IEC TR 62210 pdf download – Power system control and associated communications – Data and communication security
c) Vulnerabilities (see Clause 8): this deals with the set of communication system vulnerabilities that are known to exist in the communication protocols addressed within thescope of this report.
d) The security analysis process(see Clause 6): this may prove of interest to the corporate
policy writers; however it is more typically of interest to other parts of the corporatesecurity policy team.
Corporate policies tend to be at an objective level and therefore the clauses of interest shouldbe used to help formulate objectives and to inform corporate management.However。suchcorporate objectives are translated into implementation strategy and policies in the networksecurity,application security, and secure network devices processes,
Application security deals with the end-to-end application level security issues.There needsto be strong and clear guidance on security procedures such that usage of host computerapplications is appropriately restricted,maintained,and audited. This report is neutral inregards to the technologies and methodologies used to secure host based applications.
Network security, within the corporate security process, typically deals with firewalls and sub-network access,Security policies in this domain must address the issues of access privilegesfrom one sub-network to another.This report has no direct impact on the network securitycorporate policy process.
However,there is a strong relationship between the user of applications and the privilegesthat are granted through remote communications to end deviceslapplications. Therefore it isimportant in developing security policies, to consider the following issues:
a) Certain applications may need to have security privileges determined based upon which host computer/terminal is being used for the execution of the application.
EXAMPLEIn the case of a SCADA master,it may be allowed that any authenticatedterminal/user is able to view SCADA information.However,only terminals located withina physically secure (for example control centre) environment may have privileges toactually control remote deviceslapplications or change configurations.
ln the above example,even if the user of the application has appropriate privilege,theuser’s privileges are further restricted based upon the terminal/application execution host.b) lt is rare,but applications may need their own security policies established.
This is particularly true for shared applications (for example such as NT services) whichmay or may not be able to determine the user of the application.
Therefore,the recommended hierarchy to be considered in constructing an applicationsecurity policy is:
a) Can user authentication be achieved and translated into usable information by remoteapplications
b) Can the location of the user authentication be determined?
c) Can the network location of the application execution be determined?
The most secure (from a communication perspective) is to have application security policiesdeveloped in which the remote device/application authenticates the application user and notonly the node used for the connection.
Secure network devices: This Technical Report deals with issues, technologies,and recom-mendations that may allow increased security on utility “networked”devices.For the purposesof this report, “networked” is defined as any device that can communicate.
lt is imperative that the reader of this report be advised that the overall security of thecommunication system will be determined by the degree of security in the networked device.This is in a large part due to the fact that the device is the source of most information and isthe entity that can directly impact the utility business operations (for example opening abreaker causing a power outage). lt is therefore important that these devices be capable of authenticating the access level of users. Additionally, it is even more important that these devices be able to be part of an audit process so that attacks can be detected, countered, and prosecuted in an expeditious manner.
This is also the area where most utilities will not desire to spend any additional money. However, education and this report will address many of the issues and make a compelling statement as to why the current implementations are not sufficient. Active audit: any set of security policies and implementations must be continuously monitored and adapted as part of the continuous corporate security process. Without the ability to audit and analyse security attacks and system operations and weaknesses, a secure system will eventually become non-secure. In order to have an active audit process and a continuous corporate security process, personnel must be dedicated to this task. Therefore, utilities will need to be educated as to the risks associated if such action is taken.
It is difficult, if not impossible, to prove cost benefit of such a process until there has been a successful attack. Justifications will need to be based upon the potential “risked” costs if a security process is not implemented. All parts of the process need to be closely looked at and tailored to a particular environment. But all aspects need to be analysed and addressed in some regards.
IEC TR 62210 pdf download – Power system control and associated communications – Data and communication security
