SANDIA REPORT SAND2007-3345 Unlimited Release Printed June 2007 Secure ICCP Integration Considerations and Recommendations John T. Michalski, Andrew Lanzone, Jason Trent, and Sammy Smith Prepared by Sandia National Laboratories Albuquerque, New Mexico 87185 and Livermore, California 94550 Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under Contract DE-AC04-94AL85000. Approved for public release; further dissemination unlimited. Secure ICCP Integration Considerations and Recommendations Issued by Sandia National Laboratories, operated for the United States Department of Energy by Sandia Corporation. NOTICE: This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government, nor any agency thereof, nor any of their employees, nor any of their contractors, subcontractors, or their employees, make any warranty, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represent that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government, any agency thereof, or any of their contractors or subcontractors. The views and opinions expressed herein do not necessarily state or reflect those of the United States Government, any agency thereof, or any of their contractors. Printed in the United States of America. This report has been reproduced directly from the best available copy. Available to DOE and DOE contractors from U.S. Department of Energy Office of Scientific and Technical Information P.O. Box 62 Oak Ridge, TN 37831 Telephone: (865) 576-8401 Facsimile: (865) 576-5728 E-Mail: [email protected] Online ordering: http://www.osti.gov/bridge Available to the public from U.S. Department of Commerce National Technical Information Service 5285 Port Royal Rd. Springfield, VA 22161 Telephone: (800) 553-6847 Facsimile: (703) 605-6900 E-Mail: [email protected] Online order: http://www.ntis.gov/help/ordermethods.asp?loc=7-4-0#online 2 Secure ICCP Integration Considerations and Recommendations SAND3345 Unlimited Release Secure ICCP Integration Considerations and Recommendations John Michalski, Jason Trent, and Sammy Smith Critical Infrastructure Systems Andrew Lanzone Cryptography and Information Systems Surety Sandia National Laboratories P.O. Box 5800 Albuquerque, New Mexico 87185-0672 Abstract The goal of this report is to identify the operation and implementation issues associated with the introduction of the secure form of the Inter-control Center Communications Protocol, or ICCP, formally referred to as IEC 60870-6-TASE.2, into the utility infrastructure. The report provides considerations and recommendations to assist a utility owner to advance the security of the utility’s data exchange operations. The report starts with a description of information assurance, and then discusses end node authentication and Public Key Infrastructures (PKI) using Certificate Authority (CA) certificates. Network infrastructures and protocols associated with ICCP are reviewed, assessed, and modeled to identify the impact of these structures and protocols to the efficient delivery of ICCP data. The report highlights certificate management and implementation issues and discusses some of the transitional issues and strategies to overcome security limitations during the introduction phase of Secure ICCP. Finally the report provides some performance measurement data of the configuration impacts of using security layers to provide Secure ICCP implementations. 3 Secure ICCP Integration Considerations and Recommendations Acknowledgements The author would like to acknowledge that the work that produced the results presented in this paper was funded by the U.S. Department of Energy/Office of Electricity Delivery and Energy Reliability (DOE/OE) as part of the National SCADA Test Bed (NSTB) Program. 4 Secure ICCP Integration Considerations and Recommendations Executive Summary The Inter-control Center Communications Protocol (ICCP) was developed to enable data exchange over Wide Area Networks between utility control centers, Independent System Operators (ISOs), Regional Transmission Operators (RTOs), and other Generators. This document describes the intent, operation, and behavior of the ICCP and technological means by which ICCP transmission can be secured, discussing both the built-in protection of Secure ICCP (a version of ICCP that has some built-in security elements) and several independent technologies that can be added to ICCP, such as Internet Protocol Security (IPSec). Recommendations for using the ICCP are provided throughout, especially regarding effective use of its secure form. This document also describes the impact of Wide Area Network (WAN) design on the transport of ICCP data streams. The importance of using appropriate quality of service (QoS) on the supporting WAN links is demonstrated by including the results of the modeling and simulation of WAN link congestion. Overall, using Secure ICCP and other secure protocols has minimal effect on end-to-end performance, although certain situations with respect to traffic congestion described within the report can cause exceptional delays and should be avoided. Also management complexity increases with each layer of protection added to the ICCP environment. The primary objectives of the research activity described in this report were to provide insight into the security enhancements of the new ICCP protocol and to identify the integration impact of this emerging standard when implemented within the utility industry infrastructure control system. These were accomplished by investigating and interpreting documentation of ICCP, Secure ICCP, and related technology including relevant standards, implementation guidelines, and descriptive material; and by implementing and performance testing a Secure ICCP testbed. Section 4 of this report provides the observations and conclusions of the investigation. Section 5 is a summary of recommendations that appear throughout the report on introducing Secure ICCP into Utilities networks. These recommendations include: • Network administrators should negotiate Service-Level Agreements (SLAs) that provide appropriate Quality of Service (QoS) for ICCP data streams. • Utility sites that will not transition rapidly to Secure ICCP should consider using OpenSSL, IPSec, and data link encryption to provide inter-node data security for standard ICCP communication. • Use a flat PKI Certificate Heirarchy for single-company domains and a tiered hierarchy for multiple-company domains. 5 Secure ICCP Integration Considerations and Recommendations Table of Contents 1 Introduction..........................................................................................................................9 1.1 Background...................................................................................................................9 1.1.1 Description........................................................................................................9 1.1.2 Historical Information ......................................................................................9 1.1.3 Significance ......................................................................................................9 1.1.4 Literature Review...........................................................................................10 1.2 Purpose .......................................................................................................................10 1.2.1 Reason for Investigation.................................................................................10 1.2.2 Roadmap Challenges......................................................................................10 1.2.3 Audience.........................................................................................................11 1.2.4 Desired Response............................................................................................11 1.3 Scope...........................................................................................................................11 1.3.1 Extent and Limits of Investigation .................................................................11 1.3.2 Goals...............................................................................................................11 1.3.3 Objectives .......................................................................................................12 1.3.4 Organization ...................................................................................................12 2 Approach............................................................................................................................13 2.1 Methods ......................................................................................................................13 2.2 Assumptions ...............................................................................................................13 2.3 Procedures...................................................................................................................13 3