RE: Security Issues
-
Subject: RE: Security Issues
-
From: "Quiroz, Edgar A." <eaq@cpuc.ca.gov>
-
Date: Thu, 21 May 1998 14:49:47 -0700
-
Return-Receipt-To: "Quiroz, Edgar A." <eaq@cpuc.ca.gov>
I've been struggling to get timely information back from several sources
including the CAISO on security. I will post a preliminary matrix on
some security issues and their relevance to each of the four working
groups.
Tom's posted response on May 18 was a good start at getting a discussion
going on this topic. His perspective, from a meter hardware concern,
has some valid points. But data and the meter are just one point in the
chain.
The issue of what asset value do you assign to the data at any point
along the data chain...and what costs are parties willing to undertake
to secure that data and enable legitimate market participant access has
potentially significant market, technical and policy implications. At
the same time, this same data has to be secured from misappropriation,
diversion, vandalism and other actions with malicious intent. This too
possesses its own potentially significant market, technical and policy
implications.
As I mentioned at the last MDM subgroup in Irwindale, the overall
resolution may ultimately be a longer term goal taken up by the DQI
Working Group. However, that group will need directions based on
pertinent discussions in the four PSWG subgroups and plenary.
While the CAISO has initiated its own efforts with regards to data
security, I am not advocating a mirror effort. Basically, I think you
can view the efforts and issues that the PSWG is addressing as the
beginnings of a potentially very large electronic commerce set of
applications. Its better to understand the circumstances from which
these markets will operate before suggesting a "canned" data security
solution(s).
I am, however, advocating that a discussion that leads to a set of
policies that integrate secured electronic commerce business practices
be undertaken. This should be pertinent to each of the four subgroups.
> -----Original Message-----
> From: Thomas Chen [SMTP:TCHEN@ETCOMM.COM]
> Sent: Thursday, May 21, 1998 1:33 PM
> To: 'Ed Quiroz (CPUC/ORA)'; 'Kirsten Stacey (PG&E)'; 'Chris King
> (Cellnet)'
> Cc: 'PSWG Work Group'; 'PSWG Work Group Web'
> Subject: Security Issues
>
> TO: Ed, Kirsten, and Chris:
>
> I reviewed Ed's "Integrated Secured Electronic Commerce Practice". It
>
> is my understanding that Ed will discuss this issue at next Chris PSWG
>
> Meter Data Management and Meter Read (MDM&MR) meeting. My initial
> focus was on the meter (physical, local access, and remote access)
> security. The security issue at MDMA issue is far more complex and a
> "policy approach" may be better than "a specific implementation
> approach". However, there are a number of industries working on the
> issue of "Data Exchange". One specific example is "Semiconductor
> Manufacturer Data Exchange (SMDX)." In that example, specific
> hardware configuration and implementation is given. I think it would
> benefit the PSWG members to see how others handle this issue. If
> possible, I would like to give a presentation on my proposal in
> Kirsten meeting (Meter Communications) and also on SMDX example in
> Chris MDM&MR meeting. Please let me know your input on this.
>
> Tom Chen
> ET Coomunications
.