Appendix A List of Acronyms¶
CISA |
Cybersecurity and Infrastructure Security Agency |
DER |
Distributed Energy Resource |
EPRI |
Electric Power Research Institute |
ICS |
Industrial Control System |
ICS-CERT |
Industrial Control Systems–Computer Emergency Readiness Team |
IIoT |
Industrial Internet of Things |
IT |
Information Technology |
LTE |
Long-Term Evolution |
NCCoE |
National Cybersecurity Center of Excellence |
NIST |
National Institute of Standards and Technology |
OT |
Operational Technology |
UMD |
University of Maryland |
VPN |
Virtual Private Network |
Appendix B References¶
- B1
The Smart Grid Interoperability Panel-Smart Grid Cybersecurity Committee, Guidelines for Smart Grid Cybersecurity, National Institute of Standards and Technology (NIST) Interagency or Internal Report 7628 Revision 1, Gaithersburg, Md., Sept. 2014, 290 pp. Available: https://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf.
- B2
A. Gopstein et al., NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0, NIST SP 1108rev4, NIST, Gaithersburg, Md., February 18, 2021. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1108r4.pdf
- B3
Cybersecurity and Infrastructure Security Agency, Industrial Control Systems Cyber Emergency Response Team, “Cyber Threat Source Descriptions.” Available: https://www.us-cert.gov/ics/content/cyber-threat-source-descriptions.
- B4
Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, NIST, Gaithersburg, Md., Apr. 16, 2018. Available: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
- B5
Mapping of NIST Cybersecurity Framework v1.1 to NERC CIP Reliability Standards, NIST, Gaithersburg, Aug. 8, 2020. Available: PDR: Mapping of NIST Cybersecurity Framework v1.1 to NERC CIP Reliability Standards
- B6
NIST Cybersecurity for IoT Program, Feb. 2021. Available: https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program
- B7
Designation of Public Trust Positions and Investigative Requirements, 5 C.F.R. § 731.106, 2013. Available: http://www.gpo.gov/fdsys/granule/CFR-2012-title5-vol2/CFR-2012-title5-vol2-sec731-106/content-detail.html.
- B8
Information technology – Security techniques – Information security risk management, ISO/IEC 27005, International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC), 2011. Available: http://www.iso.org/iso/catalogue_detail?csnumber=56742.
- B9
D. Cooper et al., Internet X.509 Public Key Infrastructure Certification and Certificate Revocation List (CRL) Profile, Internet Engineering Task Force (IETF) Network Working Group Request for Comments (RFC) 5280, May 2008. Available: http://www.ietf.org/rfc/rfc5280.txt.
- B10
Federal Information Security Management Act of 2002, Pub. L. 107-347 (Title III), 116 Stat 2946. Available: http://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf.
- B11
E-Government Act of 2002, Pub. L. 107-347, 116 Stat 2899. Available: http://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf.
Appendix C Benefits of IoT Cybersecurity Capabilities¶
The National Institute of Standards and Technology’s (NIST’s) Cybersecurity for the Internet of Things (IoT) program [B6] supports development and application of standards, guidelines, and related tools to improve the cybersecurity of connected devices and the environments in which they are deployed. By collaborating with stakeholders across government, industry, international bodies, and academia, the program aims to cultivate trust and foster an environment that enables innovation on a global scale.
Computing devices that integrate physical and/or sensing capabilities and network interface capabilities are being designed, developed, and deployed at an ever-increasing pace. These devices are fulfilling customer needs in all sectors of the economy. Many of these computing devices are connected to the internet. A novel characteristic of these devices is their combination of connectivity and the ability to sense and/or affect the physical world. As devices become smaller and more complex, with an increasing number of features, the security of those devices also becomes more complex.
NIST’s Cybersecurity for IoT program has defined a set of capabilities that device manufacturers should consider integrating into their IoT devices and that consumers should consider enabling/configuring in those devices. Device cybersecurity capabilities are cybersecurity features or functions that IoT devices or other system components (e.g., a gateway, proxy, IoT Platform) provide through technical means (i.e., device hardware and software). Many IoT devices have limited processing and data storage capabilities and may not be able to provide these device cybersecurity capabilities on their own; consequently, they may rely on other system components to provide these technical capabilities on their behalf. Nontechnical supporting capabilities are actions that a manufacturer or third-party organization performs in support of the cybersecurity of an IoT device. Examples of nontechnical support include providing information about software updates, instructions for configuration settings, and supply chain information.
Used together, device cybersecurity capabilities and nontechnical supporting capabilities can help mitigate cybersecurity risks related to the use of IoT devices while assisting customers in achieving their goals. Device cybersecurity capabilities and nontechnical supporting capabilities—if properly defined and integrated into Industrial Internet of Things (IIoT) devices in a distributed energy resources (DER) environment—can assist in securely deploying and configuring an IIoT DER ecosystem.
C.1 IoT Cybersecurity Capabilities Mapping¶
Table 5‑7 below lists the device cybersecurity capabilities and nontechnical supporting capabilities as they map to the NIST Cybersecurity Framework Subcategories of particular importance to this project. It is acknowledged that IoT devices vary in their capabilities, and there may not be a clear delineation between the device cybersecurity capabilities that are provided by the IoT devices and those provided by another system component. It is also understood that the capabilities of cyber-physical components are evolving, so many of the mappings are not necessarily exact.
The mapping presents a summary of both technical and nontechnical capabilities that could enhance the security of an IIoT DER ecosystem. It is acknowledged that many of the device cybersecurity capabilities may not be available in modern IoT devices and that other system elements (e.g., proxies, gateways) or other risk mitigation strategies (e.g., network segmentation) may be necessary.
Table 5‑7 Mapping of Device Cybersecurity Capabilities and Nontechnical Supporting Capabilities to NIST Cybersecurity Framework Subcategories of the IIoT Project
Cybersecurity Framework v1.1 Subcategory |
Device Cybersecurity Capabilities |
Manufacturer Nontechnical Supporting Capabilities |
Related NERC CIP ID(s) |
---|---|---|---|
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, revoked, and processes. |
|
|
CIP- 004- 6-R4 CIP- 004- 6-R5 CIP- 007- 6-R5 |
PR.AC-3: Remote access is managed. |
|
N/A |
CIP- 003- 7-R2 CIP- 004- 6-R4 CIP- 004- 6-R5 CIP- 005- 5-R1 CIP- 005- 5-R2 CIP- 005- 6-R2 CIP- 013- 1-R1 |
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties. |
|
|
CIP- 004- 6-R4 CIP- 004- 6-R5 CIP- 005- 6-R2 CIP- 007- 6-R5 CIP- 013- 1-R1 |
PR.AC-5 Network integrity is protected (e.g., network segregation, network segmentation). |
N/A |
N/A |
CIP- 005- 5-R1 CIP- 007- 6-R1 |
PR.DS-1: Data-at-rest is protected. |
|
|
CIP -011 -2-R 2-R2 |
PR.DS-2: Data in transit is protected. |
|
|
CIP- 003- 7-R2 CIP- 004- 6-R4 CIP- 004- 6-R5 CIP- 005- 5-R1 CIP- 005- 5-R2 CIP- 011- 2-R1 |
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity. |
|
|
CIP- 010- 2-R1 CIP- 010- 3-R1 CIP- 010- 2-R2 CIP- 011- 2-R1 CIP- 013- 1-R1 |
DE.AE-1: A baseline of network operations expected data flows for users and systems is established and managed. |
N/A |
|
N/A |
DE.AE-2: Detected events are analyzed to understand attack targets and methods. |
N/A |
|
CIP- 003- 7-R2 CIP- 005- 5-R1 CIP- 007- 6-R4 CIP- 008- 5-R1 CIP- 008- 5-R2 CIP- 008- 5-R4 |
DE.AE-3: Event data are collected and correlated from multiple sources and sensors. |
|
|
CIP- 007- 6-R4 |
DE.AE-5: Incident alert thresholds are established. |
|
N/A |
CIP- 007- 6-R4 CIP- 007- 6-R5 CIP- 008- 5-R1 |
DE.CM-1: The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. |
|
|
CIP- 005- 5-R1 |
DE.CM-2: The physical environment is monitored to detect potential cybersecurity events. |
N/A |
|
CIP- 003- 7-R2 CIP- 006- 6-R1 CIP- 006- 6-R2 CIP- 014- 2-R5 |
DE.CM-4: Malicious code is detected. |
N/A |
|
CIP- 003- 7-R2 CIP- 007- 6-R3 CIP- 007- 6-R4 CIP- 010- 2-R4 |
DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed. |
|
|
CIP- 003- 7-R2 CIP- 005- 5-R1 CIP- 006- 6-R1 CIP- 007- 6-R3 CIP- 007- 6-R4 CIP- 007- 6-R5 CIP- 013- 3-R2 CIP- 010- 2-R4 |
C.2 Device Capabilities Supporting Security Characteristic Analysis Test Scenarios¶
Table 5‑8 below builds on the security characteristic analysis test scenarios included in Section 5.2 of this document. The table lists both device cybersecurity capabilities and nontechnical supporting capabilities that map to the requirements for each of the test scenarios. If IoT devices are integrated into an IIoT DER ecosystem, selecting devices and/or third parties that provide these capabilities can help achieve the respective test scenario requirements.
It is acknowledged that IoT devices vary in their capabilities, and there may not be a clear delineation between the device cybersecurity capabilities that are provided by the IoT devices and those provided by another system component. It is also understood that the capabilities of cyber-physical components are evolving, so many of the mappings are not necessarily exact.
It is acknowledged that many of the device cybersecurity capabilities may not be available in some IoT devices and that other system elements (e.g., proxies, gateways) or other risk mitigation strategies (e.g., network segmentation) may be necessary. It is also understood that not every capability in the table is applicable to every use case. The table provides utilities and/or DER operators a listing of technical and nontechnical capabilities that might be important in IIoT DER ecosystems.
Table 5‑8 Device Cybersecurity Capabilities and Nontechnical Supporting Capabilities that Map to Each of the Security Test Scenarios
Scenario ID and Description with CSF Subcategories |
Device Cybersecurity Capabilities |
Manufacturer Nontechnical Supporting Capabilities |
---|---|---|
Scenario 1: Communication between the utility and a DER is secure: This test case will verify that authenticated and authorized systems on the utility network can communicate with a DER connected to the microgrid network. |
|
|
Scenario 2: Integrity of Command Register data and communications is verified. This test case will verify data providence and integrity across the system for commands being exchanged between the utility and the DER microgrid. |
|
|
Scenario 3: Log file information can be captured and analyed: This test case will verify the capabilities of capturing and analyzing log data within the microgrid network. |
|
|
Scenario 4: Log file analysis can be shared: This test case will verify that the log analysis findings can be shared through proper channels. |
|
|
Scenario 5: Malicious activity is detected: This test case will verify the system’s ability to detect anomalous or malicious behavior on the network. |
|
|
Scenario 6: Privileged user access is managed. This test case will verify that privileged users are authenticated and authorized to access only those devices to which they have been given proper privileges. PR.AC-1
PR.AC-3
PR.AC-4
PR.AC-5
|
|
|