Building an Effective Security Program for Distributed Energy Resources and Systems. Mariana Hentea
Чтение книги онлайн.

Читать онлайн книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea страница 12

СКАЧАТЬ

      Foreword

      “Just because something doesn’t do what you planned it to do doesn’t mean it’s useless.” (Thomas A. Edison, US Inventor)

      Environmental policies, energy rising costs, and technology innovations are challenging many assumptions that were used to build current electric utility infrastructure, which has been evolving for more than a century. The power grid is the most complex man‐made system that allows access to electricity, a fundamental enabler for the economy. While access to electricity is the greatest engineering achievement of the twentieth century, the grid of today does not have the attributes necessary to meet the demands of the twenty‐first century and beyond.

      The Smart Grid paradigm promises to improve the power grid reliability and enable sustainability and customer choice. To meet the power grid concerns, utilities around the world are investing in distributed energy resources (DERs). However, different utilities have different reasons and business drivers for investing in DERs management. Besides grid reliability, the increasingly rapid adoption of DERs is driven by other factors such as to meet the world's energy efficiency and greenhouse gas emission goals. With these drivers for investing in DERs and Smart Grids, cybersecurity solutions are imperative for reliable energy delivery. In highly connected world via Internet and with an increasing sophistication of threats, it is unrealistic to assume energy delivery systems are isolated or immune from compromise.

      To achieve the interoperability of Smart Grid devices and systems, it is required that standards and protocols align policy, business, and technology in a manner that would enable all electric resources, including demand‐side resources, to contribute to an efficient, reliable electricity network. There is a need to understand that ensuring cybersecurity and privacy of the information is more than conformance to standards.

      Security and privacy needs for Smart Grid and DERs, strategies, security requirements, risk management, security and privacy design, and countermeasures as well as standards and best industry practice recommendations are discussed in this book.

       Understanding Security for Smart Grid and Distributed Energy Resources and Systems (Vol 1)

       Building Security Program for Smart Grid and Distributed Energy Resources and Systems (Vol 2)

       Effective Security Program for Smart Grid and Distributed Energy Resources and Systems:

       An Engineering Approach (Vol 3)

      The aim of this three-volume book is building security and privacy programs to support the development of Smart Grid Systems and DER systems that are reliable, secure, resilient, and flexible. The cybersecurity problem becomes a very complex problem for the Smart Grid system, defined also a system of systems. The basic concepts, approaches, and frameworks are described in this three-book set. Smart Grid and DERs security and privacy issues are gradually introduced and discussed from many perspectives.

      These books include information about strategies, security requirements, risk management, security design, and countermeasures as well as regulations, standards, and best practice recommendations. The focus is on describing the most specific issues of Smart Grid and DERs including building security and privacy program blocks to handle several aspects of the security and privacy risks for the Smart Grid and DER systems. These books demonstrate how to blend Engineering techniques with standards and best security practices. Finally, a perspective on the future DER systems cannot be discussed without taking a look at the vision on the future Smart Grids and research needs.

      The information provided in this three-volume book could be used to educate current workforce, future graduates, academic/research, and regulators to understand the complex cybersecurity domain in the context of the various paradigms (e.g. Smart Grid, convergence of security by design and privacy by design) and emerging technologies (e.g. Internet of Things, wireless technologies, big data analytics, machine learning, intelligent control, and decision-making).

      Understanding Security for Smart Grid and Distributed Energy Resources and Systems

      “If you want to find the secrets of the universe, think in terms of energy, frequency and vibration.” (Nikola Tesla, US Inventor)

      The emergence of Smart Grid paradigm and distributed energy resources (DERs) applications requires innovation and deployment of new technologies, processes, and policies. DERs are typically smaller electricity generation or storage units located in a community, business, or home. They can serve consumers' energy needs locally and can provide support for the grid. All points of the power grid infrastructure will come under challenge, so it is critical that we fix the process and trust issues in DERs and future Smart Grid technologies.

      The more sophisticated technologies and devices become, the greater the danger of them being stolen or adapted for misuse. The growing popularity of wireless technology used in several computing systems may have finally attracted enough hackers to make the potential for serious security threats a reality. In fact, the number and types of mobile threats – including viruses, spyware, malicious downloadable applications, phishing, and spam – have spiked in recent months. One can argue that device makers and wireless service providers have long focused on communications and other services, with security remaining an afterthought.

      There is a growing concern about the security and safety of the control systems in terms of vulnerabilities, lack of protection, and awareness. In the past, control systems were isolated from other Information Technology (IT) systems. Historically, IT teams and industrial control systems or operational technology (OT) teams have been organized vertically based on the technology stack they managed. Connection to the Internet is new (early 1990s) and debatable among specialists. However, even without any connection to the Internet, these systems are still vulnerable to external or internal attackers that can exploit vulnerabilities in private communication networks and protocols, software such as operating systems, custom and vendor software, data storage software, databases, and applications.

      Therefore, the increasing cyber attacks to energy sector and critical infrastructure are National concerns that require better security and privacy protection, an educated work force of Engineers in the area of security and privacy issues, and Security Professionals in the area of industrial control systems, particularly developing and implementing security protection for emerging Smart Grid applications and DER systems.

      The security frameworks and initiatives surrounding the Smart Grid technology hence need to be provided and applied in a time‐critical fashion before larger implementations of Smart Grid roll out without good designs. Additionally, the electrical power community needs to critically consider applications of such frameworks to legacy power grid implementations to avoid security add‐ons that could be costly and inefficient.