Skip to main content
SpringerLink
Log in

Introduction to Security for Smart Grid Systems

  • Chapter
  • First Online:
Digitalization of Power Markets and Systems Using Energy Informatics

  • 843 Accesses

Abstract

Electric power systems are critical infrastructure on which people’s health and safety depends. Consequently, cybersecurity is a fundamental requirement for the digitalization of power systems, and it must be designed into the digitalization architecture from the beginning because it is not possible to build a secure system on an insecure foundation. This chapter discusses the basics of cybersecurity for network systems and how they apply to power systems. Cybersecurity design begins with a threat assessment, determining the trust boundaries and attack surfaces and modeling threats. Once the threat assessment is complete, the security architecture and design to prevent and mitigate attacks is developed. These are based on cryptographic primitives, such as cryptographic hashes, symmetric and asymmetric cryptosystems, and other cryptographic algorithms. The algorithms are paired with standardized protocols such as IPSEC and TLS to secure communication between the different functional entities in the system. Security services such as identity and access management (IAM), public-key infrastructure (PKI), and role-based access control (RBAC) are then incorporated into the design at trust boundaries to gate access to critical data and systems. However, security technology cannot protect the system from improper use by untrained power systems personnel and therefore training of personnel in security best practices and periodic refresher exercises to keep people alert are required.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 79.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Shostack, A., Threat Modeling: Designing for Security, 624 pp. Wiley, New York, 2014.

    Google Scholar 

  2. Kempf, J., Wireless Internet Security: Architecture and Protocols, 212 pp. Cambridge University Press, Cambridge, UK, 2008.

    Google Scholar 

  3. National Institute of Standards and Technology, “Secure Hash Standards (SHS),” FIPS PUB 180-4, 31 pp. Information Technology Laboratory, Gaithersburg, MD, 2015.

    Google Scholar 

  4. Provos, N., and Mazières, D., “A Future-Adaptable Password Scheme”. [Online]: https://www.usenix.org/legacy/events/usenix99/full_papers/provos/provos.pdf (Accessed 2020-08-21).

  5. National Institute of Standards and Technology, “Specification for the Advanced Encryption Standard (AES)”, FIPS PUB 197, 47 pp. Information Technology Laboratory, Gaithersburg, MD, 2001.

    Google Scholar 

  6. National Institute of Standards and Technology, “Digital Signature Standard (DSS)”, FIPS PUB 186-4, 121 pp. Information Technology Laboratory, Gaithersburg, MD, 2013.

    Google Scholar 

  7. Rescorla, E., “Diffie-Hellman Key Agreement Method”, RFC 2631, Internet Engineering Task Force, June, 1999.

    Google Scholar 

  8. Kaufman, C., “Internet Key Exchange (IKEv2) Protocol”, RFC 4306, Internet Engineering Task Force, December, 2005.

    Google Scholar 

  9. Hoffman, P., “Algorithms for Internet Key Exchange version 1 (IKEv1)”, RFC 4109, May 2005.

    Google Scholar 

  10. National Institute of Standards and Technology, “The Keyed-Hash Message Authentication Code (HMAC)”, FIPS PUB 198-1, 7 pp. Information Technology Laboratory, Gaithersburg, MD, 2008.

    Google Scholar 

  11. National Institute of Standards and Technology, “SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions”, FIPS PUB 202, 29 pp. Information Technology Laboratory, Gaithersburg, MD, 2015.

    Google Scholar 

  12. Haakegaard, R., and Lang, J., “The Elliptic Curve Diffie-Hellman (ECDH)”. [Online]: http://koclab.cs.ucsb.edu/teaching/ecc/project/2015Projects/Haakegaard+Lang.pdf (Accessed 2020-08-21).

  13. Herzog, J., and Khazan, R., “Use of Static-Static Elliptic Curve Diffie-Hellman Key Agreement in Cryptographic Message Syntax”, RFC 6278, Internet Engineering Task Force, June 2011.

    Google Scholar 

  14. IEEE, “IEEE 802.1”. [Online]: https://1.ieee802.org/ (Accessed 2020-08-21).

  15. IEEE, “IEEE 802.11”. [Online]: https://www.ieee802.org/11/ (Accessed 2020-08-21).

  16. Postel, J., et. al., “Internet Protocol”, STD 5, Internet Engineering Task Force, September, 1981.

    Google Scholar 

  17. Deering, S., and Hinden, R., “Internet Protocol, Version 6 (IPv6) Specification”, RFC 2460, Internet Engineering Task Force, December, 1998.

    Google Scholar 

  18. Rekhter, Y., et al., “Address Allocation for Private Internets”, RFC 1918, February, 1998.

    Google Scholar 

  19. Postel, J., “User Datagram Protocol”, STD 6, Internet Engineering Task Force, October, 1980.

    Google Scholar 

  20. Postel, J., “Transmission Control Protocol”, STD 7, Internet Engineering Task Force, September, 1981.

    Google Scholar 

  21. Belshe, M., Peon, R., and Thomson, M., “Hypertext Transfer Protocol Version 2 (HTTP/2)”, RFC 7540, Internet Engineering Task Force, May, 2015.

    Google Scholar 

  22. Kent, S., and Seo, K., “Security Architecture for the Internet Protocol”, RFC 4301, Internet Engineering Task Force, December, 2005.

    Google Scholar 

  23. Kent, S., “IP Authentication Header”, RFC 4302, Internet Engineering Task Force, December, 2005.

    Google Scholar 

  24. Kent, S., “IP Encapsulating Security Payload (ESP), RFC 4303, Internet Engineering Task Force, December, 2005.

    Google Scholar 

  25. Dierks, T., and Rescorla, E., “The Transport Layer Security (TLS) Protocol Version 1.1”, RFC 4346, Internet Engineering Task Force, April, 2006.

    Google Scholar 

  26. Rigney, C., et. al., “Remote Authentication Dial In User Service (RADIUS)”, RFC 2138, Internet Engineering Task Force, April, 1997.

    Google Scholar 

  27. Aboba, B., et. al. “Extensible Authentication Protocol (EAP)”, RFC 3748, Internet Engineering Task Force, June, 2004.

    Google Scholar 

  28. Fajardo, V., et. al., “Diameter Base Protocol”, RFC 6733, Internet Engineering Task Force, October, 2012.

    Google Scholar 

  29. Jao, D., and De Feo, L., “Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies”. [Online]: https://web.archive.org/web/20120507222310/http://eprint.iacr.org/2011/506.pdf (Accessed 2020-08-21).

  30. Wikipedia, “Post-quantum cryptography”. [Online]: https://en.wikipedia.org/wiki/Post-quantum_cryptography (Accessed 2020-08-21).

  31. Wikipedia, “Quantum key distribution”. [Online]: https://en.wikipedia.org/wiki/Quantum_key_distribution (Accessed 2020-08-21).

  32. Russell, A., “What is an X.509 Certificate?”. [Online]: https://www.ssl.com/faqs/what-is-an-x-509-certificate/ (Accessed 2020-08-21).

  33. Polk, T., “Introduction to Public Key Infrastructure”. [Online]: https://ncvhs.hhs.gov/wp-content/uploads/2014/05/050113p3.pdf (Accessed 2020-08-21).

  34. Wikipedia, “Identity management”. [Online]: https://en.wikipedia.org/wiki/Identity_management (Accessed 2020-08-21).

  35. Forcepoint, “What is a Firewall?”. [Online]: https://www.forcepoint.com/cyber-edu/firewall (Accessed 2020-08-21).

  36. Auth0, “What is Role Based Access Control?”. [Online]: https://auth0.com/docs/authorization/rbac (Accessed 2020-08-21).

  37. CSIA, “Least Privilege”. [Online]: https://us-cert.cisa.gov/bsi/articles/knowledge/principles/least-privilege (Accessed 2020-08-21).

  38. Mozilla Foundation, “Authorization – HTTP”. [Online]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization (Accessed 2002-08-21).

  39. Cloudflare, “What is a DDoS attack?”. [Online]: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/ (Accessed 2020-08-21).

  40. Greenberg, A., “How an Entire Nation Became Russia’s Test Lab for Cyberwar”. [Online]: https://www.wired.com/story/russian-hackers-attack-ukraine/ (Accessed 2020-08-22).

  41. Fruhlinger, J., “What is phishing? How this cyber attack works and how to prevent it”. [Online]: https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html (Accessed 2020-08-22).

  42. Mullane, M., “The five pillars of cyber security”. [Online]: https://medium.com/swlh/the-five-pillars-of-cyber-security-d247cd2e49cb (Accessed 2020-08-22).

  43. Fruhling, J., “Ransomware explained: How it works and how to remove it”. [Online]: https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html (Accessed 2020-08-22).

  44. Matthews, T., “Organization: How to Build an Incident Response Team”. [Online]: https://www.exabeam.com/incident-response/csirt/ (Accessed 2020-08-22).

  45. NIST, “Guidelines for Smart Grid Cybersecurity: Volume 1-Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements”, NISTIR 7628 Revision 1, September, 2014.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Elektro E/F, E427, Gløshaugen, Norwegian University of Science and Technology, Trondheim, Norway

    Umit Cali

  2. Electrical Engineering Technology, Old Dominion University, Norfolk, VA, USA

    Murat Kuzlu

  3. Smart Grid Research Unit (SGRU), Chulalongkorn University, Bangkok, Thailand

    Manisa Pipattanasomporn

  4. Kempf and Associates, Mountain View, CA, USA

    James Kempf

  5. Systems Engineering & Engineering Management, University of North Carolina at Charlotte, Charlotte, NC, USA

    Linquan Bai

Authors
  1. Umit Cali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Murat Kuzlu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Manisa Pipattanasomporn
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. James Kempf
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Linquan Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Cali, U., Kuzlu, M., Pipattanasomporn, M., Kempf, J., Bai, L. (2021). Introduction to Security for Smart Grid Systems. In: Digitalization of Power Markets and Systems Using Energy Informatics. Springer, Cham. https://doi.org/10.1007/978-3-030-83301-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-83301-5_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-83300-8

  • Online ISBN: 978-3-030-83301-5

  • eBook Packages: EnergyEnergy (R0)

Publish with us

Policies and ethics

Search

Navigation