What is PBCONF?
PBCONF is an extensible, open-source, policy-based configuration framework to support the secure configuration and remote access of modern and legacy devices from a variety of vendors. The open-source framework will combine a policy engine with a translation engine to address the interoperability challenges of various remote access control methods and provide utilities with a single, organization-wide view of the security configuration of their power delivery devices.
By building this framework in a modular way and starting from an ontology that represents the concepts and relationships of the configuration policy, the framework will have the necessary flexibility and adaptability for both legacy and new devices. This is particularly important for the electric sector, which features legacy devices that may be 40 years old. The system will leverage distributed architecture concepts to enable both centralized and peer-based configuration of the devices to support scalability and resiliency.
Energy delivery devices are dispersed throughout the electric grid and are an integral part of real-time power transmission and distribution. As today’s cyber threats continue to advance, ensuring the security and resiliency of these digital devices is critical to ensuring the continuous delivery of power to consumers. The incorrect or inconsistent configuration of these devices in the field presents a large potential attack vector. However, this attack vector can be mitigated by applying a uniform security policy across devices, providing consistency and visibility.
Both utilities and vendors have indicated an increased need for configuration through remote access methods. While some vendors have standardized their device configurations to address this issue, those solutions are typically only for that vendor’s devices. A vendor-neutral framework for secure configuration and remote access is needed to solve these problems for the energy industry.
Benefits of PBCONF
- Provides the necessary flexibility and adaptability for both legacy and new devices.
- Leverages distributed architecture concepts to support both centralized and peer-based configuration of devices.
- Offers a cost-effective solution that supports scalability and resiliency.
- Allows for consistent global policy application regardless of vendor silo’s.
- Enables efficient inquiry and security/compliance checks against current or future policies to streamline operations.