texas data transport work group review
DESCRIPTION
Texas Data Transport Work Group Review. RMS Meeting May 29, 2002. Agenda. TDTWG Goal TDTWG History TDTWG Plans Review Existing System & Issues Review ERCOT Phase 1 and 2 Solutions Implementation Strategy Frequently Asked Questions & Issues Questions and Approvals. - PowerPoint PPT PresentationTRANSCRIPT
Texas Data Transport Work Group
Review
RMS Meeting
May 29, 2002
AgendaAgenda TDTWG GoalTDTWG Goal TDTWG HistoryTDTWG History TDTWG PlansTDTWG Plans Review Existing System & IssuesReview Existing System & Issues Review ERCOT Phase 1 and 2 Review ERCOT Phase 1 and 2
SolutionsSolutions Implementation StrategyImplementation Strategy Frequently Asked Questions & Frequently Asked Questions &
IssuesIssues Questions and ApprovalsQuestions and Approvals
Texas Data Transport Work GroupTexas Data Transport Work Group
Our Goal is a Transport Our Goal is a Transport Standard for the Texas Market Standard for the Texas Market Participants that is optimal in:Participants that is optimal in:SecuritySecurityReliabilityReliabilityEfficiencyEfficiencySimplicitySimplicityCostCost
Texas Data Transport Work GroupTexas Data Transport Work GroupHistoryHistory
September 2000 :September 2000 : PUCT Work Group formed to develop data PUCT Work Group formed to develop data
transport standard for point-to-pointtransport standard for point-to-point ERCOT involvement delayed until after market ERCOT involvement delayed until after market
openingopening October 2000 :October 2000 :
Consensus reached by TDTWG to Consensus reached by TDTWG to standardize on GISB EDM for point-to-pointstandardize on GISB EDM for point-to-point
PUCT approves recommendation of TDTWGPUCT approves recommendation of TDTWG November – December 2000 :November – December 2000 :
Drafted strawman document, revised, and reviewedDrafted strawman document, revised, and reviewed January 2001January 2001
Completed document and reached approval Completed document and reached approval consensusconsensus
February 2001February 2001 Began testing of GISB EDMBegan testing of GISB EDM
July 2001July 2001 Under RMS direction, TDTWG begins review of GISB Under RMS direction, TDTWG begins review of GISB
EDM improvements and recommendations for EDM improvements and recommendations for ERCOTERCOT
Texas Data Transport Work GroupTexas Data Transport Work GroupHistoryHistory
September 25, 2001 :September 25, 2001 : “The group unanimously agreed to pursue the GISB
EDM solution ‘with additional features’ …” October 2001 :October 2001 :
TDTWG works with ERCOT to formulate plan to TDTWG works with ERCOT to formulate plan to ultimately replace FTPultimately replace FTP
November 2001 :November 2001 : ERCOT FTP Replacement plan approved by RMSERCOT FTP Replacement plan approved by RMS
Includes NAESB / GISB EDM 1.6 with improvementsIncludes NAESB / GISB EDM 1.6 with improvements March 2002 :March 2002 :
NAESB EDM work group approves TDTWG/ERCOT NAESB EDM work group approves TDTWG/ERCOT proposed improvements for 1.6 inclusionproposed improvements for 1.6 inclusion
April 2002 :April 2002 : ERCOT FTP Replacement phase 1 successfully ERCOT FTP Replacement phase 1 successfully
testedtested May 2002 :May 2002 :
ERCOT seeks funding approval from RMS on ERCOT seeks funding approval from RMS on implementing NAESB / GISB EDM 1.6implementing NAESB / GISB EDM 1.6
TDTWG publishes FTP replacement document TDTWG publishes FTP replacement document documenting and justifying advantages of FTP documenting and justifying advantages of FTP replacement planreplacement plan
Texas Data Transport Work GroupTexas Data Transport Work GroupPlansPlans
Continue and complete work on:Continue and complete work on: ““Best Practices” for transaction bundling, Best Practices” for transaction bundling,
enveloping and transmissionenveloping and transmission Present working document to Texas SETPresent working document to Texas SET
ERCOT Implementation Guideline for FTP ERCOT Implementation Guideline for FTP Replacement Scripts – review for Replacement Scripts – review for improvements and approveimprovements and approve
TDTWG Implementation Guideline for TDTWG Implementation Guideline for NAESB/GISB EDM 1.6NAESB/GISB EDM 1.6
Provide details of implementation to Provide details of implementation to minimize costs of MP’s (e.g. OpenPGP – use minimize costs of MP’s (e.g. OpenPGP – use of and encryption algorithm details)of and encryption algorithm details)
Provide certification testing details to TTPTProvide certification testing details to TTPT
ERCOTERCOTEncryption/DecryptionEncryption/Decryption
Processing (B)Processing (B)
Process Monitoring (D)Process Monitoring (D)
FTP Mail (A)FTP Mail (A)
Translation/Translation/Meter DataMeter DataEnrollmentEnrollmentInvoices ( C )Invoices ( C )
Current System Overview
FTPFTPGISB EDMGISB EDM
Market Participant BMarket Participant B
FTPFTPGISB EDMGISB EDM
Market Participant AMarket Participant A
Market Participant CMarket Participant C
FTPFTP
Issues with FTP SolutionIssues with FTP Solution Potential Security RisksPotential Security Risks
Sensitive Data passed in the clearSensitive Data passed in the clear Vulnerable to sniffing by middlemanVulnerable to sniffing by middleman FTP server is vulnerable to attackFTP server is vulnerable to attack
Lack of guaranteed deliveryLack of guaranteed delivery Error prone file transmissionsError prone file transmissions
Failures during MPUT/MGET operations Failures during MPUT/MGET operations can result in files being resentcan result in files being resent
Can result in “incomplete” file transmissionsCan result in “incomplete” file transmissions No control over file naming conventions No control over file naming conventions
(duplicate names)(duplicate names)
Not Firewall friendlyNot Firewall friendly
Issues with FTP SolutionIssues with FTP Solution Has Auditing “Blind spots”Has Auditing “Blind spots”
No transport acknowledgement receiptsNo transport acknowledgement receipts No transport message identifiersNo transport message identifiers
Encryption key management Encryption key management and access controls and access controls
Two Systems Required for Two Systems Required for most MP’s:most MP’s: GISB EDM (Point to Point)GISB EDM (Point to Point) FTP (ERCOT)FTP (ERCOT)
PGP is costly - PGP is costly - ($10,000/server)($10,000/server)
Market Participant FeedbackMarket Participant Feedback FTP process is FTP process is
unreliable and error unreliable and error prone prone
Some have suggested Some have suggested replacing FTP with GISB replacing FTP with GISB EDM v1.4, the solution EDM v1.4, the solution currently used for point-currently used for point-to-point transaction to-point transaction data exchangedata exchange
Issues with GISB EDM SolutionIssues with GISB EDM Solution Security Risks (Security Risks (per Sandia reportper Sandia report))
Usernames/Passwords passed in clear Usernames/Passwords passed in clear same problem as FTPsame problem as FTP
Vulnerable to man in the middle attacks, Vulnerable to man in the middle attacks, sniffing sniffing
same problem as FTPsame problem as FTP Vulnerable to replay attacks Vulnerable to replay attacks
same problem as FTP same problem as FTP Cost of PGP ($10,000/server)Cost of PGP ($10,000/server) Cost of GISB solution ($50,000+) can be Cost of GISB solution ($50,000+) can be
prohibitive for small market participantsprohibitive for small market participants No payload identification for XML No payload identification for XML Requires Internet accessible server Requires Internet accessible server
24x724x7 No support for mailboxing/pull No support for mailboxing/pull
(currently push only solution)(currently push only solution)
Ideal SolutionIdeal Solution Highly reliable solution, like GISB EDMHighly reliable solution, like GISB EDM High degree of security to protect all High degree of security to protect all
sensitive data and prevent hacker attackssensitive data and prevent hacker attacks Scalable/high performanceScalable/high performance Multi-platform supportMulti-platform support Firewall friendlyFirewall friendly Comprehensive logging, tracking and Comprehensive logging, tracking and
auditingauditing Minimal impact on Market participants Minimal impact on Market participants
(easy to implement/smooth migration)(easy to implement/smooth migration) Ability to track a transactions status Ability to track a transactions status
throughout entire processing life cycle throughout entire processing life cycle (transport through application (transport through application processing)processing)
Implement guaranteed delivery Implement guaranteed delivery mechanism and eliminate potential for mechanism and eliminate potential for incomplete file transfers and duplicate file incomplete file transfers and duplicate file transmissionstransmissions
Support for both Push and Pull modelsSupport for both Push and Pull models Low cost for Market ParticipantLow cost for Market Participant Implement-able ASAP in order to Implement-able ASAP in order to
address security issuesaddress security issues
Proposed SolutionProposed Solution GISB EDM with the following GISB EDM with the following
additional features:additional features: Secure Sockets Layer (SSL)Secure Sockets Layer (SSL) Unique Message identifiers for Unique Message identifiers for
tracking & security purposestracking & security purposes Support for XMLSupport for XML Support for Open PGPSupport for Open PGP
TDTWG and ERCOT worked TDTWG and ERCOT worked with GISB/NAESB to with GISB/NAESB to implement these additional implement these additional features – now in EDM 1.6features – now in EDM 1.6
ERCOTERCOTEncryption/DecryptionEncryption/Decryption
Processing (B)Processing (B)
Process Monitoring (D)Process Monitoring (D)
HTTPS Mail (A)
Translation/Translation/Meter DataMeter DataEnrollmentEnrollmentInvoices ( C )Invoices ( C )
Phase 1 Solution - System Overview
TDTWG TDTWG GISB EDM GISB EDM
(v1.4)(v1.4)
HTTPS “PULL”HTTPS “PULL”
Market Participant AMarket Participant A
Market Participant BMarket Participant B
TDTWG TDTWG GISB EDM GISB EDM
(v1.4)(v1.4)
HTTPS “PULL”HTTPS “PULL”
Market Participant CMarket Participant C
HTTPS “PULL”HTTPS “PULL”
ERCOTERCOTEncryption/DecryptionEncryption/Decryption
Processing (B)Processing (B)
Process Monitoring (D)Process Monitoring (D)
““Enhanced” GISB Enhanced” GISB EDM (A)EDM (A)
Translation/Translation/Meter DataMeter DataEnrollmentEnrollmentInvoices ( C )Invoices ( C )
Phase 2 Solution - System Overview
Market Participant AMarket Participant A
TDTWG GISB EDM TDTWG GISB EDM With With Additional Features Additional Features (v1.6)(v1.6)
Market Participant BMarket Participant B
TDTWG GISB EDM TDTWG GISB EDM With With Additional Features Additional Features (v1.6)(v1.6)
Market Participant CMarket Participant C
HTTPS “PULL”HTTPS “PULL”HTTPS Mail
TimingTimingPhase 1 Solution -Phase 1 Solution - ERCOT HTTPSERCOT HTTPS
(FTP replacement)(FTP replacement)April 2002 – Certification TestingApril 2002 – Certification Testing
May 2002 – Production ImplementationMay 2002 – Production Implementation
Phase 2 Solution -Phase 2 Solution - NAESB/GISB EDM 1.6:NAESB/GISB EDM 1.6: Complete Migration Depends onComplete Migration Depends on ERCOT Implementation ERCOT Implementation & Vendors& Vendors
4Q 2002 Possible4Q 2002 Possible
Frequently Asked Questions/IssuesFrequently Asked Questions/Issues
1. Is FTP security a true problem or just a potential problem?
Yes – and we have had known occurrences.
2. Why not just implement the current GISB EDM 1.4 or 1.5 TDTWG solution at ERCOT?
Both GISB EDM Versions 1.4 and 1.5 have security problems like FTP - as documented in the Sandia report on GISB EDM. In addition, GISB EDM would be a significant cost burden to the smaller MP’s (e.g. NOIE’s) so a low cost “pull” script is still a requirement for ERCOT.
3. Does an MP have to buy PGP now in order to communicate via FTP with ERCOT?
Yes, and it is reported to be increasing in price from $10,000 per server to $10,000 per CPU.
Frequently Asked Questions/IssuesFrequently Asked Questions/Issues4. What is being done about the PGP cost problem?
Both the FTP replacement at ERCOT and the GISB EDM additional features (v1.6) will specify “OpenPGP” as the encryption standard. OpenPGP is open source software with free available downloads.
5. Is ERCOT or the TDTWG developing a competing standard to GISB EDM?
No. ERCOT and TDTWG are actively working with GISB to make sure this does not occur and we have one standard. ERCOT proposed enhancements have been approved for NAESB/GISB EDM 1.6
6. Is ERCOT competing with software vendors by distributing the FTP replacement?
ERCOT has stated no. These are replacement scripts to the FTP scripts originally sent out by ERCOT/Accenture – equivalent to a version 2 release.
7. Will the FTP replacement scripts be a major improvement in security?
Yes. ERCOT has stated that the same additional security features recommended by Sandia for GISB EDM are being implemented in the FTP replacement scripts.
Frequently Asked Questions/IssuesFrequently Asked Questions/Issues8. Will ERCOT allow both the FTP and the FTP
replacement (HTTPS “pull”) protocols during the March 2002 test flight?
ERCOT/Rob Connell stated in Nov 27 con call that this was under serious consideration
9. Will ERCOT allow MP’s to use FTP until the GISB EDM with additional features (v1.6) is available?
As was explained in the Nov 27 con call, the exact availability of GISB EDM v1.6 cannot be accurately estimated. ERCOT/Rob Connell explained the importance of the security and reliability (guaranteed delivery and tracking) of the FTP replacement protocol which may mandate implementing the FTP replacement before GISB EDM v1.6 is available.
10. Is GISB being renamed to EISB? NO.
At last report the new name effective 2002 will be North American Energy Standards Board.
(NAESB)
Questions?Questions?