A Case Study: Preparing for the Smart Grids - Identifying Current Practice for Information Security Incident Management in the Power Industry

The power industry faces the implementation of smart grids, which will introduce new information security threats to the power automation systems. The ability to appropriately prepare for, and respond to, information security incidents, is of utmost importance, as it is impossible to prevent all possible incidents from occurring. Current trends even show that the power industry is an attractive target for hackers. A main challenge for the power industry to overcome is the differences regarding culture and traditions, knowledge and communication, between ICT staff and power automation staff. This paper presents the background, research method and preliminary results from a case study identifying current practice on information security incident management in the power industry.

[1]  Martin Gilje Jaatun,et al.  A framework for incident response management in the petroleum industry , 2009, Int. J. Crit. Infrastructure Prot..

[2]  Michael D. Myers,et al.  The qualitative interview in IS research: Examining the craft , 2007, Inf. Organ..

[3]  Karen A. Scarfone,et al.  Computer Security Incident Handling Guide , 2004 .

[4]  Kasia Muldner,et al.  Preparation, detection, and analysis: the diagnostic work of IT security incident response , 2010, Inf. Manag. Comput. Secur..

[5]  Wolfgang Hommel,et al.  Integrated Security Incident Management -- Concepts and Real-World Experiences , 2011, 2011 Sixth International Conference on IT Security Incident Management and IT Forensics.

[6]  Christos Douligeris,et al.  On Incident Handling and Response: A state-of-the-art approach , 2006, Comput. Secur..

[7]  Zhe Chen,et al.  Intelligent control on wind farm , 2010, 2010 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT Europe).

[8]  A. B. Ruighaver,et al.  Incident response teams - Challenges in supporting the organisational security function , 2012, Comput. Secur..

[9]  Annabelle Lee,et al.  Guidelines for Smart Grid Cyber Security , 2010 .

[10]  Mohsen Jafari,et al.  An integrated security system of protecting Smart Grid against cyber attacks , 2010, 2010 Innovative Smart Grid Technologies (ISGT).

[11]  Theron Pieterse The corporate incident response framework (CIRF) , 2011, 2011 IST-Africa Conference Proceedings.

[12]  Robert Avag Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report | Institute for Science and International Security , 2011 .