General Cyber Security Concepts
What Does Cyber Security Cover? The ‘All Hazards’ Approach
In its broadest sense, cyber security for the power industry covers all issues involving automation and communications that affect the operation of electric power systems and the functioning of the utilities that manage them.
In the power industry, the focus has been almost exclusively on implementing equipment that can improve power system reliability. Until recently, communications and information equipment have been considered of peripheral importance – they were often seen as just another isolated piece of equipment to help achieve power system reliability.
For example, with the exception of the initial power equipment problems in the August 14, 2003 blackout, the on-going and cascading failures were almost exclusively due to problems in providing the right information to the right place within the right time.
Cyber Security IAC (Integrity, Availability, Confidentiality) Requirements
FIPS-199 (and many other security documents) classify security requirements of information types by priority into Confidentiality, Integrity, and Availability.
On the other hand, industrial control systems typically classify the priorities of the security requirements in a different order, namely Integrity, Availability, Confidentiality, and (sometimes) Accountability (Non-repudiation).
Integrity is generally considered the most critical security requirement for power system operations, and includes assurance that:
- Data has not been modified without authorization
- Source of data is authenticated
- Timestamp associated with the data is known and authenticated
- Quality of data is known and authenticated
|Title:||Cyber Security Issues for the Smart Grid – White Paper by Frances Cleveland, Xanthus Consulting International|
|Download:||Right here | Video Courses | Membership | Download Updates|