Abstract
Today, expanding digitalization and networking in many living and working areas is an inexorable process. It concerns infrastructures which are essential for modern societies and thus classified as critical. These infrastructures must be well-secured against erratic behavior. This especially applies to electronic attacks from criminal or foreign organizations. Very critical is electricity in that regard, because many areas depend on power. Through modern process IT and future ICT-based smart grids, energy suppliers are prone to cyber-attacks. In the industrial sectors, on a national level and on an European level there are several regulative and legal activities to be found in order to make information security independent of business hazards and to define the security level by legal acts. For this purpose we have well-defined national and international standards. In particular the ISO/IEC 27000 standard framework has been complemented in the last years by documents regarding industrial sectors e.g. power supply. Everything points to the requirement that some markets and market roles are so important for economic impact that the security level should be reviewed by independent organizations under governmental supervision. In the future many enterprises may have to accept that external audits, certification and frequent recertification is a binding requirement for doing business in critical market roles. Operation permit necessarily requires information security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
[Fraun12], Gesamtwirtschaftliche Potentiale intelligenter Netze in Deutschland, Seite 5
- 2.
- 3.
- 4.
Enisa Annex II Security aspects in smart grid, Seite 6
- 5.
- 6.
- 7.
- 8.
Deutsches Dokument siehe http://eeas.europa.eu/policies/eu-cyber-security/cybsec_directive_de.pdf
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
Backround: (e-energy promotion project of the Federal ministry of Economics (e-energy-Förderprojekte des Bundesministeriums für Wirtschaft in Deutschland (BMWi))
- 15.
- 16.
- 17.
References
BSI Grundschutzhandbuch, (http://www.bsi.bund.de) (IT Baseline Protection Catalogs from the Federal Office for Security in Information Technology)
Protection Profile for Smart Meters, (http://www.bsi.bund.de)
BSI Technische Richtlinie, TR 03109, (http://www.bsi.bund.de) (Technical Guidelines for Smart Metering Gateways)
In the Dark: Crucial Industries Confront Cyberattacks; Center for Strategic and International Studies (CSIS) for McAfee, Washington and Santa Clara 2011, p. 5, (http://www.mcafee.com/us/resources/reports/rp-critical-infrastructure-protection.pdf)
Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency Official Journal L 077 , 13/03/2004 P. 0001 – 0011
Enisa Annex II Security aspects in smart grid
German: VERORDNUNG (EU) Nr. 526/2013 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 21. Mai 2013 über die Agentur der EuropÄischen Union für Netz- und Informationssicherheit (ENISA) und zur Aufhebung der Verordnung (EG) Nr. 460/2004 English: REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004
Gesetz über die ElektrizitÄts- und Gasversorgung (Energiewirtschaftsgesetz – EnWG) vom 7. Juli 2005 (BGBl. I S. 1970, 3621), geÄndert durch Artikel 4 des Gesetzes vom 31. Mai 2013 (BGBl. I S. 1388) (German Electricity and Gas Supply Act)
Hrsg./Contact Bernd Beckert, Gesamtwirtschaftliche Potentiale intelligenter Netze in Deutschland, Fraunhofer ISI, Karlsruhe, (http://www.bitkom.org/files/documents/Studie_Intelligente_Netze(2).pdf) (Fraunhofer ISI, Overall economic potential of smart networks in Germany
ISO/IEC 27001:2005, ISO/IEC 27002:2005, ISO/IEC TR 27019, http://www.iso27001security.com/html/27019.html
Umsetzungsplan KRITIS des Nationalen Plans zum Schutz der Informationsinfrastrukturen, Hrsg. Bundesministerium des Innern, (http://www.kritis.bund.de) (Federal Ministry of the Interior, Implementation Guideline for the National Strategy to Protect Critical Infrastructures)
Hrsg. TeleTrusT – Bundesverband IT-Sicherheit e.V., TeleTrusT-Eckpunktepapier “Smart Grid Security”, 2012, (www.teletrust.de/publikationen/broschueren/smart-grids) (German Federal Association for IT Security, Basic Point Paper “Smart Grid Security”)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Abbreviations
- BCM
-
Business Continuity Management
- BSI
-
Federal Office for Security in Information Technology
- EDPC
-
Electronic data processing center
- ENISA
-
European Network and Information Security Agency
- ICT
-
Information and Communication Technology
- ISMS
-
Information Security Management System, towards ISO/IEC 27001 or BSI-Standard 100-1
- SCADA
-
Supervisory Control and Data Acquisition
Smart Grid In the meaning: automatic ICT-based controlling of offer and use of electrical power mostly from volatile energy resources.
- SMGW
-
Smart Metering Gateway
- UC
-
Unified Communication, Integration of several communication methods in a homogeneous application level
- UP KRITIS
-
Implementation Guideline for the National Strategy to Protect Critical Infrastructures
Rights and permissions
Copyright information
© 2013 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Kafitz, W., Burgers, V. (2013). Security in Critical Infrastructures – Future Precondition for Operating License?. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-658-03371-2_18
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-03370-5
Online ISBN: 978-3-658-03371-2
eBook Packages: Computer ScienceComputer Science (R0)