Mariana Hentea - Building an Effective Security Program for Distributed Energy Resources and Systems

These books include information about strategies, security requirements, risk management, security design, and countermeasures as well as regulations, standards, and best practice recommendations. The focus is on describing the most specific issues of Smart Grid and DERs including building security and privacy program blocks to handle several aspects of the security and privacy risks for the Smart Grid and DER systems. These books demonstrate how to blend Engineering techniques with standards and best security practices. Finally, a perspective on the future DER systems cannot be discussed without taking a look at the vision on the future Smart Grids and research needs.

The information provided in this three-volume book could be used to educate current workforce, future graduates, academic/research, and regulators to understand the complex cybersecurity domain in the context of the various paradigms (e.g. Smart Grid, convergence of security by design and privacy by design) and emerging technologies (e.g. Internet of Things, wireless technologies, big data analytics, machine learning, intelligent control, and decision-making).

Understanding Security for Smart Grid and Distributed Energy Resources and Systems

“If you want to find the secrets of the universe, think in terms of energy, frequency and vibration.” (Nikola Tesla, US Inventor)

The emergence of Smart Grid paradigm and distributed energy resources (DERs) applications requires innovation and deployment of new technologies, processes, and policies. DERs are typically smaller electricity generation or storage units located in a community, business, or home. They can serve consumers' energy needs locally and can provide support for the grid. All points of the power grid infrastructure will come under challenge, so it is critical that we fix the process and trust issues in DERs and future Smart Grid technologies.

The more sophisticated technologies and devices become, the greater the danger of them being stolen or adapted for misuse. The growing popularity of wireless technology used in several computing systems may have finally attracted enough hackers to make the potential for serious security threats a reality. In fact, the number and types of mobile threats – including viruses, spyware, malicious downloadable applications, phishing, and spam – have spiked in recent months. One can argue that device makers and wireless service providers have long focused on communications and other services, with security remaining an afterthought.

There is a growing concern about the security and safety of the control systems in terms of vulnerabilities, lack of protection, and awareness. In the past, control systems were isolated from other Information Technology (IT) systems. Historically, IT teams and industrial control systems or operational technology (OT) teams have been organized vertically based on the technology stack they managed. Connection to the Internet is new (early 1990s) and debatable among specialists. However, even without any connection to the Internet, these systems are still vulnerable to external or internal attackers that can exploit vulnerabilities in private communication networks and protocols, software such as operating systems, custom and vendor software, data storage software, databases, and applications.

Therefore, the increasing cyber attacks to energy sector and critical infrastructure are National concerns that require better security and privacy protection, an educated work force of Engineers in the area of security and privacy issues, and Security Professionals in the area of industrial control systems, particularly developing and implementing security protection for emerging Smart Grid applications and DER systems.

The security frameworks and initiatives surrounding the Smart Grid technology hence need to be provided and applied in a time‐critical fashion before larger implementations of Smart Grid roll out without good designs. Additionally, the electrical power community needs to critically consider applications of such frameworks to legacy power grid implementations to avoid security add‐ons that could be costly and inefficient.

While no single solution can be applied today to protect the power grid, this book (Volume 1), Understanding Security for Smart Grid and Distributed Energy Resources and Systems,provides an introduction of the fundamental concepts of cybersecurity, Smart Grid, DERs, power systems, and energy sector as a critical infrastructure. It discusses strategies, approaches, methods, frameworks, and standards that could help current work force in the electrical sector and power product manufacturers to:

Understand the security problem as it applies to the power grid, energy sector, and electricity subsector.

Understand the cybersecurity terms and evolution of terms.

Understand the Smart Grid concepts, DERs, and system needs for protection against intentional or unintentional threats.

Construct new engineering approaches to cybersecurity such as integrated organizational cooperation, strategic and tactical methods to be implemented, and increasing standards compliance requirements as well as fostering public trust that security is a high priority to those who provide these critical energy resources.

Define trust in a dynamic, collaborative environment and understand what it means to provide trust throughout an interaction.

Use a common framework for security policies and support of interoperability, ensuring security, and continuity.

Recognize the importance of standards in the development of Smart Grid technologies and DER systems to develop a framework that includes protocols and model standards for information security management.

Describe relevant cybersecurity standards or best practices that can be used for the specific applications.

Understand the scope and limitations of the security controls.

Identify the capability of the components or system to be updated to meet future cybersecurity requirements or technologies.

The key topics discussed in the book include:

Smart Grid paradigm, DERs and systems, scope of security and privacy, computing and information systems for business and industrial applications, critical Smart Grid systems, overview of Smart Grid cybersecurity standards, and key players in Smart Grid standards development.

Cybersecurity concepts and cybersecurity evolution, cybersecurity for electrical sector as a National Priority, emerging technologies, the needs for Smart Grid cybersecurity, solutions, security, and privacy programs.

Principles of cybersecurity, characteristics of information, critical security characteristics of information and systems, information security models.

Applying security principles to Smart Grid and DERs, Smart Grid infrastructure and technologies by considering IT systems infrastructure versus industrial control systems infrastructure with their differences and similarities including the IT and Operational convergence trends.

Smart Grid vulnerabilities, threats, recent cyber attacks, security controls, and cybersecurity challenges.

Critical infrastructure, critical infrastructure interdependencies, energy sector as a component of critical infrastructure, information security frameworks (NIST Cybersecurity Framework and NIST Privacy framework – generic frameworks), terrorism challenges addressing security of control systems, emerging technologies, and impacts to cybersecurity.

Characteristics of Smart Grid and DER systems, power system services and operations, energy management system, electrical utilities evolution, Smart Grid conceptual models (NIST conceptual model, IEEE model, European Union conceptual model), power and smart devices, and Smart Grid key technologies.