Skip to main content
Top

2023 | OriginalPaper | Chapter

A Study on Cybersecurity Standards for Power Systems

Author : Sajal Sarkar

Published in: Power Systems Cybersecurity

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In order to have explicit cybersecurity measures and best cybersecurity practices in power systems, a number of cybersecurity standards containing generic sets of rules/guidelines for maintaining proper cybersecuirty hygiene are being designed and developed. However, appropriate study, proper understanding of scope, applicability, and implementation guidelines of these cybersecurity standards for power systems are not adequately being exercised and presented till date. In this chapter, a study is presented to understand the scope and applicability of cybersecurity standards and derive implementation guidelines in power systems. The proposed study discussed and analyzed relevant cybersecuriy standards for understanding the scope, applicability, cybersecurity process improvement for individual systems/devices deployed in present day power systems and also for a whole system setup such as substation/plant, communication setup, local/central control center.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference CEA, CEA (Cyber security in Power Sector) Guidelines. Information Technology & Cyber Security Division, Central Electricity Authority, India (2021) CEA, CEA (Cyber security in Power Sector) Guidelines. Information Technology & Cyber Security Division, Central Electricity Authority, India (2021)
2.
go back to reference NERC-CIP, NERC-CIP: The North American Electric Reliability Corporation Critical Infrastructure Protection (2005, 2009) NERC-CIP, NERC-CIP: The North American Electric Reliability Corporation Critical Infrastructure Protection (2005, 2009)
3.
go back to reference BSI, Germany IT Security Act, Federal Cyber Security Authority, Germany (2015) BSI, Germany IT Security Act, Federal Cyber Security Authority, Germany (2015)
4.
go back to reference ITA-2000, The Information Technology Act (India 2000) ITA-2000, The Information Technology Act (India 2000)
5.
go back to reference IS 16335, IS 16335: 2015 Power Control Systems-Security Requirements, Bureau of Indian Standard (2015) IS 16335, IS 16335: 2015 Power Control Systems-Security Requirements, Bureau of Indian Standard (2015)
6.
go back to reference ISO/IEC27001, ISO/IEC 27001:2013 Information technology–Security techniques–Information security management systems–Requirements, in ISO/IEC 27001:2013(en) Information technology-Security techniques-Information security management systems-Requirements, 2013 ISO/IEC27001, ISO/IEC 27001:2013 Information technology–Security techniques–Information security management systems–Requirements, in ISO/IEC 27001:2013(en) Information technology-Security techniques-Information security management systems-Requirements, 2013
7.
go back to reference IEEE, IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities, PE/PSCC-Power System Communications and Cybersecurity, IEEE Power & Energy Society (2013) IEEE, IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities, PE/PSCC-Power System Communications and Cybersecurity, IEEE Power & Energy Society (2013)
8.
go back to reference ISO 28000:2022, Specification for security management systems for the supply chain. International Organization for Standardization (2022) ISO 28000:2022, Specification for security management systems for the supply chain. International Organization for Standardization (2022)
9.
go back to reference ISA/IEC 62443, ISA/IEC 62443, Industrial Security Assessment and Certification ISA/IEC 62443, ISA/IEC 62443, Industrial Security Assessment and Certification
10.
go back to reference S . Sarkar, A. Agrawal, Y.M. Teo, E.C. Chang, VOTNET: hybrid simulation of virtual operational technology network for cybersecurity assessment, in IEEE Winter Simulation Conference (WSC) (IEEE, 2018), pp. 1168–1179 S . Sarkar, A. Agrawal, Y.M. Teo, E.C. Chang, VOTNET: hybrid simulation of virtual operational technology network for cybersecurity assessment, in IEEE Winter Simulation Conference (WSC) (IEEE, 2018), pp. 1168–1179
11.
go back to reference S. Sarkar, Y.M. Teo, E.C. Chang, A cybersecurity assessment framework for virtual operational technology in power system automation. Simul. Model. Pract. Theory 117, 102453 (2022) S. Sarkar, Y.M. Teo, E.C. Chang, A cybersecurity assessment framework for virtual operational technology in power system automation. Simul. Model. Pract. Theory 117, 102453 (2022)
12.
go back to reference P. Didier, F. Macias, J. Harstad, R. Antholine, S.A. Johnston, S. Piyevsky, M. Schillace, G. Wilcox, D. Zaniewski, S. Zuponcic, Converged plantwide ethernet (CPWE) design and implementation guide. Cisco Systems and Rockwell Automation (2011) P. Didier, F. Macias, J. Harstad, R. Antholine, S.A. Johnston, S. Piyevsky, M. Schillace, G. Wilcox, D. Zaniewski, S. Zuponcic, Converged plantwide ethernet (CPWE) design and implementation guide. Cisco Systems and Rockwell Automation (2011)
13.
go back to reference IEEE37.240, IEEE standard cybersecurity requirements for substation automation, protection, and control systems. IEEE Power & Energy Society (2014) IEEE37.240, IEEE standard cybersecurity requirements for substation automation, protection, and control systems. IEEE Power & Energy Society (2014)
14.
go back to reference F. Cleveland, IEC 62351 security standards for the power system information infrastructure,IEC TC57 WG15 Security Standards (14) (2012) F. Cleveland, IEC 62351 security standards for the power system information infrastructure,IEC TC57 WG15 Security Standards (14) (2012)
15.
go back to reference ISO/IEC27019, ISO/IEC27019:2017 Information technology-security techniques-information security controls for the energy utility industry (2017) ISO/IEC27019, ISO/IEC27019:2017 Information technology-security techniques-information security controls for the energy utility industry (2017)
16.
go back to reference ENISA, The European Union Agency for Cybersecurity, ENISA (2004) ENISA, The European Union Agency for Cybersecurity, ENISA (2004)
17.
go back to reference CPSF, The Cyber Physical Security Framework(CPSF), Version 1.0, Cybersecurity Division, Commerce and Information Policy Bureau, Ministry of Economy, Trade and Industry (April 2019) CPSF, The Cyber Physical Security Framework(CPSF), Version 1.0, Cybersecurity Division, Commerce and Information Policy Bureau, Ministry of Economy, Trade and Industry (April 2019)
18.
go back to reference E. Cole, SANS ICS Attack Surfaces, in SANS Industrial Control System (2017) E. Cole, SANS ICS Attack Surfaces, in SANS Industrial Control System (2017)
19.
go back to reference C. Bing, S. Kelly, Cyber attack shuts down top U.S. fuel pipeline network. Reuters (8 May 2021) C. Bing, S. Kelly, Cyber attack shuts down top U.S. fuel pipeline network. Reuters (8 May 2021)
20.
go back to reference G. Liang, S.R. Weller, J. Zhao, F. Luo, Z.Y. Dong, The, Ukraine Blackout: implications for false data injection attacks. IEEE Trans. Power Syst. 32(4), 2017 (2015) G. Liang, S.R. Weller, J. Zhao, F. Luo, Z.Y. Dong, The, Ukraine Blackout: implications for false data injection attacks. IEEE Trans. Power Syst. 32(4), 2017 (2015)
22.
go back to reference CMMI, CMMI for Systems Engineering/Software Engineering, Version 1.02, CMU/SEI-2000-TR-019, ESC-TR-2000-019, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2000) CMMI, CMMI for Systems Engineering/Software Engineering, Version 1.02, CMU/SEI-2000-TR-019, ESC-TR-2000-019, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2000)
23.
go back to reference ISO/IEC 20243-1, ISO/IEC 20243-1:2018 Information technology-Open Trusted Technology Provider TM Standard (O-TTPS)-Mitigating maliciously tainted and counterfeit products-Part 1: Requirements and recommendations, ISO/IEC (2018) ISO/IEC 20243-1, ISO/IEC 20243-1:2018 Information technology-Open Trusted Technology Provider TM Standard (O-TTPS)-Mitigating maliciously tainted and counterfeit products-Part 1: Requirements and recommendations, ISO/IEC (2018)
24.
go back to reference ISO/IEC 20243-2, ISO/IEC 20243-2:2018 Information technology-Open Trusted Technology ProviderTM Standard (O-TTPS)-Mitigating maliciously tainted and counterfeit products-Part 2: Assessment procedures for the O-TTPS, ISO/IEC (2018) ISO/IEC 20243-2, ISO/IEC 20243-2:2018 Information technology-Open Trusted Technology ProviderTM Standard (O-TTPS)-Mitigating maliciously tainted and counterfeit products-Part 2: Assessment procedures for the O-TTPS, ISO/IEC (2018)
25.
go back to reference National Institute of Standards and Technology, Guide to Industrial Control Systems (ICS) Security (NIST Special Publication 800-82, Rev. 2) (9 Feb 2015) National Institute of Standards and Technology, Guide to Industrial Control Systems (ICS) Security (NIST Special Publication 800-82, Rev. 2) (9 Feb 2015)
26.
go back to reference IEEE C37.118-2005, C37.118-2005-IEEE Standard for Synchrophasor Measurements for Power Systems (IEEE 2005) IEEE C37.118-2005, C37.118-2005-IEEE Standard for Synchrophasor Measurements for Power Systems (IEEE 2005)
27.
go back to reference IEEE C37.118.1-2011, C37.118.1-2011- EEE Standard for Synchrophasor Measurements for Power Systems (IEEE, 2011) IEEE C37.118.1-2011, C37.118.1-2011- EEE Standard for Synchrophasor Measurements for Power Systems (IEEE, 2011)
29.
go back to reference W. Newhouse, S. Keith, B. Scribner, G. Witte, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2017) W. Newhouse, S. Keith, B. Scribner, G. Witte, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2017)
Metadata
Title
A Study on Cybersecurity Standards for Power Systems
Author
Sajal Sarkar
Copyright Year
2023
DOI
https://doi.org/10.1007/978-3-031-20360-2_18