Cyber Security Projects
National Electric Sector Cybersecurity Organization Research (NESCOR) Project
- Cybersecurity for Distributed Energy Resources (DER): Developing the cybersecurity requirements for DER systems, including DER architectures, DER failure scenarios (bottom up vulnerabilities), DER cybersecurity policies, procedures, and technologies (top down recommendations), and discussions of cybersecurity standards used with DER communications.
- Network and System Management Cybersecurity (IEC 62351-7): Developing Use Cases for the IEC 62351-7 standard on network and system management object models, for use in test implementations and updates to the standard.
NIST Cyber Security Working Group (CSWG)
- NIST Cyber Security Working Group (CSWG): Support for Smart Grid Cyber Security Working Group (CSWG) in the development of the NISTIR 7628, covering cyber security strategy, high level security requirements, security architecture and diagrams, privacy, logical interface categories, and other security issues.
- NIST CSWG Standards Subgroup: Chair of this key group to evaluate standards and Priority Action Plan results, to ensure they address cyber security appropriately.
EPRI Cyber Security Projects
- Distribution Cyber Security Requirements, to develop the cyber security requirements for distribution automation and distribution management systems, based on the NISTIR 7628 interfaces, interface categories, and catalog of security requirements.
- AMI Implementation Cyber Security Guidelines, to provide useful cyber security procedures, suggest technologies, and recommend approaches and settings for implementing AMI systems.
- AMI and HAN Cyber Security Requirements, to develop the security requirements and methodology for utilities to utilize for developing implementation-specific security requirements, based on NIST/EPRI FERC4+2 diagrams, the NIST CSWG efforts, and the DHS Catalog of Control System Security.
- Assessment of Substation Physical Security Measures within Substations, EPRI 1011752, March 2006. The need for physical security of substations is becoming more urgent as power systems are operated closer to their limits, as information systems become increasingly important to power system operations, and as sophisticated substation equipment becomes more vulnerable to physical threats due not only to deliberate attacks but also to inadvertent mistakes, failures, and natural catastrophes. This requirement for physical security affects all substation assets to one degree or another. The key is the tradeoff between the costs (monetary and some reduced efficiency) of implementing security measures and the probabilistic benefits associated with avoided costs (monetary, social, political, and legal).
- Security Risk Assessment and Mitigation Procedure for TVA Operational Information Assets, March 2005. Cyber security has undoubtedly become a major issue for almost all electric utilities. This is partly due to the competitive environment, where crucial information (gathered legally or illegally) can translate into millions of dollars, but mainly due to the increased vulnerability brought about by the integration of networking technologies within the systems and equipment used on the power system. It is particularly true for the United States that a loss of electrical power for any extended time and over a large area can have serious consequences for the economy, for the safety of people, and for the legal and financial status of the utilities affected. PowerWAN will be a vital part of TVA’s future. Physical infrastructure alone is not enough to meet the challenge. To be successful, sound security policy, risk assessment practices, and mitigation procedures must be developed. These requirements were analyzed and discussed in the report.
- Scoping Study on Security Processes and Impacts, July 2003, EPRI 057144. The primary objective of this Scoping Study was the assessment of the financial and societal costs of implementing security measures. Financial costs include the costs for developing security policies and implementing security countermeasure technologies. Societal costs include the impact of security policies and technologies on the efficiency of personnel and systems.
- Security Enhancements for Utility Information Architectures, August, 2002, EPRI EP-P10074. Cyber security has become a major issue in utilities due partly to the increased vulnerability of utilities as they network their computer systems and power system equipment; and partly due to the competitive environment where crucial information (gathered legally or illegally) can translate into millions of dollars. A number of technology solutions have been proposed for improving the security of the communications protocols used in power system operations, mostly based on encryption which does have an impact on performance. These solutions go a long way to increasing the information security. However, they are not the complete story – for end-to-end security beyond the protocols, additional types of security are needed. The objectives of this project was to assess the impact on performance of the security measures being proposed for the common protocols used for digital control of power system equipment, and to determine what additional security measures outside the domain of protocols may be needed for complete end-to-end security.
- Security Primer on communication network security requirements for utility T&D operations. The primary focus of this work was to describe the potential areas of vulnerability of utility SCADA systems, substation automation, and other power system operational automation.
International Standards for Cyber Security
- As Convenor of IEC TC57 WG15, have led the development of security standards for utility operations protocols, including ICCP, IEC 61850, and DNP. In addition, the development of Network and System Management data objects for power system operations, to help ensure security and reliability of end-to-end systems. These security standards consist of the IEC 62351 series: Data and Communication Security – Part 1: Introduction, Part 2: Glossary, Part 3: Profiles Including TCP/IP, Part 4: Profiles Including MMS, Part 5: Security for IEC 60870-5 and Derivatives (i.e. DNP3), Part 6: Security for IEC 61850 Profiles, Part 7: Security Through Network and System Management, and Part 8: Role-Based Access Control. See the White Paper on IEC TC57 WG15.
- As Chair of IEEE PES PSCC Security WG, am heading the development for the IEEE of Recommended Practices, educational material, and other information related to the assessment of information security risks in power system operations.