Information Technology Management Services

The Federated Systems Management Services Domain addresses issues that can be applied to the Power System domain activities to support their information technology requirements. The word "techniques" implies not only automation but also methodologies and human procedures.

1. Data Management and Technology Planning

The purpose is to meet the required data quality (integrity, accuracy), flexibility, scalability and availability. This task includes management of many large databases, with data exchanges across organizational boundaries, requiring frequent and timely access and updates.

A. Management of Databases, includes functions such as

Capacity planning

Tablespace management

Permissions, access control and quotas

B. Data Design and Modeling, includes functions such as

Indexing

Development and use of object modeling techniques

Data modeling for typical data objects

Data modeling for non standard data such as geographical information system maps, images, video, and oscillographic data

C. Data Recovery. Includes development and use of automated and manual techniques for

Data replication

Management of alternate sources of data

Logging and archiving

Backup, offline storage

Disaster recovery

D. Data Integrity. Includes development and use of data management techniques for

Data synchronization across interfaced systems

Consistency checking, validation and data correction

Handling logs and auditing.

Data cleansing

Data anonymity

Data purging

E. Management of Database Operations. Includes development and use of techniques for

Data editing and updating policies and procedures

ETL Data management ETL (Extract / Translate / Load) operations.

Database population

Report generation and data collection forms

Handling data across organizational boundaries ( consistency, integrity)

Data transformation

Database mediation and integration

Development of forms and schedules for providing raw data by other departments (planners, engineering, maintenance, construction, etc.)

Discovery and automated interfacing with non-utility data objects, such as the methodology proposed by ebXML

Storage, retrieval and streaming of video and audio data

Two stage commit and rollback

F. Data mining and retrieval. Includes development and use of techniques for

On Line Transaction Processing (OLTP) which involves real-time processing and retrieval of data and may extend data bases across organizational boundaries.

On Line Analytical Processing (OLAP) which involves retrieval and processing and presentation of data from different points of view.

Sorting/selecting, and retrieving large amounts of historical data

Data warehouse, data mining

Adhoc querying

Knowledge management

Document management

G. Data object modeling. Includes

Developing object models

Instantiating object models

Mapping of instantiated object models

Data self-discovery

Object browsing capabilities

Automated data discovery

Developing data exchange models

Validating object models and instantiations

This appears to be specific to applications. Are these generic "federated" objects such as those that may be used for geospatial representations? Joe

-- Joe Hughes - 24 Apr 2003

H. New Data and DBMS Technology Planning

Investigation, planning, recommendation, implementation and support of new technologies in data modeling, data storage, data retrieval, and data management. Examples include the latest OLAP systems for more efficient data retrieval and presentation, or the storage area networks (SAN) for more efficient distributed data repository and management.

2. Security Planning and Management

The purpose is to meet the security requirements of the user community, network, data and applications. Includes policies, techniques, and management for:

Security policies should be prepared in concert with the applications. The applications can be used to help define whats at risk: threats and vulnerabilities, then security policies can be implemented in a way that is appropriate to the application.

-- Joe Hughes - 08 Apr 2003

I suggest that we follow guidelines coming from authoritative sources such as Common Criteria and FIPs guidelines to the extent possible. We face substantial challenges when it comes to Federating security policies and this will probably have to be done by enterprise application. Developing an overall generic approach to security that can then be appropriately developed by application is suggested.

-- Joe Hughes - 24 Apr 2003

A. Security Requirements Assessment Methodology, including Techniques for determining the types and levels of security required by each asset, prevention techniques, vulnerability assessment, and interdependency analysis

Systematically identify critical assets;

For each asset, conduct assessments on attractiveness to attackers, impact of successful attack, and vulnerability to attacks;

carry out critical consequence analyses; and evaluate the public health and safety, economic, and social impacts of infrastructure disruptions

Security Policy management

Development of Security policies

Establish policy for corrective action when vulnerability is discovered.

Assess the likelihood that the vulnerability was exploited

Establish procedures for reporting / communicating vulnerability to get repaired (may involve reporting exposure to regulators).

Establish policies for granting and revoking authority - and determine the duration required to fully implement change.

Security training of employees

Security monitoring of employees

Repercussions for employees for not following security policies

Assess and monitor information exposure to ensure compliance with security policies and procedures

Periodic re-assessment of security requirements

B. Security policies and techniques for determining requirements and implementing physical security countermeasures

Security policies addressing physical security

Access control and staff identification

Locks, guards, fences, guard dogs, lights, etc.

Biometrics, smart card, RFID

Electronic keys and locking devices

Fiber optic vibration sensor, motion sensor and others

Backup and alternative paths

Backup control center

Backup systems and bunker sites

Backup data at physically different sites

Alternative communication paths

Alternative communications media

Alternative communications interfaces

Alarm system (sensors and control panels)

Video surveillance and control system

Motion detection cameras

Video cameras

Digital video recording equipment

Matrix switching and control

Remote video transmission

C. Security policies and techniques for determining requirements and implementing cyber security countermeasures

Assessment of possible countermeasures for each type and level of security vulnerability

Assessment of most cost-effective techniques across groups of assets

Handling of legacy systems and applications in implementing security

Data authentication, integrity, confidentiality

Supervisory computer security and firewalls

Key management and certification

Secure communication architectures and protocols

Secure internet (SSL, IPsec)

D. Intrusion detection, mitigation, and recovery plan and techniques

Intrusion detection methodologies

Integrate and analyze data and information from different sensors, detectors, and other sources to make rapid determinations of the magnitude of an emergency, either physical or cyber and implement contingency plan to reduce the impacts of disruptions on the grid

Spare parts database management

Development and execution of methods for Distributed Denial of Service attacks (DDOS)

Recovery plans

Security management techniques to mitigate impacts during a security attack

Detection of intrusion

Detection of attack

Methods for countering attacks in progress

Methods for ameliorating impact of breach

Security managers respond and mitigate the physical and cyber disruptions

Security management techniques after a security attack

Assessment of damage

Assessment and correction of security vulnerabilities

Determination of legal and financial processes against attackers

Security techniques to collect and distribute threat information

E. Investigation and prosecution of a security attack

Logging, recording, and audit trails

Security issues for legal procedures

F. New Security Technology Planning

This includes investigation, planning, recommendation, implementation and support of the new security technologies such as distributed denial of service (DDOS) attacks.

3. End System/Application Support and Management

The purpose is to meet the availability, reliability, performance, scalability and economics required by the application and the end systems. Applications include domain, management, financial and business application functions such as data acquisition, control of field devices, RTP calculation, fault analysis, Load Tap Changer calculations in the IED, sensor analog-to-digital conversions, etc. An end system includes HW, Operating System, middleware, application SW, DBMS SW, libraries, components, etc. Examples of end systems are SCADA systems, EMS systems, building automation systems, Market Web servers, planning systems, substation automation systems, Intelligent Electronic Devices (IED), and sensors. Supporting infrastructure includes Middleware, Operating Systems, and Hardware

A. End system and application requirements development. Collect and analyze computation, storage, and management requirements.

B. End system technology and architecture/platform planning. Specify appropriate computing, and system management technologies and architectures for applications, middleware, operating systems, and hardware. The task includes establishment and use of IT standards for:

Inter-application interfacing and communications technologies such as message brokers and RPC oriented infrastructures.

System implementation, validation, and certification

Maintenance of systems

Monitoring systems and applications

C. Installation, deployment and certification of systems and applications

D. System Integration

Application integration (internal)

Integration with eCommerce interfaces (external)

E. Real-time system and application monitoring and management for applications, middleware, operating systems, and hardware. This includes development and use of techniques for

Monitoring the status of systems and applications,

Detection and recovery from failures and performance problems,

Disaster recovery and business continuity,

Logging and recording of status and problems.

F. End System/application maintenance (planned and emergency)

Testing and diagnosis

Technician scheduling and repair

Report generation

G. Customer care, help desk and user support

H. Business object management. This includes management of SW constructs associated with real world objects such as a circuit breaker or a purchase order. Tasks include:

Design and development of business objects and management systems

Monitoring and reporting of status of business objects.

I. Workflow management. This includes design and development of workflow management systems as well as execution of management functions: monitoring, diagnosis and reporting.

J. New Communications Technology Planning

This includes investigation, recommendation, implementation and support for the latest computing technologies such as intelligent agents, latest middleware and platforms.

4. Network Management

This is to meet the communications network accessibility, reliability, availability, resiliency, performance, manageability, and economics requirements of the domain functions. It includes management of routers, switches as well as routing and policy administration. The task includes

A. User/business network requirement (Qo S, availability, bandwidth, response time) development.

B. Network technology and architecture/platform planning. It includes establishment and use of new technologies for:

Network architecture,

Network management

Network signaling and control

Data/payload delivery mechanisms

Implementation, validation, and certification of networks

C. Network design and configuration. The task is to specify the logical network design and configuration that meet the architecture specifications and forecasted network demand growth.

D. Installation, deployment and certification of networks

E. Real-time network monitoring and management. This includes establishment and use of IT techniques for

Monitoring the status of networks

Responding to failures, performance problems, etc.

Logging and recording status and problems

Collecting and analyzing measurements for network reengineering and capacity planning

F. Network element management. This includes

Performance management

Fault management and recovery

Maintenance (planned and emergency),

Testing/diagnostic

Technician scheduling

Repair

Report generation and process management

Disaster recovery/business continuity

G. Network engineering. This task includes

Addressing and routing,

Policy management,

Configuration,

Traffic and Qo S Engineering

H. Customer care and user support

I. New Network Technology Planning

This includes investigation, recommendation, implementation and support of the latest networking technologies, such as multi-protocol label switching (MPLS) for routing, traffic engineering and Qo S, or WIFI for wireless data access, or resilient routing schemes.

5. Telecommunications Network Infrastructure Management

This task is to meet the requirements for the telecommunications network infrastructure including configuration, accessibility, reliability, availability, resiliency, performance, manageability, and economics required by the domain functions. Examples: management of the leased lines, fiber optic systems, microwave, use of cellular and wireless service providers, Internet and internet service provider, telecommunication service provider, data service provider, etc.

Please refresh.

-- Project.Guest - 10 May 2004

A. User/business telecommunications and data networking requirement development

Service Level Agreements development

Oversight of externally provided telecommunications and networking facilities

B. Telecommunications Network Infrastructure technology and architecture planning. This includes establishment and use of IT standards for

Communications technologies: SONET, Fiber, microwave, fixed and mobile wireless,

Qo S and resilient technologies,

Management technologies.

C. Telecommunications Network infrastructure installation, deployment and certification

D. Real-time monitoring and management techniques for

Monitoring the status of the telecommunications network infrastructure

Providing resiliency and recovering from failures, performance problems, etc.

E. Telecommunications Network Infrastructure management. This task includes:

Monitoring and measurement for capacity planning

Performance management

Fault management and recovery

Inventory/Asset and order management

Maintenance (planned and emergency)

Testing/diagnostic

Technician scheduling

Repair

Report generation and process management

Disaster recovery/business continuity

F. Telecommunications Network Infrastructure New Technology Planning

This is to investigate, recommend, implement and support latest communications technologies such as dense wavelength division multiplexing (DWDM), or use of more resilient protocols/equipment.

6. Business, Financial and User Services

These services are independent of domain activities and are provided to people and business functions. They impact network management, security management and data management functions.

A. End-User Services -

Account management : computer and network account, password,

Employee services: home office, remote access,...

Billing for computing use

Trouble shooting : IT helpdesk,

Management of interactive people-people communications: voice, multimedia (MM), video/audio conferencing, traditional and future telecomm services.

Web applications, employee portals

Tools/system maintenance and upgrades (for the operating system, common software: word processing), license management

Email management

Messaging Services (SMS, real-time messaging, audio/text messaging)

Call Center management and support

Planning, implementation and support for new technology, such as new web services, or voice over IP (Vo IP).

B. Business and Financial Services -

Financial analysis and trading

Forecasting

E-business, development and management of portals (b-to-e and e-to-e)

E-commerce

HR services (payroll and personnel)

Special interfaces for Fire/Police/FEMA (automated and manual, systems and procedures)

Backup control center architecture support

IT Asset Management

Customer billing

Non-Repudiation Services

Determine policies and procedures for verification of obligations (Independent third parties may be involved as a escrow service) - e.g. assured time stamps.

Determine exposure and assess ability to verify commitments.

C. Horizontal Services -

Time service

Directory service,

Life cycle service,

Clustering service,

Federation service,

Storage service,

Trading service

7. Architecture, SW, HW design, coding, testing

Need to manage project teams, coordinate requirements development, assist in management of system specification, request for proposals from external vendors, bid evaluation, internal system development and/or oversight of external system development, develop/enhance systems, communications platforms, services, management systems, etc. It includes: