Cyber security and power system communicationessential parts of a smart grid infrastructure

IEEE Transactions on Power Delivery

Volumn 25, Issue 3, 2010, Pages 1501-1507

  Ericsson, Göran N ^a  

^a Swedish National Grid   (Sweden)

Author keywords

Communication systems; control systems; cyber security; information security; IT security; power system communication; power system control; power systems; SCADA; security; smart grid; wide area networks

Indexed keywords

CYBER SECURITY; INFORMATION SECURITY; IT SECURITY; POWER SYSTEM COMMUNICATION; POWER SYSTEM CONTROLS; SCADA SECURITY; SECURITY; SMART GRID;

COMMUNICATION; CONTROL THEORY; INFORMATION TECHNOLOGY; NETWORK SECURITY; PNEUMATIC CONTROL EQUIPMENT; POWER CONTROL; SCADA SYSTEMS; SECURITY SYSTEMS; TELECOMMUNICATION SYSTEMS; WIDE AREA NETWORKS; WIND POWER;

COMPUTER CONTROL SYSTEMS;

EID: 77954005795     PISSN: 08858977     EISSN: None     Source Type: Journal    
DOI: 10.1109/TPWRD.2010.2046654     Document Type: Article

References (61)

1. DOE, What the Smart Grid Means to You and the People You Serve U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, 2009.
2. DOE, "Grid 2030"\A National Vision for Electricity's Second 100 Years U.S. Department of Energy, Office of Electric Transmission and Distribution, 2003.
3. European Commission, European Technology Platform SmartGrids, Strategic Research Agenda for Europe's Electricity Networks of the Future EUR 22580, 92-79-03727-3737 Luxembourg, 2007.
4. G. N. S. Prasanna, A. Lakshmi, S. Sumanth, V. Simha, J. Bapat, and G. Koomullil, "Data communication over the smart grid, " in Proc. IEEE Int. Symp. Power Line Communications and Its Applications (ISPLC), Mar. 29-Apr. 1 2009, pp. 273-279.
5. M. Pipattanasomporn, H. Feroze, and S. Rahman, "Multi-agent systems in a distributed smart grid: Design and implementation, " in Proc IEEE Power Systems Conf. and Expo., Mar. 15-18, 2009, pp. 1-8.
6. P. McDaniel and S. McLaughlin, "Security and privacy challenges in the smart grid, " IEEE J. Security & Privacy, vol.7, no.3, pp. 75-77, May-Jun. 2009.
7. A. Ipakchi and F. Albuyeh, "Grid of the future, " IEEE Power Energy Mag., vol.7, no.2, pp. 52-62, Mar.-Apr. 2009.
8. G. N. Ericsson, "Information security for Electric Power Utilities (EPUs)\CIGRÉ developments on frameworks, risk assessment and technology, " IEEE Trans. Power Del., vol.24, no.3, pp. 1174-1181, Jul. 2009.
9. G. Ericsson, "Towards a framework for managing information security for an electric power utility\CIGRÉ experiences, " IEEE Trans. Power Del., vol.22, no.3, pp. 1461-1469, Jul. 2007.
10. G. Ericsson and Å. Torkilseng, "Management of information security for an electric power utility\On security domains and use of ISO/IEC 17799 standard, " IEEE Trans. Power Del., vol.20, pt. 1, pp. 683-690, Apr. 2005.
11. G. Ericsson, Å. Torkilseng, G. Dondossola, T. Jansen, J. Smith, D. Hol-stein, A. Vidrascu, and J. Weiss, Security for Information Systems and Intranets in Electric Power Systems Tech. Brochure (TB) 317 CIGRÉ, 2007.
12. G. Ericsson, Å. Torkilseng, G. Dondossola, L. Piètre- Cambacédès, S. Duckworth, A. Bartels, M. Tritschler, T. Kropp, J. Weiss, and R. Pelliz-zonni, Treatment of Information Security for Electric Power Utilities (EPUs) Tech. Brochure (TB), CIGRÉ, to appear 2010.
13. Å. Torkilseng and S. Duckworth, "Security frameworks for electric power utilities\Some practical guidelines when developing frameworks including SCADA/control system security domains, " CIGRÉ Electra, Dec. 2008.
14. G. Dondossola, "Risk assessment of information and communication systems\Analysis of some practices and methods in the electric power industry, " CIGRÉ Electra, Aug. 2008.
15. M. Tritschler and G. Dondossola, "Information security risk assessment of operational IT systems at electric power utilities, " presented at the CIGRÉ D2 Colloq., Fukuoka, Japan, Oct. 21-22, 2009, Paper D2-01 D03.
16. A. Bartels, L. Piètre-Cambacédès, and S. Duckworth, "Security technologies guideline\Practical guidance for deploying security technology within electric utility data networks, " CIGRÉ Electra, Jun. 2009.
17. L. Piètre-Cambacédès, T. Kropp, J. Weiss, and R. Pellizzonni, "Cy-bersecurity standards for the electric power industry\A survival kit, " presented at the CIGRÉ Session 2008, Paris, France, Paper D2-217.
18. G. Ericsson, A. Bartels, D. Dondossola, and Å. Torkilseng, "Treatment of information security for electric power utilities\Progress report from CIGRÉ WG D2.22, " presented at the CIGRÉ 2008 Session, Paris, France, Paper D2-213.
19. L. Nordström, "Assessment of information security levels in power communication systems using evidential reasoning, " IEEE Trans. Power Del., vol.23, no.3, pp. 1384-1391, Jun. 2008.
20. M. Ekstedt and T. Sommestad, "Enterprise architecture models for cyber security analysis, " in Proc. IEEE PCSE, Mar. 2009.
21. T. Cegrell, Power System Control\Technology. Englewood Cliffs, NJ: Prentice-Hall, 1986.
22. G. Ericsson, "Classification of power systems communications needs and requirements: Experiences from case studies at swedish national grid, " IEEE Trans. Power Del., vol.17, no.2, pp. 345-347, Apr. 2002.
23. G. Ericsson, "On requirements specifications for a power system communications system, " IEEE Trans. Power Del., vol.20, no.2, pp. 1357-1362, Apr. 2005.
24. T. Rahkonen, "User Strategies for Open Industrial IT Systems, " Ph.D. dissertation, Royal Inst. Technol., Stockholm, Sweden, 1996, ISRN KTH/ICS/R-96/1-SE.
25. A. M. Sasson, "Open systems procurement: A migration strategy, " IEEE Trans. Power Syst., vol.8, no.2, pp. 515-526, May 1993.
26. G. Ericsson and T. Rahkonen, "Openness in communication for power system control, a state-of-the-practice study, " in Proc. IEEE Power Te c h, Stockholm, Sweden, Jun. 1995.
27. P. Roche, "Cyber security considerations in power system operations, " CIGRÉ Electra No. 218, Feb. 2005.
28. Swedish Civil Contingencies Agency, SCADA Security Coordination [Online]. Available: http://www.msbmyndigheten.se/de-fault-138.aspx?epslanguage=EN
29. Swedish Civil Contingencies Agency, Guide to Increased Security in Process Control Systems for Critical Societal Functions [Online]. Available: http://www.krisberedskapsmyndigheten.se/up-load/17915/SCADA-eng-2008.pdf
30. COSO ERM (The Committee of Sponsoring Organizations of the Treadway Commission\Enterprise Risk Management), 2004 [Online]. Available: www.coso.org
31. COBIT (Control Objectives for Information and related Technology) [Online]. Available: www.isaca.org
32. ISO/IEC 20000-20001:2005 Information Technology\Service Management\Part 1: Specification
33. ISO/IEC 20000-20002:2005 Information Technology\Service Management\Part 2: Code of Practice, .
34. ITIL (IT Infrastructure Library) [Online]. Available: www.itil-official-site.com/home/home.asp
35. Risk Management\Vocabulary, ISO/IEC CD 2 Guide 73, Concept, Apr. 2008.
36. Risk Management\Principles and Guidelines on Implementation, ISO/DIS 31000, Concept, April 2008
37. Generic SCADA Risk Management Framework for the IT Security Expert Advisory Group (ITSEAG), Trusted Information Sharing Network for Critical Infrastructure Protection Dec. 2006.
38. AS/NZS 4360:2004 Risk Management Standards Australia.
39. IRRIIS Project [Online]. Available: http://www.irriis.org
40. CRUTIAL Project [Online]. Available: http://crutial.cesiricerca.it
41. Risk Assessment of Information and Communication Systems\Analysis of Some Practices and Methods in the Electric Power Industry Gio-vanna Dondossola CESI RICERCA SpA, Electra, Aug. 2008.
42. G. Dondossola and O. Lamquet, "Cyber risk assessment in the electric power industry, " Electra No 224 pp. 36-43, Feb. 2006 [Online]. Available: http://www.cigre.org/gb/electra/electra.asp
43. G. Dondossola, O. Lamquet, and A. Torkilseng, "Key issues and related methodologies in the security risk analysis and evaluation of electric power control systems, " in CIGRÉ Session 2006, Paris 27, Aug. 1-Sep. 2.
44. Common Vulnerabilities and Exposures List [Online]. Available: http://www.cve.mitre.org/
45. Standards and Projects Under the Direct Responsibility of JTC 1/SC 27 Secretariat, [Online]. Available: http://www.iso.org/iso/iso-catalogue/ catalogue-tc/catalogue-tc-browse.htm?commid=45306
46. Information Technology\Security Techniques\Information Security Management Systems\Requirements, ISO/IEC 27001: 2005 [Online]. Available: http://www.iso.org/iso/iso-catalogue/catalogue-tc/cata-logue-detail.htm? csnumber=42103
47. Information Technology\Security Techniques\Information Security Management Systems\Code of Practice for Information Security Management, ISO/IEC 27002: 2005 [Online]. Available: http://www.iso.org/iso/iso-catalogue/ catalogue-tc/catalogue-de-tail.htm?csnumber=50297
48. Information Technology\Security Techniques\Information Security Risk Management, ISO/IEC 27005: 2008 [Online]. Available: http://www.iso.org/iso/iso- catalogue/catalogue-tc/catalogue-de-tail.htm?csnumber=42107
49. L. Piètre-Cambacédès, C. Chalhoub, and F. Cleveland, "IEC TC57 WG15\Cyber security standards for the power system, " in Proc. CIGRÉ D2 Colloq., Luzern, Switzerland, 2007.
50. IEC, Power System Control & Associated Communications\Data & communication Security 62351 part 1-8, TS.
51. Cryptographic Protection of SCADA Communications AGA Report 12 [Online]. Available: www.aga.org/Committees/gotocommitteep-ages/gasctrl/AGAReport12.htm
52. IEEE, Trial Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links Draft 3, 2008-2108-16 [Online]. Available: http://grouper.ieee.org/groups/sub/wgc6/wgc6.htm
53. ISA99 [Online]. Available: http://www.isa.org/MSTemplate.cfm?Mi- crositeID=988&CommitteeID=6821
54. Security Technologies for Industrial Automation and Control Systems Technical Report ANSI/ISA-TR99.00.01-2007 [Online]. Available: http://www.isa.org/Template.cfm?Section=Shop-ISA&Tem-plate=/Ecommerce/ ProductDisplay.cfm&Productid=9665
55. "The ISA99 Standards Vision, A Roadmap for Developing Secure Industrial Automation and Control Systems, " in ISA EXPO 2008, Oct. 2008.
56. NERC CIP Standards as Approved by the NERC Board of Trustees May 2006 [Online]. Available: ftp://www.nerc.com/pub/sys/all-updl/standards/sar/Cyber- Security-Standards-Board-Ap-proval-02May06.pdf
57. NIST, Computer Security Division, Computer Security Resource Centre [Online]. Available: http://csrc.nist.gov/publications/Pub-sSPs.html
58. NIST ICS Security Project [Online]. Available: http://csrc.nist.gov/sec- cert/ics/index.html
59. CPNI Guidelines [Online]. Available: http://www.cpni.gov.uk/Protect- ingYourAssets/scada.aspx
60. J. Weiss, Control Systems Cyber Security-The Current Status of Cyber Security of Critical Infrastructures Testimony before the Committee on Commerce, Science, and Transportation, US Senate, March 19, 2009.
61. A. Jaquith, Security Metrics\Replacing Fear, Uncertainty, and Doubt. Reading, MA: Addison-Wesley, 2007.