Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Technical Results
This product is available at no cost to funding members only. If you are a member, you must Log in to access.
Price:$ 10,000 (US Dollars)
If you are a non-funding individual or entity and wish to purchase this document, please contact the EPRI Order Center at 1-800-313-3774 Option 2 or 650-855-2121. You may also send an e mail to firstname.lastname@example.org.
This report describes the latest progress in promoting the adoption of the Secure Authentication features of the Distributed Network Protocol (DNP3-SA) within the power industry. It describes the development and review of the new DNP3 Key Management Protocol (DKMP) specification for managing DNP3-SA security credentials. It also describes the evaluation of the DNP3-SA Test Procedures document that was performed during a multi-vendor workshop hosted at the EPRI Cyber-Security Lab in Knoxville, Tennessee.
DNP3 is the most widely used utility communications protocol in North America. It has recently been released as the IEEE 1815 standard and is recognized in the National Institute of Standards and Technology (NIST) Smart Grid Interoperability Framework as one of the key standards to be used in smart grid deployments. Ensuring that DNP3 communications are secure is therefore an important goal for the power industry.
The objectives of this project were to:
Submit a draft of the DKMP specification to the DNP Technical Committee and begin the review of it in preparation for inclusion in the next version of the IEEE 1815TM standard.
Organize a workshop in which multiple DNP3-SA vendors attempted to execute the DNP3-SA Test Procedures and produced review comments on the specification.
Rather than performing a paper review of the most recent revisions to the DNP3-SA test procedures, EPRI decided to "test the test procedures" using actual DNP3-SA products now available. This approach provided practical feedback on which tests were physically executable using existing tools and products and which tests needed additional tools or methodologies to perform successfully.
EPRI drafted a DKMP specification and submitted it to the DNP Technical Committee. The committee has begun its review of the specification. Participants in the Test Procedures Workshop submitted more than 40 review comments on the specification and work has begun on revising the specification.
The EPRI DNP3-SA Test Procedures review project selected 273 test procedures for evaluation in the categories of Quick Check, Challenger, Responder, Master, Outstation, Master Update Key Change, and Outstation Update Key change. Seven vendors evaluated 265 of these procedures—94% of all procedures—in a three-day workshop. The process resulted in the collection of over 230 new comments on the test procedures and the identification of several significant areas of clarification including the need for tools to test Transport Layer Security (TLS) implementations, methods to test randomness of data, and new features required in the available DNP3 test sets.
Applications, Value, and Use
This report will be most useful to managers who are responsible for deploying power utility communications networks in order to understand the state of DNP3 Secure Authentication development and deployment.
For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email email@example.com