1. SCOPE 1North American Energy Standards Board

1、north american energy standards board response to the sandia national laboratories surety assessment report of the naesb internet electronic transport and related standards june 30, 2007 prepared by naesb wgq electronic delivery mechanisms subcommittee naesb retail gas and retail electric quadrant i

2、nformation requirement and technical electronic implementation subcommittees executive summary: this document was prepared by the north american energy standards board (naesb) wholesale gas quadrant (wgq) electronic delivery mechanisms (edm) subcommittee and the retail electric quadrant (req)/retail

3、 gas (rgq) information requirements (ir) subcommittee and technical electronic implementation subcommittee (teis) of naesb in response to the surety assessment prepared by the sandia national laboratories in 2006. many thanks go to the chairs of the above subcommittees and contributors to this repor

4、t, without whose contributions, this report would not be possible. george behrenergy services group chair, rgq teis subcommittee christopher burdenwilliams gas pipeline co-chair, wgq edm subcommittee jesse clineec power contributor, wgq edm subcommittee julie fortinmidamerican energy contributor, wg

5、q edm subcommittee dan rothfussduke energy contributor, rgq teis subcommittee leigh spanglerlatitude technologies co-chair, wgq edm subcommittee mike stenderel paso pipe line company contributor, wgq edm subcommittee barbara wisebaltimore gas and electric contributor, req teis subcommittee sandia na

6、tional laboratories (sandia), under a project funded by the u.s. department of energy, performed a surety assessment of the naesb internet electronic transport (internet et) standards, version 1.8. the surety assessment was undertaken as an independent analysis of the naesb internet et standards and

7、 related naesb documents, by the snl information design assurance red team (idart). the assessment provided recommendations on the security of the electronic commerce guidelines for conducting business with emphasis on the use of the internet. the surety assessment had 27 findings, categorized in th

8、e surety assessment as: 7.1recommendations to address areas of opportunity for an attacker within the guidelines set forth by the security standards (20 findings) 7.2recommendations for naesb principles (1 finding) 7.3recommendations for miscellaneous and format/ layout of naesb manual/material (6 f

9、indings) in reading the naesb response to the snl surety assessment, the individual responses refer to the specific findings as cited in the snl surety assessment, (for example: sandia finding no. 7.1.1, 7.1.2, etc.). for each snl finding, there is a description of their finding, their analysis and

10、their recommendation. in some instances the text from the snl surety assessment report are abbreviated. immediately following the 3 snl categories is the naesb response. the naesb responses indicate whether or not naesb concurs with the snl finding, the analysis and the recommendation. if naesb stan

11、dards need to be update/changed, the naesb response will also contain information on how the recommendation is to be implemented. in addition, actions to be taken by naesb in lieu of implementing a recommendation are also described in this segment. of the 27 findings, naesb agreed with the findings

12、and analysis for ?%, (? findings1.) moreover, naesb supported ?18 of the recommendations provided by sandia in total, and an additional seven of the recommendations in part (71%). these recommendations will be implemented either in version 1.9 or future releases of the naesb standards2. for those re

13、commendations that naesb is not planning to implement in a future release, they can be classified either as a recommendation restating an existing standard3 or a recommendation for which a low cost commercially available and commercially viable, wgq/req/rgq specific, solution does not exist4. naesb

14、appreciates the effort that sandia through its representatives (david duggan, phillip campbell, annie mcintyre, aura morris and charles marrow) and the department of energy (christopher freitas) expended to improve the naesb standards used by the north american energy industry to move information ac

15、ross the internet. our industry relies on the internet as a major way to facilitate communication between trading partners. the standards that govern naesbs communication protocols are critical to ensuring security, performance, reliability and interoperability. the public-private partnership forged

16、 between naesb and the department of energy has provided several benefits to the north american energy industry, both in the past as well as this report, and the actions that naesb has taken as result. 1 for finding 7.2.6, gisb did not agree with the finding, the analysis or the recommendation. gisb

17、 agreed with all other findings and analysis. 2 the formatting recommendations for findings 7.4.1, 7.4.2 and 7.4.3 will be evaluated for inclusion in future versions. 3 the “restatement of a standard” recommendations for findings 7.2.3, 7.2.4, 7.2.7, 7.3.6 and 7.3.7 were not supported by gisb. 4 a l

18、ow cost commercially available solution is unavailable for the recommendations for findings 7.1.4 7.1.11, 7.1.12, 7.3.5 and 7.4.3 and the recommendations were not supported by gisb. 7.1.1 versioning of software and protocols sandia finding: recommended versions of software and protocols are addresse

19、d in several places in the standard. for example, standard 4.3.61 states “data communications for customer activities web sites should utilize 128-bit secure sockets layer (ssl) encryption. there are also specific technical requirements for workstations listed in appendix b. sandia analysis: specifi

20、cally requiring versions of software or protocols creates the risk that these versions may become outdated or ineffectual before the standard is revised. it also leaves open the possibility that some necessary applications or protocols may not be addressed. if either of these occurs, vulnerable vers

21、ions of software or protocols may be allowed by the standard. an attacker could take advantage of these vulnerabilities, or an insider could negotiate using a vulnerable version of an application and then exploit that vulnerability. sandia recommendation: where required versions must be specifically

22、 noted, it should be stated that the most current versions of applications and protocols are required, along with the latest patches. naesb standards do not enumerate specifics. refer to a well-known standards organization such as sans6 or nist7. naesb response: we concur with the snl finding, analy

23、sis and recommendation. the internet et document only contains version specifications for the pgp and http. the pgp is a minimum version set in order to ensure compatibility with the openpgp product specified as the primary encryption product to be used. a note will be added that newer versions of t

24、he pgp proprietary product are encouraged. the following are the recommended changes to the internet et manual: naesb internet et manual, version 1.8, page 13 (yellow, underlined denotes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language) secu

25、rity naesb internet et establishes several security measures as standards to ensure a minimum level of confidence in conducting business over the internet, and to provide uniformity in the implementation of security. four security concepts, often referred to by the acronym pain, are vital to protect

26、ing internet et packages: data privacy authentication data integrity non-repudiation data privacy and encryption privacy is the assurance to an entity that no one can read a particular piece of data except the receiver(s) explicitly intended. data privacy is accomplished by encrypting payload files.

27、 internet et allows encryption using: openpgp, defined by (ietf rfc 2440) with modifications described in this specification o r pgp 2.6 (minimum) or higher (strongly encouraged), with rsa keys can be used on a mutually agreed basis naesb wgq qedm manual, version 1.8, page 87 (yellow, underlined den

28、otes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language) appendix b - minimum technical characteristics and guidelines for the developer and user of the customer activities web site browser characteristics (includes defined naesb wgq current v

29、ersions): features as supported by the latest generally available (ga) versions of both netscape5 and internet explorer3 within 9 months of such ga version becoming available, including - frames yellow, strike-through denotes deletion from existing manual language) appendix b frequently asked questi

30、ons q1: how many times do i attempt to send an internet et package unsuccessfully before i notify my partner? .55 q2: do i send my gisb-acknowledgement-receipt before or after i decrypt the internet et package?.55 q3: what cryptographic algorithms should we use or not use?.55 q4: use of time-c-quali

31、fier across quadrants. we understand that the retail quadrants require the time- c-qualifier for gisb-acknowledgement-receipt, while the wgq does not require this data element. if we participate in multiple quadrants, which standard do we use?.56 q5: naesb edm / as2 compatibility. what is the status

32、 of naesb compatibility with as2?.56 q6: atomic clock synchronization. how often do we need to synchronize our system clocks with an atomic clock?.56 q7: internet continuous connection. as an end user, do i need a continuously-connected internet web server to participate in the internet et in the en

33、ergy industry, or can i just use a dial-up connection to my isp and my favorite shrink-wrapped browser software?.56 q8: use of ansi x12.58. if we use ansi x12.58 encryption do we still need to use openpgp or pgp encryption?.56 q9: what does naesb recommend for the openpgp/pgp descriptive text?.56 q1

34、0:what does naesb say about my organizations security?.57 naesb internet et manual, version 1.8, page 57 (yellow, underlined denotes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language) q10: what does naesb say about my organizations security?

35、a: naesb internet et participants are encouraged to maintain their system security in such a manner that reduces the risk of unauthorized/malicious activity. however, naesb does not dictate overall security requirements for individual companies. for further information on general security guidelines

36、 please reference the sans (www.sans.com) or nist (www.nist.com) websites. naesb has instituted several checks and balances in their business processes that are supported electronically. such as scheduled quantities after the nominations have been processed, and confirmations, both upstream and down

37、stream so that the risk of foul play is minimized. 7.1.3 protection of sensitive information sandia finding: protection of sensitive information such as pgp private keys, other private keys, the trading partner agreement (tpa), and technical exchange worksheets does not appear to be addressed by the

38、 standard. sandia analysis: in the internet electronic transport (iet) document (page 194), it is stated that “utmost care” is needed in the protection of private keys. the phrase is not actionable and is interpreted differently at each organization. sandia recommendation: each trading partner shoul

39、d protect these sources of information as company proprietary. destruction of these documents and electronic information should also be addressed in the standard. naesb response: we concur with the snl finding, analysis and recommendation. the following are the recommended changes to the naesb inter

40、net et manual: naesb internet et manual, version 1.8, page 45 (yellow, underlined denotes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language) you should never divulge your private key to another party must use the utmost care in protecting you

41、r private key. if an untrusted party has your private key, your security is compromised. it is recommended that a key size of 1024 be chosen when generating the key pair. this provides a significantly secure transaction. naesb internet et manual, version 1.8, page 20 (yellow, underlined denotes addi

42、tion to existing manual language; yellow, strike-through denotes deletion from existing manual language) 10.3.x26 the information contained in the technical exchange worksheet and trading partner agreement as well as trading partner digital signature and encryption keys should be considered company

43、proprietary information and handled as with any other proprietary, internal or contractual document or information. 7.1.4 standards compliance sandia finding: throughout the standard, “should” is currently used as a directive for requirements. “should” implies a recommendation as opposed to a requir

44、ement; cambridge online dictionary states that “should” is used to indicate “what is the correct or best thing to do.” sandia analysis: stating that something “should be done” is comparable to stating that it “is recommended,” not that it is required. this allows users to ignore the recommendations

45、if they so choose. the word “should” is properly used in the principles, where it is expected to be used. use of the word “should” in standards suggests that “should” is used as though it denotes “must.” sandia recommendation: language throughout the standard should be precise. if a particular actio

46、n is required to be compliant to the standard, it should be stated that it is required, that a user “must” conform to it. definitions of the terms “should”, “must”, “required”, “may”, and other associated words should be developed, documented, and implemented within the standards documents. naesb re

47、sponse: over the past several years the usage of the subjective words “should”, “may”, etc has been discussed. in 2006, the wgq received an official request asking for the interpretation of these words. in agreement with the wgq ec, the internet et manual will post a reference (link) to the faq docu

48、ment posted on the wgq naesb website. the following is the actual text from that document: naesb internet et manual, version 1.8, page 55 (yellow, underlined denotes addition to existing manual language; yellow, strike-through denotes deletion from existing manual language) appendix b frequently ask

49、ed questions q1: how many times do i attempt to send an internet et package unsuccessfully before i notify my partner? .55 q2: do i send my gisb-acknowledgement-receipt before or after i decrypt the internet et package?.55 q3: what cryptographic algorithms should we use or not use?.55 q4: use of tim

50、e-c-qualifier across quadrants. we understand that the retail quadrants require the time- c-qualifier for gisb-acknowledgement-receipt, while the wgq does not require this data element. if we participate in multiple quadrants, which standard do we use?.56 q5: naesb edm / as2 compatibility. what is t

51、he status of naesb compatibility with as2?.56 q6: atomic clock synchronization. how often do we need to synchronize our system clocks with an atomic clock?.56 q7: internet continuous connection. as an end user, do i need a continuously-connected internet web server to participate in the internet et

52、in the energy industry, or can i just use a dial-up connection to my isp and my favorite shrink-wrapped browser software?.56 q8: use of ansi x12.58. if we use ansi x12.58 encryption do we still need to use openpgp or pgp encryption?.56 q9: what does naesb recommend for the openpgp/pgp descriptive te

53、xt?.56 q10:what does naesb say about my organizations security?.57 q11: why do naesb wgq standards use discretionary verbs such as “should” instead of non- discretionary verbs such as “shall”?.57 naesb internet et manual, version 1.8, page 57 (yellow, underlined denotes addition to existing manual l

54、anguage; yellow, strike-through denotes deletion from existing manual language) q11: why do naesb wgq standards use discretionary verbs such as “should” instead of non- discretionary verbs such as “shall”? a: please see the following naesb wgq link for current information. /wgq/de

55、fault.asp note: for ease in reading of this report only, the following shows the content of the above referenced link. (not to be included as text in any naesb manual) frequently asked questions concerning naesb wgq standards q: why do naesb wgq standards use discretionary verbs such as “should” ins

56、tead of non-discretionary verbs such as “shall”? a:naesbs certificate of incorporation - article ii, section 1 states, “the objectives and purpose of naesb are to propose and adopt voluntary standards and model business practices designed to promote more competitive and efficient natural gas and ele

57、ctric service.” naesbs use of the term “should” reflects naesbs objective to adopt voluntary standards and model business practices. q: how do naesb wgq standards become mandatory? a:entities regulated by a regulatory agency incorporating or adopting the “voluntary” naesb standards into its regulati

58、ons should realize that even though discretionary verbs such as “should” and “could” are in the standards, naesb standards, once incorporated/adopted, become standards required to be followed by the applicable regulated entities. for example, the federal energy regulatory commission (ferc) regulates

59、 interstate natural gas pipelines. through the regulatory process, ferc adopts some, but not all, naesb wgq standards and such pipelines are required to abide by these standards. q: how should discretionary verbs within naesb wgq standards be interpreted for non-regulated entities? a:non-regulated e

60、ntities may voluntarily implement some or all of the naesb wgq standards. in effect, such entities voluntarily decide to adopt naesbs standardized business practices and incorporate them into their own processes as business rules; however, non-regulated entities are expected to consistently comply w