Index
“3 × 3”
“3 × 3” cyber security model,
118–
121
generation, transmission, distribution and metering systems,
120–
121
generation, transmission, and metering embedded devices,
121
A
Advanced Metering Infrastructure (AMI),
12,
47–
50
Advanced network monitoring,
133–
134
data loss prevention (DLP),
134
network behavior and anomaly detection (NBAD) tools,
133–
134
network forensics tool,
134
Article 29 Working Party opinion,
92
B
BP Energy Outlook,
Bring Your Own Device (BYOD),
149
Browser Exploit Against SSL/TLS (BEAST),
36
C
Canadian Electricity Association,
Chain, in Smart Grid supply chain,
156–
158
CO2 emission reduction
electric vehicles, support for,
greater efficiency, –
integration of renewable technologies, –
reduction in need of new power plant, –
smarter appliances, –
Compensating network security controls,
132–
133
application content inspection,
132
industrial protocol filters,
132
intrusion detection systems,
132
intrusion prevention systems,
132
transport layer security,
132–
133
Control zone protection,
129–
130
application whitelisting,
129
controlling configurations and system changes,
129
host data loss prevention (DLP),
129–
130
host intrusion detection systems/host intrusion prevention systems (HIDS/HIPS),
129
Cyber attack methods
attacking generation facilities,
82–
83
human-machine interface (HMI) popping,
77
man-in-the-middle (MITM) attack,
75–
76
setting phasors to kill,
81–
82
Cyber security
future considerations,
166–
168
future countermeasures,
168–
171
point security versus secure framework,
170–
171
Cyber Security Strategy of the United Kingdom,
147
D
Database Activity Monitoring or “DAM”,
136
Denial-of-service attack,
59–
60
Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE),
170
E
Electric Power Research Institute (EPRI),
Electric Reliability Council of Texas, –
Electrical generation
burner and steam generation processes,
29–
30
“clean” or “green” energy systems,
22
exploiting the controllers,
27–
30
fuel delivery processes,
29
generation system architecture,
23–
26
nuclear generation system,
23
security concerns and recommendations,
26–
32
build new plants for power,
raw materials,
renewable energy source,
source of,
Energy Retailers Association of Australia,
European Wind Energy Association (EWEA),
F
Federal Energy Regulatory Commission (FERC), –
Field zone protection,
126–
129
application whitelisting,
126–
127
real-time operating systems (RTOS),
128–
129
G
Grid resilience, –
baseload generating units,
intermediate units,
peak demands, –
peaking units,
power outage, –
significant risks,
H
Hacking Smart Grid
devices-specific vulnerabilities,
68–
69
identifying target,
62–
67
inherent vulnerabilities, in industrial protocols,
70–
72
leveraging automation systems for enumeration,
67
leveraging know vulnerabilities,
69–
70
manipulation of service,
60–
62
Scanning transmission and distribution infrastructure,
65–
67
targeting major cyber security,
64–
65
theft of information,
58–
59
Heritage Foundation, –
Host data loss prevention (DLP),
129–
130
Host intrusion detection systems/host intrusion prevention systems (HIDS/HIPS),
129
House of Commons Trade and Industry Committee,
I
Strategy for Securing Control Systems,
167–
168
IEEE 2030-2011 Smart Grid power system,
108–
109
Independent Pricing and Regulatory Tribunal (IPART),
International Atomic Energy Agency,
IPsec Encapsulating Security Protocol (ESP),
117
for multi-plant zone separation,
110
Windows-based devices,
109–
111
M
Man-in-the-middle (MITM) attack,
75–
76
McAfee Critical Infrastructure,
114
business networks (Enterprise),
114
N
National Institute of Standards and Technology (NIST),
89
Netwitness Investigator or Solera Networks’ DeepSee,
134
Nonintrusive Appliance Load Monitoring (NALM),
89
O
P
Phasor measurement units,
11–
12
Privacy concerns with Smart Grid
avoiding loss of trust and reputation,
95–
96
avoiding unnecessary costs,
95
customer’s energy records from power companies,
89–
90
identifying and managing risks,
95–
97
informing organization’s communications strategy,
96
meeting and exceeding legal requirements,
96
privacy impact assessment,
95–
98
S
Scanning transmission,
65–
67
Securing supply chain
Security control
advanced network monitoring,
133–
134
common technology-based methods,
126
compensating network security controls,
132–
133
control zone protection,
129–
130
establishing boundaries and zone separation,
130–
134
field zone protection,
126–
129
protecting data and applications,
134–
138
service zone protection and back office systems,
130
Shamoon (W32.DistTrack),
141–
142
“situational awareness,” 138–141
type of data to be protected,
137
Security information and event management systems (SIEM),
136
Service zone protection,
130
Shamoon (W32.DistTrack),
141–
142
Simplified Smart Grid reference model,
121–
122
Smart Grid
accessing without safeguards,
87
adoption of electric vehicles,
Advanced Metering Infrastructure (AMI),
12
challenge of making predictions,
161–
163
charging stations for electric vehicles,
97
consumer benefits,
Data Protection Authority,
96
definitions,
energy demands, –
environmental performance, –
grid resilience, –
operational efficiencies, –
11
phasor measurement units,
11–
12
potential exclusion, of communities,
12
processing personal data,
96
smarter appliances, –
substation automation,
11
transformation,
understandings,
values of personal data,
163–
166
Smart Grid Australia, –,
13
Smart Grid Coordination Group (SGCG),
104–
107
Smart Grids architecture model (SGAM) framework,
104–
107
Smart Grid cyber security models,
101,
103–
104
“3 × 3” cyber security model,
118–
121
anomaly detection products,
117
challenges in diversity and interconnectedness,
111
mapping security requirements,
114–
121
multiple segment systems,
113
process control network,
116
Smart Grid Coordination Group (SGCG),
104–
107
Standardization Mandate M/490,
104–
107
Smart Grid network architecture,
17
bulk and distributed generation architectures,
19–
32
distribution architecture,
43–
47
generation system architecture,
23–
26
transmission and distribution architecture,
32–
47
Smart Grid supply chain,
149–
158
in communications providers,
151–
152
contractually explicit,
155
in installation companies,
152
standardization bodies,
153–
156
@2legislation authorities,
155
Socket, –
Standardization Mandate M/490,
104–
107
System interdependencies,
51–
52
T
Transmission architecture,
32–
47
SCADA systems and substation automation,
34–
39
Transmission SCADA systems (T-SCADA),
34
direct attack vectors,
40–
41
distribution field devices,
46–
47
distribution SCADA/DMS,
44–
46
field controllers and automated field devices,
46–
47
line monitoring systems,
41–
42
line protection systems,
41
phasor data concentrator,
40
phasor measurement,
39–
41
possible exploitation of,
36
redefining inputs and outputs,
38
reliability and safety,
38
wide–area communication infrastructure, compromise of,
36–
38
U
United Nations,
US Cyberspace Policy Review,
147
US Generation III+ (GEN III+) nuclear power plan, –
Z