Building an Effective Security Program for Distributed Energy Resources and Systems

Inbunden, Engelska, 2021

1 999 kr

Beställningsvara. Skickas inom 7-10 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

Building an Effective Security Program for Distributed Energy Resources and Systems Build a critical and effective security program for DERsBuilding an Effective Security Program for Distributed Energy Resources and Systems requires a unified approach to establishing a critical security program for DER systems and Smart Grid applications. The methodology provided integrates systems security engineering principles, techniques, standards, and best practices.This publication introduces engineers on the design, implementation, and maintenance of a security program for distributed energy resources (DERs), smart grid, and industrial control systems. It provides security professionals with understanding the specific requirements of industrial control systems and real-time constrained applications for power systems. This book:Describes the cybersecurity needs for DERs and power grid as critical infrastructureIntroduces the information security principles to assess and manage the security and privacy risks of the emerging Smart Grid technologiesOutlines the functions of the security program as well as the scope and differences between traditional IT system security requirements and those required for industrial control systems such as SCADA systemsOffers a full array of resources— cybersecurity concepts, frameworks, and emerging trendsSecurity Professionals and Engineers can use Building an Effective Security Program for Distributed Energy Resources and Systems as a reliable resource that is dedicated to the essential topic of security for distributed energy resources and power grids. They will find standards, guidelines, and recommendations from standards organizations, such as ISO, IEC, NIST, IEEE, ENISA, ISA, ISACA, and ISF, conveniently included for reference within chapters.

Produktinformation

Utgivningsdatum2021-09-16
Mått183 x 259 x 28 mm
Vikt1 111 g
FormatInbunden
SpråkEngelska
Antal sidor608
FörlagJohn Wiley & Sons Inc
ISBN9781118949047

Tillhör följande kategorier

Energiteknik inom Naturvetenskap och teknik

Mariana Hentea earned her PhD and MS in Computer Science , MS in Computer Engineering, and BS in Electrical Engineering. Her research is focused on Smart Grid and DER systems, real-time systems security and performance, network security design and architecture, and use of Artificial Intelligence techniques for information security management, security risk management, network management, and process control. As a member of IEEE Standards Association, she promotes Security and Privacy awareness to Engineers, managers, regulators, and consumers. She is a member of IEEE Smart Grid, IEEE Power & Energy Society, IEEE Computer Society, ISC2 and ISSA organizations. Dr. Hentea holds a CISSP certification from ISC2.

Part I Understanding Security and Privacy Problem1 Security1.1 Introduction1.2 Smart Grid1.2.1 Traditional Power Grid Architecture1.2.2 Smart Grid Definitions1.2.3 Drivers for Change1.2.4 Smart Grid Communication Infrastructure1.3 Distributed Energy Resources1.3.1 DER Characteristics1.3.2 DER Uses1.3.3 DER Systems1.3.4 Microgrid1.3.5 Virtual Power Plant1.4 Scope of Security and Privacy1.4.1 Security for the Smart Grid1.4.2 Privacy1.4.3 The Need for Security and Privacy1.5 Computing and Information Systems for Business and Industrial Applications1.5.1 Information Systems Classification1.5.2 Information Systems in Power Grids1.5.3 DER Information Systems1.6 Integrated Systems in a Smart Grid1.6.1 Trends1.6.2 Characteristics1.7 Critical Smart Grid Systems1.7.1 Industrial Control Systems1.7.2 SCADA Systems1.7.3 Energy Management Systems1.7.4 Advanced Meter Systems1.8 Standards, Guidelines, and Recommendations1.8.1 Overview of Various Standards1.8.2 Key Standard Attributes and Conformance1.8.3 Smart Grid Standards1.8.3.1 Key Players in Smart Grid Standards Development1.8.3.2 How to Use Standards1.8.4 Cybersecurity Standards2 Advancing Security2.1 Emerging Technologies2.1.1 Internet of Things2.1.1.1 Characteristics of Objects2.1.1.2 Technologies2.1.1.3 IoT Applications2.1.1.4 IoT Security and Privacy2.1.1.5 Challenges2.1.2 Internet of Everything (IoE)2.1.3 Cyber-Physical Systems2.1.4 Cyber-Physical Systems Applications2.2 Cybersecurity2.2.1 Cybersecurity Definitions2.2.2 Understanding Cybersecurity Terms2.2.3 Cybersecurity Evolution2.3 Advancing Cybersecurity2.3.1 Contributing Factors to Cybersecurity Success2.3.2 Advancing Cybersecurity and Privacy Design2.4 Smart Grid Cybersecurity: A Perspective on Comprehensive Characterization2.4.1 Forces Shaping Cybersecurity2.4.2 Smart Grid Trends2.5 Security as a Personal, Organizational, National, and Global Priority2.5.1 Security as Personal Priority2.5.2 Protection of Private Information2.5.3 Protecting Cyberspace as a National Asset2.6 Cybersecurity for Electrical Sector as a National Priority2.6.1 Need for Cybersecurity Solutions2.6.2 The US Plans2.7 The Need for Security and Privacy Programs2.7.1 Security Program2.7.2 Privacy Program2.8 Standards, Guidelines, and Recommendations2.8.1 Electricity Sector Guidance2.8.2 International CollaborationReferences-Part1Part II Applying Security Principles to Smart Grid3 Principles of Cybersecurity3.1 Introduction3.2 Information Security3.2.1 Terminology3.2.2 Information Security Components3.2.3 Security Principles3.3 Security Related Concepts3.3.1 Basic Security Concepts3.3.2 The Basis for Security3.4 Characteristics of Information3.4.1 Data Transformation3.4.2 Data Characteristics3.4.3 Data Quality3.4.4 Information Quality3.4.5 System Quality3.4.6 Data Quality Characteristics Assigned to Systems3.5 Information Systems Characteristics3.5.1 Software Quality3.5.2 System Quality Attributes3.6 Critical Information Systems3.6.1 Critical Systems Characteristics3.6.2 Information Life Cycle3.6.3 Information Assurance3.6.4 Critical Security Characteristics of Information3.7 Information Security Models3.7.1 Evolving Models3.7.2 RMIAS Model3.7.3 Information Security Goals3.8 Standards, Guidelines, and Recommendations3.8.1 SGIP Catalog of Standards3.8.2 Cybersecurity Standards for Smart Grid4 Applying Security Principles to Smart Grid4.1 Smart Grid Security Goals4.2 DERs Information Security Characteristics4.2.1 Information Classification4.2.2 Information Classification Levels4.2.3 Information Evaluation Criteria4.3 Infrastructure4.3.1 Information Infrastructure4.3.2 Information Assurance Infrastructure4.3.3 Information Management Infrastructure4.3.4 Outsourced Services4.3.5 Information Security Management Infrastructure4.3.6 Cloud Infrastructure4.4 Smart Grid Infrastructure4.4.1 Hierarchical Structures4.4.2 Smart Grid Needs4.4.3 Cyber Infrastructure4.4.4 Smart Grid Technologies4.5 Building an Information Infrastructure for Smart Grid4.5.1 Various Perspectives4.5.2 Challenges and Relevant Approaches4.5.3 Common Employed Infrastructures4.6 IT Systems versus Industrial Control Systems Infrastructure4.6.1 Industrial Control Systems General Concepts4.6.2 Supervisory Control and Data Acquisition Systems (SCADA)4.6.3 Differences and Similarities4.7 Convergence Trends4.8 Standards, Guidelines, and Recommendations5 Planning Security Protection5.1 Threats and Vulnerabilities5.1.1 Threats Characterization5.1.2 Vulnerabilities Characteristics5.2 Attacks5.2.1 Attacks Categories5.2.2 Reasons for Attack5.3 Energy Sector: Threats, Vulnerabilities, and Attacks Overview5.3.1 Threats5.3.2 Vulnerabilities5.3.3 Energy Sector Attacks5.3.4 Smart Grid Cybersecurity Challenges5.4 Security Controls5.4.1 Security Controls Categories5.4.2 Common Security Controls5.4.3 Applying Security Controls to Smart Grid5.5 Security Training and Skills5.5.1 Education, Training, and Awareness5.5.2 Security Awareness Program5.6 Planning for Security and Privacy5.6.1 Plan Structure5.6.2 Security Team5.7 Legal and Ethical Issues5.8 Standards, Guidelines, and RecommendationsReferences-Part2Part III Security of Critical Infrastructure6 Critical Infrastructure6.1 Introduction6.1.1 Critical Infrastructure6.1.2 Critical Information Infrastructure6.2 Associated Industries with Critical Infrastructure6.2.1 US Critical Sectors6.2.2 Other Countries6.3 Critical Infrastructure Components6.4 Energy Sector6.4.1 Electrical Subsector6.4.2 Smart Grid Infrastructure6.5 Critical Infrastructures Interdependencies6.5.1 Interdependency Dimensions6.5.2 Dependencies6.6 Electrical Power System6.6.1 Electrical Power System Components6.6.2 Electrical Power System Evolution and Challenges6.6.3 Needs6.7 Recent Threats and Vulnerabilities6.7.1 Reported Cyber Attacks6.7.2 ICS/SCADA Incidents and Challenges6.7.2.1 Stuxnet Exploitation6.7.2.2 Exposure to Post Stuxnet Malware in Rise6.7.2.3 Inappropriate Design and Lack of Management6.7.2.4 Safety6.7.3 Equipment Failure6.8 Standards, Guidelines, and Recommendations7 Critical Infrastructure Protection7.1 Critical Infrastructure Attacks and Challenges7.1.1 Power Grid7.1.2 Attacks on Information Technology and Telecommunications7.1.3 Attacks in Manufacturing7.1.4 Defense7.2 The Internet as a Critical Infrastructure7.3 Critical Infrastructure Protection7.3.1 Policies, Laws, and Regulations7.3.2 Protection Issues7.4 Information Security Frameworks7.4.1 NIST Cybersecurity Framework7.4.2 NIST Updated Cybersecurity Framework7.4.3 Generic Framework7.5 NIST Privacy Framework7.6 Addressing Security of Control Systems7.6.1 Challenges7.6.2 Terrorism Challenges7.7 Emerging Technologies and Impacts7.7.1 Control Systems Open to Internet7.7.2 Wireless and Mobile7.7.3 Internet of Things and Internet of Everything7.7.4 WEB Technologies7.7.5 Embedded Systems7.7.6 Cloud Computing7.8 Standards, Guidelines, and Recommendations7.8.1 Department of Homeland Security (DHS)7.8.2 Federal Communications Commission (FCC)7.8.3 National Institute of Standards and Technology (NIST)7.8.4 North American Energy Reliability Corporation (NERC)7.8.5 Federal Regulatory Energy Commission7.8.6 DOE Critical Infrastructure Guidance7.8.7 US-CERTReferences-Part3Part IV The Characteristics of Smart Grid and DER Systems8 Smart Power Grid8.1 Electric Power System8.1.1 Power System Services8.1.2 Power System Operations8.1.3 Energy Management System Overview8.1.4 Electrical Utilities Evolution8.2 Smart Grid – What it Is?8.2.1 Definitions8.2.2 Vision of the Future Smart Grid8.2.3 Tomorrow’s Utility8.2.4 EMS Upgrades8.2.5 Electricity Trade8.2.6 Trading Capabilities8.3 Smart Grid Characteristics8.3.1 Relevant Characteristics8.3.2 Electrical Infrastructure Evolution8.4 Smart Grid Conceptual Models8.4.1 NIST Conceptual Model8.4.2 IEEE Model8.4.3 European Conceptual Model8.5 Power and Smart Devices8.5.1 Smart Meters8.5.2 Intelligent Electronic Devices8.5.3 Phasor Measurement Units8.5.4 Intelligent Universal Transformers8.6 Examples of Key Technologies and Solutions8.6.1 Communications Networks8.6.2 Integrated Communications8.6.3 Sensor Networks8.6.4 Infrastructure for Transmission and Substations8.6.5 Wireless Technologies8.6.6 Advanced Metering Infrastructure8.7 Networking Challenges8.7.1 Architecture8.7.2 Protocols8.7.2 Constraints8.8 Standards, Guidelines, and Recommendations8.8.1 Smart Grid Interoperability8.8.2 Representative Standards9 Power Systems Characteristics9.1 Analysis of Power Systems9.1.1 Analysis of Basic Characteristics9.1.2 Stability9.1.3 Partial Stability9.2 Analysis of Impacts9.2.1 DERs Impacts9.2.2 Interconnectivity9.3 Reliability9.3.1 Reliable System Characteristics9.3.2 Addressing Reliability9.3.3 Evaluating Reliability9.3.4 ICT Reliability Issues9.3.5 DERs Impacts9.4 Resiliency9.4.1 Increasing Resiliency9.4.2 DERs Opportunities9.5 Addressing Various Issues9.5.1 Addressing Cybersecurity9.5.2 Cyber-Physical System9.5.3 Cyber-Physical Resilience9.5.4 Related Characteristics, Relationships, Differences and Similarities9.6 Power Systems Interoperability9.6.1 Interoperability Dimensions9.6.2 Smart Grid Interoperability9.6.3 Interoperability Framework9.6.6 Addressing Cross-Cutting Issues9.7 Smart Grid Interoperability Challenges9.8 Standards, Guidelines, and Recommendations9.8.1 ISO/IEC Standards9.8.2 IEEE Standards10 Distributed Energy Systems10.1 Introduction10.1.1 Distributed Energy10.2 Distributed Energy Resources10.2.1 Energy Storage Technologies10.2.2 Electric Vehicles10.2.3 Distributed Energy Resource Systems10.2.4 Electrical Energy Storage Systems10.2.5 Virtual Power Plant10.3 DER Applications and Security10.3.1 Energy Storage Applications10.3.2 Microgrid10.4 Smart Grid Security Goals10.4.1 Cybersecurity10.4.2 Reliability and Security10.4.3 DER Security Challenges10.5 Security Governance in Energy Industry10.5.1 Security Governance Overview10.5.2 Information Governance10.5.3 EAC Recommendations10.5.4 Establishing Information Security Governance10.5.5 Governance for Building Security In10.6 What Kind of Threats and Vulnerabilities?10.6.1 Threats10.6.2 Reported Cyber Incidents10.6.3 Vulnerabilities10.6.4 ICS Reported Vulnerabilities10.6.5 Addressing Privacy Issues10.7 Examples of Smart Grid Applications10.7.1 Smart Grid Expectations10.7.2 Demand Response Management Systems (DRMS)10.7.3 Distribution Automation10.7.4 Advanced Distribution Management System10.7.5 Smart Home10.7.6 Smart Microgrid10.8 Standards, Guidelines, and Recommendations10.8.1 NIST Roadmap, Standards, and Guidelines10.8.2 NERC CIP Standards10.8.3 Security Standards GovernanceReferences-Part4Part V Security Program Management11 Security Management11.1 Security Management Overview11.1.1 Information Security11.1.2 Security Management Components11.1.3 Management Tasks11.2 Security Program11.2.1 Security Program Functions11.2.2 Building a Security Program: Which Approach?11.2.3 Security Management Process11.3 Asset Management11.3.1 Asset Management for Power System11.3.2 Asset Management Perspectives11.3.3 Benefits of Asset Management11.3.3.1 DER Assets Classification11.3.3.2 DER Asset Data11.3.3.3 Asset Management Analytics11.3.3.4 Applications11.3.3.5 Asset Management Metrics11.3.3.6 Asset Management Services11.4 Physical Security and Safety11.4.1 Physical Security Measures11.4.2 Physical Security Evolution11.4.3 Human Resources and Public Safety11.5 Human and Technology Relationship11.5.1 Use Impacts11.5.2 DER Systems Challenges11.5.3 Security vs. Safety11.6 Information Security Management11.6.1 Information Security Management Infrastructure11.6.2 Enterprise Security Model11.6.3 Cycle of the Continuous Information Security Process11.6.4 Information Security Process for Smart Grid11.6.5 Systems Engineering and Processes11.7 Models and Frameworks for Information Security Management11.7.1 ISMS Models11.7.2 Information Security Management Maturity Model (ISM3) Model11.7.3 BMIS Model11.7.4 Systems Security Engineering - Capability Maturity Model (SSE-CMM)11.7.5 Standard of Good Practice (SoGP)11.7.6 Examples of Other Frameworks11.7.7 Combining Models, Frameworks, Standards, and Best Practices11.8 Standards, Guidelines, and Recommendations12 Security Management for Smart Grid Systems12.1 Strategic, Tactical, and Operational Security Management12.1.1 Unified View of Smart Grid Systems12.1.2 Organizational Security Model12.2 Security as Business Issue12.2.1 Strategic Management12.2.2 Tactical Management12.2.3 Operational Management12.3 Systemic Security Management12.3.1 Comparison and Discussion of Models12.3.2 Efficient and Effective Management Solutions12.3.3 Means for Improvement12.4 Security Model for Electrical Sector12.4.1 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)12.4.2 Which Guidance and Recommendations Apply to Electrical Sector?12.4.3 Implementing ISMS12.4.4 NIST Framework12.4.5 Blueprints12.4.6 Control Systems12.5 Achieving Security Governance12.5.1 Security Strategy Principles12.5.2 Governance Definitions and Developments12.5.3 Information Security Governance12.5.4 Implementation Challenges12.5.5 Responsibilities and Roles12.5.6 Governance Model12.6 Ensuring Information Assurance12.6.1 NIST SP800-5512.6.2 ISO/IEC 2700412.7 Certification and Accreditation12.7.1 Common Criteria12.7.2 ISO/IEC 2700112.7.3 ISMS Accreditation12.8 Standards, Guidelines, and Recommendations12.8.1 ISO/IEC Standards12.8.2 ISA Standards12.8.3 National Institute of Standards and Technology (NIST)12.8.4 Internet Engineering Task Force (IETF)12.8.5 ISF Standards12.8.6 European Union Agency for Network and Information Security Guidelines12.8.7 Information Assurance for Small Medium Enterprise (IASME)References-Part5Appendix A CybersecurityAppendix B PowerAppendix C Critical Infrastructures and Energy InfrastructureAppendix D Smart Grid – Policy, Concepts, and TechnologiesAppendix J AcronymsIndex