Standards on cyber security assessment of smart grid

Abstract Security evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years, many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security assessment guidance. This should help practitioners in choosing the standards that are applicable to their area. Additionally the contents extracted from the standards can serve as a useful guidance on security assessments of smart grid components.

[1]  Fernando Gont,et al.  Internet Engineering Task Force (ietf) Security Assessment of the Internet Protocol Version 4 , 2011 .

[2]  Ilia Voloh,et al.  Reviewing smart grid standards for protection, control, and monitoring applications , 2012, 2012 IEEE PES Innovative Smart Grid Technologies (ISGT).

[3]  A. Cant,et al.  A framework for assessing standards for safety critical computer-based systems , 1999, Proceedings 4th IEEE International Software Engineering Standards Symposium and Forum (ISESS'99). 'Best Software Practices for the Internet Age'.

[4]  Richard Kissel,et al.  SP 800-64 Rev. 2. Security Considerations in the System Development Life Cycle , 2008 .

[5]  Bill Jenkins,et al.  Progress in electric utilities risk management - emerging guidance , 2012, 2012 Rural Electric Power Conference.

[6]  Anno Accademico,et al.  Smart Grid Communications: Overview of research challenges, solutions and standardization activities , 2013 .

[7]  Luigi Coppolino,et al.  Security Analysis of Smart Grid Data Collection Technologies , 2011, SAFECOMP.

[8]  Xuemin Shen,et al.  Security and Privacy in Smart Grid , 2018, SpringerBriefs in Electrical and Computer Engineering.

[9]  B. Sussy,et al.  ISO/IEC 27001 implementation in public organizations: A case study , 2015, 2015 10th Iberian Conference on Information Systems and Technologies (CISTI).

[10]  Annabelle Lee,et al.  SP 800-29. A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 , 2001 .

[11]  Tony Flick,et al.  Federal Effort to Secure Smart Grids , 2011 .

[12]  Béla Genge,et al.  A cyber-physical experimentation environment for the security analysis of networked industrial control systems , 2012, Comput. Electr. Eng..

[13]  Karen A. Scarfone,et al.  SP 800-115. Technical Guide to Information Security Testing and Assessment , 2008 .

[14]  Ali Sunyaev Health-care telematics in Germany: design and application of a security analysis method , 2011 .

[15]  H. T. Mouftah,et al.  Secure communication mechanism for ubiquitous Smart grid infrastructure , 2011, The Journal of Supercomputing.

[16]  Patrick D. McDaniel,et al.  Security and Privacy Challenges in the Smart Grid , 2009, IEEE Security & Privacy.

[17]  Steffen Fries,et al.  Smart Grid Cyber Security – An Overview of Selected Scenarios and Their Security Implications , 2011, PIK Prax. Informationsverarbeitung Kommun..

[18]  Dawu Gu,et al.  Analysis of Smart Grid security standards , 2011, 2011 IEEE International Conference on Computer Science and Automation Engineering.

[19]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[20]  Igor Nai Fovino,et al.  Approach to security assessment of critical infrastructures' information systems , 2011, IET Inf. Secur..

[21]  K. Scarfone,et al.  Guidelines for Managing the Security of Mobile Devices in the Enterprise , 2013 .

[22]  Nasser Modiri,et al.  Information Security Management , 2011, 2011 International Conference on Computational Intelligence and Communication Networks.

[23]  Tao Zhang,et al.  Smart grid information security - a research on standards , 2011, 2011 International Conference on Advanced Power System Automation and Protection.

[24]  Martin Gilje Jaatun,et al.  Current practices and challenges in industrial control organizations regarding information security incident management - Does size matter? Information security incident management in large and small industrial control organizations , 2016, Int. J. Crit. Infrastructure Prot..

[25]  Z. A. Styczynski,et al.  Smart grid in critical situations. Do we need some standards for this? A german perspective , 2012, 2012 IEEE Power and Energy Society General Meeting.

[26]  R. Safavi-Naini,et al.  Security and privacy in the smart grid , 2012 .

[27]  Teodor Sommestad,et al.  SCADA system cyber security — A comparison of standards , 2010, IEEE PES General Meeting.

[28]  Béla Genge,et al.  A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures , 2015, Int. J. Crit. Infrastructure Prot..

[29]  Rick Huhn,et al.  Security Standards for the RFID Market , 2005, IEEE Secur. Priv..

[30]  Paulo Shakarian,et al.  Introduction to Cyber-Warfare , 2013 .

[31]  Yijia Cao,et al.  Cyber-physical electrical energy systems: challenges and issues , 2015 .

[32]  Rossouw von Solms,et al.  Information security management: why standards are important , 1999, Inf. Manag. Comput. Secur..

[33]  Hamid Sharif,et al.  A Survey on Cyber Security for Smart Grid Communications , 2012, IEEE Communications Surveys & Tutorials.

[34]  Xi Fang,et al.  3. Full Four-channel 6.3-gb/s 60-ghz Cmos Transceiver with Low-power Analog and Digital Baseband Circuitry 7. Smart Grid — the New and Improved Power Grid: a Survey , 2022 .

[35]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[36]  Christoph Ruland,et al.  Smart grid security – an overview of standards and guidelines , 2017, Elektrotech. Informationstechnik.

[37]  Communication from the European commission to the council, the European parliament, the economic and social committee and committee of the regions , 2002 .

[38]  Kristian Beckers,et al.  A Structured Comparison of Security Standards , 2014, Engineering Secure Future Internet Services and Systems.

[39]  Timo Wiander,et al.  Implementing the ISO/IEC 17799 standard in practice - experiences on audit phases , 2008, AISC.

[40]  Mathias Uslar,et al.  Smart Grid Security: IEC 62351 and Other Relevant Standards , 2013 .

[41]  Jingjing Wang,et al.  Comparison of evaluation standards for green building in China, Britain, United States , 2017 .

[42]  Igor Nai Fovino,et al.  Security Assessment Of A Turbo-Gas Power Plant , 2008, Critical Infrastructure Protection.

[43]  Giovanna Dondossola Formal Methods for the Engineering and Certification of Safety-critical Knowledge-based Systems , 1999, EUROVAV.

[44]  Christine Kuligowski,et al.  COMPARISON OF IT SECURITY STANDARDS) , 2009 .

[45]  Fred Baker,et al.  Internet Protocols for the Smart Grid , 2011, RFC.

[46]  Zahid Anwar,et al.  Automated Assessment Of Compliance With Security Best Practices , 2008, Critical Infrastructure Protection.

[47]  Fernando Gont,et al.  Security Assessment of the Transmission Control Protocol (TCP) , 2009 .

[48]  Edward Humphreys,et al.  Information security management system standards , 2011, Datenschutz und Datensicherheit - DuD.

[49]  Lucie Langer,et al.  Establishing a Smart Grid Security Architecture , 2015 .

[50]  Vangelis Gazis,et al.  A Survey of Standards for Machine-to-Machine and the Internet of Things , 2017, IEEE Communications Surveys & Tutorials.

[51]  Kurt Kosanke ISO Standards for Interoperability: a Comparison , 2006 .

[52]  Richard Piggin Cyber security trends: What should keep CEOs awake at night , 2016, Int. J. Crit. Infrastructure Prot..

[53]  Thomas M. Overman,et al.  High assurance smart grid , 2010, CSIIRW '10.

[54]  Martin Gilje Jaatun,et al.  Information Security Incident Management: Planning for Failure , 2014, 2014 Eighth International Conference on IT Security Incident Management & IT Forensics.

[55]  Angela Orebaugh,et al.  SP 800-137. Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations , 2011 .

[56]  S. Mann,et al.  Recent developments in standards and industry solutions for cyber security and secure remote access to electrical substations , 2012 .

[57]  Mikko T. Siponen,et al.  Information security management standards: Problems and solutions , 2009, Inf. Manag..

[58]  Luigi Coppolino,et al.  Exposing vulnerabilities in electric power grids: An experimental approach , 2014, Int. J. Crit. Infrastructure Prot..

[59]  Matthew Metheny Comparison of federal and international security certification standards , 2013, CloudCom 2013.

[60]  Wenxia Liu,et al.  Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM , 2010, IEEE Transactions on Power Delivery.

[61]  Dimitris Gritzalis,et al.  The Big Four - What We Did Wrong in Advanced Persistent Threat Detection? , 2013, 2013 International Conference on Availability, Reliability and Security.

[62]  I. Monitor Information Security Management Handbook , 2000 .

[63]  I. Voloh,et al.  A review of smart grid standards for protection, control, and monitoring applications , 2012, 2012 65th Annual Conference for Protective Relay Engineers.