Cyber security challenges in Smart Grids

IEEE PES Innovative Smart Grid Technologies Conference Europe

Volumn , Issue , 2011, Pages

  Line, Maria B ^a   Tøndel, Inger Anne ^b   Jaatun, Martin G ^b  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

^b SINTEF ICT   (Norway)

Author keywords

Cyber security; Information security; Privacy; Smart grids

Indexed keywords

CYBER SECURITY; END-USERS; ENERGY GRIDS; ENERGY SECTOR; GOOD PRACTICES; INTEGRATED OPERATIONS; OIL AND GAS INDUSTRY; ROADMAP; SAFE OPERATION; SECURITY CHALLENGES; SECURITY MANAGEMENT; SMART GRID;

DATA PRIVACY; EXHIBITIONS; GAS INDUSTRY; SMART POWER GRIDS;

SECURITY OF DATA;

EID: 84860719241     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISGTEurope.2011.6162695     Document Type: Conference Paper

References (35)

1. Fred Cohen, "The Smarter Grid," IEEE Security & Privacy, January/February 2010, p. 60-63, 2010.
2. Mark Fabro, Tim Roxey and Michael Assante, "No Grid Left Behind", IEEE Security & Privacy, January/February 2010, p. 72-76, 2010.
3. Poul Heegaard, "The power grid meets the Internet", Presentation at the Smart Grid Workshop, NTNU, Trondheim, 2011.
4. Maria Line, Odd Nordland, Lillian Røstad and Inger Anne Tøndel, "Safety vs. Security?," in Proceedings from Probabilistic Safety Assessment and Management (PSAM), New Orleans, 2006. ISBN 0-7918-0245-0.
5. ISO/IEC 27001:2005 Information security management systems-Requirements, ISO/IEC 2005.
6. D. Wei, Y. Lu, M. Jafari, P. Skare and K. Rohde, "An Integrated Security System of Protecting Smart Grid against Cyber Attacks," Proc. Innovative Smart Grid Technologies (ISGT), Gaithersburg, Maryland, January 2010.
7. Computerworld, "Stuxnet renews power grid security concerns", Jul 26, 2010: http://www.computerworld.com/s/article/9179689/Stuxnet-renews-pow er-grid-security-concerns?taxonomyId=17&pageNumber=1
8. Andy Bochman, Jack Danahy, "Stuxnet marks the emergence of realworld SCADA security challenges", The Smart Grid Security Blog, July 27, 2010: http://smartgridsecurity.blogspot.com/2010/07/with-stuxnetutilities-confront- new.html
9. The WallStreet Journal, "Electricity grid in U.S. penetrated by spies", Apr 8, 2009: http://online.wsj.com/article/SB123914805204099085. html
10. Nicolas Falliere, Liam O. Morchu and Erik Chien, "W32.Stuxnet Dossier," Symantec, Version 1.4 (February 2011)
11. David Albright, Paul Brannan, and Christina Walrond, "Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?," Institute for Science and International Security, December 22, 2010, http://isisonline. org/uploads/isis-reports/documents/stuxnet-FEP-22Dec2010.pdf
12. David Albright, Paul Brannan, and Christina Walrond, "Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report," Institute for Science and International Security, February 15, 2011, http://isis-online.org/ uploads/isisreports/documents/stuxnet-update-15Feb2011.pdf
13. The Telegraph, "Israeli security chief celebrates Stuxnet cyber attack", Feb 16, 2011: http://www.telegraph.co.uk/technology/news/8326274/ Israeli-securitychief-celebrates-Stuxnet-cyber-attack.html
14. New York Times, "Worm was perfect for sabotaging centrifuges", Nov 18, 2010: http://www.nytimes.com/2010/11/19/world/middleeast/19stuxnet.htm
15. New York Times, "Report suggests problems with Iran's nuclear effort", Nov 23, 2010: http://www.nytimes.com/2010/11/24/world/middleeast/ 24nuke.html?ref =stuxnet
16. McAfee® Foundstone® Professional Services and McAfee Labs™, "Global Energy Cyberattacks: "Night Dragon", Feb. 10, 2011. Available: http://www.mcafee.com/us/resources/white-papers/wpglobal-energy- cyberattacks-night-dragon.pdf
17. Computerworld, "CIA says hackers pulled plug on power grid": http://www.computerworld.com/s/article/9057999/CIA-says-hackers-p ulled-plug-on-power-grid
18. Kevin Poulsen, "Slammer worm crashed Ohio nuke plant network", SecurityFocus, Aug 19, 2003: http://www.securityfocus.com/news/6767
19. Foreign Policy, "The New Threat to Oil Supplies: Hackers", Aug 25, 2009: http://www.foreignpolicy.com/articles/2009/08/25/the-new-threat-to-oi l-supplies-hackers
20. Himanshu Khurana, Mark Hadley, Ning Lu and Deborah A. Frincke, "Smart-Grid Security Issues," IEEE Security & Privacy, January/February 2010, p. 81-85, 2010.
21. OWASP-The Open Web Application Security Project: www.owasp.org
22. Build Security In-sponsored by DHS National Cyber Security Division, US: http://buildsecurityin.us-cert.gov
23. CWE/SANS: Top 25 Most Dangerous Software Errors 2011, Sep 13, 2011: http://cwe.mitre.org/top25/
24. E. Tikk, K. Kaska, K. Rünnimeri, M. Kert, A.M. Talihärm, L. Vihul, "Cyber Attacks Against Georgia: Legal Lessons Identified", Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia, 2008. http://www.carlisle.army.mil/DIME/documents/Georgia%201%200.pdf
25. Wired Magazine, "Hackers Take Down the Most Wired Country in Europe", Aug 21, 2007: http://www.wired.com/politics/security/magazine/15- 09/ff-estonia?currentPage=all
26. BBC News, "Hacktivists target Egypt and Yemen regimes", Feb 4, 2011: http://www.bbc.co.uk/news/technology-12364654
27. Mikhail A Lisovich, Deirdre K. Mulligan, Stephen B. Wicker, "Inferring Personal Information from Demand-Response Systems," IEEE Security & Privacy, January/February 2010, p. 11-20, 2010.
28. Martin Gilje Jaatun, Eirik Albrechtsen, Maria B. Line, Inger Anne Tøndel, Odd Helge Longva, "A framework for incident response management in the petroleum industry," Intl. Journal of Critical Infrastructure Protection 2 (2009) pp. 26-37, Feb. 2009.
29. Håvard Fridheim, Janne Hagen, Stein Henriksen, "En sårbar kraftforsyning-sluttrapport etter BAS3", FFI/RAPPORT-2001/ 02381 (in Norwegian only).
30. Bob Gohn and Clint Wheelock, "Smart Grid: Ten Trends to Watch in 2011 and Beyond", PikeResearch Research Report, 4Q 2010, http://www.pikeresearch.com/research/smart-grid-ten-trends-to-watchin-2011-and- beyond
31. 104-OLF recommended guidelines for information security baseline requirements for process control, safety and support ICT systems, 2007. http://www.olf.no/no/Publikasjoner/Retningslinjer/ IntegrerteoperasjonerIntegrated-operations/104/
32. Maria B. Line, Dag Bertelsen, Håvard Fridheim, Per Hokstad, Gerd Kjølle, Jon Røstum, Ingrid B. Utne, Gunhild Åm Vatn, Jørn Vatn, "Metode og verktøy for en samlet risikovurdering av kritiske infrastrukturer", SINTEF report (in Norwegian only), ISBN 978-82-14-04814-8, 2009.
33. The Smart Grid Interoperability Panel-Cyber Security Working Group, "Guidelines for Smart Grid Cyber Security," NISTIR 7628, August 2010-Vol 3: http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628-vol3.pdf
34. Jaatun, M. G., Grøtan, T. O., Line, M. B.; Secure Remote Access to Autonomous Safety Systems: A Good Practice Approach, International Journal of Autonomous and Adaptive Communications Systems, Vol. 2, No. 3, 2009, ISSN 1754-8632, pp 297-312.
35. Eirik Albrechtsen, "Friend or foe? Information security management of employees", Ph.D. Thesis, NTNU, 2008:101, Norway, 2008.