Access control: from default local device access levels to centralized managed role-based access control

摘要

With the introduction of Ethernet-based communication protocols in Substation Automation Systems (SAS), cyber security aspects became an additional critical part of the SAS design. Electrical Utilities in North America are today challenged with many diverse new requirements driven by the continuously evolving cyber security requirements and NERC-CIP standards. Today, cyber security related requirements are part of customer specifications and need to be considered during the complete life cycle of the SAS. Applying cyber security to any system has to be treated as a continuous process. Protecting a system against attacks, managing the system to ensure long-term stability and monitoring the system are the focus areas of any cyber security process. One of the most notable requirements out of the NERC-CIP standard is to implement access control for potentially any device installed as part of a protection, control and automation system. To implement, this requirement in a most efficient way without jeopardizing the level of security and transparency new standards and technologies support interoperable solutions. The security management can become complex, therefore security managers need software applications to be efficient. The Role Based Access Control System (RBAC) is the application supporting the NERC-CIP access control requirement as part of an overall cyber security solution. It allows management of the users and their roles from a central point even for many substations in different locations. Beside access control monitoring of not only the central user account related activities but also other essential user activity in the different system components need to be monitored. Central user activity logging will collect cyber security related events from the equipment and present this information to the responsible personnel. An efficient and user friendly approach is the key feature also for a monitoring application. Last but not least, tracking the deployed software versions is not only a maintenance or asset management issue but also an additional way to detect of potential hackers are attempting attacks. A firmware version of an embedded device should not change without having one of the service engineers assigned a task to do this. Being able to retrieve such version information automatically improves the overall efficiency in the cyber security management. The paper describes the benefits of centrally-managed role-based access control versus the legacy approach of using default access levels at device level and outlines a bridging solution including adjacent security measure to support a proper monitoring and reporting.