I.ICT-2011-285135 FINSENY D1.11 Version 1.0 Security Elements for the FINSENY Functional Architecture
Total Page:16
File Type:pdf, Size:1020Kb
Ref. Ares(2014)490312 - 25/02/2014 FINSENY D1.11 , Version 1.0 I.ICT-2011-285135 FINSENY D1.11 version 1.0 Security Elements for the FINSENY Functional Architecture Contractual Date of Delivery to the CEC: March 30 th , 2013 Actual Date of Delivery to the CEC: March 30 th , 2013 Author(s): Lionel Besson, Steffen Fries, Andreas Furch, Henryka Jormakka, Fabienne Waidelich, Maria M artin-De-Vidales-Ramirez Participant(s): Siemens AG, Thales, VTT, Atos Research & Innovation Workpackage: WP1, Task 1.6 Security Estimated person months: (resources spent on the deliverable) Security: PU Nature: R Version: 1.0 Total number of pages: 134 Abstract: Deliverable D1.11 presents all FINSENY security elements, especially including the energy domain specific security elements needed for the FINSENY scenarios. These are described as enablers, constraints, general elements countermeasures, or controls. Scenario specific security elements needed for FINSENY are also analyzed. It represents a direct continuation of deliverable D1.10 [181] and therefore fully includes its structure and content. Keyword list: Threat and risk analysis, security, risk assessment, interfaces, security requirements, scenario, use case, system analysis, authentication, authorization, privacy, confidentiality, trust domain, availability, reliability, functional architecture, security enablers, security standards, security elements, FINSENY, FI- WARE Disclaimer: Page 1 (134) FINSENY D1.11 , Version 1.0 Not applicable. Page 2 (134) FINSENY D1.11 , Version 1.0 Executive Summary D1.11, titled “Security Elements for the FINSENY Functional Architecture” is a direct continuation of deliverable D1.10 [181] and therefore fully includes the structure and contents of it. D1.11 is thus as well based upon a threat and risk analysis which led to the definition of a set of security requirements that can be applied to all scenario work packages and a scenario specific security requirement. All FINSENY security requirements that are shortly repeated in chapter 3 of this deliverable justify the reason of defining a set of security elements that are described as enablers, constraints, general elements, countermeasures, or controls in chapters 4 and 5. In particular, chapter 5.2 explicitly states which security requirements are supported or met by which security control. Chapter 6 of this deliverable then takes a closer look at some of the energy scenario specific security elements needed for FINSENY. Chapter 7 finally shows an example of how the functional architectures of the FINSENY scenario work packages 2 to 6 may be extended by the security elements. This example is based upon the SGAM framework which is used by the scenario work packages as well. Assessment & Assessment Scope As IR 1.4 has been built upon the use cases of all FINSENY scenario work packages (WP2 to WP6) to derive its set of security requirements, deliverable D1.11 implicitly incorporates all these use cases as well. The following list shows the scenarios that have been analyzed within FINSENY work packages 2 to 6: • Distribution network (WP2) • Microgrid (WP3) • Smart Buildings (WP4) • Electric Mobility (WP5) • Electronic Market Place for Energy (WP6) Findings As already mentioned, the main findings of the deliverable are the security elements that may be integrated into the FINSENY functional architecture as well as the domain specific considerations regarding selected security services needed for the FINSENY scenarios. Apart from this, deliverable D1.11 also explicitly considers usage of generic security enablers from the FI-WARE project as well as relevant security standards and constraints from a privacy perspective that should be taken into account for the security architecture. Recommendations Deliverable D1.11 presents all FINSENY security elements, especially including the energy domain specific security elements needed for the FINSENY scenarios. It is recommended to use the FI-WARE generic security enablers as described in the document and to take the domain specific security considerations into account as well when realizing testbeds within phase 2 of the project. Page 3 (134) FINSENY D1.11 , Version 1.0 Authors Partner Name Phone / Fax / e-mail Siemens AG Steffen Fries Phone: +49 89 636 53403 Fax: +49 89 636 48000 E-mail: [email protected] Siemens AG Andreas Furch Phone: +49 89 636 56837 Fax: +49 89 636 48000 E-mail: [email protected] Siemens AG Fabienne Waidelich Phone: +49 89 636 42735 Fax: +49 89 636 48000 E-mail: [email protected] Thales Lionel Besson Phone: +33 1 46 13 24 90 Fax: +33 1 46 13 26 86 E-mail: [email protected] VTT Henryka Jormakka Phone: +358 40 511 6275 E-mail: [email protected] Atos Research Maria Martin-De-Vidales-Ramirez & Innovation Phone: +34 91 214 9057 E-mail: maria.martin-de-vidales- [email protected] Page 4 (134) FINSENY D1.11 , Version 1.0 Table of Contents List of Abbreviations ........................................................................................ 9 1. Introduction ............................................................................................... 12 1.1 General target system overview................................................................................................. 12 1.2 Objectives .................................................................................................................................. 12 1.3 Interactions with other FINSENY Work Packages ................................................................... 12 1.4 Document structure ................................................................................................................... 13 2. Overview of Target System Functional Architectures ........................... 15 2.1 Distribution Network (WP2) functional architecture ................................................................ 15 2.2 Microgrid (WP3) functional architecture overview ................................................................... 16 2.3 Smart Buildings (WP4) functional architecture overview ......................................................... 18 2.4 Electric Mobility (WP5) - functional architecture overview ..................................................... 19 2.4.1 ICT enabled demand side management............................................................................. 20 2.4.2 E-Roaming ........................................................................................................................ 21 2.4.3 V2G ................................................................................................................................... 22 2.5 Electronic marketplace for Energy (WP6) functional architecture overview ............................ 23 2.6 Applicable technical communication standards ........................................................................ 25 3. Security Requirements ............................................................................. 26 4. Existing Security Enablers and Constraints ........................................... 30 4.1 Generic Enablers from FI-WARE ............................................................................................. 30 4.1.1 Security Monitoring GE .................................................................................................... 31 4.1.2 Identity Management GE .................................................................................................. 32 4.1.3 Privacy GE ........................................................................................................................ 33 4.1.4 Data Handling GE ............................................................................................................. 33 4.1.5 Context-based security and compliance ............................................................................ 34 4.1.6 Optional Security Service Enabler .................................................................................... 35 4.2 Security requirement regulations and guidelines to be considered ............................................ 36 4.2.1 BDEW whitepaper ............................................................................................................ 36 4.2.2 Results from the European Expert Group 2 (EG2) ........................................................... 36 4.2.3 Results from the security team of the Smart Grid Coordination Group (SGIS) ................ 37 4.2.4 NERC (North American Electric Reliability Corporation) ............................................... 37 4.2.5 NIST .................................................................................................................................. 38 4.2.6 Data privacy protection regulations .................................................................................. 39 4.2.6.1 Data privacy regulations in Europe ........................................................................ 39 4.2.6.2 Data privacy regulations in Germany .................................................................... 40 4.2.6.3 Data privacy regulations in the United Kingdom .................................................. 44 4.3 Security standards to be considered ........................................................................................... 46 4.3.1 ISO/IEC............................................................................................................................. 46 Page 5 (134) FINSENY D1.11 , Version 1.0 4.3.1.1 Vehicle-to-Grid communication