Building an Effective Security Program for Distributed Energy Resources and Systems. Mariana Hentea
Чтение книги онлайн.

Читать онлайн книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea страница 13

СКАЧАТЬ and energy sector as a critical infrastructure. It discusses strategies, approaches, methods, frameworks, and standards that could help current work force in the electrical sector and power product manufacturers to:

       Understand the security problem as it applies to the power grid, energy sector, and electricity subsector.

       Understand the cybersecurity terms and evolution of terms.

       Understand the Smart Grid concepts, DERs, and system needs for protection against intentional or unintentional threats.

       Construct new engineering approaches to cybersecurity such as integrated organizational cooperation, strategic and tactical methods to be implemented, and increasing standards compliance requirements as well as fostering public trust that security is a high priority to those who provide these critical energy resources.

       Define trust in a dynamic, collaborative environment and understand what it means to provide trust throughout an interaction.

       Use a common framework for security policies and support of interoperability, ensuring security, and continuity.

       Recognize the importance of standards in the development of Smart Grid technologies and DER systems to develop a framework that includes protocols and model standards for information security management.

       Describe relevant cybersecurity standards or best practices that can be used for the specific applications.

       Understand the scope and limitations of the security controls.

       Identify the capability of the components or system to be updated to meet future cybersecurity requirements or technologies.

      The key topics discussed in the book include:

       Smart Grid paradigm, DERs and systems, scope of security and privacy, computing and information systems for business and industrial applications, critical Smart Grid systems, overview of Smart Grid cybersecurity standards, and key players in Smart Grid standards development.

       Cybersecurity concepts and cybersecurity evolution, cybersecurity for electrical sector as a National Priority, emerging technologies, the needs for Smart Grid cybersecurity, solutions, security, and privacy programs.

       Principles of cybersecurity, characteristics of information, critical security characteristics of information and systems, information security models.

       Applying security principles to Smart Grid and DERs, Smart Grid infrastructure and technologies by considering IT systems infrastructure versus industrial control systems infrastructure with their differences and similarities including the IT and Operational convergence trends.

       Smart Grid vulnerabilities, threats, recent cyber attacks, security controls, and cybersecurity challenges.

       Critical infrastructure, critical infrastructure interdependencies, energy sector as a component of critical infrastructure, information security frameworks (NIST Cybersecurity Framework and NIST Privacy framework – generic frameworks), terrorism challenges addressing security of control systems, emerging technologies, and impacts to cybersecurity.

       Characteristics of Smart Grid and DER systems, power system services and operations, energy management system, electrical utilities evolution, Smart Grid conceptual models (NIST conceptual model, IEEE model, European Union conceptual model), power and smart devices, and Smart Grid key technologies.

       Analysis of power system characteristics (e.g. stability, partial stability), analysis of DER impacts, addressing issues (e.g. cybersecurity, reliability, resiliency, cyber‐physical systems), Smart Grid interoperability dimensions, interoperability framework, and addressing cross‐cutting issues.

       Distributed energy systems, DER technologies and security challenges, establishing information security governance, and examples of Smart Grid applications and cybersecurity expectations.

       Security management as a broad field of management, security management components and tasks, security program definition and functions, security management process, asset management, physical security and safety, security versus safety, information security management infrastructure, models and frameworks for information security management, privacy program functions, and approaches for building a security program and privacy program.

       Security management for Smart Grid systems – strategic, tactical, and operational views, unified view of security management based on risk management for both IT systems and control systems, systemic security management – comparison and discussion of models, efficient and effective management solutions, security models for electrical sector – electricity subsector cybersecurity capability maturity model (ES‐CM2), NIST framework, etc., implementation challenges on achieving security governance, and ensuring information assurance, certification, and accreditation.

      The topics discussed in this book help to educate the Security Professionals, Power Control Engineers, management, regulators, service providers, and inform the public at large about the Smart Grid paradigm, DERs, and needs for Security and Privacy protection. Also, the book may be used to educate future graduates (e.g. engineers, computer science, IT graduates, business, and law) to gain skills and more knowledge on understanding and managing the security and privacy risks of Smart Grid and DERs as well as approaches for defining and maintaining a security and privacy program. For example, Law students can use the material from the book to understand the cybersecurity issues for critical infrastructure problems. Also, they can learn about the current regulations, the power and consumers' needs for new regulations in the future.

      Research and academia communities could use the book to have a broader view of the cybersecurity problems for Smart Grid, critical infrastructure and energy sector.

      Acknowledgments

      Although I am the sole author of this book, the content is the product of my work experience and learning from discussions with colleagues and friends about various topics and projects at work, interactions with researchers at conferences and workshops, meetings and presentations provided by professional societies, my published research works, presentations and talks at conferences, teaching courses in the university, leading research projects with students, meetings with IEEE members, etc.

      Besides these, I have been inspired by Dr. Martha Evens' strength and dedication to seek new work and educate others. Dr. Martha Evens encouraged me to pursue a doctoral degree in Artificial Intelligence, after I accomplished an MS in computer science at Illinois Institute of Technology, Chicago, IL, USA. Still after several decades, Dr. Evens (now emeritus professor) provided advice on how to manage the writing of this book. She always encouraged me to pursue my own research interests.

      The chosen topic – cybersecurity for the Smart Grid and distributed energy resources – is the result of my own decision, after I learned about threats to power grid and the need for providing more information on security matters to engineers.

      I thank Dr. Simone Taylor for reading my book proposal and offering the opportunity to publish this book. My thanks also go to reviewers, Antony Sami, Brett Kurzman, Kari Capone, Sarah Lemore, and the team of editors and managers from Wiley. Their support and advice in completing the writing task are very much appreciated.

      Mariana Hentea 28 November 2019

СКАЧАТЬ