Operations personnel at many energy companies feel the pressure of achieving compliance with the NERC CIP standards. Some worry that they are not aware of the problems and security incidents that...
Securing Tomorrow's Grid (Part I)
Protecting smart systems against cyber threats.
direct access to a utility’s PMU.
• All synchrophasor systems and components should restrict logical and physical access to authenticated and authorized systems and personnel.
• Only authenticated and authorized configuration changes ( e.g., firmware, settings) should be processed by synchrophasor systems.
• All configuration changes and access requests to synchrophasor systems should be auditable.
• Synchrophasor applications should validate the authenticity and integrity of all data acquired.
• Asset owners shouldn’t rely exclusively on security measures outside their direct observation and control.
• The introduction or integration of synchrophasor systems shouldn’t expose other utility systems to unauthorized access or attack.
• Utility systems should be able to continue essential functions in the absence of PMU data.
• Authorized operators should have the ability to disable automated protection and control associated with synchrophasor systems while maintaining monitoring functionality.
• Essential synchrophasor functionality shouldn’t have single points of failure.
A complete list of recommendations presented in a systematic approach can be found in the UCAIug Security Profile for Wide-Area Monitoring, Protection, and Control (Synchrophasor) , developed by the advanced security acceleration project for the smart grid team. 6 The synchrophasor security profile uses a failure analysis approach to define controls for an explicit set of use cases, and validates this set of controls for completeness against the controls in NIST IR 7628, “Guidelines for Smart Grid Cyber Security.” 7
Advancing Cyber Security
Securing the smart grid, from transmission systems to home area networks, will require coordination among many stakeholders, including owners and operators, vendors, technology developers, systems integrators, government agencies, and researchers at national laboratories and universities. By coordinating their activities and building on the work of others, industry and government can work together to deliver secure next-generation technologies; practical, actionable implementation guidance for utilities; and security standards and testing requirements for smart grid components and systems.
Securing Tomorrow's Grid (Part II) is here .
1. Smart grid domains are defined in: National Institute of Standards and Technology, The Smart Grid Interoperability Panel—Cyber Security Working Group, Guidelines for Smart Grid Cyber Security , NISTIR 7628 NIST, August 2010.
2. The objectives are taken directly from: Howard Lipson and James Ivers, Advanced Metering Infrastructure Security and Survivability: Risks, Challenges, and Progress , Draft v0.1, Carnegie Mellon University Software Engineering Institute, Sept. 29, 2008.
3. OpenHAN Task Force, UCAIug Home Area Network System Requirements Specification, Version 2.0 , (UCAIug, August 30, 2010).
4. Advanced Security Acceleration Project for the Smart Grid, Security Profile for Advance Metering Infrastructure , Version 2.0 (AMI-SEC Task Force and NIST Cyber Security Coordination Task Group, June 22, 2010.
5. Department of Homeland Security Control Systems Security Program, National Cyber Security Division, Catalog of Control Systems Security: Recommendations for Standards Developers , DHS, September 2009.
6. Advanced Security Acceleration Project for the Smart Grid, Security Profile for Wide-Area Monitoring, Protection, and Control , UCAIug Smart Grid Security Working Group, draft May 16, 2011.
7. National Institute of Standards and Technology, The Smart Grid Interoperability Panel – Cyber Security Working Group, Guidelines for Smart Grid Cyber Security