AMI System Security Requirements

AMI System Security Requirements
Coalton Bennett, Bobby Brown, Brad Singletary, Darren Highfill, Doug Houseman, Frances Cleveland, Howard Lipson, James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield, Sharon Li

Citation
Coalton Bennett, Bobby Brown, Brad Singletary, Darren Highfill, Doug Houseman, Frances Cleveland, Howard Lipson, James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield, Sharon Li. "AMI System Security Requirements". Utility Communication Architecture International User Group (UCAIUG), December, 2008.

Abstract
This document provides the utility industry and vendors with a set of security requirements for Advanced Metering Infrastructure (AMI). These requirements are intended to be used in the procurement process, and represent a superset of requirements gathered from current cross industry accepted security standards and best practice guidance documents. This document provides substantial supporting information for the use of these requirements including scope, context, constraints, objectives, user characteristics, assumptions, and dependencies. This document also introduces the concept of requirements for security states all modes, with requirements delineated for security states. These requirements are categorized into three areas: 1) Primary Security Services, 2) Supporting Security Services and 3) Assurance Services. The requirements will change over time corresponding with current security threats and countermeasures they represent. The AMI-SEC Task Force presents the current set as a benchmark, and the authors expect utilities and vendors to tailor the set to individual environments and deployments. While these requirements are capable of standing on their own, this document is intended to be used in conjunction with other 2008 deliverables from the AMI-SEC Task Force, specifically the Risk Assessment, the Architectural Description, the Component Catalog (in development as of this writing), and the Implementation Guide (to be developed late 2008). This document also discusses the overall process for usage of this suite.

Electronic downloads

AMI_System_Security_Requirements-v1_01-1.pdf · application/pdf · 831 kbytes

Citation formats

HTML

Coalton Bennett, Bobby Brown, Brad Singletary, Darren
Highfill, Doug Houseman, Frances Cleveland, Howard Lipson,
James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield,
Sharon Li. <a
href="http://www.truststc.org/pubs/668.html"
><i>AMI System Security
Requirements</i></a>, Utility Communication
Architecture International User Group (UCAIUG), December,
2008.

Plain text

Coalton Bennett, Bobby Brown, Brad Singletary, Darren
Highfill, Doug Houseman, Frances Cleveland, Howard Lipson,
James Ivers, Jeff Gooding, Jeremy McDonald, Neil Greenfield,
Sharon Li. "AMI System Security Requirements".
Utility Communication Architecture International User Group
(UCAIUG), December, 2008.

BibTeX

@manual{BennettBrownSingletaryHighfillHousemanClevelandLipson08_AMISystemSecurityRequirements,
    author = {Coalton Bennett and Bobby Brown and Brad
              Singletary and Darren Highfill and Doug Houseman
              and Frances Cleveland and Howard Lipson and James
              Ivers and Jeff Gooding and Jeremy McDonald and
              Neil Greenfield and Sharon Li},
    title = {AMI System Security Requirements},
    organization = {Utility Communication Architecture International
              User Group (UCAIUG)},
    month = {December},
    year = {2008},
    abstract = {This document provides the utility industry and
              vendors with a set of security requirements for
              Advanced Metering Infrastructure (AMI). These
              requirements are intended to be used in the
              procurement process, and represent a superset of
              requirements gathered from current cross industry
              accepted security standards and best practice
              guidance documents. This document provides
              substantial supporting information for the use of
              these requirements including scope, context,
              constraints, objectives, user characteristics,
              assumptions, and dependencies. This document also
              introduces the concept of requirements for
              security states all modes, with requirements
              delineated for security states. These requirements
              are categorized into three areas: 1) Primary
              Security Services, 2) Supporting Security Services
              and 3) Assurance Services. The requirements will
              change over time corresponding with current
              security threats and countermeasures they
              represent. The AMI-SEC Task Force presents the
              current set as a benchmark, and the authors expect
              utilities and vendors to tailor the set to
              individual environments and deployments. While
              these requirements are capable of standing on
              their own, this document is intended to be used in
              conjunction with other 2008 deliverables from the
              AMI-SEC Task Force, specifically the Risk
              Assessment, the Architectural Description, the
              Component Catalog (in development as of this
              writing), and the Implementation Guide (to be
              developed late 2008). This document also discusses
              the overall process for usage of this suite.},
    URL = {http://www.truststc.org/pubs/668.html}
}

Posted by Coalton Bennett on 29 Mar 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.