Advertisement

e & i Elektrotechnik und Informationstechnik

, Volume 134, Issue 1, pp 19–25 | Cite as

Smart grid security – an overview of standards and guidelines

  • Karl Christoph RulandEmail author
  • Jochen Sassmannshausen
  • Karl Waedt
  • Natasa Zivic
Originalarbeiten

Abstract

This paper gives a short overview about important guidelines and standards that set the focus on security in Smart Grids and industrial automation. The standards are described and compared regarding their scope of application within the Smart Grid and the focus of the standards. Beside the description of standards, some guidelines of major importance to the development of Smart Grids are described.

Keywords

IEC 62351 IEC 62443 IEC 27019 IEC 27001 IEC 27002 CEN CENELEC ETSI Smart Grid Information Security NISTIR 7628 Guidelines for Smart Grid Cyber Security NERC Critical Infrastructure Protection Smart Grid Security 

Smart Grid Security – ein Überblick über Standards und Richtlinien

Zusammenfassung

Dieser Beitrag gibt einen kurzen Überblick über wichtige Standards und Richtlinien, die Sicherheit in Smart Grids und Industrieanlagen zum Thema haben. Die Standards werden kurz beschrieben und anhand des Anwendungsbereichs im Smart Grid und des Themenschwerpunktes miteinander verglichen. Neben der Beschreibung der Standards wird auf einige Richtlinien eingegangen, die größere Bedeutung in der Entwicklung von Smart Grids haben.

Schlüsselwörter

IEC 62351 IEC 62443 IEC 27019 IEC 27001 IEC 27002 CEN CENELEC ETSI Smart Grid Information Security NISTIR 7628 Guidelines for Smart Grid Cyber Security NERC Critical Infrastructure Protection Sicherheit von Smart Grids 

References

  1. 1.
    IEC 62351-1: Power systems management and associated information exchange – Data and communications security – Part 1: Communication network and system security – introduction to security issues. Google Scholar
  2. 2.
    IEC 62351-2: Power systems management and associated information exchange – Data and communications security – Part 2: Glossary of terms. Google Scholar
  3. 3.
    IEC 62351-3: Power systems management and associated information exchange – Data and communications security – Part 3: Profiles including TCP/IP. Google Scholar
  4. 4.
    IEC 62351-4: Power systems management and associated information exchange – Data and communications security – Part 4: Profiles including MMS. Google Scholar
  5. 5.
    Ruland, C., Sassmannshausen, J. (2015): Non-repudiation services for the MMS protocol of IEC 61850, security standardisation research. In L. Chen, S. Matsuo (Eds.) LNCS (Vol. 9497, pp. 70–85). Switzerland: Springer. Google Scholar
  6. 6.
    Ruland, C., Kang, N., Sassmannshausen, J. (2016): Rejuvenation of the IEC 61850 protocol stack for MMS. In IEEE international conference on smart grid communications (IEEE SmartGridComm 2016). Sydney, Australia, Nov 06–09. Google Scholar
  7. 7.
    IEC 62351-5: Power systems management and associated information exchange – Data and communications security – Part 5: Security for IEC 60870-5 and derivatives. Google Scholar
  8. 8.
    IEC 62351-6: Power systems management and associated information exchange – Part 6: Security for IEC 61850 profiles. Google Scholar
  9. 9.
    IEC 62351-8: Power systems management and associated information exchange – Data and communications security – Part 8. Role-based access control. Google Scholar
  10. 10.
    IEC 62351-10: Power systems management and associated information exchange – Data and communications security – Part 10: Security architecture guidelines. Google Scholar
  11. 11.
    IEC 62351-11: Power systems management and associated information exchange – Data and communications security – Part 11: Security for XML documents. Google Scholar
  12. 12.
    IEC 62443-1-1: Industrial communication networks – Network and system security – Part 1-1: Terminology concepts and models. Google Scholar
  13. 13.
    IEC 62443-2-1: Industrial communication networks – Network and system security – Part 2-1: Establishing an industrial automation and control system security program. Google Scholar
  14. 14.
    IEC 62443-2-4: Security for industrial automation and control systems – Part 2-4: Security program requirements for IACS service providers. Google Scholar
  15. 15.
    IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels. Google Scholar
  16. 16.
    IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components. Google Scholar
  17. 17.
    ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements. Google Scholar
  18. 18.
    ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls. Google Scholar
  19. 19.
    BDEW Bundesverband der Energie- und Wasserwirtschaft e.V.: White Paper – Requirements for secure control and telecommunication systems, March 2015. Available at https://www.bdew.de/internet.nsf/id/it-sicherheitsempfehlunge.
  20. 20.
    ISO/IEC TR 27019:2013 Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry. Google Scholar
  21. 21.
    IEC/TR 62541-2:2010 OPC unified architecture – security model. Google Scholar
  22. 22.
    ISO/IEC 27009:2016 Information technology – Security techniques – Sector-specific application of ISO/IEC 27001 – Requirements. Google Scholar
  23. 23.
    NIST special publication 1108r3: NIST framework and roadmap for smart grid interoperability standards, Release 3.0, 2014. Google Scholar
  24. 24.
    ISO/IEC 27036-1:2014 Information technology – Security techniques – Information security for supplier relationships – Overview and concepts. Google Scholar
  25. 25.
    ISO/IEC 27036-2:2014 Information technology – Security techniques – Information security for supplier relationships – Requirements. Google Scholar
  26. 26.
    ISO/IEC 27036-4:2016 Information technology – Security techniques – Information security for supplier relationships – Guidelines for security of cloud services. Google Scholar
  27. 27.
    ISO/IEC 27034-2:2015 Information technology – Security techniques – Application security – Organization normative framework. Google Scholar
  28. 28.
    ISO 55000-2:2014 Asset management – Management systems – Requirements. Google Scholar
  29. 29.
    ISO/IEC 19770-1:2012 Information technology – Software asset management – Processes and tiered assessment of conformance. Google Scholar
  30. 30.
    Waedt K., Ding Y., Gao Y., Xie X.: I&C modeling for cybersecurity analyses, 1st TÜV Rheinland China Symposium, Functional safety in nuclear and industrial applications, Shanghai, October 2015. Google Scholar
  31. 31.
    IEC 62714-1:2014, Engineering data exchange format for use in industrial automation systems engineering – Automation markup language architecture and general requirements. Google Scholar
  32. 32.
    HMG IA Standard No. 1:2009, technical risk assessment, issue No. 3.51. Google Scholar
  33. 33.
    Bajramovic E., Waedt K., Gao Y., Parekh M.: Cybersecurity aspects in the I&C design of NPPs, INPPS, Istanbul, March 2016. Google Scholar
  34. 34.
    Waedt K., Xie X., Gao Y., Ding Y.: Chipset level cybersecurity issues, 8th international workshop on application of FPGAs in NPPs, Shanghai, October 2015. Google Scholar
  35. 35.
    The smart grid interoperability panel – cyber security working group – NISTIR 7628 guidelines for smart grid cyber security – August 2010. Available at http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf.
  36. 36.
    CEN-CENELEC-ETSI: Smart grid coordination group. Smart grid information security. Report, November 2012. Available at http://ec.europa.eu/energy/sites/ener/files/documents/xpert_group1_security.pdf.
  37. 37.
    North American electric reliability corporation: cyber security – BES cyber system categorization (CIP 002-5.1). Available at http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx.
  38. 38.
    Parker, Steven: Introduction to NERC CIP version 5. The power magazine. Available at http://www.powermag.com/introduction-to-nerc-cip-version-5/.

Copyright information

© Springer Verlag Wien 2017

Authors and Affiliations

  • Karl Christoph Ruland
    • 1
    Email author
  • Jochen Sassmannshausen
    • 1
  • Karl Waedt
    • 2
  • Natasa Zivic
    • 1
  1. 1.Chair for Data Communication SystemsUniversity of SiegenSiegenDeutschland
  2. 2.AREVA GmbHUniversity of SiegenSiegenDeutschland

Personalised recommendations