Standards with cybersecurity controls for smart grid—A systematic analysis

In recent years, numerous standards related to the cybersecurity of smart grids have been published, which led to the challenge for operators in obtaining indications that match their specific objectives and contexts. Although several studies approached this problem by providing more or less comprehensive surveys and overviews of smart grid cybersecurity standards, none of them was dedicated to the actual and important subject of cybersecurity controls. This paper aims at filling this gap. A systematic literature analysis was conducted which resulted in the identification of 19 broadly recognised standards that specify cybersecurity controls applicable to the smart grid infrastructure. The publications are described in respect to the controls they define and referred to evaluation criteria. In result, this paper constitutes a guideline on standardised cybersecurity controls for smart grids, where (criteria‐based) indications help to select standards for a particular smart grid area or specific goals. The method of the research as well as the standards' selection and evaluation criteria are presented.

[1]  E. Ross,et al.  Philosophy of Science Association , 2022 .

[2]  Rossouw von Solms,et al.  Information security management: why standards are important , 1999, Inf. Manag. Comput. Secur..

[3]  A. Cant,et al.  A framework for assessing standards for safety critical computer-based systems , 1999, Proceedings 4th IEEE International Software Engineering Standards Symposium and Forum (ISESS'99). 'Best Software Practices for the Internet Age'.

[4]  I. Monitor Information Security Management Handbook , 2000 .

[5]  Annabelle Lee,et al.  SP 800-29. A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2 , 2001 .

[6]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[7]  Robert P. Evans A Comparison of Cross-Sector Cyber Security Standards , 2005 .

[8]  Rick Huhn,et al.  Security Standards for the RFID Market , 2005, IEEE Secur. Priv..

[9]  Kurt Kosanke ISO Standards for Interoperability: a Comparison , 2006 .

[10]  Richard Kissel,et al.  Security Considerations in the System Development Life Cycle , 2008 .

[11]  Micki Krause,et al.  Information Security Management Handbook, Sixth Edition, Volume 2 , 2008 .

[12]  Christine Kuligowski,et al.  COMPARISON OF IT SECURITY STANDARDS) , 2009 .

[13]  Mikko T. Siponen,et al.  Information security management standards: Problems and solutions , 2009, Inf. Manag..

[14]  Teodor Sommestad,et al.  SCADA system cyber security — A comparison of standards , 2010, IEEE PES General Meeting.

[15]  Thomas M. Overman,et al.  High assurance smart grid , 2010, CSIIRW '10.

[16]  Tao Zhang,et al.  Smart grid information security - a research on standards , 2011, 2011 International Conference on Advanced Power System Automation and Protection.

[17]  Steffen Fries,et al.  Smart Grid Cyber Security – An Overview of Selected Scenarios and Their Security Implications , 2011, PIK Prax. Informationsverarbeitung Kommun..

[18]  A. Sunyaev Designing a Security Analysis Method for Healthcare Telematics in Germany , 2011 .

[19]  Ali Sunyaev Health-care telematics in Germany: design and application of a security analysis method , 2011 .

[20]  I. Pearson Smart grid cyber security for Europe , 2011 .

[21]  Dawu Gu,et al.  Analysis of Smart Grid security standards , 2011, 2011 IEEE International Conference on Computer Science and Automation Engineering.

[22]  I. Voloh,et al.  A review of smart grid standards for protection, control, and monitoring applications , 2012, 2012 65th Annual Conference for Protective Relay Engineers.

[23]  Z. A. Styczynski,et al.  Smart grid in critical situations. Do we need some standards for this? A german perspective , 2012, 2012 IEEE Power and Energy Society General Meeting.

[24]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[25]  Ilia Voloh,et al.  Reviewing smart grid standards for protection, control, and monitoring applications , 2012, 2012 IEEE PES Innovative Smart Grid Technologies (ISGT).

[26]  S. Mann,et al.  Recent developments in standards and industry solutions for cyber security and secure remote access to electrical substations , 2012 .

[27]  K. Scarfone,et al.  Guidelines for Managing the Security of Mobile Devices in the Enterprise , 2013 .

[28]  Mahesh Sooriyabandara,et al.  Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities , 2011, IEEE Communications Surveys & Tutorials.

[29]  Matthew Metheny Comparison of federal and international security certification standards , 2013, CloudCom 2013.

[30]  Mathias Uslar,et al.  Smart Grid Security: IEC 62351 and Other Relevant Standards , 2013 .

[31]  Nada Golmie,et al.  NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0 , 2014 .

[32]  Kristian Beckers,et al.  A Structured Comparison of Security Standards , 2014, Engineering Secure Future Internet Services and Systems.

[33]  Richard Kissel,et al.  Glossary of Key Information Security Terms , 2014 .

[34]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[35]  Lucie Langer,et al.  Establishing a Smart Grid Security Architecture , 2015 .

[36]  Jonathan Lam IIET: Cyber security in modern power systems - Protecting large and complex networks , 2016 .

[37]  Karl Waedt,et al.  New security standards for industrial automation and control systems, based on IEC 62443-4-2 (IACS/SCADA) - extended abstract , 2016, GI-Jahrestagung.

[38]  Jingjing Wang,et al.  Comparison of evaluation standards for green building in China, Britain, United States , 2017 .

[39]  Christoph Ruland,et al.  Smart grid security – an overview of standards and guidelines , 2017, Elektrotech. Informationstechnik.

[40]  Vangelis Gazis,et al.  A Survey of Standards for Machine-to-Machine and the Internet of Things , 2017, IEEE Communications Surveys & Tutorials.

[41]  S. Rahman,et al.  A comprehensive review of smart grid related standards and protocols , 2017, 2017 5th International Istanbul Smart Grid and Cities Congress and Fair (ICSG).

[42]  Rafal Leszczyna,et al.  Standards on cyber security assessment of smart grid , 2018, Int. J. Crit. Infrastructure Prot..

[43]  Rafal Leszczyna,et al.  A review of standards with cybersecurity requirements for smart grid , 2018, Comput. Secur..

[44]  R. Yasrab Grid , 2018, Encyclopedic Dictionary of Archaeology.

[45]  Rafal Leszczyna,et al.  Cybersecurity and privacy in standards for smart grids - A comprehensive survey , 2018, Comput. Stand. Interfaces.

[46]  Michael Gordon Board , 2019, Definitions.