What is a PKI and Why Do We Need One?



Similar documents
BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA ) ) ) ) ) )

OATI webcdms Digital Certificate Registration Process. Krystal LaFlamme, Project Manager/Business Analyst Compliance

Cyber Security and Privacy - Program 183

124 FERC 61,317 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Communication Protocols for Public Utilities ORDER NO.

Network Security 101 Multiple Tactics for Multi-layered Security

Alliance AES Key Management

Introduction. Along with consulting, I previously. developing regulatory policy initiatives

Office of Inspector General

Consulting International

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

The Electric Reliability Council of Texas (ERCOT) manages the flow of electric power to approximately 22 million Texas customers representing 85

Savitribai Phule Pune University

Ms. Rae McQuade President & COO, North American Energy Standards Board

Transactive Energy Framework for Bilateral Energy Imbalance Management

This chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high

No additional requirements to use the PIV I card for physical facility access have been identified.

Enabling the SmartGrid through Cloud Computing

Managing SSL Security in Multi-Server Environments

Distributed Energy Resource Services and Pricing Caltech Resnick Ins;tute Grid 2020 Seminar

Securing Distribution Automation

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

future data and infrastructure

North American Energy Standards Board

William Hery Research Professor, Computer Science and Engineering NYU-Poly

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

2015 Project Schedule Milestone Update

Web Service Security Vulnerabilities and Threats in the Context of WS-Security

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

ALTERNATIVE ELECTRIC SUPPLIER APPLICATION FOR THE MICHIGAN PUBLIC SERVICE COMMISSION RETAIL ACCESS PARTICIPATION AGREEMENT

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Navigate Your Way to NERC Compliance

What s it all about? SAFE-BioPharma Association

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

CryptoNET: Security Management Protocols

Information Bulletin

Redefining MDM for a Smart Grid Enabled

X-Road. egovernment interoperability framework

Concept of Electronic Approvals

The Importance of Cybersecurity Monitoring for Utilities

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Demand Response, Dynamic Pricing, and the Smart Grid in New York

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

National Institute of Standards and Technology Smart Grid Cybersecurity

Introduction to the Cyber Security Working Group

The Role of Identity Enabled Web Services in Cloud Computing

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Development of a Conceptual Reference Model for Micro Energy Grid

More Expenses. Only this time the Telegraph will have to pay them after their recent data breech

The main difference between environments is the level of accountability for individual user actions.

IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution.

ACH fraud: The problem Why ACH? Why now? Security evolution How to protect ACH. Combating the Newest Attack Method ACH Fraud Webinar agenda

Item 8.1: Third Quarter 2013KPIs Update

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

151 FERC 61,046 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Using Demand Response Programs to Benefit the. PtikJ Patrick J. Oshie, Ohi Commissioner Washington Utilities & Transportation Commission

Secure communications via IdentaDefense

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

Cisco Smart Grid Powering End-to-End Communications. Rick Geiger Executive Director, Utilities & Smart Grid Business Transformation

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Securing Your Software for the Mobile Application Market

Egyptian Best Practices Securing E-Services

Bloombase StoreSafe Security Best Practice

SMART ENERGY SMART GRID. More than 140 Utilities companies worldwide make use of Indra Solutions. indracompany.com

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

NIST Cyber Security Activities

OATH FAQ February 20, 2004

How Much Cyber Security is Enough?

NES Patagonia Security

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

Introducing Federated Identities to One-Stop-Shop e-government Environments: The Greek Case

BUSINESS GUIDE SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET THE LATEST CODE SIGNING TECHNOLOGY

Brad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft

An Introduction to Cryptography as Applied to the Smart Grid

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

New York State of the Market System - NYISO Success Project

Symphony Plus Cyber security for the power and water industries

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

OX Guard Product Guide v1.0 V1.0

Recommended Wireless Local Area Network Architecture

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

Opportunities to Overcome Key Challenges

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Sample Management System For a Network Marketing Scheme

MyKey is the digital signature software governed by Malaysia s Digital Signature Act 1997 & is accepted by the courts of law in Malaysia.

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The standards landscape in cloud

Security and Resilience for Utility Network Communications WP-200. Ensuring reliable end-to-end communications and data integrity for AMI networks

Guide for Securing With WISeKey CertifyID Personal Digital Certificate (Personal eid)

TRANSMISSION OPERATIONS (August 5, 2010)

146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

INFORMATION FOR ALTERNATIVE ELECTRIC SUPPLIERS

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations

DCML - The Standard that Enables ITIL Compliance

Cloud Computing, and REST-based Architectures Reid Holmes

Testimony of Patrick D. Gallagher, Ph.D. Deputy Director

Key Management Best Practices

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards

Transcription:

NAESB RMQ Executive Committee October 19, 2015

Trade Secret This document and attachments contain confidential and proprietary information of Open Access Technology International, Inc. This information is not to be used, disseminated, distributed, or otherwise transferred without the expressed written permission of Open Access Technology International, Inc. Proprietary Notice All OATI products and services listed are trademarks and service marks of Open Access Technology International, Inc. All rights reserved. Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 2

Are the Electric Grids Secure? Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 3

Are the Electric Grids Secure? Yes, but don t want to make it a challenge Most reliable grids in the world North American Electric Grid is highly interconnected and resilient Requires Physical Security and Cyber Security New Technologies present new challenges Wholesale and Retail are becoming less distinct Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 4

What is PKI? PKI stands for Private Key Infrastructure Cyber (electronic) security element Authenticates holders of digital certificates as trusted entities Encrypts data/information transfers Private Key and Public Key Used with a variety of transactions Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 5

Why are PKI Digital Certificates Used? Authenticate a digital certificate holder Encrypt data transmissions Prevent unauthorized entrant into transactions Protect data during transmission Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 6

How Do PKI Digital Certificates Work? Let s assume that Patrick has a digital certificate and wants to go to a web-based software application such as OASIS. 1. Patrick goes to website that hosts the web-based OASIS application 2. The website asks for Patrick s certificate 3. Patrick & the website verify each other s certificates 4. The website s public key encrypts data. The website s private key decrypts the data 5. After Patrick is authenticated, Patrick now has access to the web-based OASIS application 6. Now the web-based OASIS application decides what Patrick can do (Authorizations/ Roles/Permissions) Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 7

History of PKI in the WEQ 1996 - FERC Order 889 mandated Open Access Same Time Information System (OASIS) user security and access controls. 1997 - Regional OASIS implementations used proprietary electronic certificate security infrastructure. No uniform standards. 2000 - OASIS Standards Collaborative (OSC) formed to further OASIS technical standards. 2000-2001 - NERC Transaction Information Systems Working Group adopted companion standards for the exchange of information related to the scheduling of transmission service arranged on OASIS or Electronic Tagging. Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 8

History of PKI in the WEQ-Continued 2001 - Common security infrastructure draft for OASIS and Electronic Tagging to implement an open, interoperable, multi-vendor PKI standard. 2001 - OATI launches webcares PKI to secure access and authentication into all OATI software services including OASIS and Electronic Tagging. 2001-2003 - NERC implementation of PKI. 2003 All standards development activity for PKI and OASIS and Electronic Tagging security requirements passes to NAESB. Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 9

History of PKI in the WEQ-Continued 2007 - NAESB WEQ-012 PKI Standards ratified. 2008 - FERC Adopts NAESB Version 1.0 Standards in Order 676-C/D, including PKI Standards WEQ-012. 2007-2011 - NAESB ACA program adopted. 2012 NAESB Electric Industry Registry (EIR) rollout and NAESB ratification of use of ACA certs for OASIS and e-tagging. 2014 FERC Order 676-H requires use of WEQ-012 certs for OASIS and e-tagging software applications. Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 10

PKI in the RMQ Issues Authentication and Encryption are important at the distribution grid level Data transmissions coming from potentially millions of meters and other distributed endpoints Trends show that these data will be used by utilities and integrated at the wholesale transaction level Security issues at software and hardware are important Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 11

PKI in the RMQ - Continued Can RMQ leverage WEQ PKI work? Software Applications at the utility level Demand Response/CVR/Load Control/etc. Database/registry of participants ACA certificates Commercial & Industrial (C&I) Integrity of Building Management Systems/generators/etc. software and hardware Effect of Aggregation Customer Customer Engagement Portal requirements Ease of Use and adoption are considerations Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 12

PKI in the RMQ - Continued Distinct needs of hardware vs software Location of manufacture Installation/removal of certificates Industry Initiatives Smart Grid Security Innovation Alliance Security Fabric based on NIST IR 7628 Guidelines (DOE/NSA/etc) John Reynolds and Chuck Speicher renowned authorities in security Incorporates industry operational expertise Proprietary and confidential. Do not copy or distribute without permission from OATI. 2012 Open Access Technology International, Inc. 13

Thank You

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information