Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 7

8 History of PKI in the WEQ FERC Order 889 mandated Open Access Same Time Information System (OASIS) user security and access controls Regional OASIS implementations used proprietary electronic certificate security infrastructure. No uniform standards OASIS Standards Collaborative (OSC) formed to further OASIS technical standards NERC Transaction Information Systems Working Group adopted companion standards for the exchange of information related to the scheduling of transmission service arranged on OASIS or Electronic Tagging. Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 8

9 History of PKI in the WEQ-Continued Common security infrastructure draft for OASIS and Electronic Tagging to implement an open, interoperable, multi-vendor PKI standard OATI launches webcares PKI to secure access and authentication into all OATI software services including OASIS and Electronic Tagging NERC implementation of PKI All standards development activity for PKI and OASIS and Electronic Tagging security requirements passes to NAESB. Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 9

10 History of PKI in the WEQ-Continued NAESB WEQ-012 PKI Standards ratified FERC Adopts NAESB Version 1.0 Standards in Order 676-C/D, including PKI Standards WEQ NAESB ACA program adopted NAESB Electric Industry Registry (EIR) rollout and NAESB ratification of use of ACA certs for OASIS and e-tagging FERC Order 676-H requires use of WEQ-012 certs for OASIS and e-tagging software applications. Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 10

11 PKI in the RMQ Issues Authentication and Encryption are important at the distribution grid level Data transmissions coming from potentially millions of meters and other distributed endpoints Trends show that these data will be used by utilities and integrated at the wholesale transaction level Security issues at software and hardware are important Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 11

12 PKI in the RMQ - Continued Can RMQ leverage WEQ PKI work? Software Applications at the utility level Demand Response/CVR/Load Control/etc. Database/registry of participants ACA certificates Commercial & Industrial (C&I) Integrity of Building Management Systems/generators/etc. software and hardware Effect of Aggregation Customer Customer Engagement Portal requirements Ease of Use and adoption are considerations Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 12

13 PKI in the RMQ - Continued Distinct needs of hardware vs software Location of manufacture Installation/removal of certificates Industry Initiatives Smart Grid Security Innovation Alliance Security Fabric based on NIST IR 7628 Guidelines (DOE/NSA/etc) John Reynolds and Chuck Speicher renowned authorities in security Incorporates industry operational expertise Proprietary and confidential. Do not copy or distribute without permission from OATI Open Access Technology International, Inc. 13

14 Thank You