IntelliGrid Architecture

Non-Critical Operations DAC Data Acquisition Environment - #6

Non-Critical Operations Data Acquisition and Control environment represents the set of requirements for gathering less-vital data to the control center, usually for the purposes of optimizing the power network rather than for safety, legality or reliability reasons.

Typical applications:  Monitoring non-power system equipment, power quality monitoring, primary equipment monitoring, some kinds of customer metering.

Characteristics:  Since this environment does not involve critical information exchanges, impacts from security breaches are minimal, and therefore extensive security measures are not mandatory.  Data may be required in hours or days rather than seconds.

Similar Environments:  Unlike Inter-Field Equipment, this information goes directly to and from the control center, similar to High-Security DAC but not as critical.

Definition:  This environment is defined by the following requirements:

Communication and Information Requirements that Define this Environment

Configuration Requirements

• Support interactions between a few "clients" and many "servers"
• Support interactions across widely distributed sites
• Support compute-constrained and/or media constrained communications

Quality of Service Requirements

• Provide medium speed messaging on the order of 10 seconds
• Support high availability of information flows of 99.9+ (~9 hours)

Security Requirements

• Provide Authorization Service for Access Control (resolving a policy-based access control decision to ensure authorized entities have appropriate access rights and authorized access is not denied)
• Provide Audit Service (responsible for producing records, which track security relevant events)
• Provide Security Policy Service (concerned with the management of security policies)

Network and System Management Requirements

• Provide Network Management (management of media, transport, and communication nodes)
• Provide System Management (management of end devices and applications)

Data Management Requirements

• Support keeping the data up-to-date
• Support specific standardized or de facto object models of data
• Provide discovery service (discovering available services and their characteristics)
• Provide conversion and protocol mapping

Recommended Technologies

Energy Industry-Specific Technologies

    Utility Field Device Related Data Exchange Technologies

• ISO 9506 MMS - Manufacturing Messaging Specification - Configuration, Quality of Service,
• IEC61850 Part 7-2 - GSE (GOOSE and GSSE - Configuration,
• IEC61850 Part 7-2 - Abstract Common Services Interface (ACSI) - Configuration, Quality of Service, Data Management
• IEC61850 Parts 7-3 and 7-4 - Substation Object Modeling - Network Management, Data Management
• IEC61850 Part 6 - Substation Configuration Language - Network Management, Data Management
• IEC61850 Power Quality Object Models - Data Management
• IEC62350 - Object Models for Distributed Energy Resources (DER) - Network Management, Data Management
• IEC62349 - Hydro Power Plant Object Models - Network Management, Data Management
• IEC61400-25 for Wind Power Object Models - Network Management, Data Management

    Utility Control Center Related Data Management Technologies

• IEC 61970 Part 3 - Common Information Model (CIM) - Data Management

Communications Industry Technologies

    Access Technologies

• Private Intranet - Configuration,

    Networking Technologies

• Internet Protocol Version V4 (IPV4) - Configuration,

    IP-based Transport Protocols

• Transmission Control Protocol (TCP) - Configuration,

    Link Layer and Physical Technologies

• LAN/MAN Technologies - Configuration,
• IEEE 802 MAC Addresses - Configuration,
• Ethernet - Configuration,
• Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH) - Configuration,
• Asynchronous Transfer Mode (ATM) - Configuration,

    Computer Systems Related Technologies

• Universal Description, Discovery, and Integration (UDDI) - Data Management
• XML Protocol/Simple Object Access Protocol (SOAP) - Data Management

    General Internet and De Facto Data Management Technologies

• XML Schema (xls) - Data Management

Security Technologies

    Policy and Framework Related Technologies

• ISO/IEC 10164-8:1993 Security Audit Trail Function - Information technology - Open Systems Interconnection - Systems Management - Security,
• ISO/IEC 18014-1:2002 Time-Stamping Services - Information technology - Security Techniques - Part 1: Framework - Security,
• ISO/IEC 10181-7:1996 Security Audit and Alarms Framework - Information technology - Open Systems Interconnection -- Security Frameworks for Open Systems - Security,
• FIPS PUB 112 Password Usage - Security,
• FIPS PUB 113 Computer Data Authentication - Security,
• RFC 2196 Site Security Handbook - Security,
• RFC 2401 Security Architecture for the Internet Protocol - Security,
• RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,

    General Security Technologies

• Role-Based Access Control - Security,
• Intrusion Detection Technologies - Security, Network Management,
• Intrusion Prevention Systems (IPS) - Security, Network Management,
• Service Level Agreements (SLA) - Security,

    Media and Network Layer Technologies

• Secure IP Architecture (IPSec) - Security,
• IEEE 802.11i Security for Wireless Networks - Security,
• Remote Authentication Dial In User Service (RADIUS) - Security,
• AGA-12 Cryptographic Protection of SCADA Communications General Recommendations - Security,

    Transport Layer Security Technologies

• Transport Layer Security (TLS)/Secure Sockets Layer (SSL) - Security,

    Application Layer Security Technologies

• SNMP Security - Security, Network Management,
• RFC 1305 Network Time Protocol (Version 3) Specification, Implementation - Security,
• IEC 62351-4 Security for Profiles including MMS (ISO-9506) - Security,
• IEC 62351-5 Security for IEC 60870-5 and Derivatives - Security,
• IEC 62351-6 Security for IEC 61850 GOOSE, GSSE, and SMV Profiles - Security,

    XML Related Technologies

• OASIS Security Assertion Markup Language (SAML) - Security,
• Secure XML - Security,

Network and Enterprise Management Technologies

    Network Management Technologies

• Simple Network Management Protocol (SNMP) - Network Management,
• IEC 62351-7 Objects for Network Management - Quality of Service, Network Management, Data Management

    Web-based Network Management

• Web-based Enterprise Management (WBEM) - Network Management,

 

---

Recommended Common Services

Security Services

    Common Security Services

• Audit Common Service - Security,
• Authorization for Access Control - Security,
• Security Policies - Security,

Network and System Management Services

    Enterprise Management Services

• Inventory Management - Network Management,
• Communication System/Network Discovery - Network Management,
• Routing Management - Network Management,
• Traffic Management - Network Management,
• Traffic Engineering - Network Management,
• System/Network Health-Check Analysis - Network Management,
• System/Network Fault Diagnosis - Network Management,
• System/Network Fault Correcting - Network Management,
• Service Level Agreement (SLA) Determination and Maintenance - Network Management,
• System/Network Performance Analysis - Network Management,
• System/Network Performance Diagnosis - Network Management,
• Performance Tuning/Correction - Network Management,
• Accounting and/or Billing - Network Management,

Data Management Common Services

    Data Management Common Services

• Object Management Service - Data Management
• Address and Naming Management - Network Management, Data Management
• Generic Eventing And Subscription - Network Management,
• Alarm Detection/Reporting - Network Management,
• Instrumentation and Monitoring Service - Network Management,
• Measurement Data Logging Service - Security, Network Management,
• Remote Control - Network Management,

Common Platform Services

    Common Platform Services

• Component Registry Service - Data Management
• Component Lookup Service - Data Management
• Component Discovery Service - Data Management
• Component Initialization and Termination - Network Management,
• Resource Management - Network Management,

 

---

Recommended Best Practices

Data Management Best Practices

    Data Management

• Backup Databases - Quality of Service,
• Metadata Files and Databases - Network Management, Data Management
• Object Modeling Techniques - Data Management
• Quality Flagging - Network Management, Data Management
• Time Stamping - Security, Network Management, Data Management
• Data Update Management - Data Management
• Management of Data and Object Naming - Data Management
• Management of Data Formats in Data Exchanges - Data Management
• Management of Data Acquisition - Data Management
• Management of Manual Data Entry - Data Management
• Database Maintenance Management - Data Management
• Data Backup and Logging - Quality of Service, Security,
• Application Management - Network Management,

Security Best Practices

    Security Frameworks and Policy Documents

• ISO/IEC Security Best Practices - Security,
• ISO/IEC 18014-3:2004 Information technology -- Security techniques -- Time-stamping services -- Part 3: Mechanisms producing linked tokens - Security,
• Federal Security Best Practices - Security,
• CICSI 6731.01 Global Command and Control System Security Policy - Security,
• IETF Security Best Practices Internet Requests for Comments (RFCs) - Network Management,
• RFC 1102 Policy routing in Internet protocols - Network Management,
• RFC 1322 A Unified Approach to Inter-Domain Routing - Network Management,
• RFC 1351 SNMP Administrative Model - Network Management,
• RFC 2008 Implications of Various Address Allocation Policies for Internet Routing - Network Management,
• RFC 2196 Site Security Handbook - Network Management,
• RFC 2276 Architectural Principles of Uniform Resource Name Resolution - Security,
• RFC 2386 A Framework for QoS-based Routing in the Internet - Network Management,
• RFC 2518 HTTP Extensions for Distributed Authoring - WEBDAV - Network Management,
• RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Network Management,

Security Technology Documents

Alternative Technologies

    Utility Field Device Related Data Exchange Technologies

• IEC60870-5 Part 104 - Telecontrol Protocol over TCP/IP - Configuration,
• DNP3 Protocol over TCP/IP - Configuration,

    Utility Control Center Related Data Management Technologies

• IEC 60870-6 (ICCP) - Configuration,

    Access Technologies

• Public Internet - Configuration,

    Networking Technologies

• Internet Protocol Version 6 (IPV6) - Configuration,
• Open Shortest Path First (OSPF) Routing Protocol - Configuration,
• Border Gateway Protocol (BGP) - Configuration,
• Internet Group Management Protocol (IGMP) - Configuration,
• Distance Vector Multicast Routing Protocol (DVMRP) - Configuration,
• Multicast Open Shortest Path (MOSPF) routing protocol - Configuration,
• Protocol Independent Multicast-Sparse Mode (PIM-SM) - Configuration,
• Core-Based Tree (CBT) multicast routing - Configuration,

    Link Layer and Physical Technologies

• Hubs/Repeaters - Configuration,
• Bridges/Switches - Configuration,
• Routers - Configuration,
• Digital Signal (DSx), Time-division multiplexing, the T-carriers, T1, fractional T1 - Configuration,
• Frame Relay - Configuration,

    Wireless Technologies

• Multiple Address (MAS) Radio - Configuration,
• Spread Spectrum Radio System - Configuration,
• Satellite Leased Channels and VSAT - Configuration,
• Radio Frequency Identification (RFID) - Data Management

    Network Management Technologies

• Remote Network Monitor (RMON) - Network Management,
• OSI Network Management Model - Network Management,

    Web-based Network Management

• Policy-based Management Technologies - Network Management,

Alternative Best Practices

    Data Management

• Backup Sites - Quality of Service,

    ISO/IEC Documents on Security Technologies

• ISO/IEC 7816-9:2000 Identification cards -- Integrated circuit(s) cards with contacts -- Part 9: Additional - Security,
• ISO 9735-5:2002 Electronic data interchange for administration, commerce and transport (EDIFACT) -- Application level syntax rules (Syntax version number: 4, Syntax release number: 1) -- Part 5: Security rul - Security,
• ISO/IEC 10164-9:1995 Information technology -- Open Systems Interconnection -- Systems Management: Objects and attributes for access control - Security,
• ISO/IEC 10181-1:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Overview - Security,
• ISO/IEC 10181-3:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Access control framework - Security,
• ISO/IEC TR 13335-1:1996 Information technology -- Guidelines for the management of IT Security -- Part 1: Concepts and models for IT Security - Security,
• ISO/IEC TR 13335-2:1997 Information technology -- Guidelines for the management of IT Security -- Part 2: Managing and planning IT Security - Security,
• ISO/IEC TR 13335-5 Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security - Security,
• ISO/IEC 15408-1:1999 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general mode - Security,
• ISO/IEC 15408-2:1999 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional requirements - Security,
• ISO/IEC 17799:2000 Information technology -- Code of practice for information security management - Security,

    IETF Internet Requests for Comments (RFCs) on Security Technologies

• RFC 1352 SNMP Security Protocols - Network Management,
• RFC 1940 Source Demand Routing: Packet Format and Forwarding Specification (Version 1) - Network Management,
• RFC 2086 IMAP4 ACL extension - Security,
• RFC 2093 Group Key Management Protocol (GKMP) Specification - Security,
• RFC 2230 Key Exchange Delegation Record for the DNS - Security,
• RFC 2244 ACAP -- Application Configuration Access Protocol - Security,
• RFC 2246 The TLS Protocol Version 1.0 - Security,
• RFC 2547 BGP/MPLS VPNs - Network Management,
• RFC 2764 A Framework for IP Based Virtual Private Networks - Network Management,
• RFC 2753 A Framework for Policy-based Admission Control - Security,
• RFC 2797 Certificate Management Messages over CMS - Security,
• RFC 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0 - Security,
• RFC 2977 Mobile IP Authentication, Authorization, and Accounting Requirements - Security,
• RFC 3053 IPv6 Tunnel Broker - Network Management,
• RFC 3280 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - Security,
• RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) - Network Management,
• RFC 3647 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,

    Other Security Technolog

• IEEE 802.11b Web Encryption Protocol - Security,
• IEEE 802.11i Security for Wireless Networks - Security,
• RSA PKCS #12 Personal Information Exchange Syntax Standard, version 1.0. - Security,
• OASIS Documents on Security Technologies - Security,
• WC3 XML Key Management Specification (XKMS 2.0) Bindings - Security,
• ANSI INCITS 359-2004 Role Based Access Control (RBAC) - Security,
• EPRI 1002596 ICCP TASE.2 Security Enhancements - Security,
• NERC Certificate Policy for the Energy Market Access and Reliability Certificate (e MARC) Program Version 2.4 - Security,
• WebDAV Access Control Extensions to WebDAV - Security,
• WPA WI-FI Protected Access - Security,
• WPA2 WI-FI Protected Access Version 2 - Security,

Possible Technologies

    Utility Field Device Related Data Exchange Technologies

• IEC60870-5 Part 101 - Serial Telecontrol Protocol - Configuration,
• DNP Serial Protocol - Configuration,
• Fieldbus - Configuration,
• PROFIBUS - Configuration,
• ModBus TCP/IP - Configuration,
• ModBus Plus - Configuration,

    Access Technologies

• Data over Voice Lines - Configuration,
• Fiber in the Loop (FITL) - Configuration,
• Hybrid Fiber Coax (HFC) - Configuration,

    Networking Technologies

• Intermediate System to Intermediate System (ISIS) Routing Protocol - Configuration,
• Routing Information Protocol (RIP) - Configuration,

    Wireless Technologies

• TDMA Cellular Wireless - IS-136 - Configuration,
• CDMA Cellular Wireless - IS-95 - Configuration,
• Cellular Digital Packet Data (CDPD) - Configuration,
• Global System for Mobile Communication (GSM) - Configuration,
• Trunked Mobile Radio (TMR, TETRA, Project25) - Configuration,
• Paging Systems - Configuration,