Abstract
Information and Communication Technology (ICT) is increasingly utilised in the electrical power transmission system. For the power system, ICT brings a lot of benefits, but it also introduces new types of vulnerabilities and threats. Currently the interdependencies between the power and ICT system are not fully understood, including how threats (both malicious and accidental) towards the ICT system may impact on power delivery. This paper addresses the need for improved understanding between ICT security and power experts. It explains important terms used differently in the two disciplines, identifies main impacts on power systems that may result from ICT incidents, and proposes a set of indicators that can be used as a basis for selecting measures.
Chapter PDF
Similar content being viewed by others
References
Panciatici, P., Bareux, G., Wehenkel, L.: Operating in the fog: Security management under uncertainty. IEEE Power and Energy Magazine 10(5), 40–49 (2012)
Andersson, G., Donalek, P., Farmer, R., Hatziargyriou, N., Kamwa, I., Kundur, P., Martins, N., Paserba, J., Pourbeik, P., Sanchez-Gasca, J., Schulz, R., Stankovic, A., Taylor, C., Vittal, V.: Causes of the 2003 major grid blackouts in north america and europe, and recommended means to improve system dynamic performance. IEEE Transactions on Power Systems 20(4), 1922–1928 (2005)
Union for the Coordination of Transmission of Electricity (UCTE): Final report - system disturbance on November 4 2006 (2007)
Kröger, W., Zio, E.: Vulnerable Systems, 1st edn. Springer Publishing Company, Incorporated (2011)
Kjølle, G., Gjerde, O.: Risk analysis of electricity supply. In: Hokstad, P., Utne, I.B., Vatn, J. (eds.) Risk and Interdependencies in Critical Infrastructures. Springer Series in Reliability Engineering, pp. 95–108. Springer, London (2012)
Ciapessoni, E., Cirio, D., Grillo, S., Massucco, S., Pitto, A., Silvestro, F.: Operational risk assessment and control: A probabilistic approach. In: Innovative Smart Grid Technologies Conference Europe (ISGT Europe), pp. 1–8. IEEE PES (2010)
The GRID consortium: ICT Vulnerabilities of Power Systems: A Roadmap for Future Research (2007)
Hokstad, P., Utne, I.B., Vatn, J. (eds.): Risk and Interdependencies in Critical Infrastructures – A Guideline for Analysis. Springer Series in Reliability Engineering. Springer
Egozcue, E., Rodríguez, D.H., Ortiz, J.A., Villar, V.F., Tarrafeta, L.: Smart Grid Security, Anex I. General Concepts and Dependencies with ICT. Technical Report Deliverable - 2012-04-19, ENISA (2012)
Wang, W., Xu, Y., Khanna, M.: A survey on the communication architectures in smart grid. Computer Networks 55(15), 3604–3629 (2011)
Sridhar, S., Hahn, A., Govindarasu, M.: Cyber physical system security for the electric power grid. Proceedings of the IEEE 100, 210–224 (2012)
MIT: The Future of the Electric Grid. An Interdisciplinary MIT Study (December 2011)
Wei, M.D., Lu, Y., Jafari, Skare, P.M., Rohde, K.: Protecting smart grid automation systems against cyberattacks. IEEE Transactions on Smart Grid 2(4), 782–795 (2011)
Mesbah, M., Samitier, C., Einarsson, T., Acacia, M., Alvarez, J., Carmo, U., Castro, F., Cimadevilla, R., Darne, J., Dollerup, S., Freitas, J., Komatsu, C., Leroy, T., Ordunez, M.A., Runesson, A., Spiess, H., Stockton, M., Struecker, A., Valente, M., Vianello, G., Viziteu, I., Wright, J.: Line and system protection using digital circuit and packet communication. Technical Report JWG D2B5.30, CIGRE (2012)
ISO/IEC 27001:2005 (Information technology - security techniques - information security management systems - requirements)
The Smart Grid Interoperability Panel - Cyber Security Working Group: NISTIR 7628: Guidelines for smart grid cyber security: Vol. 1, smart grid cyber security strategy, architecture and high-level requirements (2010)
Kundur, P., Paserba, J., Ajjarapu, V., Andersson, G., Bose, A., Canizares, C., Hatziargyriou, N., Hill, D., Stankovic, A., Taylor, C., Cutsem, T.V., Vittal, V.: Definition and classification of power system stability IEEE/CIGRE joint task force on stability terms and definitions. IEEE Transactions on Power Systems 19(3), 1387–1401 (2004)
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1(1), 11–33 (2004)
ISO/IEC 27005:2008 ( Information technology - Security techniques - Information security risk management)
Zio, E., Piccinelli, R., Sansavini, G.: An All-Hazard Approach for the Vulnerability Analysis of Critical Infrastructures. In: Proceedings of the European Safety and Reliability Conference 2011, Troyes, France, pp. 2451–2458 (September 2011)
ISO/IEC 27002:2005 (Information technology - security techniques - code of practice for information security management)
IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems)
Doorman, G.L., Uhlen, K., Kjølle, G.H., Huse, E.S.: Vulnerability analysis of the nordic power system. IEEE Transactions on Power Systems 21(1), 402–410 (2006)
Gardner, R., Consortium, G.: A survey of ICT vulnerabilities of power systems and relevant defense methodologies. In: Power Engineering Society General Meeting, pp. 1–8. IEEE (2007)
NERC: Cyber Attack Task Force, Final Report (2012)
Orgill, G.L., Romney, G.W., Bailey, M.G., Orgill, P.M.: The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In: Proceedings of the 5th Conference on Information Technology Education, CITC5 2004, pp. 177–181. ACM, New York (2004)
National SCADA Test Bed (NSTB): Common Cyber Security Vulnerabilities Observed in Control System aSsessments by the INL NSTB Program. Technical Report INL/EXT-08-13979, Idaho National Laboratory (2008)
Kjølle, G.H., Gjerde, O., Hjartsjø, B.T., Engen, H., Haarla, L., Koivisto, L., Lindblad, P.: Protection system faults – a comparative review of fault statistics. In: International Conference on Probabilistic Methods Applied to Power Systems, PMAPS 2006, pp. 1–7 (2006)
Øien, K.: Risk indicators as a tool for risk control. Reliability Engineering & System Safety 74(2), 129–145 (2001)
Øien, K., Utne, I.B., Herrera, I.A.: Building safety indicators: Part 1 theoretical foundation. Safety Science 49(2), 148–161 (2011)
Vinnem, J.E., Bye, R., Gran, B.A., Kongsvik, T., Nyheim, O.M., Okstad, E.H., Seljelid, J., Vatn, J.: Risk modelling of maintenance work on major process equipment on offshore petroleum installations. Journal of Loss Prevention in the Process Industries 25(2), 274–292 (2012)
UK Health and Safety Executive (HSE): Development process safety indicators. a step-by-step guide for chemical and major hazard industries (2003)
Centre for Chemical Process Safety (CCPS): Process safety leading and lagging metrics. you dont improve what you dont measure (2008)
Organisation for Economic Cooperation and Development (OECD): Guidance on developing safety indicators related to chemical accident prevention, preparedness and response. OECD Environment, Health and Safety Publications. Series on Chemical Accidents, 19 (2008)
Electric Power Research Institute (EPRI): Final report on leading indicators of human performance (2001)
Øien, K.: Development of early warning indicators based on accident investigation. In: PSAM9 International Probabilistic Safety Assessment and Management Conference (May 2008)
Øien, K., Massaiu, S., Tinmannsvik, R., Strseth, F.: Development of early warning indicators based on resilience engineering. In: PSAM10 International Probabilistic Safety Assessment and Management Conference (June 2010)
Rockhwell, T.H.: Safety performance measurement. Journal of Industrial Engineering 10, 12–16 (1959)
Kjellén, U.: The safety measurement problem revisited. Safety Science 47, 486–489 (2009)
Kjellén, U.: Prevention of Accidents through Experience Feedback. Taylor & Francis, London (2000)
Vinnem, J.E.: Risk indicators for major hazards on offshore installations. Safety Science 48(6), 770–787 (2010)
Herrera, I.A., Hollnagel, E., Håbrekke, S.: Proposing safety performance indicators for helicopter offshore on the norwegian continental shelf. In: 10th International Probabilistic Safety Assessment & Management Conference(PSAM 2010), Seattle, USA (2010)
SANS Institute: Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines (CAG), version 3.1 (October 2011)
Herrmann, D.S.: Complete Guide to Security and Privacy Metrics. Measuring Regulatory Compliance, Operational Resilience and ROI. Auerbach Publications, Taylor & Francis Group, New York (2007)
Gelbstein, E.E.: Designing a Security Audit Plan for a Critical Information Infrastructure (CII). In: Laing, C., Badii, A., Vickers, P. (eds.) Securing Critical Infrastructures and Critical Control Systems: Approaches for threat Protection, pp. 262–285. IGI Global (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Tøndel, I.A., Mostue, B.A., Jaatun, M.G., Kjølle, G. (2013). Towards Improved Understanding and Holistic Management of the Cyber Security Challenges in Power Transmission Systems. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds) Availability, Reliability, and Security in Information Systems and HCI. CD-ARES 2013. Lecture Notes in Computer Science, vol 8127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40511-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-40511-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40510-5
Online ISBN: 978-3-642-40511-2
eBook Packages: Computer ScienceComputer Science (R0)