Building an Effective Security Program for Distributed Energy Resources and Systems. Mariana Hentea
Чтение книги онлайн.

Читать онлайн книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea страница 44

СКАЧАТЬ vast areas of the continent for weeks; interrupt supplies of water, gasoline, diesel fuel and fresh food; shut down communications; and create disruptions of a scale that was only hinted at by Hurricane Sandy and the attacks of Sept. 11. [Wald 2013]

      Although this scenario sounds like a piece of science fiction, the reporter is warning the public about the fragility of the electric system that is tightly integrated that a collapse in one spot, whether by error or intent, can set off a cascade of power failure.

      Another warns about the electric utility industry lacking adequate protection, and a major cyber threat to critical infrastructures is from the electric utilities [Weiss 2013]. While facts and impacts are not yet encountered by the electrical sector as described in these publications, we need to understand the dangers of cyber threats including other issues. Energy technologies must be robust and resistant to these vulnerabilities.

      At least we have to consider that in today's highly connected world, with an increasingly sophisticated cyber threat, it is unrealistic to assume energy delivery systems are isolated or immune from compromise [Hawk 2014]. The grid is essential for almost everything, but it is mostly controlled by investor‐owned companies or municipal or regional agencies. That expertise involves running 5 800 major power plants and 450 000 miles of high‐voltage transmission lines, monitored and controlled by a staggering mix of devices installed over decades.

      Some utilities use their own antique computer protocols and are probably safe from hacking – what the industry calls security through obscurity [Hawk 2014]. Also, cybersecurity in the IT/OT systems for the Smart Grid continues to be a significant topic and has been made even more critical by the convergence of IT/OT [Meyers 2013]. This convergence has enabled an enabled a new range of consumer‐based OT, most of which is beyond the reach or control in the traditional utility. Therefore, an IT/OT‐converged approach allows utility personnel to deploy each grid modernization application project as a part of a connected whole.

      Cybersecurity is a serious and ongoing security, safety, and economic challenge for the electricity sector. The critical role of cybersecurity in ensuring the effective operation of the Smart Grid is documented in legislation and in the DOE energy sector plans (e.g. [DOE 2011]).

      Securing the grid is one pillar of the framework set forth in the policy of Energy Independence and Security Act of 2007, and the Recovery Act of the Federal Government [EISA 2007] states:

      1 Increased use of digital information and controls technology to improve reliability, security, and efficiency of the electric grid

      2 Dynamic optimization of grid operations and resources, with full cybersecurity.

      Security of grid implies safety and protection of assets, organization, consumers, and public from threats (intentional and unintentional) including natural disasters. Cybersecurity for the Smart Grid needs to support both the reliability of the grid and the security (and privacy) of the information that is generated, processed, transmitted, stored, or disposed. Defined in broad terms, cybersecurity for the power industry covers all issues involving automation and communications that affect the operation of electric power systems, the functioning of the utilities that manage them, and the business processes that support the customer base [NISTIR 7628r1].

      2.6.1 Need for Cybersecurity Solutions

      Cybersecurity solutions for energy infrastructure are imperative for reliable energy delivery. While reliability remains a fundamental principle of grid modernization efforts, reliability requires cybersecurity [Hawk 2014], [P2030 2011]. As the need for cybersecurity increases, this work [Hawk 2014] discusses energy sector partnerships that are designing cybersecurity for the Smart Grid with the vision of surviving a cyber incident while sustaining critical energy delivery functions.

      A recently released document [DOE 2014b] provides guidance and requirements for cybersecurity features for the supply chain vendors and manufacturers of equipment, devices, and software used in power systems. Also, NIST's three‐volume document [NISTIR 7628r1] provides guidance to organizations for cybersecurity and privacy strategies, architecture, requirements, supportive analyses, and references.

Schematic illustration of interdependencies across the economy.

      Source: [DHS 2010]. Public Domain.

      Over the past two decades, the roles of the electricity sector stakeholders have shifted: generation, transmission, and delivery functions have been separated into distinct markets; customers have become generators using distributed generation technologies; and vendors have assumed new responsibilities to provide advanced technologies and improve security. These changes have created new responsibilities for all stakeholders in ensuring the continued security and resilience of the electric power grid.

      2.6.2 The US Plans

      In the United States, the Federal Energy Regulatory Commission (FERC) defines polices for Smart Grid cybersecurity. Cybersecurity is briefly understood as encompassing measures to ensure the confidentiality, integrity, and availability of the electronic information communication systems and the control systems necessary for the management, operation, and protection of the Smart Grid's energy, IT, and telecommunication infrastructures [FERC 2009]. DOE supports the administration's strategic comprehensive approach to cybersecurity for the power grid. Also, DOE works closely with the DHS, industry, and other government agencies on an ongoing basis to reduce the risk of energy disruptions due to cyber attacks.

      The DOE envisions a robust, resilient energy infrastructure in which continuity of business and services is maintained through secure and reliable information sharing, effective risk management programs, coordinated response capabilities, and trusted relationships between public and private security partners at all levels of industry and government [DOE 2010]. While the DOE cybersecurity roadmap provides a foundation for the development and adoption of interoperability and cybersecurity standards, the updated roadmap of 2011 [DOE 2011] goes on to recognize the advances in cybersecurity and other technology including the evolving needs of the energy sector such as the following:

       Providing a broader focus on energy delivery systems, including control systems, Smart Grid technologies, and the interface of cyber and physical security – where physical access to system components can impact cybersecurity.

       Building on successes and addressing gaps require new priorities to be identified such as enhancing vulnerability disclosure between government, researchers, and industry; addressing gaps СКАЧАТЬ