IntelliGrid Architecture

Field Equipment Maintenance Environment - #20

This environment represents all communications with field crews.

Typical Applications:  Asset management, primary equipment monitoring and maintenance, planned outages, statistics gathering, testing, diagnostics, protection engineering, trouble call management, updating of schematics and drawings, emergency (fire, earthquake, flood) response.

Characteristics:  Extremely mobile workforce and frequent configuration changes makes wireless communications, ease of use and self-discovery a necessity.   Response times in seconds are required due to human reaction times.  Data is critical to safe and reliable operation of the grid, and must be keyed to role-based access, i.e. only certain employees have access to certain data.

Similar Environments:  Similar to both Critical Operations DAC and Non-Critical Operations DAC, but with an emphasis on mobile access.

Definition:  This environment is defined by the following requirements:

Communication and Information Requirements that Define this Environment

Configuration Requirements

• Support interactions between a few "clients" and many "servers"
• Support interactions across widely distributed sites
• Support mandatory mobile communications

Quality of Service Requirements

• Provide medium speed messaging on the order of 10 seconds
• Support medium availability of information flows of 99.0+ (~3.5 days)

Security Requirements

• Provide Identity Establishment Service (you are who you say you are)
• Provide Authorization Service for Access Control (resolving a policy-based access control decision to ensure authorized entities have appropriate access rights and authorized access is not denied)
• Provide Information Integrity Service (data has not been subject to unauthorized changes or these unauthorized changes are detected)
• Provide Firewall Transversal
• Provide User Profile and User Management (combination of several other security services)
• Provide Security Discovery (the ability to determine what security services are available for use)

Network and System Management Requirements

• Provide Network Management (management of media, transport, and communication nodes)
• Provide System Management (management of end devices and applications)

Data Management Requirements

• Support extensive data validation procedures
• Support frequent changes in types of data exchanged
• Support management of data whose types can vary significantly in different implementations
• Support specific standardized or de facto object models of data
• Support the exchange of unstructured or special-format data (e.g. text, documents, oscillographic data)
• Support transaction integrity (consistency and rollback capability)
• Provide discovery service (discovering available services and their characteristics)
• Provide conversion and protocol mapping

Recommended Technologies

Energy Industry-Specific Technologies

    Utility Field Device Related Data Exchange Technologies

• IEC61850 Parts 7-3 and 7-4 - Substation Object Modeling - Network Management, Data Management
• IEC61850 Part 6 - Substation Configuration Language - Network Management, Data Management
• IEC61850 Power Quality Object Models - Data Management
• IEC62350 - Object Models for Distributed Energy Resources (DER) - Network Management, Data Management
• IEC62349 - Hydro Power Plant Object Models - Network Management, Data Management
• IEC61400-25 for Wind Power Object Models - Network Management, Data Management

    Utility Control Center Related Data Management Technologies

• IEC 61970 Part 3 - Common Information Model (CIM) - Data Management
• CIM Extensions for Market Operations - Data Management
• IEC 61970 Part 4 - Generic Interface Definition (GID) - Configuration, Quality of Service, Data Management
• IEC61968 SIDM System Interfaces for Distribution Management - Data Management
• OPEN GIS - Data Management

    Customer Interface Data Management Technologies

• IEC62056 - Data Exchange for Meter Reading, Tariff, and Load Control - Data Management
• ANSI C12.19 (Meter Tables) - Data Management
• AEIC Guidelines - Data Management

Communications Industry Technologies

    Access Technologies

• Public Internet - Configuration,
• Private Intranet - Configuration,

    Networking Technologies

• Internet Protocol Version V4 (IPV4) - Configuration,

    IP-based Transport Protocols

• Transmission Control Protocol (TCP) - Configuration,

    Link Layer and Physical Technologies

• LAN/MAN Technologies - Configuration,
• IEEE 802 MAC Addresses - Configuration,
• Ethernet - Configuration,
• Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH) - Configuration,
• Asynchronous Transfer Mode (ATM) - Configuration,

    Wireless Technologies

• Global System for Mobile Communication (GSM) - Configuration,

    Computer Systems Related Technologies

• Web Services - Data Management
• Universal Description, Discovery, and Integration (UDDI) - Data Management
• XML Protocol/Simple Object Access Protocol (SOAP) - Data Management
• Enterprise Java Beans (EJB) - Data Management
• GUID - Data Management

    General Internet and De Facto Data Management Technologies

• ANSI/ISO/IEC 8632-1, 2, 3, 4 - Computer Graphics Metafile (CGM) - Data Management
• ISO/IEC 11179 Parts 1 - 6 Metadata Registries - Data Management
• Meta Object Facility (MOF) - Data Management
• XML Metadata Interchange (XMI) - Data Management
• eXtensible Markup Language (XML) - Data Management
• XML Schema (xls) - Data Management
• ANSI/ISO/IEC 9075 - Structured Query Language (SQL) - Data Management

Security Technologies

    Policy and Framework Related Technologies

• ISO/IEC 10164-8:1993 Security Audit Trail Function - Information technology - Open Systems Interconnection - Systems Management - Security,
• ISO/IEC 18014-1:2002 Time-Stamping Services - Information technology - Security Techniques - Part 1: Framework - Data Management
• ISO/IEC 10181-7:1996 Security Audit and Alarms Framework - Information technology - Open Systems Interconnection -- Security Frameworks for Open Systems - Security,
• FIPS PUB 112 Password Usage - Security,
• FIPS PUB 113 Computer Data Authentication - Security,
• RFC 2196 Site Security Handbook - Security,
• RFC 2401 Security Architecture for the Internet Protocol - Security,
• RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,

    General Security Technologies

• FIPS 197 for Advanced Encryption Standard (AES) - Security,
• FIPS 186 Digital Signatures Standard (DSS) - Security,
• Intrusion Detection Technologies - Network Management,
• Intrusion Prevention Systems (IPS) - Network Management,

    Media and Network Layer Technologies

• Secure IP Architecture (IPSec) - Security,
• IEEE 802.11i Security for Wireless Networks - Security,
• Remote Authentication Dial In User Service (RADIUS) - Security,
• ATM Security - Security,
• AGA-12 Cryptographic Protection of SCADA Communications General Recommendations - Security,

    Application Layer Security Technologies

• RFC 2228 FTP Security Extensions - Security,
• Internet Mail Extensions - Security,
• RFC 2086 IMAP4 ACL extension - Security,
• SNMP Security - Security, Network Management,
• RFC 1305 Network Time Protocol (Version 3) Specification, Implementation - Security,
• IEC 62351-4 Security for Profiles including MMS (ISO-9506) - Security,
• IEC 62351-5 Security for IEC 60870-5 and Derivatives - Security,
• IEC 62351-6 Security for IEC 61850 GOOSE, GSSE, and SMV Profiles - Security,

    XML Related Technologies

• OASIS Security Assertion Markup Language (SAML) - Security,

Network and Enterprise Management Technologies

    Network Management Technologies

• Simple Network Management Protocol (SNMP) - Network Management,
• IEC 62351-7 Objects for Network Management - Quality of Service, Network Management, Data Management

    Web-based Network Management

• Web-based Enterprise Management (WBEM) - Network Management,

 

---

Recommended Common Services

Security Services

    Common Security Services

• Authorization for Access Control - Security,
• Firewall Traversal - Security,
• Identity Establishment Service - Security,
• Information Integrity Service - Security,
• Quality of Identity Service - Security,
• Security Service Availability Discovery Service - Security,
• User and Group Management - Security,

Network and System Management Services

    Enterprise Management Services

• Inventory Management - Network Management,
• Communication System/Network Discovery - Network Management,
• Routing Management - Network Management,
• Traffic Management - Network Management,
• Traffic Engineering - Network Management,
• System/Network Health-Check Analysis - Network Management,
• System/Network Fault Diagnosis - Network Management,
• System/Network Fault Correcting - Network Management,
• Service Level Agreement (SLA) Determination and Maintenance - Network Management,
• System/Network Performance Analysis - Network Management,
• System/Network Performance Diagnosis - Network Management,
• Performance Tuning/Correction - Network Management,
• Accounting and/or Billing - Network Management,

Data Management Common Services

    Data Management Common Services

• Object Management Service - Data Management
• Address and Naming Management - Network Management, Data Management
• Generic Eventing And Subscription - Network Management,
• Alarm Detection/Reporting - Network Management, Data Management
• Instrumentation and Monitoring Service - Network Management, Data Management
• Measurement Data Logging Service - Network Management,
• Remote Control - Network Management,
• File Transfer - Data Management

Common Platform Services

    Common Platform Services

• Component Registry Service - Data Management
• Component Lookup Service - Data Management
• Component Discovery Service - Data Management
• Component Initialization and Termination - Network Management,
• Resource Management - Network Management,
• Transactions - Data Management
• Checkpoint and Recovery - Network Management, Data Management
• Workflow Service - Network Management,

 

---

Recommended Best Practices

Data Management Best Practices

    Data Management

• Metadata Files and Databases - Network Management, Data Management
• Object Modeling Techniques - Data Management
• Quality Flagging - Network Management, Data Management
• Time Stamping - Network Management, Data Management
• Validation of Source Data and Data Exchanges - Data Management
• Data Update Management - Data Management
• Management of Data and Object Naming - Data Management
• Management of Data Formats in Data Exchanges - Data Management
• Management of Transaction Integrity (backup and rollback capability) - Data Management
• Management of Data Accuracy - Data Management
• Management of Data Acquisition - Data Management
• Management of Manual Data Entry - Data Management
• Database Maintenance Management - Data Management
• Data Backup and Logging - Quality of Service, Data Management
• Application Management - Network Management,

Security Best Practices

    Security Frameworks and Policy Documents

• CICSI 6731.01 Global Command and Control System Security Policy - Security,
• FIPS PUB 112 Password Usage - Security,
• IETF Security Best Practices Internet Requests for Comments (RFCs) - Network Management,
• RFC 1102 Policy routing in Internet protocols - Network Management,
• RFC 1322 A Unified Approach to Inter-Domain Routing - Network Management,
• RFC 1351 SNMP Administrative Model - Network Management,
• RFC 2008 Implications of Various Address Allocation Policies for Internet Routing - Network Management,
• RFC 2196 Site Security Handbook - Network Management,
• RFC 2386 A Framework for QoS-based Routing in the Internet - Network Management,
• RFC 2505 Anti-Spam Recommendations for SMTP - Security,
• RFC 2518 HTTP Extensions for Distributed Authoring - WEBDAV - Network Management,
• RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Network Management,

Security Technology Documents

Alternative Technologies

    Utility Field Device Related Data Exchange Technologies

• C37.111-1999 IEEE COMTRADE Standard (Common Format for Transient Data Exchange) for Power Systems - Data Management
• IEEE 1159.3 - Power Quality Data Interchange Format (PQDIF) - Data Management

    Utility Control Center Related Data Management Technologies

• IEC 60870-6 (ICCP) - Configuration,
• MultiSpeak - Data Management

    Networking Technologies

• Internet Protocol Version 6 (IPV6) - Configuration,
• Open Shortest Path First (OSPF) Routing Protocol - Configuration,
• Border Gateway Protocol (BGP) - Configuration,
• Internet Group Management Protocol (IGMP) - Configuration,
• Distance Vector Multicast Routing Protocol (DVMRP) - Configuration,
• Multicast Open Shortest Path (MOSPF) routing protocol - Configuration,
• Protocol Independent Multicast-Sparse Mode (PIM-SM) - Configuration,
• Core-Based Tree (CBT) multicast routing - Configuration,

    IP-based Transport Protocols

• Stream Control Transmission Protocol (SCTP) - Configuration,
• Datagram Congestion Control Protocol (DCCP) - Configuration,
• Real-Time Transport Protocol (RTP) - Configuration,

    Link Layer and Physical Technologies

• IEEE 802.1d Spanning Tree Protocol (STP) - Network Management,
• IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) - Network Management,
• Hubs/Repeaters - Configuration,
• Bridges/Switches - Configuration,
• Routers - Configuration,
• Digital Signal (DSx), Time-division multiplexing, the T-carriers, T1, fractional T1 - Configuration,
• Frame Relay - Configuration,

    Wireless Technologies

• 3rd Generation Cellular Wireless - Configuration,
• Universal Mobile Telecommunication System (UMTS) - Configuration,
• Code-Division Multiple Access 2000 (CDMA-2000) - Configuration,
• TDMA Cellular Wireless - IS-136 - Configuration,
• CDMA Cellular Wireless - IS-95 - Configuration,
• Cellular Digital Packet Data (CDPD) - Configuration,
• Short Message Service (SMS) - Configuration,
• Trunked Mobile Radio (TMR, TETRA, Project25) - Configuration,
• IEEE 802.11 Wireless Local Area Network (WLAN) - Configuration,
• IEEE 802.15 Wireless Personal Area Network (PAN) - Configuration,
• Bluetooth Special - Configuration,
• IEEE 802.16 Broadband Wireless Access Standards - Configuration,
• Multiple Address (MAS) Radio - Configuration,
• Spread Spectrum Radio System - Configuration,
• Satellite Leased Channels and VSAT - Configuration,
• Paging Systems - Configuration,
• Radio Frequency Identification (RFID) - Data Management

    Virtual Private Networking Technologies

• Layer 3 VPNs - Security,
• Layer 2 VPNs - Security,
• PPTP - Security,

    Computer Systems Related Technologies

• Web Services Description Language (WSDL) - Data Management

    General Internet and De Facto Data Management Technologies

• Common Warehouse Model (CWM) - Data Management
• American Standard Code for Information Interchange (ASCII) - Data Management
• Hypertext Markup Language (HTML) - Data Management
• RDF - Data Management

    eCommerce Related Data Management Technologies

• EAN.UCC Identification Numbers - Data Management
• EAN.UCC Universal Bar Codes - Data Management
• 10303 Standard Exchange for Product Data (STEP) - Data Management

    Network Management Technologies

• Remote Network Monitor (RMON) - Network Management,
• OSI Network Management Model - Network Management,
• Telecommunications Management Network (TMN) - M series - Network Management,
• Transaction Language 1 (TL1) - Network Management,

    Web-based Network Management

• Policy-based Management Technologies - Network Management,

Alternative Best Practices

    Security Frameworks and Policy Documents

• ISO/IEC 10181-7:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Security audit and alarms framework - Security,

    ISO/IEC Documents on Security Technologies

• ISO/IEC 7816-1:1998 Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical characteristics - Security,
• ISO/IEC 7816-3:1997 Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 3: Electronic signals and transmission protocols - Security,
• ISO/IEC 7816-3:1997/Amd 1:2002 Electrical characteristics and class indication for integrated circuit(s) cards operating at 5 V, 3 V and 1,8 V - Security,
• ISO/IEC 7816-4:1995 Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 4: Inter-industry commands for interchange - Security,
• ISO/IEC 7816-4:1995/Amd 1:1997 secure messaging on the structures of APDU messages - Security,
• ISO/IEC 7816-5:1994 Identification cards -- Integrated circuit(s) cards with contacts -- Part 5: Numbering system and registration procedure for application identifiers - Security,
• ISO/IEC 7816-7:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 7: - Security,
• ISO/IEC 7816-8:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 8: Security related - Security,
• ISO/IEC 7816-9:2000 Identification cards -- Integrated circuit(s) cards with contacts -- Part 9: Additional - Security,
• ISO/IEC 7816-10:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 10: Electronic signals and answer to reset for synchronous cards - Security,
• ISO/IEC 7816-11:2004 Identification cards -- Integrated circuit cards -- Part 11: Personal verification through biometric methods - Security,
• ISO/IEC 7816-15:2004 Identification cards -- Integrated circuit cards with contacts -- Part 15: Cryptographic information application - Security,
• ISO/IEC 9594-8:1998 Information technology -- Open Systems Interconnection -- The Directory: Authentication framework - Security,
• ISO 9735-5:2002 Electronic data interchange for administration, commerce and transport (EDIFACT) -- Application level syntax rules (Syntax version number: 4, Syntax release number: 1) -- Part 5: Security rul - Security,
• ISO/IEC 10164-9:1995 Information technology -- Open Systems Interconnection -- Systems Management: Objects and attributes for access control - Security,
• ISO/IEC 10181-2:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Authentication framework - Security,
• ISO/IEC 10181-3:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Access control framework - Security,
• ISO 10202-1:1991 Financial transaction cards -- Security architecture of financial transaction systems using integrated circuit cards -- Part 1: Card life cycle - Security,
• ISO 10202-7:1998 Financial transaction cards -- Security architecture of financial transaction systems using integrated circuit cards -- Part 7: Key management - Security,
• ISO 10202-8:1998 Financial transaction cards -- Security architecture of financial transaction systems - Security,
• ISO JTC1 SC37 1.37.19784.1 BioAPI - Biometric Application Programming Interface - Security,
• ISO JTC1 SC37 1.37.19794 - Biometric Data Interchange Format - Security,
• ISO JTC1 SC37 1.37.19794.3 Biometric Data Interchange Format - Part 3: Finger Pattern Spectral Data - Security,
• ISO JTC1 SC37 1.37.19794.4 Biometric Data Interchange Format - Part 4: Finger Image Data - Security,
• ISO JTC1 SC37 1.37.1974.5 Biometric Data Interchange Format - Part 5: Face Image Data - Security,

    Federal Documents on Security Technologies

• - Security,
• FIPS 197 Federal Information Processing Standards Publication 197, Specification for the Advanced Encryption Standard (AES) - Security,

    IETF Internet Requests for Comments (RFCs) on Security Technologies

• RFC 1004 Distributed-protocol authentication scheme - Security,
• RFC 1352 SNMP Security Protocols - Network Management,
• RFC 1507 DASS - Distributed Authentication Security Service - Security,
• RFC 1579 Firewall-Friendly FTP - Security,
• RFC 1826 IP Authentication Header - Security,
• RFC 1827 IP Encapsulating Security Payload (ESP) - Security,
• RFC 1940 Source Demand Routing: Packet Format and Forwarding Specification (Version 1) - Network Management,
• RFC 1968 The PPP Encryption Control Protocol (ECP) - Security,
• RFC 2040 The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms - Security,
• RFC 2045 Multi-Purpose Internet Mail Extensions (MIME) and Secure/MIME - Security,
• RFC 2086 IMAP4 ACL extension - Security,
• RFC 2093 Group Key Management Protocol (GKMP) Specification - Security,
• RFC 2228 FTP Security Extensions - Security,
• RFC 2230 Key Exchange Delegation Record for the DNS - Security,
• RFC 2244 ACAP -- Application Configuration Access Protocol - Security,
• RFC 2246 The TLS Protocol Version 1.0 - Security,
• RFC 2313 PKCS #1: RSA Encryption Version 1.5 - Security,
• RFC 2315 PKCS #7: Cryptographic Message Syntax Version 1.5 - Security,
• RFC 2356 Sun's SKIP Firewall Traversal for Mobile IP - Security,
• RFC 2406 IP Encapsulating Security Payload (ESP) - Security,
• RFC 2437 PKCS #1: RSA Cryptography Specifications Version 2.0 - Security,
• RFC 2440 OpenPGP Message Format - Security,
• RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) - Security,
• RFC 2409 The Internet Key Exchange (IKE) - Security,
• RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile - Security,
• RFC 2510 Internet X.509 Public Key Infrastructure Certificate Management Protocols - Security,
• RFC 2511 Internet X.509 Certificate Request Message Format - Security,
• RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,
• RFC 2547 BGP/MPLS VPNs - Security, Network Management,
• RFC 2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP - Security,
• RFC 2764 A Framework for IP Based Virtual Private Networks - Security, Network Management,
• RFC 2753 A Framework for Policy-based Admission Control - Security,
• RFC 2817 Upgrades to TLS within HTTP/1.1 - Security,
• RFC 2818 HTTP over TLS (HTTPS) - Security,
• RFC 2865 Remote Authentication Dial In User Service (RADIUS) - Security,
• RFC 2869 RADIUS Extensions - Security,
• RFC 2874 DNS Extensions to Support IPv6 Address Aggregation and Renumbering - Security,
• RFC 2875 - Security,
• RFC 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0 - Security,
• RFC 2946 Telnet Data Encryption Option - Security,
• RFC 2977 Mobile IP Authentication, Authorization, and Accounting Requirements - Security,
• RFC 2979 Behavior of and Requirements for Internet Firewalls - Security,
• RFC 2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0 - Security,
• RFC 3053 IPv6 Tunnel Broker - Network Management,
• RFC 3268 Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) - Security,
• RFC 3280 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - Security,
• RFC 3369 Cryptographic Message Syntax (CMS) - Security,
• RFC 3370 Cryptographic Message Syntax (CMS) Algorithms - Security,
• RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) - Network Management,
• RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 - Security,
• RFC 3647 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,

    Other Security Technolog

• IEEE 802.11b Web Encryption Protocol - Security,
• IEEE 802.11i Security for Wireless Networks - Security,
• RSA Documents on Security Technologies - Security,
• RSA PKCS #8 Private-Key Information Syntax Standard - Security,
• RSA PKCS #12 Personal Information Exchange Syntax Standard, version 1.0. - Security,
• OASIS Documents on Security Technologies - Security,
• AGA-12 Cryptographic Protection of SCADA Communications General Recommendations. - Security,
• ANSI INCITS 359-2004 Role Based Access Control (RBAC) - Security,
• EPRI 1002596 ICCP TASE.2 Security Enhancements - Security,
• NIST GSC-IS The NIST Interagency Report 6887 - 2003 edition (Government Smart Card-Interoperability Specification) Version 2.1 - Security,
• NISTIR 6529 Common Biometric File Format (CBEFF) - Security,
• Smart Card Alliance Smart Card Primer - Security,
• Smart Card Alliance Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology - Security,
• Smart Card Alliance Government Smart Card Handbook - Security,
• WebDAV Access Control Extensions to WebDAV - Security,
• WPA WI-FI Protected Access - Security,
• WPA2 WI-FI Protected Access Version 2 - Security,
• TMN PKI - Digital certificates and certificate revocation lists profiles - Security,

Possible Technologies

    Networking Technologies

• Intermediate System to Intermediate System (ISIS) Routing Protocol - Configuration,
• Routing Information Protocol (RIP) - Configuration,

    Application Layer Protocols

• CSV files - Data Management