A Review of Standards with Cybersecurity Requirements for Smart Grid - Publikacja - MOST Wiedzy

Wyszukiwarka

A Review of Standards with Cybersecurity Requirements for Smart Grid

Abstrakt

Assuring cybersecurity of the smart grid is indispensable for the reliable operation of this new form of the electricity network. Experts agree that standardised solutions and practices should be applied in the first place. In recent years many new standards for smart grids have been published, which paradoxically results in the difficulty of finding a relevant publication in this plethora of literature. This paper presents results of a study which aimed at addressing this issue by identifying all standards that define cybersecurity requirements applicable to smart grids. Based on a systematic literature review seventeen relevant standards were identified that are described in this paper with a focus on the requirements and characterised with respect to evaluation criteria. The relationships between the standards have been analysed to understand where the standards overlap or complement each other and where they are completely independent -- as far as cybersecurity requirements are concerned. This together with the requirements-focused descriptions of the standards can serve as a useful guidance on cybersecurity requirements for smart grid components that should help practitioners in choosing the standards that are applicable to their area or a specific problem.

Cytowania

  • 4 7

    CrossRef

  • 0

    Web of Science

  • 5 1

    Scopus

Cytuj jako

Pełna treść

pobierz publikację
pobrano 661 razy
Wersja publikacji
Accepted albo Published Version
Licencja
Creative Commons: CC-BY-NC-ND otwiera się w nowej karcie

Słowa kluczowe

Informacje szczegółowe

Kategoria:
Publikacja w czasopiśmie
Typ:
artykuł w czasopiśmie wyróżnionym w JCR
Opublikowano w:
COMPUTERS & SECURITY nr 77, strony 262 - 276,
ISSN: 0167-4048
Język:
angielski
Rok wydania:
2018
Opis bibliograficzny:
Leszczyna R.: A Review of Standards with Cybersecurity Requirements for Smart Grid// COMPUTERS & SECURITY. -Vol. 77, (2018), s.262-276
DOI:
Cyfrowy identyfikator dokumentu elektronicznego (otwiera się w nowej karcie) 10.1016/j.cose.2018.03.011
Bibliografia: test
  1. GB/T 22239:2008 -Information Security Technology -Baseline for Classified Protection of Information System Security. Technical report.
  2. GB/T 20279-2015 -Information Security Technology -Secu- rity Technical Requirements of Network and Terminal Separation Products. Technical report. otwiera się w nowej karcie
  3. (2017a). SoES -Security of Energy Systems. otwiera się w nowej karcie
  4. (2017b). STARGRID -STandard Analysis supporting smart eneRgy GRID developmen. otwiera się w nowej karcie
  5. Aillerie, Y., Kayal, S., Mennella, J.-p., Samani, R., Sauty, S., and Schmitt, L. (2013). Smart Grid Cyber Security.
  6. Arora, V. (2005). Comparing different information security standards : COBIT v s . ISO 27001. Carnegie Mellon University, Qatar, pages 7-9.
  7. Bartsch, M., Ewich, T., Freckmann, C., Heming, R., Huckschtag, M., Kanisch, H., Krietemeyer, T., Mallon, M., Menauer, J., Schaeffer, P., Schugt, H., Seebens, J., Vogelpoth, C., Walter, T., Zevenberge, I., and Kaiser, J. (2014). VGB-S 175 -IT Security for Generating Plants. Technical report.
  8. Beckers, K., Côté, I., Fenz, S., Hatebur, D., and Heisel, M. (2014). A Struc- tured Comparison of Security Standards. pages 1-34. Springer International Publishing. otwiera się w nowej karcie
  9. Brown, B., Singletary, B., Willke, B., Bennett, C., Highfill, D., Houseman, D., Cleveland, F., Lipson, H., Ivers, J., Gooding, J., McDonald, J., Green- field, N., and Li, S. (2008). AMI System Security Requirements v1.01. Technical report.
  10. CEN-CENELEC-ETSI JWG (2011). Final report Standards for Smart Grids. otwiera się w nowej karcie
  11. CEN-CENELEC-ETSI Smart Grid Coordination Group (2014a). SG- CG/M490/H Smart Grid Information Security. Technical report. otwiera się w nowej karcie
  12. CEN-CENELEC-ETSI Smart Grid Coordination Group (2014b). Smart Grid Set of Standards Version 3.1. Technical report.
  13. Commission, E. (2011). Communication from the Commission to the Eu- ropean Parliament, the Council, the European Economic and Social Com- mittee and the Committee of the Regions Smart Grids: From Innovation To Deployment COM(2011) 202. Technical report, European Commission. otwiera się w nowej karcie
  14. DHS (2008). Cyber Security Procurement Language for Control Systems Version 1.8. Technical report. otwiera się w nowej karcie
  15. DHS (2009). Catalog of Control Systems Security: Recommendations for Standards Developers. Technical report. otwiera się w nowej karcie
  16. DKE (2013). German Roadmap E-Energy/Smart Grid 2.0. Technical report, German Commission for Electrical, Electronic & Information Tech- nologies of DIN and VDE.
  17. Eastaughffe, K., Cant, A., and Ozols, M. (1999). A framework for assess- ing standards for safety critical computer-based systems. In Proceedings 4th IEEE International Software Engineering Standards Symposium and Forum (ISESS'99). 'Best Software Practices for the Internet Age', pages 33-44. IEEE Comput. Soc. otwiera się w nowej karcie
  18. ENISA (2016). PETs controls matrix: A systematic approach for assess- ing online and mobile privacy tools. Technical report.
  19. EPRI (2012). Mapping the National Institute of Standards and Technol- ogy Interagency Report 7628 Security Requirements to the North American Electric Reliability Corporation Critical Infrastructure Protection Standards. Technical report. otwiera się w nowej karcie
  20. European Commission (2011). M/490 Smart Grid Mandate Standardiza- tion Mandate to European Standardisation Organisations (ESOs) to support European Smart Grid deployment. Technical report. otwiera się w nowej karcie
  21. Falk, R. and Fries, S. (2011). Smart Grid Cyber Security -An Overview of Selected Scenarios and Their Security Implications. PIK -Praxis der Informationsverarbeitung und Kommunikation, 34(4):168-175. otwiera się w nowej karcie
  22. Falliere, N., Murchu, L. O., and Chien, E. (2011). W32.Stuxnet Dossier. Technical report, Symantec Security Response. otwiera się w nowej karcie
  23. Fan, Z., Kulkarni, P., Gormus, S., Efthymiou, C., Kalogridis, G., Sooriya- bandara, M., Zhu, Z., Lambotharan, S., and Chin, W. H. (2013). Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities. IEEE Communications Surveys & Tutorials, 15(1):21-38. otwiera się w nowej karcie
  24. Fang, X., Misra, S., Xue, G., and Yang, D. (2012). Smart Grid The New and Improved Power Grid: A Survey. IEEE Communications Surveys & Tutorials, 14(4):944-980. otwiera się w nowej karcie
  25. Gazis, V. (2017). A Survey of Standards for Machine-to-Machine and the Internet of Things. IEEE Communications Surveys & Tutorials, 19(1):482- 511. otwiera się w nowej karcie
  26. Ghansah, I. (2012). Smart Grid Cyber Security Potential Threats, Vulner- abilities and Risks. Technical report, Sacramento.
  27. Goraj, M., Gill, J., and Mann, S. (2012). Recent developments in stan- dards and industry solutions for cyber security and secure remote access to electrical substations. In 11th IET International Conference on Develop- ments in Power Systems Protection (DPSP 2012), pages 161-161. IET. otwiera się w nowej karcie
  28. Griffin, R. W. and Langer, L. (2015). Chapter 7 Establishing a Smart Grid Security Architecture. In Smart Grid Security, pages 185-218. otwiera się w nowej karcie
  29. Hauer, I., Styczynski, Z. A., Komarnicki, P., Stotzer, M., and Stein, J. (2012). Smart grid in critical situations. Do we need some standards for this? A german perspective. In 2012 IEEE Power and Energy Society General Meeting, pages 1-8. IEEE. otwiera się w nowej karcie
  30. Idaho National Laboratory (2005). A Comparison of Cross-Sector Cyber Security Standards. Technical report. otwiera się w nowej karcie
  31. IEC (2010). IEC 62443-2-1: Industrial communication networks -Net- work and system security -Part 2-1: Establishing an industrial automation and control system security program. otwiera się w nowej karcie
  32. IEC (2013). IEC 62443-3-3:2013 Industrial communication networks - Network and system security -Part 3-3: System security requirements and security levels. otwiera się w nowej karcie
  33. IEC (2017a). Smart Grid. otwiera się w nowej karcie
  34. IEC (2017b). Smart Grid Standards Map. otwiera się w nowej karcie
  35. IEEE (2013). IEEE 1686-2013 -IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities. otwiera się w nowej karcie
  36. IEEE Power & Energy Society. Power System Relaying Committee., IEEE Power & Energy Society. Substations Committee., Institute of Elec- trical and Electronics Engineers., and IEEE-SA Standards Board. (2014). otwiera się w nowej karcie
  37. C37.240-2014 -IEEE standard cybersecurity requirements for substation automation, protection, and control systems. Technical report. otwiera się w nowej karcie
  38. IEEE Standards Association (2015). IEEE Smart Grid Interoperability Series of Standards. otwiera się w nowej karcie
  39. ISO (2014). ISO 15118-2:2014 Road vehicles -Vehicle-to-Grid Commu- nication Interface -Part 2: Network and application protocol requirements. Technical report. otwiera się w nowej karcie
  40. ISO/IEC (2012). ISO/IEC 19790:2012 Information technology -Security techniques -Security requirements for cryptographic modules. Technical report. otwiera się w nowej karcie
  41. ISO/IEC (2013a). ISO/IEC 27001:2013: Information technology Secu- rity techniques Information security management systems Requirements. otwiera się w nowej karcie
  42. ISO/IEC (2013b). ISO/IEC TR 27019:2013: Information technology Se- curity techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility in- dustry. otwiera się w nowej karcie
  43. ISO/IEC (2016). ISO/IEC 27000:2016 Information technology Secu- rity techniques Information security management systems Overview and vocabulary. otwiera się w nowej karcie
  44. Kanabar, M. G., Voloh, I., and McGinn, D. (2012a). A review of smart grid standards for protection, control, and monitoring applications. In 2012 65th Annual Conference for Protective Relay Engineers, pages 281-289. IEEE. otwiera się w nowej karcie
  45. Kanabar, M. G., Voloh, I., and McGinn, D. (2012b). Reviewing smart grid standards for protection, control, and monitoring applications. In 2012 IEEE PES Innovative Smart Grid Technologies (ISGT), pages 1-8. IEEE. otwiera się w nowej karcie
  46. Kosanke, K. (2006). ISO Standards for Interoperability: a Comparison. In Interoperability of Enterprise Software and Applications, pages 55-64. Springer-Verlag, London. otwiera się w nowej karcie
  47. Kuligowski, C. (2009). Comparison of IT Security Standards. PhD thesis. otwiera się w nowej karcie
  48. Lee, A., Snouffer, S. R., Easter, R. J., Foti, J., and Casar, T. (2001). NIST SP 800-29 A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2. Technical report.
  49. Liu, J., Xiao, Y., Li, S., Liang, W., and Chen, C. L. P. (2012). Cyber Security and Privacy Issues in Smart Grids. IEEE Communications Surveys & Tutorials, 14(4):981-997. otwiera się w nowej karcie
  50. Metheny, M. (2013). Comparison of Federal and International Security Certification Standards. In Federal Cloud Computing, pages 195-216. El- sevier. otwiera się w nowej karcie
  51. Metheny, M. (2017). Comparison of federal and international security certification standards. In Federal Cloud Computing, pages 211-237. Else- vier. otwiera się w nowej karcie
  52. Mitchell, R. and Chen, I.-R. (2014). A survey of intrusion detection tech- niques for cyber-physical systems. ACM Computing Surveys, 46(4):1-29. otwiera się w nowej karcie
  53. National Institute of Standards and Technology (NIST) (2013). NIST SP 800-53 Rev. 4 Recommended Security Controls for Federal Information Sys- tems and Organizations. U.S. Government Printing Office. otwiera się w nowej karcie
  54. Netbeheer Nederland (2010). Privacy and Security of the Advanced Me- tering Infrastructure. Technical report.
  55. NIST (2012). NIST Special Publication 1108R2 NIST Framework and Roadmap for Smart Grid Interoperability Standards. Technical report, Na- tional Institute of Standards and Technology. otwiera się w nowej karcie
  56. NIST (2014a). NIST SP 1108r3: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0. Technical report, Na. otwiera się w nowej karcie
  57. NIST (2014b). NISTIR 7628 Revision 1 Guidelines for Smart Grid Cy- bersecurity. Technical report, NIST. otwiera się w nowej karcie
  58. OpenSG (2017). Security Working Group. Technical report.
  59. Overman, T. M., Davis, T. L., and Sackman, R. W. (2010). High assurance smart grid. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research -CSIIRW '10, page 1, New York, New York, USA. ACM Press. otwiera się w nowej karcie
  60. Pearson, I. L. (2011). Smart grid cyber security for Europe. Energy Policy, 39(9):5211-5218. otwiera się w nowej karcie
  61. Phillips, T., Karygiannis, T., and Huhn, R. (2005). Security Standards for the RFID Market. IEEE Security and Privacy Magazine, 3(6):85-89. otwiera się w nowej karcie
  62. Rosinger, C. and Uslar, M. (2013). Smart Grid Security: IEC 62351 and Other Relevant Standards. In Standardization in Smart Grids -Introduction to IT-Related Methodologies, Architectures and Standards, pages 129-146. otwiera się w nowej karcie
  63. Ruland, K. C., Sassmannshausen, J., Waedt, K., and Zivic, N. (2017). Smart grid security an overview of standards and guidelines. Elektrotechnik und Informationstechnik, 134(1):19-25. otwiera się w nowej karcie
  64. SGIP (2012). Guide for Assessing the High-Level Security Requirements in NISTIR 7628, Guidelines for Smart Grid Cyber Security. otwiera się w nowej karcie
  65. Siponen, M. and Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5):267- 270. otwiera się w nowej karcie
  66. Sommestad, T., Ericsson, G. N., and Nordlander, J. (2010). SCADA sys- tem cyber security A comparison of standards. In IEEE PES General Meet- ing, pages 1-8. IEEE. otwiera się w nowej karcie
  67. Standardisation Management Board Smart Grid Strategic Group (SG3) (2010). IEC Smart Grid Standardization Roadmap. Technical Report June, Standardisation Management Board Smart Grid Strategic Group (SG3). otwiera się w nowej karcie
  68. State Grid Corporation of China (2010). SGCC Framework and Roadmap to Strong & Smart Grid Standards. Technical report, State Grid Corporation of China. otwiera się w nowej karcie
  69. Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., and Hahn, A. (2015). NIST SP 800-82 Guide to Industrial Control Systems (ICS) Se- curity Revision 2. Technical report, NIST. otwiera się w nowej karcie
  70. Sunyaev, A. (2011). Health-care telematics in Germany : design and application of a security analysis method. Gabler. otwiera się w nowej karcie
  71. Symantec Security Response (2016). Destructive Disakil malware linked to Ukraine power outages also used against media organizations. otwiera się w nowej karcie
  72. Tipton, H. (2003). Information Security Management Handbook. CRC Press, Inc., Boca Raton, FL, USA.
  73. Von Solms, R. (1999). Information security management : why standards are important. Information Management & Computer Security, 7(1):50-57.
  74. Wang, Y., Ruan, D., and Xu, J. (2011a). Analysis of Smart Grid security standards. In 2011 IEEE International Conference on Computer Science and Automation Engineering, pages 697-701. IEEE. otwiera się w nowej karcie
  75. Wang, Y., Zhang, B., Lin, W., and Zhang, T. (2011b). Smart grid infor- mation security -a research on standards. In 2011 International Conference on Advanced Power System Automation and Protection, pages 1188-1194. IEEE. otwiera się w nowej karcie
  76. Webster, J. and Watson, R. T. (2002). Analyzing the past to prepare for the future: writing a literature review. MIS Quarterly, 26(2):xiii-xxiii.
  77. Wouter Vlegels and Leszczyna (eds.), R. (2012). Smart Grid Security: Recommendations for Europe and Member States.
  78. Yilin Mo, Kim, T. H.-J., Brancik, K., Dickinson, D., Heejo Lee, Perrig, A., and Sinopoli, B. (2012). CyberPhysical Security of a Smart Grid Infras- tructure. Proceedings of the IEEE, 100(1):195-209.
  79. Zhang, Y., Wang, J., Hu, F., and Wang, Y. (2017). Comparison of evalua- tion standards for green building in China, Britain, United States. Renewable and Sustainable Energy Reviews, 68:262-271. otwiera się w nowej karcie
Weryfikacja:
Politechnika Gdańska

wyświetlono 212 razy

Publikacje, które mogą cię zainteresować

Meta Tagi