Enhancing the Reliability and Security of the Information Infrastructure Used to Manage the Power System

In the power industry, the focus has been almost exclusively on implementing equipment that can keep the power system reliable. Until recently, communications and information flows have been considered of peripheral importance. However, increasingly the information infrastructure that supports the monitoring and control of the power system has come to be critical to the reliability of the power system. Communication protocols are one of the most critical parts of power system operations, responsible for retrieving information from field equipment and, vice versa, for sending control commands. Despite their key function, to-date these communication protocols have rarely incorporated any security measures, including security against inadvertent errors, power system equipment malfunctions, communications equipment failures, or deliberate sabotage. Since these protocols were very specialized, "security by obscurity" has been the primary approach. However, security by obscurity is no longer a valid concept. In particular, the electricity market is pressuring market participants to gain any edge they can. A tiny amount of information can turn a losing bid into a winning bid - or withholding that information from your competitor can make their winning bid into a losing bid. And the desire to disrupt power system operations can stem from careless mistakes, to simple teenager bravado, to competitive game-playing in the electrical marketplace, and even to actual terrorism. As the power industry relies increasingly on information to operate the power system, two infrastructures must now be managed: not only the power system infrastructure, but also the information infrastructure. The management of the power system infrastructure has become reliant on the information infrastructure as automation continues to replace manual operations, as market forces demand more accurate and timely information, and as the power system equipment ages. Therefore, the reliability of the power system is increasingly affected by any problems that the information infrastructure might suffer. This paper focuses on IEC TC57 WG15 security standards work which is addressing the reliability and security of the information infrastructure.