IEEE PES PSCC Update

Author: James Formea, Eaton, USA

The IEEE PES Power System Communications and Cybersecurity Committee (PSCCC) is preparing to hold the third of its three annual meetings, September 16-19 in Denver, CO. One of the many Working Groups meeting in September will be WG P2 in the Protocols and Communication Architecture Subcommittee, the members of which have an open PAR to revise IEEE Std 1815™, Electric Power Systems Communications - Distributed Network Protocol (DNP3). The members of WG P2 are assisted by the DNP Users Group and its various committees and task forces in maintaining this important standard.
Below is an update from Ronald Landheer-Cieslak, chairperson of the DNP Cybersecurity and Secure Authentication Task Force (SATF):

  • The DNP Cybersecurity and Secure Authentication Task Force (SATF) of the DNP Technical Committee has been meeting on a weekly basis to define DNP Secure Authentication version 6 and the associated authorization management protocol, DNP Authority and RBAC mechanisms.
  • The SATF is currently working on editing the specification for Secure Authentication that will be part of the next revision of IEEE Std 1815. This includes a specification for the secure session, device enrollment and Update Key generation, the DNP Authority and Role-Based Access Control.
  • The secure session is being designed as a layer between the Application Layer and the Transport Function and will authenticate all APDUs, guaranteeing that they were sent by an authenticated device and were not tampered with during transit. As part of this work, SHA-1 and EAS-GMAC are being deprecated, and SHA-3 and BLAKE2s are being added as supported HMAC algorithms. The secure session further provides security statistics for monitoring purposes.
  • Device enrollment and Update Key generation removes the need for pre-shared Update Keys and ensures that the human user does not need to have access to the shared secret. It utilizes a human-provided authorization token and Elliptic Curve cryptography to generate the Update Key on both the Master and the Outstation that allows a device to be enrolled and allows Update Keys to be updated on a policy-defined regular basis without further human intervention.
  • "The DNP Authority and associated authorization management protocol is being designed as an optional part of

 

Secure Authentication to allow for centralized authorization of the creation of Master-Outstation Associations in the system, allowing a Master to cryptographically verify that the device it wants to communicate with is authorized to be in the system, and allowing the Outstation to cryptographically verify that the Master is indeed part of the system it is supposed to be a part of. The DNP Authority will also be able to provide security policies to devices in the system, including Role-Based Access Control.

  • "Role-Based Access Control, managed by the Authority, is being designed to be conformant with IEC 62351-8 and to allow the Authority to centrally manage roles of master's on Master-Outstation Associations.
  • "The SATF conducts teleconferences every other Wednesday and every other Friday; these sessions are open to interested parties in the industry. Membership of the DNP Users Group is not required to join the DNP Cybersecurity and Secure Authentication Task Force (contrary to becoming a member of the DNP Technical Committee, the DNP Test Management Committee or the DNP Test Procedures Subcommittee). To be notified about upcoming teleconferences, please email cybersecurity@dnp.org."

Be sure to visit our website at sites.ieee.org/pes-pscc/ and follow @IEEE_PES_PSCC on Twitter to keep up with our upcoming meetings and events!
We are always looking for new volunteers to work on our many ongoing projects! 

Biography:

James Formea earned his BSEE from Marquette University and is Engineering Manager for Control Systems & Technology in the Power Systems Division of Eaton, where he leads a diverse team of engineers in the specification, implementation, and field support of system protection, communications, automation, and cybersecurity features across Eaton’s portfolio of medium voltage distribution system controls. He is a Senior Member of the IEEE and is the Secretary of the IEEE PES Power System Communications and Cybersecurity Committee. He is also a member of IEC Technical Committee 57 Working Group 15. When not working on utility solutions or industry standards, he can be found supporting public safety communications interoperability and incident management initiatives as an officer with his local fire department.

Let?s start with organization in protection testing