RE: [smartgrid-discuss] more thoughts (2 parts)

[Edward Koch <ed@akuacom.com>]

There are a variety of organizations specifically looking at security requirements in this domain.  One of the most comprehensive to date are what the AMI-SEC guys are doing in the UCA.  You might want to take a look at what they have produced.

 

 

Open Smart Grid - Open SG > UtiliSEC Working Group > AMI-SEC > Shared Documents > 1. System Security Requirements

 

which can be found at this link.

 

http://osgug.ucaiug.org/utilisec/amisec/Shared%20Documents/Forms/AllItems.aspx?RootFolder=%2futilisec%2famisec%2fShared%20Documents%2f1%2e%20System%20Security%20Requirements

 

-ed koch

 

---

From: David RR Webber (XML) [mailto:david@drrw.info]
Sent: Wednesday, December 10, 2008 8:04 PM
To: Arshad Noor
Cc: smartgrid-discuss@lists.oasis-open.org
Subject: RE: [smartgrid-discuss] more thoughts (2 parts)

Arshad,

 

I believe that is why we are here - to determine the requirements, scope and goals - otherwise we'd be finished before we started?! 

 

That is why I asked if you thought that ensuring simplicity is a priority goal - and that the approach I mentioned (which actually is how most networking systems are architected) would be acceptable.

 

We also have to decide how much wheel inventing is really needed here.  Once we are clear on scope - we may not care about networking communications details - because those are already being defined elsewhere and we can simply decide to publish set of communication implementation profiles that can be done using a selection of those existing standards.

 

Thanks, DW

 

 

-------- Original Message --------
Subject: Re: [smartgrid-discuss] more thoughts (2 parts)
From: Arshad Noor <arshad.noor@strongauth.com>
Date: Wed, December 10, 2008 10:37 pm
To: smartgrid-discuss@lists.oasis-open.org

I don't disagree that the solution can range widely in complexity,
David. What I'm trying to get a handle on are the requirements.
Are they explicitly defined anywhere, or are they yet to be defined?
Thanks.

Arshad Noor
StrongAuth, Inc.

David RR Webber (XML) wrote:
> Arshad,
>
> You can make this insanely complex or really simple. I'd want my home
> to talk only to devices and systems I had authorized it to - so I
> maintain control. Avoiding complexity on the network end. Using
> certificates I can authenticate who and what I'm talking to. That seems
> simplest, yes? I can have partner agreements determining what they are
> allowed to do with information they receive from my system(s).
>
> Thanks, DW

> -------- Original Message --------
> Subject: Re: [smartgrid-discuss] more thoughts
> From: Arshad Noor <arshad.noor@strongauth.com>
> Date: Wed, December 10, 2008 9:58 pm
> To: smartgrid-discuss@lists.oasis-open.org
>
> As I am somewhat new to this list - and to this sector - I am a
> little in the dark about how things are today and how things are
> being designed for the future. I trust the forum will be patient
> with some of my questions in the short-term.
>
> Since the smart grid forum is discussing potential new standards
> for messages, and since so much of our economy is based on the use
> of computers and networks, is there an articulation of the security
> goals for this bold future (other than "it must be secure") when
> its business will be conducted using computers & networks?
>
> I am specifically interested in business-level requirements for
> securing messages between players in this industry for:
>
> 1) Message Authenticity;
> 2) Message Integrity; and
> 3) Data Confidentiality.
>
> I'm not specifically interested in these attributes when messages
> are traversing the networks, but when they are in a database of
> a 24/7 application on servers, or when they're on a flash-based
> EEPROM of some "smart-meter" where the homeowner or business-owner
> has pre-configured rules for demand reduction. How will these
> "messages" be protected from attack and being compromised at the
> source and destination?
>
> Do such requirements exist somewhere, where one can read them and
> come upto speed?
>
> Thanks.

---------------------------------------------------------------------
To unsubscribe, e-mail: smartgrid-discuss-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: smartgrid-discuss-help@lists.oasis-open.org

--------------------------------------------------------------------- 
To unsubscribe, e-mail: smartgrid-discuss-unsubscribe@lists.oasis-open.org For 
additional commands, e-mail: smartgrid-discuss-help@lists.oasis-open.org