Smart grid security – an overview of standards and guidelines

Smart Grid Security – ein Überblick über Standards und Richtlinien

Abstract

This paper gives a short overview about important guidelines and standards that set the focus on security in Smart Grids and industrial automation. The standards are described and compared regarding their scope of application within the Smart Grid and the focus of the standards. Beside the description of standards, some guidelines of major importance to the development of Smart Grids are described.

Zusammenfassung

Dieser Beitrag gibt einen kurzen Überblick über wichtige Standards und Richtlinien, die Sicherheit in Smart Grids und Industrieanlagen zum Thema haben. Die Standards werden kurz beschrieben und anhand des Anwendungsbereichs im Smart Grid und des Themenschwerpunktes miteinander verglichen. Neben der Beschreibung der Standards wird auf einige Richtlinien eingegangen, die größere Bedeutung in der Entwicklung von Smart Grids haben.

This is a preview of subscription content, access via your institution.

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

References

  1. 1.

    IEC 62351-1: Power systems management and associated information exchange – Data and communications security – Part 1: Communication network and system security – introduction to security issues.

  2. 2.

    IEC 62351-2: Power systems management and associated information exchange – Data and communications security – Part 2: Glossary of terms.

  3. 3.

    IEC 62351-3: Power systems management and associated information exchange – Data and communications security – Part 3: Profiles including TCP/IP.

  4. 4.

    IEC 62351-4: Power systems management and associated information exchange – Data and communications security – Part 4: Profiles including MMS.

  5. 5.

    Ruland, C., Sassmannshausen, J. (2015): Non-repudiation services for the MMS protocol of IEC 61850, security standardisation research. In L. Chen, S. Matsuo (Eds.) LNCS (Vol. 9497, pp. 70–85). Switzerland: Springer.

    Google Scholar 

  6. 6.

    Ruland, C., Kang, N., Sassmannshausen, J. (2016): Rejuvenation of the IEC 61850 protocol stack for MMS. In IEEE international conference on smart grid communications (IEEE SmartGridComm 2016). Sydney, Australia, Nov 06–09.

    Google Scholar 

  7. 7.

    IEC 62351-5: Power systems management and associated information exchange – Data and communications security – Part 5: Security for IEC 60870-5 and derivatives.

  8. 8.

    IEC 62351-6: Power systems management and associated information exchange – Part 6: Security for IEC 61850 profiles.

  9. 9.

    IEC 62351-8: Power systems management and associated information exchange – Data and communications security – Part 8. Role-based access control.

  10. 10.

    IEC 62351-10: Power systems management and associated information exchange – Data and communications security – Part 10: Security architecture guidelines.

  11. 11.

    IEC 62351-11: Power systems management and associated information exchange – Data and communications security – Part 11: Security for XML documents.

  12. 12.

    IEC 62443-1-1: Industrial communication networks – Network and system security – Part 1-1: Terminology concepts and models.

  13. 13.

    IEC 62443-2-1: Industrial communication networks – Network and system security – Part 2-1: Establishing an industrial automation and control system security program.

  14. 14.

    IEC 62443-2-4: Security for industrial automation and control systems – Part 2-4: Security program requirements for IACS service providers.

  15. 15.

    IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels.

  16. 16.

    IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components.

  17. 17.

    ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements.

  18. 18.

    ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls.

  19. 19.

    BDEW Bundesverband der Energie- und Wasserwirtschaft e.V.: White Paper – Requirements for secure control and telecommunication systems, March 2015. Available at https://www.bdew.de/internet.nsf/id/it-sicherheitsempfehlunge.

  20. 20.

    ISO/IEC TR 27019:2013 Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry.

  21. 21.

    IEC/TR 62541-2:2010 OPC unified architecture – security model.

  22. 22.

    ISO/IEC 27009:2016 Information technology – Security techniques – Sector-specific application of ISO/IEC 27001 – Requirements.

  23. 23.

    NIST special publication 1108r3: NIST framework and roadmap for smart grid interoperability standards, Release 3.0, 2014.

  24. 24.

    ISO/IEC 27036-1:2014 Information technology – Security techniques – Information security for supplier relationships – Overview and concepts.

  25. 25.

    ISO/IEC 27036-2:2014 Information technology – Security techniques – Information security for supplier relationships – Requirements.

  26. 26.

    ISO/IEC 27036-4:2016 Information technology – Security techniques – Information security for supplier relationships – Guidelines for security of cloud services.

  27. 27.

    ISO/IEC 27034-2:2015 Information technology – Security techniques – Application security – Organization normative framework.

  28. 28.

    ISO 55000-2:2014 Asset management – Management systems – Requirements.

  29. 29.

    ISO/IEC 19770-1:2012 Information technology – Software asset management – Processes and tiered assessment of conformance.

  30. 30.

    Waedt K., Ding Y., Gao Y., Xie X.: I&C modeling for cybersecurity analyses, 1st TÜV Rheinland China Symposium, Functional safety in nuclear and industrial applications, Shanghai, October 2015.

  31. 31.

    IEC 62714-1:2014, Engineering data exchange format for use in industrial automation systems engineering – Automation markup language architecture and general requirements.

  32. 32.

    HMG IA Standard No. 1:2009, technical risk assessment, issue No. 3.51.

  33. 33.

    Bajramovic E., Waedt K., Gao Y., Parekh M.: Cybersecurity aspects in the I&C design of NPPs, INPPS, Istanbul, March 2016.

  34. 34.

    Waedt K., Xie X., Gao Y., Ding Y.: Chipset level cybersecurity issues, 8th international workshop on application of FPGAs in NPPs, Shanghai, October 2015.

  35. 35.

    The smart grid interoperability panel – cyber security working group – NISTIR 7628 guidelines for smart grid cyber security – August 2010. Available at http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf.

  36. 36.

    CEN-CENELEC-ETSI: Smart grid coordination group. Smart grid information security. Report, November 2012. Available at http://ec.europa.eu/energy/sites/ener/files/documents/xpert_group1_security.pdf.

  37. 37.

    North American electric reliability corporation: cyber security – BES cyber system categorization (CIP 002-5.1). Available at http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx.

  38. 38.

    Parker, Steven: Introduction to NERC CIP version 5. The power magazine. Available at http://www.powermag.com/introduction-to-nerc-cip-version-5/.

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Karl Christoph Ruland.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Ruland, K.C., Sassmannshausen, J., Waedt, K. et al. Smart grid security – an overview of standards and guidelines. Elektrotech. Inftech. 134, 19–25 (2017). https://doi.org/10.1007/s00502-017-0472-8

Download citation

Keywords

  • IEC 62351
  • IEC 62443
  • IEC 27019
  • IEC 27001
  • IEC 27002
  • CEN
  • CENELEC
  • ETSI
  • Smart Grid Information Security
  • NISTIR 7628 Guidelines for Smart Grid Cyber Security
  • NERC Critical Infrastructure Protection
  • Smart Grid Security

Schlüsselwörter

  • IEC 62351
  • IEC 62443
  • IEC 27019
  • IEC 27001
  • IEC 27002
  • CEN
  • CENELEC
  • ETSI
  • Smart Grid Information Security
  • NISTIR 7628 Guidelines for Smart Grid Cyber Security
  • NERC Critical Infrastructure Protection
  • Sicherheit von Smart Grids