Control Center to Customers Environment - #11

This environment encompasses the requirements for what has traditionally been called commercial or industrial metering. It includes the requirements for any data exchange that travels directly to the control center from a customer site, without involving substations or data aggregators.

Typical Applications: Metering of large customers, control of distributed energy resources, limiting demand under heavy loads by requesting customers drop off.

Characteristics: Business-to-business communications, but involving operational rather than monetary data. Medium to high volumes of data coming from many sources, but only moderately high security requirements because of the nature of the data. Configuration may change significantly on a monthly basis.

Similar Environments: Similar in requirements to Critical Operations DAC except attackers could not do as much damage by controlling this environment, and the quality of service need not be as quite as high. It is otherwise similar, technologically, to other business-to-business environments.

Definition: This environment is defined by the following requirements:

Communication and Information Requirements that Define this Environment

Configuration Requirements

Support interactions between a few "clients" and many "servers"
Support interactions across widely distributed sites
Support multi-cast or broadcast capabilities
Support the frequent change of configuration and/or location of end devices or sites

Quality of Service Requirements

Provide medium speed messaging on the order of 10 seconds or more
Support medium availability of information flows of 99.0+ (~3.5 days)

Security Requirements

Provide Authorization Service for Access Control (resolving a policy-based access control decision to ensure authorized entities have appropriate access rights and authorized access is not denied)
Provide Confidentiality Service (only authorized access to information, protection against eavesdropping)
Provide Inter-Domain Security Service (support security requirements across organizational boundaries)
Provide Audit Service (responsible for producing records, which track security relevant events)
Provide Security Policy Service (concerned with the management of security policies)
Provide Firewall Transversal
Provide Privacy Service (the ability to ensure person information is not disclosed)
Provide User Profile and User Management (combination of several other security services)
Provide Security Protocol mapping (the ability to convert from one protocol to another)
Provide Security Discovery (the ability to determine what security services are available for use)

Network and System Management Requirements

Provide Network Management (management of media, transport, and communication nodes)
Provide System Management (management of end devices and applications)

Data Management Requirements

Support the management of large volumes of data flows
Support extensive data validation procedures
Support management of data whose types can vary significantly in different implementations
Support specific standardized or de facto object models of data
Provide discovery service (discovering available services and their characteristics)
Provide conversion and protocol mapping
Support the management of data across organizational boundaries