Information Security for Electric Power Utilities (EPUs)—CIGRÉ Developments on Frameworks, Risk Assessment, and Technology

Author

Ericsson, Göran N.

Author_Institution

Svenska Kraftnat (Swedish Nat. Grid), Vallingby

Volume

24

Issue

3

fYear

2009

fDate

7/1/2009 12:00:00 AM

Firstpage

1174

Lastpage

1181

Abstract

This paper deals with the important issue of proper treatment of information security for electric power utilities. It is based on the efforts of CIGRE Working Group (WG) D2.22 on ldquoTreatment of Information Security for Electric Power Utilities (EPUs)rdquo carried out between 2006 and 2008/2009. The WG produces a Technical Brochure (TB), where the purpose is to emphasize three main issues: security frameworks, risk assessment, and security technology. Here, guidance is given on different security frameworks based on an information security domain model. Also, baseline controls are treated. For risk assessment, a survey has been carried out. Only few commonalities, but several differences, have been found. Here, a methodology must be developed together with practical recommendations. For security technologies, guidance is given for deployment of different solutions, based on a logical diagram using different controls. Last, proposal on further work is given.

Keywords

electricity supply industry; power engineering computing; power system control; power system security; risk management; CIGRE Working Group; cyber security; electric power utilities; information security domain model; logical diagram; power system control; risk assessment; Communication systems; ISO/IEC standard; IT security; SCADA; control systems; cyber security; information security; power system communications; power system control; power systems; risk assessment; security framework; security technology; substation automation;

fLanguage

English

Journal_Title

Power Delivery, IEEE Transactions on

Publisher

ieee

ISSN

0885-8977

Type

jour

DOI

10.1109/TPWRD.2008.2008470

Filename

4797811