Electricity Subsector Cybersecurity Capability Maturity Model, Version 1.1
Electricity Subsector Cybersecurity Capability Maturity Model, Version 1.1 (co-author)
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) can help electricity subsector organizations of all types evaluate and make improvements to their cybersecurity programs. The ES-C2M2 is part of the DOE Cybersecurity Capability Maturity Model (C2M2) Program and was developed to address the unique characteristics of the electricity subsector. The program supports the ongoing development and measurement of cybersecurity capabilities within the electricity subsector, and the model can be used to:
- Strengthen cybersecurity capabilities in the electricity subsector.
- Enable utilities to effectively and consistently evaluate and benchmark cybersecurity capabilities.
- Share knowledge, best practices, and relevant references within the subsector as a means to improve cybersecurity capabilities.
- Enable utilities to prioritize actions and investments to improve cybersecurity.
The ES-C2M2 provides descriptive rather than prescriptive industry focused guidance. The model content is presented at a high level of abstraction so that it can be interpreted by subsector organizations of various types, structures, and sizes.
Integrating Electricity Subsector Failure Scenarios into a Risk Assessment Methodology
Integrating Electricity Subsector Failure Scenarios into a Risk Assessment Methodology (co-author)
The purpose of this report is to specify a risk assessment process that may be used by utilities. Included are high-level diagrams that illustrate the risk assessment process at the security requirements and security-control-selection stages, as well as for ongoing assessment and for assessing emerging changes. These are generic high-level diagrams based on commonly available reference documents. A second objective of this report is to illustrate how to use the content of the National Electric Sector Cybersecurity Organization Resource (NESCOR) cyber security failure scenarios and impact analyses document in the risk assessment process. A cyber security failure scenario is a realistic event in which the failure to maintain confidentiality, integrity, and/or availability of sector cyber assets creates a negative impact on the generation, transmission, and/or distribution of power.
Appropriate Security Measures for Smart Grids: Guidelines to Assess the Sophistication of Security Measures Implementation
Appropriate security measures for smart grids: Guidelines to assess the sophistication of security measures implementation (contributor)
This document describes a set of security measures which are considered to be appropriate for smart grids. The European Network and Information Security Agency (ENISA) issued this report to assist the Member States and smart grid stakeholders in providing a framework/measurement tool that could be used for:
- Aligning the varying levels of security and resilience of the market operators with a consistent minimum framework;
- Providing an indication of a minimum level of security and resilience in the Member States with regards to the smart grids, thereby avoiding the creation of the “weakest link”;
- Ensuring a minimum level of harmonization on security and resilience requirements for smart grids across Member States and thus reducing compliance and operational costs;
- Setting the basis for a minimum auditable framework of controls across Europe;
- Facilitating the establishment of common preparedness, recovery and response measures and pave the way for mutual aid assistance across operators during crisis;
- Contributing to achieve an adequate level of transparency in the internal market.
Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI)
Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI) (author)
One area of critical importance to the security of the modernized grid is cryptography. Cryptographic techniques are used to ensure confidentiality, non-repudiation, and authentication. In the advanced metering infrastructure (AMI) the smart meters include multiple symmetric and/or asymmetric key pairs. With the deployment of millions of smart meters, cryptographic key management for millions of keys is a critical technical area for utilities.
The overall objective of this research project was to identify the design principles that are applicable to AMI and the management of cryptographic keys. Designing and implementing effective cryptographic key management schemes is a research area that requires the input from utilities and the cryptography community. This report may be used by utilities as they design their cryptographic key management systems and/or work with vendors to design cryptographic key management systems. The report provides specific design guidance for utilities.
Cyber Security Strategy Guidance for the Electric Sector
Cyber Security Strategy Guidance for the Electric Sector (author)
This report provides guidance to utilities on developing an overall cyber security strategy, developing a risk management process (including a risk assessment process), and selecting and tailoring cyber security requirements for the electric sector. The National Institute of Standards and Technology Interagency Report (NISTIR) 7628, Guidelines for Smart Grid Cyber Security, is referenced along with other source documents and approaches. The goal is to provide practical guidance to an organization.
Smart Energy Profile (SEP) 1.x Summary and Analysis
Smart Energy Profile (SEP) 1.x Summary and Analysis, Version 1.0 (technical lead and co-author)
Load control capabilities in Home Area Networks (HANs) are an integral part of the smart grid and energy efficiency modernization efforts currently underway. Like other smart grid systems, HANs are vulnerable to cyber attacks and adequate security measures are needed. The Zigbee Smart Energy Profile 1.0 and Smart Energy Profile 1.1 (collectively referred to in this white paper as SEP 1.x) present a communication framework for HAN devices along with a security framework.
This white paper builds upon prior efforts that assessed the security of SEP 1.x with a primary objective to help stakeholders understand the vulnerabilities in SEP 1.x and provide them with actionable advice on how to mitigate or minimize these vulnerabilities. This white paper goes beyond prior work in several aspects. Included are several representative system architectures and the Texas public utilities commission architecture. These representative architectures assist in understanding the results of the security analysis. This white paper lists the differences between versions SEP 1.0 and 1.1 of the specifications, which will help the relevant stakeholders to understand the applicability of this document on their HANs. Finally, this document presents potential vulnerabilities, impacts, best practices, and mitigations for SEP 1.x.
Catalog of Control Systems Security: Recommendations for Standards Developers
Catalog of Control Systems Security: Recommendations for Standards Developers (co-author)
This catalog presents a compilation of practices that various industry bodies have recommended to increase the security of control systems from both physical and cyber attacks. The recommendations in this catalog are grouped into 19 families, or categories, that have similar emphasis. The recommendations within each family are displayed with a summary statement of the recommendation, supplemental guidance or clarification, and a requirement enhancements statement providing augmentation for the recommendation under special situations. This catalog is not limited for use by a specific industry sector but can be used by all sectors to develop a framework needed to produce a sound cybersecurity program. This catalog should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cybersecurity standards for control systems. The recommendations in this catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cybersecurity standards specific to their individual security needs.
Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules
Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules (technical lead for the standard)
The selective application of technological and related procedural safeguards is an important responsibility of every Federal organization in providing adequate security in its computer and telecommunication systems. This publication provides a standard that will be used by Federal organizations when these organizations specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data. Protection of a cryptographic module within a security system is necessary to maintain the confidentiality and integrity of the information protected by the module. This standard specifies the security requirements that will be satisfied by a cryptographic module. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.