A Review of Standards with Cybersecurity Requirements for Smart Grid - Publication - Bridge of Knowledge

Search

A Review of Standards with Cybersecurity Requirements for Smart Grid

Abstract

Assuring cybersecurity of the smart grid is indispensable for the reliable operation of this new form of the electricity network. Experts agree that standardised solutions and practices should be applied in the first place. In recent years many new standards for smart grids have been published, which paradoxically results in the difficulty of finding a relevant publication in this plethora of literature. This paper presents results of a study which aimed at addressing this issue by identifying all standards that define cybersecurity requirements applicable to smart grids. Based on a systematic literature review seventeen relevant standards were identified that are described in this paper with a focus on the requirements and characterised with respect to evaluation criteria. The relationships between the standards have been analysed to understand where the standards overlap or complement each other and where they are completely independent -- as far as cybersecurity requirements are concerned. This together with the requirements-focused descriptions of the standards can serve as a useful guidance on cybersecurity requirements for smart grid components that should help practitioners in choosing the standards that are applicable to their area or a specific problem.

Citations

  • 4 7

    CrossRef

  • 0

    Web of Science

  • 5 1

    Scopus

Cite as

Full text

download paper
downloaded 661 times
Publication version
Accepted or Published Version
License
Creative Commons: CC-BY-NC-ND open in new tab

Keywords

Details

Category:
Articles
Type:
artykuł w czasopiśmie wyróżnionym w JCR
Published in:
COMPUTERS & SECURITY no. 77, pages 262 - 276,
ISSN: 0167-4048
Language:
English
Publication year:
2018
Bibliographic description:
Leszczyna R.: A Review of Standards with Cybersecurity Requirements for Smart Grid// COMPUTERS & SECURITY. -Vol. 77, (2018), s.262-276
DOI:
Digital Object Identifier (open in new tab) 10.1016/j.cose.2018.03.011
Bibliography: test
  1. GB/T 22239:2008 -Information Security Technology -Baseline for Classified Protection of Information System Security. Technical report.
  2. GB/T 20279-2015 -Information Security Technology -Secu- rity Technical Requirements of Network and Terminal Separation Products. Technical report. open in new tab
  3. (2017a). SoES -Security of Energy Systems. open in new tab
  4. (2017b). STARGRID -STandard Analysis supporting smart eneRgy GRID developmen. open in new tab
  5. Aillerie, Y., Kayal, S., Mennella, J.-p., Samani, R., Sauty, S., and Schmitt, L. (2013). Smart Grid Cyber Security.
  6. Arora, V. (2005). Comparing different information security standards : COBIT v s . ISO 27001. Carnegie Mellon University, Qatar, pages 7-9.
  7. Bartsch, M., Ewich, T., Freckmann, C., Heming, R., Huckschtag, M., Kanisch, H., Krietemeyer, T., Mallon, M., Menauer, J., Schaeffer, P., Schugt, H., Seebens, J., Vogelpoth, C., Walter, T., Zevenberge, I., and Kaiser, J. (2014). VGB-S 175 -IT Security for Generating Plants. Technical report.
  8. Beckers, K., Côté, I., Fenz, S., Hatebur, D., and Heisel, M. (2014). A Struc- tured Comparison of Security Standards. pages 1-34. Springer International Publishing. open in new tab
  9. Brown, B., Singletary, B., Willke, B., Bennett, C., Highfill, D., Houseman, D., Cleveland, F., Lipson, H., Ivers, J., Gooding, J., McDonald, J., Green- field, N., and Li, S. (2008). AMI System Security Requirements v1.01. Technical report.
  10. CEN-CENELEC-ETSI JWG (2011). Final report Standards for Smart Grids. open in new tab
  11. CEN-CENELEC-ETSI Smart Grid Coordination Group (2014a). SG- CG/M490/H Smart Grid Information Security. Technical report. open in new tab
  12. CEN-CENELEC-ETSI Smart Grid Coordination Group (2014b). Smart Grid Set of Standards Version 3.1. Technical report.
  13. Commission, E. (2011). Communication from the Commission to the Eu- ropean Parliament, the Council, the European Economic and Social Com- mittee and the Committee of the Regions Smart Grids: From Innovation To Deployment COM(2011) 202. Technical report, European Commission. open in new tab
  14. DHS (2008). Cyber Security Procurement Language for Control Systems Version 1.8. Technical report. open in new tab
  15. DHS (2009). Catalog of Control Systems Security: Recommendations for Standards Developers. Technical report. open in new tab
  16. DKE (2013). German Roadmap E-Energy/Smart Grid 2.0. Technical report, German Commission for Electrical, Electronic & Information Tech- nologies of DIN and VDE.
  17. Eastaughffe, K., Cant, A., and Ozols, M. (1999). A framework for assess- ing standards for safety critical computer-based systems. In Proceedings 4th IEEE International Software Engineering Standards Symposium and Forum (ISESS'99). 'Best Software Practices for the Internet Age', pages 33-44. IEEE Comput. Soc. open in new tab
  18. ENISA (2016). PETs controls matrix: A systematic approach for assess- ing online and mobile privacy tools. Technical report.
  19. EPRI (2012). Mapping the National Institute of Standards and Technol- ogy Interagency Report 7628 Security Requirements to the North American Electric Reliability Corporation Critical Infrastructure Protection Standards. Technical report. open in new tab
  20. European Commission (2011). M/490 Smart Grid Mandate Standardiza- tion Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment. Technical report. open in new tab
  21. Falk, R. and Fries, S. (2011). Smart Grid Cyber Security -An Overview of Selected Scenarios and Their Security Implications. PIK -Praxis der Informationsverarbeitung und Kommunikation, 34(4):168-175. open in new tab
  22. Falliere, N., Murchu, L. O., and Chien, E. (2011). W32.Stuxnet Dossier. Technical report, Symantec Security Response. open in new tab
  23. Fan, Z., Kulkarni, P., Gormus, S., Efthymiou, C., Kalogridis, G., Sooriya- bandara, M., Zhu, Z., Lambotharan, S., and Chin, W. H. (2013). Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities. IEEE Communications Surveys & Tutorials, 15(1):21-38. open in new tab
  24. Fang, X., Misra, S., Xue, G., and Yang, D. (2012). Smart Grid The New and Improved Power Grid: A Survey. IEEE Communications Surveys & Tutorials, 14(4):944-980. open in new tab
  25. Gazis, V. (2017). A Survey of Standards for Machine-to-Machine and the Internet of Things. IEEE Communications Surveys & Tutorials, 19(1):482- 511. open in new tab
  26. Ghansah, I. (2012). Smart Grid Cyber Security Potential Threats, Vulner- abilities and Risks. Technical report, Sacramento.
  27. Goraj, M., Gill, J., and Mann, S. (2012). Recent developments in stan- dards and industry solutions for cyber security and secure remote access to electrical substations. In 11th IET International Conference on Develop- ments in Power Systems Protection (DPSP 2012), pages 161-161. IET. open in new tab
  28. Griffin, R. W. and Langer, L. (2015). Chapter 7 Establishing a Smart Grid Security Architecture. In Smart Grid Security, pages 185-218. open in new tab
  29. Hauer, I., Styczynski, Z. A., Komarnicki, P., Stotzer, M., and Stein, J. (2012). Smart grid in critical situations. Do we need some standards for this? A german perspective. In 2012 IEEE Power and Energy Society General Meeting, pages 1-8. IEEE. open in new tab
  30. Idaho National Laboratory (2005). A Comparison of Cross-Sector Cyber Security Standards. Technical report. open in new tab
  31. IEC (2010). IEC 62443-2-1: Industrial communication networks -Net- work and system security -Part 2-1: Establishing an industrial automation and control system security program. open in new tab
  32. IEC (2013). IEC 62443-3-3:2013 Industrial communication networks - Network and system security -Part 3-3: System security requirements and security levels. open in new tab
  33. IEC (2017a). Smart Grid. open in new tab
  34. IEC (2017b). Smart Grid Standards Map. open in new tab
  35. IEEE (2013). IEEE 1686-2013 -IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities. open in new tab
  36. IEEE Power & Energy Society. Power System Relaying Committee., IEEE Power & Energy Society. Substations Committee., Institute of Elec- trical and Electronics Engineers., and IEEE-SA Standards Board. (2014). open in new tab
  37. C37.240-2014 -IEEE standard cybersecurity requirements for substation automation, protection, and control systems. Technical report. open in new tab
  38. IEEE Standards Association (2015). IEEE Smart Grid Interoperability Series of Standards. open in new tab
  39. ISO (2014). ISO 15118-2:2014 Road vehicles -Vehicle-to-Grid Commu- nication Interface -Part 2: Network and application protocol requirements. Technical report. open in new tab
  40. ISO/IEC (2012). ISO/IEC 19790:2012 Information technology -Security techniques -Security requirements for cryptographic modules. Technical report. open in new tab
  41. ISO/IEC (2013a). ISO/IEC 27001:2013: Information technology Secu- rity techniques Information security management systems Requirements. open in new tab
  42. ISO/IEC (2013b). ISO/IEC TR 27019:2013: Information technology Se- curity techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility in- dustry. open in new tab
  43. ISO/IEC (2016). ISO/IEC 27000:2016 Information technology Secu- rity techniques Information security management systems Overview and vocabulary. open in new tab
  44. Kanabar, M. G., Voloh, I., and McGinn, D. (2012a). A review of smart grid standards for protection, control, and monitoring applications. In 2012 65th Annual Conference for Protective Relay Engineers, pages 281-289. IEEE. open in new tab
  45. Kanabar, M. G., Voloh, I., and McGinn, D. (2012b). Reviewing smart grid standards for protection, control, and monitoring applications. In 2012 IEEE PES Innovative Smart Grid Technologies (ISGT), pages 1-8. IEEE. open in new tab
  46. Kosanke, K. (2006). ISO Standards for Interoperability: a Comparison. In Interoperability of Enterprise Software and Applications, pages 55-64. Springer-Verlag, London. open in new tab
  47. Kuligowski, C. (2009). Comparison of IT Security Standards. PhD thesis. open in new tab
  48. Lee, A., Snouffer, S. R., Easter, R. J., Foti, J., and Casar, T. (2001). NIST SP 800-29 A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2. Technical report.
  49. Liu, J., Xiao, Y., Li, S., Liang, W., and Chen, C. L. P. (2012). Cyber Security and Privacy Issues in Smart Grids. IEEE Communications Surveys & Tutorials, 14(4):981-997. open in new tab
  50. Metheny, M. (2013). Comparison of Federal and International Security Certification Standards. In Federal Cloud Computing, pages 195-216. El- sevier. open in new tab
  51. Metheny, M. (2017). Comparison of federal and international security certification standards. In Federal Cloud Computing, pages 211-237. Else- vier. open in new tab
  52. Mitchell, R. and Chen, I.-R. (2014). A survey of intrusion detection tech- niques for cyber-physical systems. ACM Computing Surveys, 46(4):1-29. open in new tab
  53. National Institute of Standards and Technology (NIST) (2013). NIST SP 800-53 Rev. 4 Recommended Security Controls for Federal Information Sys- tems and Organizations. U.S. Government Printing Office. open in new tab
  54. Netbeheer Nederland (2010). Privacy and Security of the Advanced Me- tering Infrastructure. Technical report.
  55. NIST (2012). NIST Special Publication 1108R2 NIST Framework and Roadmap for Smart Grid Interoperability Standards. Technical report, Na- tional Institute of Standards and Technology. open in new tab
  56. NIST (2014a). NIST SP 1108r3: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0. Technical report, Na. open in new tab
  57. NIST (2014b). NISTIR 7628 Revision 1 Guidelines for Smart Grid Cy- bersecurity. Technical report, NIST. open in new tab
  58. OpenSG (2017). Security Working Group. Technical report.
  59. Overman, T. M., Davis, T. L., and Sackman, R. W. (2010). High assurance smart grid. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research -CSIIRW '10, page 1, New York, New York, USA. ACM Press. open in new tab
  60. Pearson, I. L. (2011). Smart grid cyber security for Europe. Energy Policy, 39(9):5211-5218. open in new tab
  61. Phillips, T., Karygiannis, T., and Huhn, R. (2005). Security Standards for the RFID Market. IEEE Security and Privacy Magazine, 3(6):85-89. open in new tab
  62. Rosinger, C. and Uslar, M. (2013). Smart Grid Security: IEC 62351 and Other Relevant Standards. In Standardization in Smart Grids -Introduction to IT-Related Methodologies, Architectures and Standards, pages 129-146. open in new tab
  63. Ruland, K. C., Sassmannshausen, J., Waedt, K., and Zivic, N. (2017). Smart grid security an overview of standards and guidelines. Elektrotechnik und Informationstechnik, 134(1):19-25. open in new tab
  64. SGIP (2012). Guide for Assessing the High-Level Security Requirements in NISTIR 7628, Guidelines for Smart Grid Cyber Security. open in new tab
  65. Siponen, M. and Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5):267- 270. open in new tab
  66. Sommestad, T., Ericsson, G. N., and Nordlander, J. (2010). SCADA sys- tem cyber security A comparison of standards. In IEEE PES General Meet- ing, pages 1-8. IEEE. open in new tab
  67. Standardisation Management Board Smart Grid Strategic Group (SG3) (2010). IEC Smart Grid Standardization Roadmap. Technical Report June, Standardisation Management Board Smart Grid Strategic Group (SG3). open in new tab
  68. State Grid Corporation of China (2010). SGCC Framework and Roadmap to Strong & Smart Grid Standards. Technical report, State Grid Corporation of China. open in new tab
  69. Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., and Hahn, A. (2015). NIST SP 800-82 Guide to Industrial Control Systems (ICS) Se- curity Revision 2. Technical report, NIST. open in new tab
  70. Sunyaev, A. (2011). Health-care telematics in Germany : design and application of a security analysis method. Gabler. open in new tab
  71. Symantec Security Response (2016). Destructive Disakil malware linked to Ukraine power outages also used against media organizations. open in new tab
  72. Tipton, H. (2003). Information Security Management Handbook. CRC Press, Inc., Boca Raton, FL, USA.
  73. Von Solms, R. (1999). Information security management : why standards are important. Information Management & Computer Security, 7(1):50-57.
  74. Wang, Y., Ruan, D., and Xu, J. (2011a). Analysis of Smart Grid security standards. In 2011 IEEE International Conference on Computer Science and Automation Engineering, pages 697-701. IEEE. open in new tab
  75. Wang, Y., Zhang, B., Lin, W., and Zhang, T. (2011b). Smart grid infor- mation security -a research on standards. In 2011 International Conference on Advanced Power System Automation and Protection, pages 1188-1194. IEEE. open in new tab
  76. Webster, J. and Watson, R. T. (2002). Analyzing the past to prepare for the future: writing a literature review. MIS Quarterly, 26(2):xiii-xxiii.
  77. Wouter Vlegels and Leszczyna (eds.), R. (2012). Smart Grid Security: Recommendations for Europe and Member States.
  78. Yilin Mo, Kim, T. H.-J., Brancik, K., Dickinson, D., Heejo Lee, Perrig, A., and Sinopoli, B. (2012). CyberPhysical Security of a Smart Grid Infras- tructure. Proceedings of the IEEE, 100(1):195-209.
  79. Zhang, Y., Wang, J., Hu, F., and Wang, Y. (2017). Comparison of evalua- tion standards for green building in China, Britain, United States. Renewable and Sustainable Energy Reviews, 68:262-271. open in new tab
Verified by:
Gdańsk University of Technology

seen 212 times

Recommended for you

Meta Tags