دانلود رایگان مقاله انگلیسی استانداردهای ارزیابی امنیت سایبری شبکه هوشمند - الزویر 2018

Abstract

Security evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security assessment guidance. This should help practitioners in choosing the standards that are applicable to their area. Additionally the contents extracted from the standards can serve as a useful guidance on security assessments of smart grid components.

9. Conclusions

The study shows that a smart grid standard on cyber security assessments has not been specified so far. Cyber security related standards for smart grid address the issue to various extent and in different ways.

There are 6 smart grid or power systems’ standards that provide more information on security assessment processes which can be applied to IACS, substations or all smart grid components (see Table 5). The standards provide rather general guidance, without technical specifications. They can be used as a point of reference for higherlevel activities, such as deriving security assessment policies, assigning responsibilities or scheduling security assessment actions. Four of them can be used in compliance testing. Refere CSET, Samurai and [124].

More detailed, general and technical information is provided in 7 standards of wide applicability (enterprises, IT products), not particularly intended for smart grid (see Table 6). These standards can be applied to the enterprise level of smart grid as well as to all its components that use communication technologies and process information. Besides the guidance provided in the standards, multiple references to further literature, which describes additional methods and tools are included. Among them NIST SP 800-115 stands out as the most comprehensive source of security assessment guidance. It defines a three-tier security assessment methodology, describes several assessment techniques, and provides references to further literature and approaches [122, 83, 108, 55, 99]. This document could be a first choice when seeking for guidance on cyber security assessments in smart grid information systems.

The remaining 21 publications which to lesser or greater extent refer to security assessments don’t provide details on that subject. Again they can be used for high-level decisions that regard, for instance, type or frequency of assessments. The majority of them can be used in compliance testing.