This Electric Power Research Institute (EPRI) technical update describes the efforts to validate changes to the original Department of Energy (DOE) Lemnos project IPsec Interoperable Configuration Profile (ICP) as a result of the IEEE standardization process. It provides the details of the specific device configurations used for this testing as a basis or guideline for utilities wishing to use the IPsec ICP on similar devices.
The DOE-funded Lemnos project developed a concept referred to as Interoperable Configuration Profiles (ICPs) that describe a specific instantiation of a particular security-related protocol. The proposal is that if a vendor independently implements a security function based on an IEEE industry standard ICP, that product should interoperate with any other product that has implemented the same ICP.
To be a viable security solution for utilities and venders, long-term control, upkeep, and revision of the ICP is necessary. Without this formalization in place, the value to utilities would be reduced because of their limited visibility to the public.
EPRI is addressing this issue by working with the IEEE, which was identified as the most suitable standards development organization for long-term stewardship of the ICPs by the key stakeholders. IEEE represents one of the most widely recognized standards bodies in the energy sector. The first effort is focused on the IPsec ICP and will result in the development of IEEE P2030.102.1, “Interoperability of IPSEC Utilized Within Utility Control Systems.”
The process to produce IEEE P2030.102.1 included suggested enhancements to the original Lemnos IPsec ICP. The main difference between IEEE P2030.102.1 and the original Lemnos IPsec ICP is the migration from IKE version 1 to IKE version 2. Therefore, it was necessary to validate these changes and document the details on the configuration of the devices used in this validation testing. The device configuration examples outlined in this technical update are based on IKE version 2.
The objectives of this work were 1) to validate any changes to the ICP as it is being developed as a formal standard and 2) to capture the device configuration examples used in this validation testing.
To develop the configuration examples contained in this technical update, a model system was created to represent various components of a utility network. Specific products and devices used in this modeling effort were chosen based on their potential use and location within the utility network. Creation of a secure tunnel between these endpoints then drove the configuration of each end device. Basic validation for the configurations included internal device diagnostics and passing traffic between hosts on the “trusted” side network of each device utilizing PING and TRACEROUTE.
After the proper operation of the IPsec tunnel between the endpoints had been validated, the basic steps to recreate the end device configuration were recorded.
This technical update includes the relevant device configuration settings for both an SEL-3620 Ethernet security gateway and a Cisco model 5505 adaptive security appliance, using the updated Lemnos IPSec profile being proposed under IEEE P2030.102.1. The main difference between IEEE P2030.102.1 and the original Lemnos IPsec ICP is that of migrating from IKE version 1 to IKE version 2. The device configuration examples outlined in this technical update are based on IKE version 2. This technical update has been developed as a guide primarily for utility network engineering or supervisory control and data acquisition support personnel.
Applications, Value, and Use
Utilities wishing to deploy devices using the Lemnos ICPs can benefit by using the configuration examples contained in this technical update as a basis for their specific configurations.