Скачать презентацию Usability Analysis Task Force Activity Update July 20 Скачать презентацию Usability Analysis Task Force Activity Update July 20

35856ec382a2ce7213ff6d390154a3bb.ppt

  • Количество слайдов: 12

Usability Analysis Task Force Activity Update July 20, 2011 Usability Analysis Task Force Activity Update July 20, 2011

UA TF Meeting Schedule • Meetings – Every two weeks – Monday, 10 am UA TF Meeting Schedule • Meetings – Every two weeks – Monday, 10 am Pacific – Next meeting • Monday, 7/25/2011, 10 am Pacific

Current Activities • Distribution Management Security Profile – Second comment period completed – Comment Current Activities • Distribution Management Security Profile – Second comment period completed – Comment resolution in progress – Document update based on comments • WAMPAC Security Profile analysis – SG Security WG comments – Comment resolution – Analysis report

Distribution Management Security Profile • Resolution of comments is in progress – Xanthus, FPL, Distribution Management Security Profile • Resolution of comments is in progress – Xanthus, FPL, APS, AEP, and SAIC • Discussion of specific comments • Expect resolution of comments to be completed 7/25/2011 • Final review and return to SG Security WG 8/5/2011

WAMPAC Security Profile • SG Security WG comments – Three sets of comments submitted WAMPAC Security Profile • SG Security WG comments – Three sets of comments submitted • SCE, Grid Protection Alliance, FPL – Additional comments will be accepted • Document review initiation pending completion of TF work on DM Security Profile • Comment resolution period August to September • Analysis report expected September

SG Security WG activities • After document returns from task force: – One week SG Security WG activities • After document returns from task force: – One week review period – One week voting period • If approved, document is presented by WG chair to Technical Committee for endorsement

Distribution Management Discussion • Commenting best practices – Proposed resolutions to address concern – Distribution Management Discussion • Commenting best practices – Proposed resolutions to address concern – Limits of comment resolution team – Discussion topics • Intended use – Common comment – Risk management vs. controls – Suggest “lifecycle” & clear component definitions

Distribution Management Discussion • UML/Enterprise Architect – Should SG Security standardize? – Provide better Distribution Management Discussion • UML/Enterprise Architect – Should SG Security standardize? – Provide better integration with other groups • Protection. 21 Automated Labeling – any existing systems? – “The control system automatically labels information in storage, in process, and in transmission based on its classification and the binding between the label and information is maintained as the information moves throughout the system. ” – Based on: Access control, distribution, system security policy

Distribution Management Discussion • Protection. 41 Wireless Encryption – “All wireless communicaitons shall use Distribution Management Discussion • Protection. 41 Wireless Encryption – “All wireless communicaitons shall use a FIPS certified method of linklayer encryption in addition to any encryption already required by other controls. ” – If using TLS or IPSEC, why force additional encryption at link layer? – Weakened access to the link layer reduces the effectiveness of a layered defense in depth approach.

Distribution Management Discussion • Distinctions between substation and line based device locations – Generalized Distribution Management Discussion • Distinctions between substation and line based device locations – Generalized actors – Differences in controls due to location based trust – Is a distinction necessary?

Summary • Distribution Management Security Profile – Expected completion August 2011 • WAMPAC Security Summary • Distribution Management Security Profile – Expected completion August 2011 • WAMPAC Security Profile – Expected comment resolution August/September – Expected completion September 2011

How to participate • Meetings: Every other Monday • Next Meeting: Mon, 7/25/2011, 10 How to participate • Meetings: Every other Monday • Next Meeting: Mon, 7/25/2011, 10 am Pacific • Distribution List: – [email protected] Grid. List. Serv. ORG • Contact Information – – John Lilley, Chair, [email protected] com Daniel Thanos, Vice Chair, Daniel. [email protected] com Scott Palmquist, Secretary, Scott. [email protected] com Darren Highfill, SG Security Chair, [email protected] org