《1. SCOPE 1North American Energy Standards Board.doc》由会员分享,可在线阅读,更多相关《1. SCOPE 1North American Energy Standards Board.doc(42页珍藏版)》请在三一办公上搜索。
1、NORTH AMERICAN ENERGY STANDARDS BOARD RESPONSEto the SANDIA NATIONAL LABORATORIES Surety Assessment Report of theNAESB INTERNET Electronic TRANSPORT AND Related StandardsJune 30, 2007Prepared byNAESB WGQ Electronic Delivery Mechanisms SubcommitteeNAESB Retail Gas and Retail Electric Quadrant Informa
2、tion Requirement andTechnical Electronic Implementation Subcommittees Executive Summary:This document was prepared by the North American Energy Standards Board (NAESB) Wholesale Gas Quadrant (WGQ) Electronic Delivery Mechanisms (EDM) Subcommittee and the Retail Electric Quadrant (REQ)/Retail Gas (RG
3、Q) Information Requirements (IR) subcommittee and Technical Electronic Implementation Subcommittee (TEIS) of NAESB in response to the surety assessment prepared by the Sandia National Laboratories in 2006. Many thanks go to the chairs of the above subcommittees and contributors to this report, witho
4、ut whose contributions, this report would not be possible. George BehrEnergy Services GroupChair, RGQ TEIS Subcommittee Christopher BurdenWilliams Gas PipelineCo-Chair, WGQ EDM Subcommittee Jesse ClineEC Power Contributor, WGQ EDM Subcommittee Julie FortinMidAmerican EnergyContributor, WGQ EDM Subco
5、mmittee Dan RothfussDuke EnergyContributor, RGQ TEIS Subcommittee Leigh SpanglerLatitude TechnologiesCo-Chair, WGQ EDM Subcommittee Mike StenderEl Paso Pipe Line CompanyContributor, WGQ EDM Subcommittee Barbara WiseBaltimore Gas and ElectricContributor, REQ TEIS SubcommitteeSandia National Laborator
6、ies (Sandia), under a project funded by the U.S. Department of Energy, performed a surety assessment of the NAESB Internet Electronic Transport (Internet ET) standards, version 1.8. The surety assessment was undertaken as an independent analysis of the NAESB Internet ET standards and related NAESB d
7、ocuments, by the SNL Information Design Assurance Red Team (IDART). The assessment provided recommendations on the security of the electronic commerce guidelines for conducting business with emphasis on the use of the Internet.The surety assessment had 27 findings, categorized in the surety assessme
8、nt as:7.1Recommendations to address areas of opportunity for an attacker within the guidelines set forth by the security standards (20 findings)7.2Recommendations for NAESB principles (1 finding)7.3Recommendations for miscellaneous and format/ layout of NAESB manual/material (6 findings)In reading t
9、he NAESB response to the SNL surety assessment, the individual responses refer to the specific findings as cited in the SNL surety assessment, (for example: Sandia Finding No. 7.1.1, 7.1.2, etc.). For each SNL finding, there is a description of their finding, their analysis and their recommendation.
10、 In some instances the text from the SNL surety assessment report are abbreviated. Immediately following the 3 SNL categories is the NAESB response. The NAESB responses indicate whether or not NAESB concurs with the SNL finding, the analysis and the recommendation. If NAESB standards need to be upda
11、te/changed, the NAESB Response will also contain information on how the recommendation is to be implemented. In addition, actions to be taken by NAESB in lieu of implementing a recommendation are also described in this segment.Of the 27 findings, NAESB agreed with the findings and analysis for ?%, (
12、? findings For finding 7.2.6, GISB did not agree with the finding, the analysis or the recommendation. GISB agreed with all other findings and analysis.) Moreover, NAESB supported ?18 of the recommendations provided by Sandia in total, and an additional seven of the recommendations in part (71%). Th
13、ese recommendations will be implemented either in version 1.9 or future releases of the NAESB standards2 The formatting recommendations for findings 7.4.1, 7.4.2 and 7.4.3 will be evaluated for inclusion in future versions. For those recommendations that NAESB is not planning to implement in a futur
14、e release, they can be classified either as a recommendation restating an existing standard The “restatement of a standard” recommendations for findings 7.2.3, 7.2.4, 7.2.7, 7.3.6 and 7.3.7 were not supported by GISB. or a recommendation for which a low cost commercially available and commercially v
15、iable, WGQ/REQ/RGQ specific, solution does not exist A low cost commercially available solution is unavailable for the recommendations for findings 7.1.4 7.1.11, 7.1.12, 7.3.5 and 7.4.3 and the recommendations were not supported by GISB.NAESB appreciates the effort that Sandia through its representa
16、tives (David Duggan, Phillip Campbell, Annie McIntyre, Aura Morris and Charles Marrow) and the Department of Energy (Christopher Freitas) expended to improve the NAESB standards used by the North American Energy industry to move information across the Internet. Our industry relies on the Internet as
17、 a major way to facilitate communication between trading partners. The standards that govern NAESBs communication protocols are critical to ensuring security, performance, reliability and interoperability. The public-private partnership forged between NAESB and the Department of Energy has provided
18、several benefits to the North American energy industry, both in the past as well as this report, and the actions that NAESB has taken as result.7.1.1 Versioning of software and protocolsSandia Finding: Recommended versions of software and protocols are addressed in several places in the standard. Fo
19、r example, Standard 4.3.61 states “Data communications for Customer Activities Web sites should utilize 128-bit Secure Sockets Layer (SSL) encryption. There are also specific technical requirements for workstations listed in Appendix B.Sandia Analysis: Specifically requiring versions of software or
20、protocols creates the risk that these versions may become outdated or ineffectual before the standard is revised. It also leaves open the possibility that some necessary applications or protocols may not be addressed. If either of these occurs, vulnerable versions of software or protocols may be all
21、owed by the standard. An attacker could take advantage of these vulnerabilities, or an insider could negotiate using a vulnerable version of an application and then exploit that vulnerability.Sandia Recommendation: Where required versions must be specifically noted, it should be stated that the most
22、 current versions of applications and protocols are required, along with the latest patches. NAESB standards do not enumerate specifics. Refer to a well-known standards organization such as SANS6 or NIST7.NAESB Response: We concur with the SNL finding, analysis and recommendation. The Internet ET do
23、cument only contains version specifications for the PGP and HTTP. The PGP is a minimum version set in order to ensure compatibility with the OpenPGP product specified as the primary encryption product to be used. A note will be added that newer versions of the PGP proprietary product are encouraged.
24、 The following are the recommended changes to the Internet ET manual: NAESB INTERNET ET MANUAL, VERSION 1.8, Page 13 (yellow, underlined denotes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language)SecurityNAESB Internet ET establishes several s
25、ecurity measures as standards to ensure a minimum level of confidence in conducting business over the Internet, and to provide uniformity in the implementation of security. Four security concepts, often referred to by the acronym PAIN, are vital to protecting Internet ET packages: Data Privacy Authe
26、ntication Data Integrity Non-repudiationData Privacy and EncryptionPrivacy is the assurance to an entity that no one can read a particular piece of data except the receiver(s) explicitly intended. Data privacy is accomplished by encrypting payload files. Internet ET allows encryption using:OpenPGP,
27、defined by (IETF RFC 2440) with modifications described in this specificationORPGP 2.6 (minimum) or higher (strongly encouraged), with RSA keys can be used on a mutually agreed basisNAESB WGQ QEDM MANUAL, VERSION 1.8, Page 87 (yellow, underlined denotes addition to existing manual language; yellow,
28、strike-through denotes deletion from existing manual language)Appendix B - MINIMUM TECHNICAL CHARACTERISTICS AND GUIDELINES FOR THE DEVELOPER AND USER OF THE CUSTOMER ACTIVITIES WEB SITEBrowser Characteristics (includes defined NAESB WGQ current versions): Features as supported by the latest General
29、ly Available (GA) versions of both NetscapeNetscape is a registered trademark of Netscape Communications Corp. and Internet Explorer3Internet Explorer is a registered trademark of Microsoft Corporation.4ActiveX is a registered trademark of Microsoft Corporation.5Adobe, Acrobat, and Reader are regist
30、ered trademarks of Adobe.6ICA is a registered trademark of Citrix Systems Inc. within 9 months of such GA version becoming available, including Frames & Nested FramesTables & Nested TablesHTMLCookiesJavaScriptSSL 128bit RSA EncryptionStyle SheetsPlugins (GA versions within 9 months of such GA versio
31、ns becoming available)JAVA ActiveX 4 (Plugin for Netscape)Adobe Acrobat Reader 5 Systems IncorporatedIndependent Computer Architecture (ICA) 6 Protocol used for remote control access to an applicationOperating Systems:Operating systems on a client workstation should be multithreaded, and pre-emptive
32、 and the latest, stable version and service pack available.RXQ ?7.1.2 General Network and System SecuritySandia Finding: Minimum required security controls are discussed throughout the standards and vary in topic. There is no concise list of minimum network and security controls listed for trading p
33、artners. Sandia Analysis: Without minimum required controls, an unsecured system or network at a trading partner site can affect all parties engaged in transactions with that partner and effect transaction outcomes. According to NAESB standards, most security aspects are left up to the trading partn
34、er. However, the standards aim to create a secure process and environment for transactions. To accomplish this, minimum security for trading partners must be defined in a comprehensive manner. Unsecured systems and networks allow for a large variety of negative consequences such as altered or lost d
35、ata, access to systems, denial of service, and altered transactions. These consequences can have measurable business effects such as loss of business, negative public opinion, loss of strategic partners, downtime, and divulged corporate information. Sandia Recommendation: A standard should be create
36、d that requires trading partners to use an accepted set of security guidelines, such as those developed by SANS or NIST, to secure their systems and network. Currently-stated NAESB security controls offer only minimal protection if basic system and network security are not addressed. Established gui
37、delines exist today and can be used as a reference and recommendation for trading partners in securing their systems. These guidelines are regularly updated and maintained to reflect changing threats found in the Internet. NAESB should require adherence to these guidelines in the security portion of
38、 NAESBs standards. NAESB Response: We concur with the SNL finding, analysis and recommendation. We will add additional text in the manual that suggests using the SANS and NIST guidelines for reference material. The following are the recommended changes to the NAESB Internet ET manual: NAESB INTERNET
39、 ET MANUAL, VERSION 1.8, Page 55 (yellow, underlined denotes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language)APPENDIX B FREQUENTLY ASKED QUESTIONSQ1: How many times do I attempt to send an Internet ET package unsuccessfully before I notify
40、my partner?55Q2: Do I send my gisb-acknowledgement-receipt before or after I decrypt the Internet ET package?55Q3: What cryptographic algorithms should we use or not use?55Q4: Use of time-c-qualifier across quadrants. We understand that the retail quadrants require the time-c-qualifier for gisb-ackn
41、owledgement-receipt, while the WGQ does not require this data element. If we participate in multiple quadrants, which standard do we use?56Q5: NAESB EDM / AS2 Compatibility. What is the status of NAESB compatibility with AS2?56Q6: Atomic Clock Synchronization. How often do we need to synchronize our
42、 system clocks with an atomic clock?56Q7: Internet Continuous Connection. As an end user, do I need a continuously-connected internet Web server to participate in the Internet ET in the energy industry, or can I just use a dial-up connection to my ISP and my favorite shrink-wrapped browser software?
43、56Q8: Use of ANSI X12.58. If we use ANSI X12.58 encryption do we still need to use OpenPGP or PGP encryption?56Q9: What does NAESB recommend for the OpenPGP/PGP descriptive text?56Q10:What does NAESB say about my organizations security?.57 NAESB INTERNET ET MANUAL, VERSION 1.8, Page 57 (yellow, unde
44、rlined denotes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language)Q10: What does NAESB say about my organizations security?A: NAESB Internet ET participants are encouraged to maintain their system security in such a manner that reduces the ris
45、k of unauthorized/malicious activity. However, NAESB does not dictate overall security requirements for individual companies. For further information on general security guidelines please reference the SANS (www.SANS.com) or NIST (www.NIST.com) websites. NAESB has instituted several checks and balan
46、ces in their business processes that are supported electronically. Such as scheduled quantities after the nominations have been processed, and confirmations, both upstream and downstream so that the risk of foul play is minimized. 7.1.3 Protection of Sensitive Information Sandia Finding: Protection
47、of sensitive information such as PGP private keys, other private keys, the Trading Partner Agreement (TPA), and Technical Exchange Worksheets does not appear to be addressed by the standard. Sandia Analysis: In the Internet Electronic Transport (IET) document (page 194), it is stated that “utmost ca
48、re” is needed in the protection of private keys. The phrase is not actionable and is interpreted differently at each organization. Sandia Recommendation: Each trading partner should protect these sources of information as company proprietary. Destruction of these documents and electronic information should also be addressed in the standard. NAESB Response: We concur with the SNL finding, analysis and rec
