Intra-Corporation Environment - #13

This environment includes the requirements for exchanging data between what was traditionally called the “Control Network”, or the “Energy Management Network”, and the rest of the organization. The usual point of contact between the corporation and this data is the Energy Management System, although links from corporate networks to other types of equipment are increasing.

Typical Applications: Long term network planning, protection engineering, asset management, facilities management, graphical information systems, and operator training.

Characteristics: Security is important, but several types of attacks need not be addressed because the data travels within the corporate network. A huge variety of formats and volumes of data must be exchanged, very specific to particular applications. The data may be considered “real-time” but for these purposes, response times of minutes or hours are typically adequate.

Similar environments: Similar to Control Center / ESP or Control Center / External Corporations, but the amount and variety of data is much greater.

Definition: This environment is defined by the following requirements:

Communication and Information Requirements that Define this Environment

Configuration Requirements

Support interactions within a contained environment (e.g. substation or control center)

Quality of Service Requirements

Provide medium speed messaging on the order of 10 seconds
Support time synchronization of data for age and time-skew information

Security Requirements

Provide Identity Establishment Service (you are who you say you are)
Provide Authorization Service for Access Control (resolving a policy-based access control decision to ensure authorized entities have appropriate access rights and authorized access is not denied)
Provide Information Integrity Service (data has not been subject to unauthorized changes or these unauthorized changes are detected)
Provide Audit Service (responsible for producing records, which track security relevant events)
Provide Security Policy Service (concerned with the management of security policies)
Provide Firewall Transversal
Provide User Profile and User Management (combination of several other security services)
Provide Security Discovery (the ability to determine what security services are available for use)

Network and System Management Requirements

Provide Network Management (management of media, transport, and communication nodes)
Provide System Management (management of end devices and applications)

Data Management Requirements

Support the management of large volumes of data flows
Support keeping the data up-to-date
Support extensive data validation procedures
Support keeping data consistent and synchronized across systems and/or databases
Support timely access to data by multiple different users
Support frequent changes in types of data exchanged
Support management of data whose types can vary significantly in different implementations
Support specific standardized or de facto object models of data
Support the exchange of unstructured or special-format data (e.g. text, documents, oscillographic data)
Support transaction integrity (consistency and rollback capability)
Provide discovery service (discovering available services and their characteristics)
Provide conversion and protocol mapping