Electric Power Research Institute About Us
The Institute
Office Locations

2016 Corporate Social Responsibility Report

EPRI completed a full corporate social responsibility assessment in 2015 culminating in release of its first Corporate Social Responsibility report. The report (and companion video) provides a comprehensive look at EPRI's social responsibility culture and actions around four focus areas: community, employees, operations, and research.

Our Work Events Newsroom Careers EPRI Journal

Product Abstract

Distributed Network Protocol (DNP3) Security Interoperability Activities 2015

Product ID:3002005945
Date Published:17-Dec-2015
Pages:104
Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Technical Results

This product is available at no cost to funding members only. If you are a member, you must Log in to access.

Price:$ 10,000 (US Dollars)

If you are a non-funding individual or entity and wish to purchase this document, please contact the EPRI Order Center at 1-800-313-3774 Option 2 or 650-855-2121. You may also send an e mail to orders@epri.com.

Abstract

This report describes the latest progress in promoting the adoption of the Secure Authentication features of the Distributed Network Protocol (DNP3-SA) within the power industry. It describes the development and review of the new DNP3 Key Management Protocol (DKMP) specification for managing DNP3-SA security credentials. It also describes the evaluation of the DNP3-SA Test Procedures document that was performed during a multi-vendor workshop hosted at the EPRI Cyber-Security Lab in Knoxville, Tennessee.

Background

DNP3 is the most widely used utility communications protocol in North America. It has recently been released as the IEEE 1815 standard and is recognized in the National Institute of Standards and Technology (NIST) Smart Grid Interoperability Framework as one of the key standards to be used in smart grid deployments. Ensuring that DNP3 communications are secure is therefore an important goal for the power industry.

Objectives

The objectives of this project were to:

  • Submit a draft of the DKMP specification to the DNP Technical Committee and begin the review of it in preparation for inclusion in the next version of the IEEE 1815TM standard.
  • Organize a workshop in which multiple DNP3-SA vendors attempted to execute the DNP3-SA Test Procedures and produced review comments on the specification.

Approach

Rather than performing a paper review of the most recent revisions to the DNP3-SA test procedures, EPRI decided to "test the test procedures" using actual DNP3-SA products now available. This approach provided practical feedback on which tests were physically executable using existing tools and products and which tests needed additional tools or methodologies to perform successfully.

Results

EPRI drafted a DKMP specification and submitted it to the DNP Technical Committee. The committee has begun its review of the specification. Participants in the Test Procedures Workshop submitted more than 40 review comments on the specification and work has begun on revising the specification.

The EPRI DNP3-SA Test Procedures review project selected 273 test procedures for evaluation in the categories of Quick Check, Challenger, Responder, Master, Outstation, Master Update Key Change, and Outstation Update Key change. Seven vendors evaluated 265 of these procedures—94% of all procedures—in a three-day workshop. The process resulted in the collection of over 230 new comments on the test procedures and the identification of several significant areas of clarification including the need for tools to test Transport Layer Security (TLS) implementations, methods to test randomness of data, and new features required in the available DNP3 test sets.

Applications, Value, and Use

This report will be most useful to managers who are responsible for deploying power utility communications networks in order to understand the state of DNP3 Secure Authentication development and deployment.

Program
2015 Program 183   Cyber Security and Privacy
Keywords
  • Interoperability
  • Verification
  • Authentication
  • Telecontrol
  • Cyber security
  • Cryptography key
  • SCADA (supervisory control and data acquisition)
Report
000000003002005945
Note

For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email askepri@epri.com

 Having Trouble Downloading?

Internet Explorer Information Bar

If using Internet Explorer the browser automatically blocks downloads by default, instead displaying an "Information Bar" at the top or bottom of the page.

Click "Download File" on Information Bar if using Internet Explorer 8 or older. If using version 9, click “Save” button on Information Bar and then select “Open” once downloaded.

Pop-up blocker software

You can hold down the CTRL key when selecting Download to bypass your pop-up blocker.

You may also configure your pop-up blocker to allow EPRI.com to open new windows.

Recommended Software

EPRI recommends using the latest version of Adobe Reader for best performance.

 Support Services

EPRI Customer Assistance Center (CAC):
800-313-3774 or 650-855-2121 Option 4
askepri@epri.com

Hours of Operation:
8:00 AM - 6:00 PM Eastern Time (GMT-5)

Order and Conference Center:
800-313-3774 or 650-855-2121 Option 2
orders@epri.com