Top

e+i Elektrotechnik und Informationstechnik

Published in:

27-01-2017 | Originalarbeiten

Smart grid security – an overview of standards and guidelines

Authors: Karl Christoph Ruland, Jochen Sassmannshausen, Karl Waedt, Natasa Zivic

Published in: e+i Elektrotechnik und Informationstechnik | Issue 1/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper gives a short overview about important guidelines and standards that set the focus on security in Smart Grids and industrial automation. The standards are described and compared regarding their scope of application within the Smart Grid and the focus of the standards. Beside the description of standards, some guidelines of major importance to the development of Smart Grids are described.

previous article European provisions for cyber security in the smart grid – an overview of the NIS-directive

next article Tool support for data protection impact assessment in the smart grid

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

IEC 62351-1: Power systems management and associated information exchange – Data and communications security – Part 1: Communication network and system security – introduction to security issues.

IEC 62351-2: Power systems management and associated information exchange – Data and communications security – Part 2: Glossary of terms.

IEC 62351-3: Power systems management and associated information exchange – Data and communications security – Part 3: Profiles including TCP/IP.

IEC 62351-4: Power systems management and associated information exchange – Data and communications security – Part 4: Profiles including MMS.

Ruland, C., Sassmannshausen, J. (2015): Non-repudiation services for the MMS protocol of IEC 61850, security standardisation research. In L. Chen, S. Matsuo (Eds.) LNCS (Vol. 9497, pp. 70–85). Switzerland: Springer.

Ruland, C., Kang, N., Sassmannshausen, J. (2016): Rejuvenation of the IEC 61850 protocol stack for MMS. In IEEE international conference on smart grid communications (IEEE SmartGridComm 2016). Sydney, Australia, Nov 06–09.

IEC 62351-5: Power systems management and associated information exchange – Data and communications security – Part 5: Security for IEC 60870-5 and derivatives.

IEC 62351-6: Power systems management and associated information exchange – Part 6: Security for IEC 61850 profiles.

IEC 62351-8: Power systems management and associated information exchange – Data and communications security – Part 8. Role-based access control.

10.

IEC 62351-10: Power systems management and associated information exchange – Data and communications security – Part 10: Security architecture guidelines.

11.

IEC 62351-11: Power systems management and associated information exchange – Data and communications security – Part 11: Security for XML documents.

12.

IEC 62443-1-1: Industrial communication networks – Network and system security – Part 1-1: Terminology concepts and models.

13.

IEC 62443-2-1: Industrial communication networks – Network and system security – Part 2-1: Establishing an industrial automation and control system security program.

14.

IEC 62443-2-4: Security for industrial automation and control systems – Part 2-4: Security program requirements for IACS service providers.

15.

IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels.

16.

IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components.

17.

ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements.

18.

ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls.

19.

BDEW Bundesverband der Energie- und Wasserwirtschaft e.V.: White Paper – Requirements for secure control and telecommunication systems, March 2015. Available at https://www.bdew.de/internet.nsf/id/it-sicherheitsempfehlunge.

20.

ISO/IEC TR 27019:2013 Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.

21.

IEC/TR 62541-2:2010 OPC unified architecture – security model.

22.

ISO/IEC 27009:2016 Information technology – Security techniques – Sector-specific application of ISO/IEC 27001 – Requirements.

23.

NIST special publication 1108r3: NIST framework and roadmap for smart grid interoperability standards, Release 3.0, 2014.

24.

ISO/IEC 27036-1:2014 Information technology – Security techniques – Information security for supplier relationships – Overview and concepts.

25.

ISO/IEC 27036-2:2014 Information technology – Security techniques – Information security for supplier relationships – Requirements.

26.

ISO/IEC 27036-4:2016 Information technology – Security techniques – Information security for supplier relationships – Guidelines for security of cloud services.

27.

ISO/IEC 27034-2:2015 Information technology – Security techniques – Application security – Organization normative framework.

28.

ISO 55000-2:2014 Asset management – Management systems – Requirements.

29.

ISO/IEC 19770-1:2012 Information technology – Software asset management – Processes and tiered assessment of conformance.

30.

Waedt K., Ding Y., Gao Y., Xie X.: I&C modeling for cybersecurity analyses, 1st TÜV Rheinland China Symposium, Functional safety in nuclear and industrial applications, Shanghai, October 2015.

31.

IEC 62714-1:2014, Engineering data exchange format for use in industrial automation systems engineering – Automation markup language architecture and general requirements.

32.

HMG IA Standard No. 1:2009, technical risk assessment, issue No. 3.51.

33.

Bajramovic E., Waedt K., Gao Y., Parekh M.: Cybersecurity aspects in the I&C design of NPPs, INPPS, Istanbul, March 2016.

34.

Waedt K., Xie X., Gao Y., Ding Y.: Chipset level cybersecurity issues, 8th international workshop on application of FPGAs in NPPs, Shanghai, October 2015.

35.

The smart grid interoperability panel – cyber security working group – NISTIR 7628 guidelines for smart grid cyber security – August 2010. Available at http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf.

36.

CEN-CENELEC-ETSI: Smart grid coordination group. Smart grid information security. Report, November 2012. Available at http://ec.europa.eu/energy/sites/ener/files/documents/xpert_group1_security.pdf.

37.

North American electric reliability corporation: cyber security – BES cyber system categorization (CIP 002-5.1). Available at http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx.

38.

Parker, Steven: Introduction to NERC CIP version 5. The power magazine. Available at http://www.powermag.com/introduction-to-nerc-cip-version-5/.

Title: Smart grid security – an overview of standards and guidelines
Authors: Karl Christoph Ruland
Jochen Sassmannshausen
Karl Waedt
Natasa Zivic
Publication date: 27-01-2017
Publisher: Springer Vienna
Published in: e+i Elektrotechnik und Informationstechnik / Issue 1/2017
Print ISSN: 0932-383X
Electronic ISSN: 1613-7620
DOI: https://doi.org/10.1007/s00502-017-0472-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2017

Auswirkungen der IT-Sicherheit auf die Bahnstromautomatisierung

The FUSE testbed: establishing a microgrid for smart grid security experiments

Cyber Security für kritische Infrastrukturen

Towards holistic power distribution system validation and testing—an overview and discussion of different possibilities

Mutual inductive interference of 400 kV cable systems

Ceramic and hybrid support insulators for UHVDC systems