Cyber vulnerability disclosure policies for the smart grid

Author

Hahn, A. ; Govindarasu, M.

Author_Institution

Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA

fYear

2012

fDate

22-26 July 2012

Firstpage

1

Lastpage

5

Abstract

As smart grid technologies become more widely deployed, an increasing number of cyber vulnerabilities will be found throughout the supporting systems. While the traditional IT industry has a long history of dealing with vulnerability disclosures, however, recent discoveries within control system software have shown the power industry still lacks sufficient polices and approaches. This paper introduces current vulnerability disclosure methods, including full disclosure, limited disclosure, and non-disclosure. It then provides a comparison of disclosure policies by both vendors and disclosure coordinators. Finally, it addresses industry specific characteristics which may impact domain-specific disclosure policies and identifies requirements for improving disclosure methods.

Keywords

electricity supply industry; power system control; smart power grids; control system software; current vulnerability disclosure; cyber vulnerability disclosure policy; disclosure coordinators; domain-specific disclosure policy; power industry; smart grid; traditional IT industry; Computer security; Control systems; Electronic mail; Google; Industries; Software;

fLanguage

English

Publisher

ieee

Conference_Titel

Power and Energy Society General Meeting, 2012 IEEE

Conference_Location

San Diego, CA

ISSN

1944-9925

Print_ISBN

978-1-4673-2727-5

Electronic_ISBN

1944-9925

Type

conf

DOI

10.1109/PESGM.2012.6345603

Filename

6345603