Abstract
Electric power systems are critical infrastructure on which people’s health and safety depends. Consequently, cybersecurity is a fundamental requirement for the digitalization of power systems, and it must be designed into the digitalization architecture from the beginning because it is not possible to build a secure system on an insecure foundation. This chapter discusses the basics of cybersecurity for network systems and how they apply to power systems. Cybersecurity design begins with a threat assessment, determining the trust boundaries and attack surfaces and modeling threats. Once the threat assessment is complete, the security architecture and design to prevent and mitigate attacks is developed. These are based on cryptographic primitives, such as cryptographic hashes, symmetric and asymmetric cryptosystems, and other cryptographic algorithms. The algorithms are paired with standardized protocols such as IPSEC and TLS to secure communication between the different functional entities in the system. Security services such as identity and access management (IAM), public-key infrastructure (PKI), and role-based access control (RBAC) are then incorporated into the design at trust boundaries to gate access to critical data and systems. However, security technology cannot protect the system from improper use by untrained power systems personnel and therefore training of personnel in security best practices and periodic refresher exercises to keep people alert are required.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shostack, A., Threat Modeling: Designing for Security, 624 pp. Wiley, New York, 2014.
Kempf, J., Wireless Internet Security: Architecture and Protocols, 212 pp. Cambridge University Press, Cambridge, UK, 2008.
National Institute of Standards and Technology, “Secure Hash Standards (SHS),” FIPS PUB 180-4, 31 pp. Information Technology Laboratory, Gaithersburg, MD, 2015.
Provos, N., and Mazières, D., “A Future-Adaptable Password Scheme”. [Online]: https://www.usenix.org/legacy/events/usenix99/full_papers/provos/provos.pdf (Accessed 2020-08-21).
National Institute of Standards and Technology, “Specification for the Advanced Encryption Standard (AES)”, FIPS PUB 197, 47 pp. Information Technology Laboratory, Gaithersburg, MD, 2001.
National Institute of Standards and Technology, “Digital Signature Standard (DSS)”, FIPS PUB 186-4, 121 pp. Information Technology Laboratory, Gaithersburg, MD, 2013.
Rescorla, E., “Diffie-Hellman Key Agreement Method”, RFC 2631, Internet Engineering Task Force, June, 1999.
Kaufman, C., “Internet Key Exchange (IKEv2) Protocol”, RFC 4306, Internet Engineering Task Force, December, 2005.
Hoffman, P., “Algorithms for Internet Key Exchange version 1 (IKEv1)”, RFC 4109, May 2005.
National Institute of Standards and Technology, “The Keyed-Hash Message Authentication Code (HMAC)”, FIPS PUB 198-1, 7 pp. Information Technology Laboratory, Gaithersburg, MD, 2008.
National Institute of Standards and Technology, “SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions”, FIPS PUB 202, 29 pp. Information Technology Laboratory, Gaithersburg, MD, 2015.
Haakegaard, R., and Lang, J., “The Elliptic Curve Diffie-Hellman (ECDH)”. [Online]: http://koclab.cs.ucsb.edu/teaching/ecc/project/2015Projects/Haakegaard+Lang.pdf (Accessed 2020-08-21).
Herzog, J., and Khazan, R., “Use of Static-Static Elliptic Curve Diffie-Hellman Key Agreement in Cryptographic Message Syntax”, RFC 6278, Internet Engineering Task Force, June 2011.
IEEE, “IEEE 802.1”. [Online]: https://1.ieee802.org/ (Accessed 2020-08-21).
IEEE, “IEEE 802.11”. [Online]: https://www.ieee802.org/11/ (Accessed 2020-08-21).
Postel, J., et. al., “Internet Protocol”, STD 5, Internet Engineering Task Force, September, 1981.
Deering, S., and Hinden, R., “Internet Protocol, Version 6 (IPv6) Specification”, RFC 2460, Internet Engineering Task Force, December, 1998.
Rekhter, Y., et al., “Address Allocation for Private Internets”, RFC 1918, February, 1998.
Postel, J., “User Datagram Protocol”, STD 6, Internet Engineering Task Force, October, 1980.
Postel, J., “Transmission Control Protocol”, STD 7, Internet Engineering Task Force, September, 1981.
Belshe, M., Peon, R., and Thomson, M., “Hypertext Transfer Protocol Version 2 (HTTP/2)”, RFC 7540, Internet Engineering Task Force, May, 2015.
Kent, S., and Seo, K., “Security Architecture for the Internet Protocol”, RFC 4301, Internet Engineering Task Force, December, 2005.
Kent, S., “IP Authentication Header”, RFC 4302, Internet Engineering Task Force, December, 2005.
Kent, S., “IP Encapsulating Security Payload (ESP), RFC 4303, Internet Engineering Task Force, December, 2005.
Dierks, T., and Rescorla, E., “The Transport Layer Security (TLS) Protocol Version 1.1”, RFC 4346, Internet Engineering Task Force, April, 2006.
Rigney, C., et. al., “Remote Authentication Dial In User Service (RADIUS)”, RFC 2138, Internet Engineering Task Force, April, 1997.
Aboba, B., et. al. “Extensible Authentication Protocol (EAP)”, RFC 3748, Internet Engineering Task Force, June, 2004.
Fajardo, V., et. al., “Diameter Base Protocol”, RFC 6733, Internet Engineering Task Force, October, 2012.
Jao, D., and De Feo, L., “Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies”. [Online]: https://web.archive.org/web/20120507222310/http://eprint.iacr.org/2011/506.pdf (Accessed 2020-08-21).
Wikipedia, “Post-quantum cryptography”. [Online]: https://en.wikipedia.org/wiki/Post-quantum_cryptography (Accessed 2020-08-21).
Wikipedia, “Quantum key distribution”. [Online]: https://en.wikipedia.org/wiki/Quantum_key_distribution (Accessed 2020-08-21).
Russell, A., “What is an X.509 Certificate?”. [Online]: https://www.ssl.com/faqs/what-is-an-x-509-certificate/ (Accessed 2020-08-21).
Polk, T., “Introduction to Public Key Infrastructure”. [Online]: https://ncvhs.hhs.gov/wp-content/uploads/2014/05/050113p3.pdf (Accessed 2020-08-21).
Wikipedia, “Identity management”. [Online]: https://en.wikipedia.org/wiki/Identity_management (Accessed 2020-08-21).
Forcepoint, “What is a Firewall?”. [Online]: https://www.forcepoint.com/cyber-edu/firewall (Accessed 2020-08-21).
Auth0, “What is Role Based Access Control?”. [Online]: https://auth0.com/docs/authorization/rbac (Accessed 2020-08-21).
CSIA, “Least Privilege”. [Online]: https://us-cert.cisa.gov/bsi/articles/knowledge/principles/least-privilege (Accessed 2020-08-21).
Mozilla Foundation, “Authorization – HTTP”. [Online]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization (Accessed 2002-08-21).
Cloudflare, “What is a DDoS attack?”. [Online]: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/ (Accessed 2020-08-21).
Greenberg, A., “How an Entire Nation Became Russia’s Test Lab for Cyberwar”. [Online]: https://www.wired.com/story/russian-hackers-attack-ukraine/ (Accessed 2020-08-22).
Fruhlinger, J., “What is phishing? How this cyber attack works and how to prevent it”. [Online]: https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html (Accessed 2020-08-22).
Mullane, M., “The five pillars of cyber security”. [Online]: https://medium.com/swlh/the-five-pillars-of-cyber-security-d247cd2e49cb (Accessed 2020-08-22).
Fruhling, J., “Ransomware explained: How it works and how to remove it”. [Online]: https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html (Accessed 2020-08-22).
Matthews, T., “Organization: How to Build an Incident Response Team”. [Online]: https://www.exabeam.com/incident-response/csirt/ (Accessed 2020-08-22).
NIST, “Guidelines for Smart Grid Cybersecurity: Volume 1-Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements”, NISTIR 7628 Revision 1, September, 2014.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Cali, U., Kuzlu, M., Pipattanasomporn, M., Kempf, J., Bai, L. (2021). Introduction to Security for Smart Grid Systems. In: Digitalization of Power Markets and Systems Using Energy Informatics. Springer, Cham. https://doi.org/10.1007/978-3-030-83301-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-83301-5_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-83300-8
Online ISBN: 978-3-030-83301-5
eBook Packages: EnergyEnergy (R0)