Building an Effective Security Program for Distributed Energy Resources and Systems. Mariana Hentea

Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea


Скачать книгу
the vision of surviving a cyber incident while sustaining critical energy delivery functions must be carefully engineered and require novel solutions [Hawk 2014], [Ray 2010].

      2.4.1 Forces Shaping Cybersecurity

      Cybersecurity progress requires understanding of all its aspects as a vector quantity including the forces shaping its evolution as identified in [Agresti 2010]:

       Rebranding exercise means cybersecurity is replacing information security and information assurance as the term of choice; this move promises an engagement with the public.

       Organizational imperative means that offering information assurance in cyberspace, although infeasible, might be required because of assets ownership changes in contracts and service agreements with outside parties.

       Cyberspace domain redefinition means becoming part of a virtual world that:Refers to the virtual environment of information and interactions between people [FERC 2009]Includes the physical world such as CPS and IoT [NSF 2014], [Lee 2010], [IoT], [EC‐EPoSS 2008]In this context, the Smart Grid and process control systems are types of CPS [CPS 2014], and smart meters and home automation are examples of the IoT applications.

       National defense priority requires securing cyberspace, which is a matter of survival for any nation; one strategy is providing new interaction models such as engaging the public and private sectors to collaborate on the protection of critical infrastructures.

Schematic illustration of the forces shaping cybersecurity.

      Source: [Agresti 2010]. © 2010, IEEE.

      Energy sector users and organizations need to succeed in understanding these forces including disturbances created by emerging technologies and trends.

      2.4.2 Smart Grid Trends

      Examples of trends that impact Smart Grid cybersecurity include the following:

       Mobile computing refers to workforce dependence on being mobile and pervasive computing that has generated several devices that assist with this mobility. Forrester Research referred to mobile computing as the empowered movement, since companies are empowering their employees with modern consumer‐oriented technologies to better serve their customers [Forrester 2010]. Due to the decreasing cost of computing and the ubiquity of smartphone usage, applications have been developed to be used in home automation to control or remotely monitor a thermostat for air conditioning or a switch for lights.

       Future Internet and its services are driven by users' needs, and new technologies enable these services. Examples of future Internet services for Smart Grid include:Energy consumer demand and responseDistributed energy storage with guaranteesPersonalized energy consumer profileControl of consumer's appliances

       Web as ubiquitous computer refers to the convergence of mobile smart devices, cloud computing, and software as a service, which enables Web with anytime and anywhere computing capabilities [Pendyala 2009]; the applications are moving from the local PC machine to the ubiquitous computer. One issue is that users cannot keep up with frequent software updates and configuring Wi‐Fi security settings.

       Embedded systems surround us in many forms from cars to cell phones, video equipment to MP3 players, and dishwashers to home thermostats. However, security for these systems is an open and more difficult problem than security for desktop and enterprise computing. Even a washing machine can be used as a platform to launch distributed denial‐of‐service (DoS) attacks against the public, an organization, or the government.

       Data‐intensive computing and real‐time processing of massive data streams are required by more applications. The North American electric power grid operations generate 15 terabytes of raw data per year, and estimates for analytic results from control, market, maintenance, and business operations exceed 45 Tbytes/day. As developers add new high‐resolution sensors to the grid, this data volume is increasing rapidly. Data‐intensive problems challenge conventional computing architectures with demanding CPU, memory, and I/O requirements.

       Network changes and adoption of new services are determined by the increasing amounts of data collected from sensors, home devices, and power devices that demands reliable and faster communication networks. Profound changes are beginning to occur in public networks, data centers, and enterprise networks such as upgrades of major carrier backbones to higher data rates and the replacement of infrastructure based on old technologies for core networking/transport. Adoption of new services is facilitated by the migration to new protocols (e.g. IPv6, SIP, MIP (MIPv4, MIPv6)) and the emergence of Web services.

       Home networking in a step toward the next‐generation unified home networking technology enables operation over all types of in‐home wiring (phone line, power line, coaxial cable, and Cat‐5 cable) using a single transceiver with few programmable parameters to connect home devices. Thus, new threats and vulnerabilities may occur to smart meters and DER devices installed for customer energy management.

       Virtualization is being adopted as a standard for businesses, but the tools and technologies for addressing the security issues are relatively immature or not consolidated to offer sound security solutions. Although the advantages of virtualization are not disputed (examples include reductions in energy costs that are causing more organizations to consider virtual environments), the protection of a virtual computer hardware platform, OS, storage device, or computer network resources requires attention.

       Virtual organization entity is formed whenever a developer creates an application or a workflow that features autonomous services owned by multiple organizations, each of which shares some proprietary services and part of its own knowledge. However, virtual organization introduces security concerns. For example, traditional access control methods based on the identity of each user in a virtual organization do not scale as the number of users and services increase, especially when the population of users and services is highly dynamic as in the Smart Grid environment.

       Deperimeterization is a process that causes the boundaries between systems, which means the disappearing of boundaries between systems and organizations, to disappear; in this process, they become connected and fragmented at the same time. The most obvious problem is how to reorganize the security. Deperimeterization implies not only that the border of the organization's IT infrastructure becomes blurred but also that the border of the organization' accountability fades.

       Global challenges influence the nature of the organization, and scope of information processing has evolved; managing information security is not just enforcing restrictions to maintain information security services such as confidentiality, integrity, availability, and non‐repudiation. In the new millennium, there are demands for more responsibility, integrity of people, trustworthiness, and ethicality [Dhillon 2001]. The most relevant global challenges include poor software quality, weaknesses of protocols, and services.

       Internet has become a critical infrastructure because societies and economies are converging on the Internet, and the distinction between physical and virtual worlds is blurring.


Скачать книгу