SCADA system cyber security - A comparison of standards

IEEE PES General Meeting, PES 2010

Volumn , Issue , 2010, Pages

  Sommestad, Teodor ^a   Ericsson, Göran N ^b   Nordlander, Jakob ^c  

^a ROYAL INSTITUTE OF TECHNOLOGY   (Sweden)

^b Market and System Development Division   (Sweden)

^c Cygate AB   (Sweden)

Author keywords

Control systems; Cyber security; SCADA systems; Smart grids; Standards

Indexed keywords

CRITICAL INFRASTRUCTURE; CYBER SECURITY; ELECTRIC POWER UTILITIES; ELECTRICAL POWER SYSTEM; INTERNATIONAL STANDARDS; ISO/IEC; KEY ISSUES; OPERATION AND CONTROL; SMART GRID; STANDARDS AND GUIDELINES; SUPERVISORY CONTROL AND DATA ACQUISITION SYSTEMS; TECHNICAL COUNTERMEASURES;

ELECTRIC POWER SYSTEMS; INTRUSION DETECTION; STANDARDS;

SCADA SYSTEMS;

EID: 78649548146     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/PES.2010.5590215     Document Type: Conference Paper

References (30)

1. DOE, "What the smart grid means to you and the people you serve", U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, USA, 2009
2. DOE, ""Grid 2030" - A National Vision for Electricity's Second 100 Years", United States Department of Energy, Office of Electric Transmission and Distribution, USA, 2003.
3. European Commission, "European Technology Platform SmartGrids, Strategic Research Agenda for Europe's Electricity Networks of the Future", EUR 22580, ISBN 92-79-03727-7, Luxembourg, 2007.
4. G. Ericsson, "Information Security for Electric Power Utilities (EPUs) - Cigré Developments on Frameworks, Risk Assessment and Technology," Paper TPWRD-543-2008, IEEE Transactions on Power Delivery, Vol. 24, No. 3, July 2009, pp. 1174-1181.
5. G.Ericsson, "Towards a Framework for Managing Information Security for an Electric Power Utility - Cigré Experiences," Paper TPWRD-406- 2006 published in IEEE Transactions on Power Delivery, Vol. 22, No. 3, July 2007, pp. 1461-1469.
6. R. Carlson, J. Dagle, S. Shamsuddin, and R. Evans, "A Summary of Control System Security Standards Activities in the Energy Sector," Office of Electricity Delivery and Energy Reliability U.S. Department of Energy, October 2005.
7. V. Igure, S. Laughter, and R. Williams, "Security issues in SCADA networks," Computers & Security 25, (2006) 498-506.
8. ISO/IEC, "Information technology - Security techniques - Code of practice for information security management," International Organization for Standardization, International Electrotechnical Commission, ISO/IEC 17799:2005, 2005.
9. ISO/IEC," Information technology - Security techniques - Information security management systems - Requirements," International Organization for Standardization, International Electrotechnical Commission, ISO/IEC 27001: 2005.
10. Department of Homeland Security (DHS), "Catalog of Control Systems Security: Recommendations for Standards Developers," DHS, January 2008
11. DHS, "Cyber Security Procurement Language for Control Systems," DHS, August 2008.
12. IEC, "Power system control and associated communications - Data and communication security," First Edition, IEC 62210 International Electrotechnical Commission, May 2005.
13. IEC, "Power systems management and associated information exchange - Data and communications security, Part 1: Communication network and system security - Introduction to security issues First Edition," IEC 62351-1, International Electrotechnical Commission, May 2007
14. ISA, "ANSI/ISA-99.00.01-2007 Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models," International Society of Automation (ISA), October 2007
15. ISA, "ANSI/ISA-TR99.00.01-2007 Security Technologies for Industrial Automation and Control Systems," International Society of Automation (ISA), October 2007
16. ISA, "ANSI/ISA-TR99.00.02-2004 Integrating Electronic Security into the Manufacturing and Control Systems Environment," International Society of Automation (ISA), October 2004
17. K. Stouffer, J. Falco, K. Scarfone, "Guide to Industrial Control Systems (ICS) Security Special Publication 800-82," Second public draft, National Institute of Standards and Technology, September 2007.
18. GAO, "Technology Assessment - Cybersecurity for Critical Infrastructure Protection," U.S. Government Accountability Office, May 2004.
19. AGA, "Cryptographic Protection of SCADA Communications Part 1: Background, Policies and Test Plan (AGA 12, Part 1)," American Gas Association (AGA), March 2006.
20. CPNI, "Good Practice Guide, Process Control and SCADA Security," Centre for the Protection of National Infrastructure (CPNI), 2005.
21. DOE, "21 steps to Improve Cyber Security of SCADA Networks," Office of Energy Assurance, U.S. Department of Energy, 2002.
22. NERC, "CIP-001-1 - CIP-009-1," North American Electric Reliability Corporation (NERC), 2006.
23. NIST, "System Protection Profile - Industrial Control Systems," Version 1.0, National Institute of Standards and Technology (NIST), April 2004.
24. J. Falco, J. Gilsinn, K., and Stouffer, "IT Security for Industrial Control Systems: Requirements Specification and Performance Testing," 2004 NDIA Homeland Security Symposium & Exhibition, Crystal City, VA, 2004.
25. D. Kilman, and J. Stamp, "Framework for SCADA Security Policy," Sandia National Laboratories Report, SAND 2005-1002C, 2005. http://www.sandia.gov/scada/documents/sand-2005-1002C.pdf
26. D. Dzung, M. Naedele, T. Von Hoff, and M. Crevatin, , "Security for Industrial Communication Systems", Proceedings of the IEEE, Volume 93, Issue 6, 2005, pp. 1152-1177.
27. G. Ericsson, and T. Torkilseng, "Management of Information Security for an Electric Power Utility - On Security Domains and Use of ISO/IEC17799 Standard", IEEE Transactions on Power Delivery, vol. 20, No. 2, April 2005
28. W. Jayawickrama, "Managing Critical Information Infrastructure Security Compliance: A Standard Based Approach Using ISO/IEC 17799 and 27001," On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops, pp. 565-574, 2006.
29. L. Nordstrom, "Assessment of Information Security Levels in Power Communication Systems Using Evidential Reasoning," IEEE Transactions on Power Delivery, vol. 23, No. 3, pp. 1384-1391, July 2008.
30. rd Annual Conference on Systems Engineering Research (CSER), 2005, pp. 138-146.