Building an Effective Security Program for Distributed Energy Resources and Systems. Mariana Hentea

Чтение книги онлайн.

СКАЧАТЬ implies that the system will remain intact operationally (e.g. will have sufficient available operating capacity) even after outages or other equipment failure. The degree of reliability may be measured by the frequency, duration, and magnitude of adverse effects on consumer service.

      Among reasons for developing an interconnected electric utility system is also the improvement in the reliability of services to customers when individual generating plant reliability was (and still is) much less than 100%. Currently, the security focus of the industry has expanded to include withstanding disturbances caused by man‐made physical or cyber attacks.

      1.4.1.2 Security as Communication Reliability

      Security as communication reliability is used to describe the reliability for power system communication, which has several facets, including the probability that a given message will be lost entirely, the use of redundant communication paths and automatic failover to protect against message loss, the expected time delay (latency) in delivering a message, and the expected variability of that time delay (jitter) [Nordell 2012]. It also involves how competing messages may (or may not) be given priority when communication channels are saturated. This latter parameter is known as quality of service (QoS) and has long been practiced in the world of telephony, but it is a relatively new concept for power system engineers.

      1.4.1.3 Security as Information Protection

Security as information protection involves measures taken to ensure the anonymity of electronic information, both in transit and when stored on digital systems; of primary importance is information related to protecting personal information related to utility customers and information about the electric power system that may be of interest to parties who wish to harm the utility or its customers [Nordell 2012].

      The four interrelated dimensions to energy security are described as physical, cyber, supply, and conflict‐related as defined in [DOE 2015a]:

       Physical security risks are related to damage to energy supply, storage, and delivery infrastructures, such as the electric grid, pipeline networks, and rail and marine systems.

       Cybersecurity risks are related to the compromise of ICT‐based controls that operate and coordinate energy supply, delivery, and end‐use systems.

       Supply security risks are related to price shocks and international supply disruptions of energy commodities, critical materials, and/or equipment.

       Conflict‐related security risks are associated with unrest in foreign countries linked to, or impacting, energy.

      Therefore, multiple definitions of security need to be explored to find some common thread that can help ensure the success of the pursuit of a smarter electrical grid while maintaining security – in all of its various meanings [Nordell 2012].

      Grid security and the privacy of people including consumers are of vital importance in the energy sector. If there is any compromise of the personal data or security of the power service, it can undermine everything. An incident would not only create a breach of privacy or security, but it might also compromise the potential future markets the technology might have been able to create if the service had been secure.

      1.4.2 Privacy

      Similar to security, privacy has many definitions for use on different contexts, cultures, and jurisdictions. One definition is provided as [Dictionary 1994]:

      The condition of being secluded from others; secrecy.

      Generally, privacy means a state in which an individual is not observed or disturbed by others.

      Privacy refers to protection of personal data. Personal data means any information relating to an identified or identifiable individual (data subject) [Shei 2013].

      In the Internet and Web context, where users exchange private data via Web or email with organizations or other users, sometimes unknown users, users experience many concerns:

       What personal information can be shared with whom.

       Whether and how one can share information anonymously.

      Thus, users are concerned with privacy as it relates to personally identifiable information (PII). This is associated with collection, ownership, access control, integrity control, distribution, modifications, repurposing, reconstruction, and disposition of relating to an individual.

      In some situations, an individual might choose to withhold their identity to be publicly unknown or anonymous. In protecting the PII, one option is anonymity. Anonymity is a result of not having identifying characteristics (such as a name or description of physical appearance) disclosed. More concepts and principles related to privacy are available at [OECD 2016]. Therefore, privacy rights are defined in constitutional and common law. Privacy laws deal with the regulation of personal information about individuals that can be collected, stored, and used by governments and other public as well as private organizations.

There is not one universal, internationally accepted definition of privacy; it can mean many things to different individuals. At its most basic, privacy can be seen as the right to be left alone. Privacy terms are defined differently among various industries, groups, countries, and even individuals. Furthermore, privacy should not be confused, as it often is, with being the same as confidentiality, and personal information is not the same as confidential information. Confidential information is information for which access should be limited to only those with a business need to know and that could result in compromise to a system, data, application, or other business function if inappropriately shared.

      Additionally, privacy can often be confused with security. Although there may be significant overlap between the two, they are also distinct concepts. There can be security without having privacy, but there cannot be privacy without security; it is one of the elements of privacy.

      1.4.2.1 Privacy in the Smart Grid

      It is important to understand that privacy considerations with respect to a Smart Grid include examining the rights, values, and interests of individuals; it involves the related characteristics, descriptive information, and activities [NISTIR 7628r1]. Thus, data privacy is impacted by the practices of customers who supply personal data and all entities that gather or handle that data.

      Also, new energy usage data collected outside of smart meters, such as from home energy management systems (EMS), is also created through applications of Smart Grid technologies. As those data items become more specific and are made available to additional individuals, the complexity of the associated privacy issues increases as well.

      Another perspective on privacy is described as consisting of four dimensions [NISTIR 7628r1]:

       Privacy of personal information involves the right to control when, where, how, to whom, and to what extent an individual shares his/her own personal information, as well as the right to access personal information given to others, to correct it, and to ensure it is safeguarded and disposed of appropriately.

       Privacy of the person is the right to control the integrity of one’s own identity and body (physical requirements, health problems, and required medical devices).

       Privacy of personal behavior is the right to keep any knowledge of their activities, and their choices, СКАЧАТЬ