Task Force on Cyber Security of Power Systems
Background
Background
Critical infrastructures are complex physical and cyber-based systems that form the lifeline of modem society, and their reliable and secure operation is paramount importance to national security and economic vitality. In most sense, the cyber system forms the backbone of nation's critical infrastructures, which means that a major security incident on cyber system could have significant impacts on the reliable and safe operations of the physical systems that rely on it. The recent findings, as documented in US government reports and in the literature, indicate that the growing threat of cyber-based attacks in numbers and sophistication on electric grid and other critical infrastructure systems. The focus of this task force is the cyber security of electric power infrastructure.
The electric power grid, as of today, is a highly automated network. A variety of communication networks are interconnected to the electric grid for the purpose of sensing, monitoring and control. These communication networks are closely associated with the supervisory control and data acquisition (SCADA) systems in the network for system operation functions and real-time control of the power system. Defending against cyber-attacks on SCADA networks is a challenging task, given the large geographic span of the power infrastructure and electronic access points, wide range of attack mechanisms, the decentralized nature of the control, deregulation and the lack of coordination among various entities in the electric grid.
NERC (North American Electric Reliability Corp.) has developed CIP (critical infrastructure protection) standards to protect power infrastructures against cyber and physical attacks. The recent NERC directives make it mandatory for utilities to undertake cyber-security vulnerability assessment at control centres and operator locations and to take corrective measures. To ensure the secure, reliable and efficient distribution of power, the Department of Energy jointly established the National SCADA Test Bed (NTSB) program at Idaho National Laboratory and Sandia National Laboratory in an effort to enhance the cyber security of control systems used throughout the electricity, oil, and gas industries. Cyber security for the power grid is an emerging area of research. The Control System Security Program (CSSP) of US Department Homeland Security (DHS) helps to develop control system cyber security industry standards.
International Electrotechnical Commission Technical Council (IEC TC 57), power systems management and associated information exchange, has developed standards for communication protocols with stronger encryption and authentication mechanisms. Specifically, this has been proposed in IEC62351 for data and communication security that assures access to sensitive power equipment and provides higher reliability with audit capabilities.