智能充电完整性方案.pdf纯英文版，汽车电子领域的同志都知道，中文版的资料很少，文档标题为自己方便查

文件名称: 智能充电完整性方案.pdf

所属分类: 其它

开发工具:

文件大小: 2mb

下载次数: 0

上传时间: 2019-07-13

提供者: qq_24******

下载 (2mb)

不能下载？报告错误

详细说明：纯英文版，汽车电子领域的同志都知道，中文版的资料很少，文档标题为自己方便查找编的，英文为Guide to Developing a Cyber Security and Risk Mitigation Plan，可作为汽车信息安全的参考书The National Rural Electric Cooperative Association The National Rural Electric Cooperative Association (NRECa), founded in 1942, is the national service organization supporting more than 900 electric cooperatives and public power districts in 47 states. Electric cooperatives own and operate more than 42 percent of the distribution lines in the nation and provide power to 40 million people (12 percent of the population) The Cooperative research network (crn) is the technology research arm of nreCa o Guide to developing a cyber security and risk mitigation plan Copyright c 2011 by National Rural Electric Cooperative Association Legal notice This work contains findings that are general in nature. Readers are reminded to perform due diligence in applying these findings to their specific needs as it is not possible for NrECa to have sufficient understanding of any specific situation to ensure applicability of the findings in all cases Neither the authors nor nreCa assumes liability for how readers may use, interpret, or apply the information, analysis, templates, and guidance herein or with respect to the use of, or damages resulting from the use of, any information, apparatus, method, or process contained herein. In addition, the authors and nreca make no warranty or representation that the use of these contents does not infringe on privately held rights This work product constitutes the intellectual property of NreCA and its suppliers, as the case may be, and contains confidential information. As such, this work product must be handled in accordance with the crn policy statement on Confidential Information Contact. Craig miller Evgeny Lebanidze CRN Project Manager Security Team ead Craig. millernreca. coop evgenycigital.com 703-626-9683 703-585-5047 National Rural Electric Cooperative Association, Copyright 2011 Compliance vs Plans This document is intended to help cooperatives develop a cyber-security plan for general business purposes, not to address any specific current or potential regulations. Its foundation is the National Institute of Standards and Technology Interagency Report 7628 (NIST-IR 7628), which is a survey of standards and related security considerations for the smart grid. NIST-IR 7628 does not establish regulations, but is a forward-looking document outlining a strategy for improving smart grid interoperability and security Independent of this document, co-ops should understand what regulations, if any, pertain to them A plan as addressed here is not required and development of a plan is not a substitute for, nor guarantee of compliance with any standards. Conversely, real security requires more than simply compliance with rules- the organization must embrace security as a basic requirement of business operations and develop a broad understanding of securit This guide helps cooperatives think about security in a systematic way, consistent with the current Federal thinking. The basic concept is not do this and you are secure but a commitment to a process of continuous improvement National Rural Electric Cooperative Association, Copyright 2011 Table of contents Pr reface Purpose..,……..,… 10 Scope……,,… 10 Target Audience ...:::::::a.·· 10 10 Executive Summary……… Introduction Quick start guide 15 Additional Cyber Security Standards and guidance……….….….………16 Building a risk management Program………………………………17 ppointing leadership…… 18 Establishing a Risk Management Framework…… 18 Defining the System…… Cyber asset identification and classification 19 Identifying Critical Cyber Assets…… 20 Classifying cyber Assets…….….…. 20 Identifying the Electronic Security Perimeter Protecting the Cyber Assets………… Conducting a vulnerability assessment….………23 Assessing and mitigating risks…… Assessing Impact and Risk levels……….……24 Mitigating risks with Security Controls…… 25 Evaluating and monitoring Control Effectiveness 1, …27 Addressing People and Policy risks………………………………………………29 Cyber sccurity polie 29 Policy elo 30 Security- Related roles and responsibilities…………………….…31 Policy Implementation and Enforcement……… Policy exceptions………….….….….….….…...2 Personnel and training………… ∴32 Security Awareness and Training 33 Due Diligence in hiring 着着自着看,。D非量· 33 Access Privileges……………3 Addressing process Risk 37 Operational risks…………… 37 Perform Periodic risk assessment and mitigation 37 Enforce Access control, Monitoring, and logging………………38 Perform Disposal or Redeployment of Assets………… 38 Enforce Change Control and Configuration management................38 ConductⅤ ulnerability assessments… 39 Control, Monitor and Log all Access to assets 39 Configuration and maintenance 40 Incident i landling…...,…… 40 Contingency planning…… Insccurc Softwarc Dcvclopmcnt Lifc Cycle(SDLC) risks 45 Physical Security risks 51 Plan and protection Monitoring, logging, and retention……….….….……….…….53 Maintenance and testing Third-Party relationship risks. 54 Addressing Technology risks …59 Network risks 59 Network Connection Control 63 Network Routing Control 64 Platform risks.… 74 Application layer risks 86 Unique Security Requirements and Controls for Each Smart Grid Activity Type...89 Advanced Metering Infrastructure (AMD 89 Overview of Component/ Solution 90 Unique Security requirements and Controls…… 91 Meter Data Management (MDM) 92 Overview of Component/ Solution Unique Security requirements and Controls……… 94 Communication Systems(COMM)…… 94 Overview of Component/ Solution 95 Unique Security requirements and Controls 95 Supervisory Control and Data Acquisition SCADA)………96 Overview of Component/Solution....... 97 Unique Security Requirements and Controls………98 In-I lome Display(ID)/ Web portal pilots……………………9 Ovcrvicw of Componcnt/ Solution……… 100 Uniquc Sccurity Rcquircmcnts and controls……….101 Demand Responsc Ovcr Advanced Mctcring Infrastructure(AMI) Nctworks………….101 Overview of Component/ Solution……, 102 Unique Security Requirements and Co ontro 10 Interactive Thermal Storage……….….….….….…...….103 Overview of Component/Solution 103 Unique Security requirements and controls 104 rt Feeder Switching 105 National Rural Electric Cooperative Association, Copyright 2011 Overview of Component/SolutiOn ..............105 Unique Sccurity requirements and controls …106 Advanced Volt/VAR Control. 107 Overview of Component/ Solution……………….… 107 Unique Security requirements and Controls……… 108 Conscrvation Voltage Rcduction(CVR 108 Overview of Componcnt/ Solution 109 nique Security Requirements and Controls 109 Appendix a: Reference documentation……,…,,…,;,…,…;,…,, 110 ecurity standards 110 National Institute of Standards and Technology Special Publications.........110 Other Guidance documents. .............................................................................................111 Appendix E: Glossary…… 113 Appendix C: Acronyms……………… 117 Appendix l: Minimum Security Requirements……………… D看看看看看D自看看看DD 118 fendiⅸxE: Procedures… 121 Elements of a System Definition 121 Identifying and Protecting Private Data……… 122 Steps in vulnerability assessments 123 Incident Response Planning Items.…… .124 Disaster Response Planning Items 125 National Rural Electric Cooperative Association, Copyright 2011 7 List of Figures igure 1. Seven Touch points for Software Security 47 List of tables Table1: Families of security Controls…… 25 Table2: SuInnlary of People and Policy risks…… 34 Tablc 3: Impacts and Mitigations for Pcoplc and Policy risks 35 Table 4 Summary of Operational risks 42 Table 5: Impacts and Mitigations for Operational Risks 43 Table 6: Summary of Insecure sDI C Risks.. Table 7: Impacts and Mitigations for Insecure SDlC Risks ∴50 Table 8: Summary of Physical Security risks Table 9: Impacts and Mitigations for Physical Security Risks 54 Table0: Summary of Third Party Relationship risks……… Table1: mpacts and Mitigations for Third Party relationship Risks……… 58 Table 12: Summary of Network risks 67 Table 13 Impacts and Mitigations for Network risks 68 Table 14: Summary of Platform Risks Table 15: Impacts and Mitigations for Platform Risks 1,··重 79 Tablc 16: Summary of Application Laycr Risks 87 Table 17: Impacts and Mitigations for Application Layer Risks ·,重重垂 88 Table 18: AMI Overview 90 Table 19 mdm overview 93 Table 20: comm overview 95 Table 21: SCADA Overview 面面音面垂 98 Table 22: II ID /Web Portal Overview 100 Table 23 Demand Response over AMI Networks.......... 面面音面垂 102 Table24: Interactive Thermal Storage……… .104 Table 25: Smart Feeder Switching 106 National Rural Electric Cooperative Association, Copyright 2011 Table 26: Advanced Volt/VAR 107 Table 27: Conservation Voltage Reduction(CVR 109 National Rural Electric Cooperative Association, Copyright 2011 List of table Preface Purpose The purpose of this document is to provide an electric cooperative organization with guidance that will help it improve its security posture, as well as help make sure that security is not undermined as new smart grid components and technologies are acquired, integrated deployed in the field and maintained Scope This document focuses on cyber security controls that an organization should have in place to meet the security challenges introduced by the smart grid Target Audience The target audience of this document is the electric cooperative's information technology aT)organization and leadership team Contacts The following are the primary individuals to contact with questions regarding this guide Contact Title Contact E-mail Address Craig Miller NRECA CRN Project Manager 703-626-9683 craig millernreca.coop Princip 7034045830 smigues(cigital.com Evgeny Lebanidze Managing Consultant 703-5855047 evgeny(cigital.com 10

(系统自动生成,下载前可以参看下载内容)