Supporting Role-based Access Control in the Digital Grid

Conference: International ETG Congress 2017 - International ETG Congress 2017
11/28/2017 - 11/29/2017 at Bonn, Deutschland

Proceedings: ETG-Fb. 155: International ETG Congress 2017

Pages: 6Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Bisale, Chaitanya; Guettinger, Andreas (Siemens AG, Energy Management , Nürnberg, Germany)
Falk, Rainer; Fries, Steffen (Siemens AG, Corporate Technology, München, Germany)

The operation of the digital energy grid, as one of the critical infrastructures, has to cope with the need to control increasingly fluctuating demand as well as the centralized and decentralized generation of energy. Additionally, operation needs to ensure the reliable transmission and distribution of energy. Automation and control is accomplished by utilizing a communication infrastructure in parallel to the actual power system infrastructure with connections to the physical world by sensors and actuators. In the past, this process control communication network was not heavily reliant on IP-based communication and was mostly isolated from other communication networks. But today it is getting increasingly networked and more and more connected also with external systems to support innovative cross-system services. As a result, this open connectivity exposes the digital grid to cyber attacks. Therefore, access to resources like the communication connections or communicated data needs to be protected to ensure a reliable operation. Legislation and operational best practice guidelines have taken this into account and provide the necessary framework for defining specific communication security requirements. From the technical perspective, different security countermeasures exist to cope with the given requirements, but it has to be ensured that these means of protection are not only provided technically, but are in fact applied correctly in operation. This relates to user management and role-based access control (RBAC) in the context of the engineering and runtime operations pertaining to energy automation and control products. This contribution reviews the requirements for RBAC as well as currently targeted technical approaches to support RBAC in the digital grid. The goal is to provide more insight into the existing application of RBAC mechanisms and to identify gaps for future enhancements. The identified gaps show the necessity for enhancing the existing domainspecific standards for RBAC to allow a better migration of the different access control approaches currently applied. To address this, a proposal to the International Electrotechnical Commission (IEC) to enhance the security standard IEC 62351 for power system automation is currently prepared and will also be reviewed in this contribution.