SlideShare a Scribd company logo

Capstone Team Report -The Vicious Circle of Smart Grid Security

R
reuben_mathew

The document summarizes challenges facing different stakeholders in securing the smart grid: - Utilities face rapid deployment, funding shortfalls, technical challenges explaining security, and sophisticated attacks exploiting systems. - Regulators have inconsistent standards and gaps between policies, creating confusion. - Equipment manufacturers consider security important but frameworks are not always implemented, leaving systems vulnerable. Coordinated efforts are needed between utilities, regulators, and manufacturers to address gaps and build a secure smart grid.

1 of 11
Download to read offline
1 The Vicious Circle of Smart Grid Security Justin A. Turner, Amit K. Barik, Reuben Mathew Justin.A.Turner@colorado.edu, Amit.Barik@colorado.edu, Reuben.Mathew@colorado.edu A capstone paper submitted as partial fulfillment of the requirements for the degree of Masters in Interdisciplinary Telecommunications at the University of Colorado, Boulder, 3 May 2011. Project directed by Jose R. Santos. 1 Introduction The massive push for energy efficiency and conservation is driving rapid development and deployment of Smart Grid technology around the globe, effectively driving integration and connection of Supervisory Control and Data Acquisition (SCADA) systems closer and closer to the user edge. The resulting network is vast, complex and very similar to the Internet. This environment greatly increases the possibility of cyber-attacks (Ten, Liu, & Manimaran, 2008) by introducing attack vectors that were nonexistent in the past. This is a serious threat to the national power infrastructure that must be addressed. The tragic events surrounding the Fukushima Daiichi nuclear power plant following the massive 2011 earthquake in Japan underscore the importance of system availability and data integrity. Initial reports indicate that primary systems remained intact. Unfortunately, critical axillary systems and communications infrastructure are significantly damaged. Without these systems, the reactor core is on the edge of a catastrophic meltdown. In 2010, the Stuxnet worm discovered in an Iranian nuclear plant could have created a similar situation. Several reports suggest that damage was extensive enough that it will take several years to recover from. Stuxnet demonstrates how devastating that a highly sophisticated and focused cyber-attack can be to a power utility. “If the critical infrastructures of the world are to be safe and secure, then the owners and operators need to recognize that their control systems are now the target of sophisticated attacks. Improved defense-in-depth postures for industrial control systems are needed urgently. Waiting for the next worm may be too late.” (Byres, Ginter, & Langil, 2011) Unfortunately we are treading down a dangerous path. Actions taken by utility companies, equipment manufacturers and regulators are not adding up to form a safe and secure environment for which the “smart grid” needs to become a reality. We believe that in order for stakeholders to build an advanced, efficient and attack resilient smart grid, we must address considerable gaps that exist between each stakeholder. According to the Department of Energy, “if we approach issues of reliability, affordability, energy independence and grid security piecemeal, piecemeal solutions are all we will get.” (DoE, 2010) The statement is clear! Utilities, equipment manufacturers and regulators must work together to solve the cyber-security crisis that we are seeing unfold within the power industry today. 2 Methodology This paper will analyze the perspective of three critical stakeholders. We will start with the Utility companies, followed by Regulators responsible for developing policies to shape the industry and finish with a look at the equipment manufacturers. All parties have a critical role in delivering the smart grid; however each has a unique set of challenges with respect to addressing cyber-security. This paper seeks to identify the most critical gaps that exist between the stakeholders today. With a better understanding of the existing environment we can then make
2 recommendations to close gaps, improve awareness and ultimately the overall security posture of the smart grid going forward. 3 Analysis of Stakeholders 3.1 Utilities Utilities in the United States are a mixture of public and private companies. Similar to other for profit businesses, they strive to maximize profits to survive in order to provide services to society. Currently, electric utility companies are leveraging U.S stimulus money to rapidly deploy smart meters throughout the U.S. (Mills, 2010). It can be inferred from current research, that utilities are expanding their markets by working on multiple smart grid projects simultaneously (Leeds, 2010). From a security perspective, this rapid deployment approach is troublesome as it decreases the amount of time to plan and deploy security measures. This in turn increases the cyber threat surface to the power grid by exposing new devices that are not fully vetted and secured. According to a recent report, “U.S. based utilities will invest $21 billion by 2015 in cyber security related activities and technologies to protect the smart grid” (Pike Research, 2010). This is only a prediction; however this indicates the substantial monetary requirement for securing the grid. Even though the government is supporting utilities to some degree, small to mid-sized companies are not often capable of investing in their cyber-security infrastructure at high enough rates to maintain a good security posture. According to Bigger & Willingham, 2005, Small electric and gas utilities are concerned with what they see as “looming security requirements” that they cannot afford or that the results will not benefit their customers. This indirectly creates two possible scenarios which negatively affect the security posture of the entire smart grid. First, small utilities which are unable to rapidly invest in security will form weak links in the interconnected smart grid. Second, if smaller utilities have little to no influence over vendor decisions due to lack of spending ability, larger utilities will disproportionately influence manufacturing decisions. The resulting equipment options may not be suitable for smaller deployments and will force smaller utilities to selectively choose only core capabilities without advanced cyber-security options. The rapid state of change combined with the monetary challenges highlighted above is creating a difficult environment in which utility cyber-security professionals are struggling to overcome. One of the major problems faced by utility companies is “explaining the technical advantages of cyber-security to their executives” (Wheatman, 2011). Finding metrics that show clear business advantages to investing in cyber-security are hard to find. This makes it increasingly difficult to justify what are in many cases mandated cyber-security practices. Cyber-security training programs can be expensive and are not always implemented willingly as a result. Additionally, there is a knowledge gap between IT security personnel and SCADA engineers. All of these challenges contribute to difficulties with implementing strong cyber- security practices and technologies within utilities (Clements & Kirkham, 2010). Looking at security from another perspective, interoperability is one challenge that is widely recognized but largely unresolved. “The need for standards is urgent” (Lee, 2011). Defining standards and migrating towards them is important for the smart grid to become a reality, however combining various networks which operate on different standards exponentially
3 increases vulnerabilities. According to Idaho National Laboratory, 2006, “multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization”. If utilities had the luxury to implement a single vendor, single standard environment they would, however that will likely never be an option. The reality is that equipment manufacturers are focused on individual pieces of the larger smart grid puzzle. Until we have developed widely recognized standards that are economically feasible to adopt, the industry will be stuck in a vicious circle trying to balance proprietary vender technologies with increasing cyber threats. From the utilities perspective a critically important security issue lies with the alarming increase in known vulnerabilities to the systems and networks that we depend on. Consider the Night-Dragon case (McAfee Foundstone Professional Services and McAfee Labs, 2011). The Night-Dragon, code named by MacAfee, emerged in November of 2009 in the U.S., Greece, Kazakhstan and Taiwan. According to McAfee Foundstone Professional Services and McAfee Labs, China was the origination point of this attack which exploited various utility companies targeting important proprietary information. The attack used the following methods to compromise and infiltrate systems: • Targeted Command and Control systems (in U.S.) using social engineering techniques which confuse operators into erroneously providing information such as usernames and passwords. • Used RAT and other available hacker tools (like ASPXSpy and WebShell) to compromise and penetrate security systems. • Used SQL-injections to compromise firewalls and database systems. • Gained access to executive workstations and other sensitive devices (all running Windows OS) using credentials gathered through social engineering efforts and know windows exploits. The attack suggests that victim utilities did not follow a defense-in-depth security approach. The practice of isolating critical control systems using basic firewall configurations, considered by many utilities to be their cyber-security savior is an antiquated practice when used alone and was easily exploited by the Night-Dragon attack using common tools and techniques that take advantage of untrained and generally unaware users. This attack was sophisticated and deliberate in nature, indicating that basic measures for securing critical systems is not enough. SCADA systems which sit at the heart of most utility company operations are increasingly targeted due to their known reputation for lackadaisical security controls. In 2010, Stuxnet revealed exactly how critical systems can become crippled by sophisticated attacks. Stuxnet is “malware made specifically for sabotaging SCADA processes using PCS7 and Siemens WinCC control systems” (Byres, Ginter, & Langil, 2011) . The Stuxnet attack which targeted nuclear power plants in Iran propagated using multiple vectors including USB flash drives, infected PDF files and unpatched hosts. Apart from considering all of the possible attack vectors used, it is important to know that targeted machines used for command and control of the worm were mainly Windows based. The worm took advantage of Windows vulnerabilities in order to infiltrate the network targeting specific models of Siemens control systems. The attack was not detected by antivirus software since signatures did not exist at the time of attack. Furthermore, the sophisticated design of the Stuxnet worm allowed it to “live on the victim’s network for a long time undetected while penetrating all the way through to reach critical control
4 systems.” (Malcho, Harley, Rodionov, & Matrosov, 2010) Many security researchers who have examined the Stuxnet worm believe it would successfully infiltrate utility networks in the U.S. today even if the victims followed all of the standards outlined by Siemens in their security best practices documentation. The Stuxnet attack is a clear indication that highly sophisticated and targeted attacks are a reality today. Utilities must not wait until the next attack occurs on a U.S. facility to take serious measures to secure their environments. 3.2 Regulators Regulators have always played an important role in directing and shaping the landscape for which utilities and equipment manufacturers operate in any industry. In 2007, the Department of Energy was directed by the Energy Independence and Security act to “modernize the nation’s electricity grid to improve its reliability and efficiency.” (DoE, 2010) Since then, utilities and manufacturers have scrambled to begin shaping this new and rapidly changing environment now called the smart grid. This monumental task comes with great risk. Cyber-security considerations were not heavily measured when initial policies emerged directing and shaping the smart grid. Focus has improved, however it is increasingly clear that confusion and gaps among interested parties is prohibiting progress. The following diagram presented in a Depart of Energy briefing in March of 2011 visually depicts a confusing and difficult to follow landscape. Figure 1 below depicts government entities at the state and federal level, working groups, commissions, Industry associations and utilities. Figure 1: Cyber Security Standards / Requirements relationship map (Hunteman, 2011)
5 As the title suggests, this map depicts the relationships between organizations involved in developing standards for manufacturers and utilities to follow in order to secure the smart grid. Context is missing from this diagram however in the briefing Mr. Hunteman specifically highlights several key challenges to addressing cyber-security for the smart grid which include inconsistent standards at the federal, state, and local levels; significant gaps between implementation of policies by Federal and State agencies and lack of clearly defined roles and responsibilities for cyber-security in the smart grid. This sentiment is shared by several utilities and equipment manufacturers who responded to the DoE’s request for comments on addressing policy and logistical challenges to smart grid implementation. For example Edison Electric Institute states in their response that “there is insufficient coordination among the many independent groups doing testing, or proposing to do testing, and that there should be a certifying body to oversee compliance with testing and certification procedures.” (EEI, 2010) Others such as Cisco systems commented that “various federal agencies involved in the creation of the Smart Grid and the standards on which it will be based can and should address risks as early as possible.” (Cisco, 2010) The Department of Energy web site contains over seventy five responses from equipment manufacturers and utilities, many of which repeat this sentiment over and over. We can say a few things with certainty regarding the organizational structure of the regulatory environment and smart grid cyber-security today. First, congress has directed the Department of Energy to lead the charge with development and implementation of the smart grid including cyber-security related issues as discussed above. Second, congress has charged the National Institute of Standards and Technology (NIST) with developing standards for smart grid technology and implementation. NIST issued standards and/or best practices for smart grid security in a 2010 document. The policy is a good attempt to lead utilities and equipment manufacturers in the right direction however several key pieces of information were not addressed. In the January 2011 Government Accountability Office (GAO) report titled “Electricity Grid Modernization” the GAO states that while NIST efforts to include missing pieces to policy are underway, “the plan and schedule are still in draft form.” “Until the missing elements are addressed, there is an increased risk that smart grid implementations will not be secure as otherwise possible.” The Federal Energy Regulatory Commission (FERC) is a federal yet independent agency similar to the Federal Communications Commission and is charged with “regulation of public utility transmission and sales” (Greenfield, 2010). This is an oversimplified description of FERC responsibilities, but in their own words, FERCs authority to regulate does not include local distribution or resale. If the smart grid is supposed to be an end-to-end system, this policy must change. The National Energy Reliability Commission (NERC) which is designated by FERC to develop reliability standards for bulk power generation and transmission within North America has published seventeen cyber-security guidelines to date. These guidelines fall under their Critical Infrastructure Protection (CIP) standards addressing critical asset identification, security management controls, personnel and training, electronic security parameters, physical security, systems security management, incident reporting and recovery management. NERC according to their Chief Information Officer Mark Weatherford, believes that CIP standards are having an impact. Industry experts agree with one caveat, which is that “utilities are focusing on regulatory
6 compliance instead of comprehensive security” (GAO, 2011). Regardless, NERC regulatory oversight governs bulk power generation and transmission only. To date there is no uniform regulation or cross cutting authority given to any agency to provide a common direction and oversight to smart grid cyber-security efforts. 3.3 Equipment Manufacturers Equipment manufacturers have an important role in assisting utilities and regulators implement smart grid technologies. Similar to auto and computer manufacturers, they are the subject matter experts for the systems they sell and support. As such they play a key role in the development and employment of robust end-to-end cyber-security technology and policies with respect to the smart grid. During the onset of smart grid deployment, many service providers and manufacturers considered security only relevant to smart metering thus ignoring the attention required towards automation, substation, control systems and SCADA. Recent events such as Stuxnet already discussed in this paper have reinvigorated attention to these critical control systems that sit at the heart of power utilities. It is not immediately clear what specific security concerns that equipment manufacturers have. For the purpose of discussion we consider open source information from Siemens, Cisco and others who all provide systems critical to the smart grid. Several manufacturers produce SCADA systems. One of the major players is Siemens who develops hardware, software and networking equipment for utilities. Siemens happened to be the system targeted by Stuxnet; however this paper in no way intends to cast blame on Siemens alone for exploits used by Stuxnet. A common Siemens control system is the SIMATIC PCS 7 product suite which is primarily a Distributed Control System (DCS) automation technology for process control systems is developed around a defense-in-depth strategy. The system uses security features like automated Windows security patch management, remote access using IPSec and VPNs, virus scans and firewalls, time synchronization, user and access rights, active directory and work groups, network management, disaster recovery and system segmentation. Siemens has a published framework describing best practices to secure their systems. Unfortunately this framework is “not often implemented in practice” (Byres, Ginter, & Langil, 2011) according to reports describing how Stuxnet infected and damaged critical control systems. Cisco Systems who is a manufacturer of enterprise level network devices, strongly believes that in order to approach the modern smart grid infrastructure, “a comprehensive security architecture is a must that has improved integration of diverse digital devices, increased use of sensors, layers of physical and cyber security integrated across all operational aspects of the grid.” (Cisco, 2010) Cisco like Siemens has developed their own security framework with best practices as they see them for securing the smart grid. Figure 2 depicts the Cisco approach for developing a smart grid security plan.
7 Figure 2: Cisco Grid Security Implementation Model This model loosely depicts the idea of wrapping layers of security around critical infrastructure. Cisco’s report goes on to describe their technologies and implementation strategies to protect and defend critical infrastructure. The challenge with the Cisco model along with Siemens or others is applying it to an environment where multiple vender technologies exist. In many cases, the interoperability gap will interfere with best practices described in their security guideline framework. Equipment manufacturers need to continue working on development of interoperable standards for the safety and security of the smart grid. In an ideal scenario, equipment manufacturers providing equipment for all portions of a utility network would be drawn into the plant development process in order to deliver a robust end-to-end security framework. This is a utopia scenario which assumes that manufacturers will work together in harmony and openly share information that is often times considered proprietary and sensitive in nature. We know this will likely never happen, however if manufacturers knew that utilities would generally choose a manufacturer based on their ability to integrate whole solutions which incorporated cross brand solutions, manufacturers would start working towards common standards. Cisco highlighted this in their response to the DoE’s RFI noting that “the convergence of networking industry participants on the TCP/IP standard was critical to the rapid evolution of the internet.” (Cisco, 2010) Similar behavior on the part of smart grid manufacturers will “play the same role in the emerging Smart Grid, by ensuring that utilities and their customers will benefit from choices among standards-compliant devices that together will comprise the Smart Grid.” (Cisco, 2010)
8 4 Recommendations Through our analysis of the stakeholder positions, we concur with statements made in the very recent report released by the Government Accountability Office. Specifically, we believe that “key players have to work together as a team” (GAO, 2011) in order to secure the smart grid. Figure 3: The Vicious Circle of Smart Grid Security Figure 3 above graphically depicts the vicious circle of smart grid security as we see it today. Starting with utility companies, we see policies and requirements put in front of them by regulators which do not always come with clear direction or a supporting business case. Moving clockwise around the circle we see equipment manufacturers who are working to respond to the needs of utility companies demanding secure, cost effective and flexible solutions, but do not have a clear understanding of what is required or standards to develop to. Finally we see regulators working to develop and provide smart grid standards and security measures to manufacturers while pushing utilities to modernize and deliver the smart grid to society. It is a difficult problem that will take some time to correct.
9 We recommend the following actions at a minimum to help correct the security crisis that we are facing with respect to smart grid implementation: i. Appoint or nominate a single authority with national reach to assess and measure compliance with security standards developed by NIST, NERC and any other federal authority appointed to develop cyber-security standards. This authority should have the ability to evaluate the entire grid from SCADA system to the household meter. ii. Reconsider time tables outlined in guidelines used by utilities to secure government assistance in deployment of smart grid technologies. The sense of urgency to meet these deadlines to acquire funding is causing utilities and manufacturers to rush through what should be carefully thought out security plans and implementation testing. iii. Create a testing and certification body which independently tests and evaluates systems and technologies to ensure security and standards compliance. Regulators (Governments) must clearly define standards for the testing body to use. Utilities and Equipment manufacturers must participate in the development of these standards without bias. Leverage the process used by the Department of Defense to test and certify communications systems (Joint Interoperability Testing and Certification) iv. Develop an anonymous reporting and discussion forum where utilities, manufacturers, government entities and possibly law enforcement authorities can exchange information and ideas freely without fear of recourse. 5 Conclusion The cyber threats that we face today are very real and dangerous. We know that cyber- attacks like Night Dragon and Stuxnet will continue to occur as networked technologies are integrated with the power grid. We also know that new cyber vulnerabilities are emerging with increasing frequency. Overcoming these challenges will require the entire smart grid industry from utilities to equipment manufacturers to regulators to work together to form a secure end-to- end power grid. Having explained the challenges faced by three of the key players, we hope that our recommendations will generate more action across the industry at a minimum. Security is paramount and we are all responsible for ensuring it is sufficiently addressed to make the smart grid a reality. Acknowledgement Our research project was successfully completed with the efforts and guidance of numerous people from academia and industry alike. We would like to thank our project mentor, Jose Santos and advisor Prof. Stephen Barnes for all their time and valuable insights throughout every stage of our project. We had two amazing opportunities to speak with the chief Cyber Security advisor at the Department of Energy, Mr. William Hunteman and the Chief Security Officer at the National Energy Reliability Corporation (NERC) Mr. Mark Weatherford. Each provided
10 volumes of important insight from multiple perspectives. They each provided some level of confirmation of conclusions that we have drawn throughout this paper. We would also like to thank Arun Gerra, Security Engineer at Alchemy Security, LLC for his inputs and industry perspective of smart grid security. Finally, we would like to take this opportunity to sincerely thank Prof. Tim Brown for all his patience and detailed guidance in completing this paper. References Bigger, J., & Willingham, M. (2005). Critical Infrastructure Protection in the National Capital Region. George Mason University. Byres, E., Ginter, A., & Langil, J. (2011). White Paper: How Stuxnet Spreads. Multiple Cities: White Paper. Cisco. (2010, April 3). Cisco Smart Grid Security Solutions. Retrieved April 4, 2011, from Cisco.com: http://www.cisco.com/web/strategy/docs/energy/CiscoSmartGridSecurity_solutions_brief_c22- 556936.pdf Cisco. (2010). Comments of Cisco Systems to Office of Electricity Delivery and Energy Reliability Department of Energy. San Jose: Cisco Systems. Clements, S., & Kirkham, H. (2010). Cyber-security considerations for the smart grid. Power and Energy Society General Meeting, 2010 IEEE, (pp. 1-5). Minneapolis. DoE. (2010). What a Smart Grid means to our Nations Future. Washington D.C.: U.S. Department of Energy. EEI. (2010). RE: Smart Grid RFI: Addressing Policy and Logistical Challenges to Smart Grid Implementation. Washington D.C.: Edison Electric Institute. GAO. (2011). Electricity Grid Modernization Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed. Washington D.C.: United States Government Accountability Office. Greenfield, L. R. (2010). An Overview of the Federal Energy Regulatory Commission and Federal Regulation of Public Utilities in the United States. Washington D.C.: Associate General Counsel – Energy Markets 1 Office of the General Counsel Federal Energy Regulatory Commission. Hunteman, W. (2011). Electric Sector and Smart Grid Cyber Security. Smart Grid Security East. Washington D.C.: U.S. Department of Energy. Idaho National Laboratory. (2006, May). Control Systems Cyber Security: Defense in Depth Strategies. Retrieved from United States Computer Emergency Readiness Team: http://www.us- cert.gov/control_systems/practices/documents/Defense%20in%20Depth%20Strategies.pdf
11 Lee, A. (2011, January 11). NIST and the Smart Grid. Retrieved from National Institute of Standards and Technology: http://csrc.nist.gov/cyber-md-summit/documents/presentations/nist-and-smart- grid_ALee.pdf Leeds, D. J. (2010, February 10). The 2010 North American Utility Smart Grid Deployment Survey. Retrieved from GTM Research: http://www.gtmresearch.com/report/the-2010-north-american- utility-smart-grid-deployment-survey Malcho, J., Harley, D., Rodionov, E., & Matrosov, A. (2010). Stuxnet Under the Microscope [White paper]. McAfee Foundstone Professional Services and McAfee Labs. (2011). Global Energy Cyberattacks: “Night Dragon” [White paper]. Retrieved from McAfee: http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night- dragon.pdf Mills, E. (2010, May 15). Money trumps security in smart-meter rollouts, experts say | InSecurity Complex - CNET News. Retrieved from Technology News - CNET News: http://news.cnet.com/8301-27080_3-20007672-245.html Pike Research. (2010, February 4). Utilities to Invest $21 Billion in Smart Grid Cyber Security by 2015. Retrieved from Pike Research: http://www.pikeresearch.com/newsroom/utilities-to-invest-21- billion-in-smart-grid-cyber-security-by-2015 Smart Grid Request for Information and Public Comments. (n.d.). Retrieved from U.S. Department of Energy: http://www.oe.energy.gov/Smart Grid Request for Information and Public Comments.htm Ten, W., Liu, C., & Manimaran, G. (2008). Vulnerability assessment of cybersecurity for SCADA systems. Power Systems. IEEE Transactions on Power Systems, 23(4), 1836-1846. Wheatman, J. (2011, February 16). Why Communication Fails: Five Reasons the Business Doesn't Get Security's Message. Retrieved from Gartner: www.gartner.com/DisplayDocument?id=1549927

Recommended

L479096.pdf
L479096.pdfL479096.pdf
L479096.pdfAmerican Research Journal of Humanities & Social Science
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceAustin Eppstein
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012Icomm Technologies
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 

Recommended

L479096.pdf
L479096.pdfL479096.pdf
L479096.pdfAmerican Research Journal of Humanities & Social Science
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceAustin Eppstein
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012Icomm Technologies
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Forensics
ForensicsForensics
ForensicsLaura Aviles
 
188
188188
188vivatechijri
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4 Jeewanthi Fernando
 
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewCyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewIOSR Journals
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewEnow Eyong
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisksHenk van der Tweel
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docxAmir Khan
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDPacificResearchPlatform
 
76 s201918
76 s20191876 s201918
76 s201918IJRAT
 
IEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciIEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciFabio Massacci
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricMark Underwood
 
Malware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewMalware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...PacificResearchPlatform
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...online Marketing
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfssuserc1c354
 

More Related Content

What's hot

Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewCyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewIOSR Journals
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewEnow Eyong
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docxAmir Khan
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDPacificResearchPlatform
 
76 s201918
76 s20191876 s201918
76 s201918IJRAT
 
IEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciIEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciFabio Massacci
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricMark Underwood
 
Malware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewMalware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...PacificResearchPlatform
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 

What's hot (20)

Forensics
ForensicsForensics
Forensics
 
188
188188
188
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
Cyber security: challenges for society- literature review
Cyber security: challenges for society- literature reviewCyber security: challenges for society- literature review
Cyber security: challenges for society- literature review
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisks
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docx
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhD
 
76 s201918
76 s20191876 s201918
76 s201918
 
IEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-MassacciIEEE-S&P Magazine-2015-Massacci
IEEE-S&P Magazine-2015-Massacci
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy Fabric
 
Malware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewMalware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a review
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-Review
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOT
 

Similar to Capstone Team Report -The Vicious Circle of Smart Grid Security

Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...online Marketing
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfssuserc1c354
 
Evaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdfEvaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdfBhekumuzi Xaba
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Power System Operation
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTvishal dineshkumar soni
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyEricsson
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityIRJET Journal
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...IRJET Journal
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
An analysis of the supply chain risk
An analysis of the supply chain risk An analysis of the supply chain risk
An analysis of the supply chain risk Steve Mahnke
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesjournalBEEI
 

Similar to Capstone Team Report -The Vicious Circle of Smart Grid Security (20)

Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
 
Evaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdfEvaluation of cybersecurity threats -mdms.pdf
Evaluation of cybersecurity threats -mdms.pdf
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
Recommended Solutions to Major Security Challenges Facing OT & IT Personnel w...
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
 
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
An analysis of the supply chain risk
An analysis of the supply chain risk An analysis of the supply chain risk
An analysis of the supply chain risk
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security Issues
 

More from reuben_mathew

Capstone Team Presentation Deck -The Vicious Circle of Smart Grid Security
Capstone Team Presentation Deck -The Vicious Circle of Smart Grid SecurityCapstone Team Presentation Deck -The Vicious Circle of Smart Grid Security
Capstone Team Presentation Deck -The Vicious Circle of Smart Grid Securityreuben_mathew
 
Master of Science Diploma
Master of Science DiplomaMaster of Science Diploma
Master of Science Diplomareuben_mathew
 
Siemens CONFIRMATION OF FAT ATTENDANCE ReubenMathew
Siemens CONFIRMATION OF FAT ATTENDANCE ReubenMathewSiemens CONFIRMATION OF FAT ATTENDANCE ReubenMathew
Siemens CONFIRMATION OF FAT ATTENDANCE ReubenMathewreuben_mathew
 
Pinnacle Recovery, Inc Letter of Recommendation
Pinnacle Recovery, Inc Letter of RecommendationPinnacle Recovery, Inc Letter of Recommendation
Pinnacle Recovery, Inc Letter of Recommendationreuben_mathew
 
Bachelor of Engineering Degree Convocation Certificate
Bachelor of Engineering Degree Convocation CertificateBachelor of Engineering Degree Convocation Certificate
Bachelor of Engineering Degree Convocation Certificatereuben_mathew
 

More from reuben_mathew (6)

Capstone Team Presentation Deck -The Vicious Circle of Smart Grid Security
Capstone Team Presentation Deck -The Vicious Circle of Smart Grid SecurityCapstone Team Presentation Deck -The Vicious Circle of Smart Grid Security
Capstone Team Presentation Deck -The Vicious Circle of Smart Grid Security
 
Master of Science Diploma
Master of Science DiplomaMaster of Science Diploma
Master of Science Diploma
 
Siemens CONFIRMATION OF FAT ATTENDANCE ReubenMathew
Siemens CONFIRMATION OF FAT ATTENDANCE ReubenMathewSiemens CONFIRMATION OF FAT ATTENDANCE ReubenMathew
Siemens CONFIRMATION OF FAT ATTENDANCE ReubenMathew
 
Finance_training
Finance_trainingFinance_training
Finance_training
 
Pinnacle Recovery, Inc Letter of Recommendation
Pinnacle Recovery, Inc Letter of RecommendationPinnacle Recovery, Inc Letter of Recommendation
Pinnacle Recovery, Inc Letter of Recommendation
 
Bachelor of Engineering Degree Convocation Certificate
Bachelor of Engineering Degree Convocation CertificateBachelor of Engineering Degree Convocation Certificate
Bachelor of Engineering Degree Convocation Certificate
 

Capstone Team Report -The Vicious Circle of Smart Grid Security

  • 1. 1 The Vicious Circle of Smart Grid Security Justin A. Turner, Amit K. Barik, Reuben Mathew Justin.A.Turner@colorado.edu, Amit.Barik@colorado.edu, Reuben.Mathew@colorado.edu A capstone paper submitted as partial fulfillment of the requirements for the degree of Masters in Interdisciplinary Telecommunications at the University of Colorado, Boulder, 3 May 2011. Project directed by Jose R. Santos. 1 Introduction The massive push for energy efficiency and conservation is driving rapid development and deployment of Smart Grid technology around the globe, effectively driving integration and connection of Supervisory Control and Data Acquisition (SCADA) systems closer and closer to the user edge. The resulting network is vast, complex and very similar to the Internet. This environment greatly increases the possibility of cyber-attacks (Ten, Liu, & Manimaran, 2008) by introducing attack vectors that were nonexistent in the past. This is a serious threat to the national power infrastructure that must be addressed. The tragic events surrounding the Fukushima Daiichi nuclear power plant following the massive 2011 earthquake in Japan underscore the importance of system availability and data integrity. Initial reports indicate that primary systems remained intact. Unfortunately, critical axillary systems and communications infrastructure are significantly damaged. Without these systems, the reactor core is on the edge of a catastrophic meltdown. In 2010, the Stuxnet worm discovered in an Iranian nuclear plant could have created a similar situation. Several reports suggest that damage was extensive enough that it will take several years to recover from. Stuxnet demonstrates how devastating that a highly sophisticated and focused cyber-attack can be to a power utility. “If the critical infrastructures of the world are to be safe and secure, then the owners and operators need to recognize that their control systems are now the target of sophisticated attacks. Improved defense-in-depth postures for industrial control systems are needed urgently. Waiting for the next worm may be too late.” (Byres, Ginter, & Langil, 2011) Unfortunately we are treading down a dangerous path. Actions taken by utility companies, equipment manufacturers and regulators are not adding up to form a safe and secure environment for which the “smart grid” needs to become a reality. We believe that in order for stakeholders to build an advanced, efficient and attack resilient smart grid, we must address considerable gaps that exist between each stakeholder. According to the Department of Energy, “if we approach issues of reliability, affordability, energy independence and grid security piecemeal, piecemeal solutions are all we will get.” (DoE, 2010) The statement is clear! Utilities, equipment manufacturers and regulators must work together to solve the cyber-security crisis that we are seeing unfold within the power industry today. 2 Methodology This paper will analyze the perspective of three critical stakeholders. We will start with the Utility companies, followed by Regulators responsible for developing policies to shape the industry and finish with a look at the equipment manufacturers. All parties have a critical role in delivering the smart grid; however each has a unique set of challenges with respect to addressing cyber-security. This paper seeks to identify the most critical gaps that exist between the stakeholders today. With a better understanding of the existing environment we can then make
  • 2. 2 recommendations to close gaps, improve awareness and ultimately the overall security posture of the smart grid going forward. 3 Analysis of Stakeholders 3.1 Utilities Utilities in the United States are a mixture of public and private companies. Similar to other for profit businesses, they strive to maximize profits to survive in order to provide services to society. Currently, electric utility companies are leveraging U.S stimulus money to rapidly deploy smart meters throughout the U.S. (Mills, 2010). It can be inferred from current research, that utilities are expanding their markets by working on multiple smart grid projects simultaneously (Leeds, 2010). From a security perspective, this rapid deployment approach is troublesome as it decreases the amount of time to plan and deploy security measures. This in turn increases the cyber threat surface to the power grid by exposing new devices that are not fully vetted and secured. According to a recent report, “U.S. based utilities will invest $21 billion by 2015 in cyber security related activities and technologies to protect the smart grid” (Pike Research, 2010). This is only a prediction; however this indicates the substantial monetary requirement for securing the grid. Even though the government is supporting utilities to some degree, small to mid-sized companies are not often capable of investing in their cyber-security infrastructure at high enough rates to maintain a good security posture. According to Bigger & Willingham, 2005, Small electric and gas utilities are concerned with what they see as “looming security requirements” that they cannot afford or that the results will not benefit their customers. This indirectly creates two possible scenarios which negatively affect the security posture of the entire smart grid. First, small utilities which are unable to rapidly invest in security will form weak links in the interconnected smart grid. Second, if smaller utilities have little to no influence over vendor decisions due to lack of spending ability, larger utilities will disproportionately influence manufacturing decisions. The resulting equipment options may not be suitable for smaller deployments and will force smaller utilities to selectively choose only core capabilities without advanced cyber-security options. The rapid state of change combined with the monetary challenges highlighted above is creating a difficult environment in which utility cyber-security professionals are struggling to overcome. One of the major problems faced by utility companies is “explaining the technical advantages of cyber-security to their executives” (Wheatman, 2011). Finding metrics that show clear business advantages to investing in cyber-security are hard to find. This makes it increasingly difficult to justify what are in many cases mandated cyber-security practices. Cyber-security training programs can be expensive and are not always implemented willingly as a result. Additionally, there is a knowledge gap between IT security personnel and SCADA engineers. All of these challenges contribute to difficulties with implementing strong cyber- security practices and technologies within utilities (Clements & Kirkham, 2010). Looking at security from another perspective, interoperability is one challenge that is widely recognized but largely unresolved. “The need for standards is urgent” (Lee, 2011). Defining standards and migrating towards them is important for the smart grid to become a reality, however combining various networks which operate on different standards exponentially
  • 3. 3 increases vulnerabilities. According to Idaho National Laboratory, 2006, “multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization”. If utilities had the luxury to implement a single vendor, single standard environment they would, however that will likely never be an option. The reality is that equipment manufacturers are focused on individual pieces of the larger smart grid puzzle. Until we have developed widely recognized standards that are economically feasible to adopt, the industry will be stuck in a vicious circle trying to balance proprietary vender technologies with increasing cyber threats. From the utilities perspective a critically important security issue lies with the alarming increase in known vulnerabilities to the systems and networks that we depend on. Consider the Night-Dragon case (McAfee Foundstone Professional Services and McAfee Labs, 2011). The Night-Dragon, code named by MacAfee, emerged in November of 2009 in the U.S., Greece, Kazakhstan and Taiwan. According to McAfee Foundstone Professional Services and McAfee Labs, China was the origination point of this attack which exploited various utility companies targeting important proprietary information. The attack used the following methods to compromise and infiltrate systems: • Targeted Command and Control systems (in U.S.) using social engineering techniques which confuse operators into erroneously providing information such as usernames and passwords. • Used RAT and other available hacker tools (like ASPXSpy and WebShell) to compromise and penetrate security systems. • Used SQL-injections to compromise firewalls and database systems. • Gained access to executive workstations and other sensitive devices (all running Windows OS) using credentials gathered through social engineering efforts and know windows exploits. The attack suggests that victim utilities did not follow a defense-in-depth security approach. The practice of isolating critical control systems using basic firewall configurations, considered by many utilities to be their cyber-security savior is an antiquated practice when used alone and was easily exploited by the Night-Dragon attack using common tools and techniques that take advantage of untrained and generally unaware users. This attack was sophisticated and deliberate in nature, indicating that basic measures for securing critical systems is not enough. SCADA systems which sit at the heart of most utility company operations are increasingly targeted due to their known reputation for lackadaisical security controls. In 2010, Stuxnet revealed exactly how critical systems can become crippled by sophisticated attacks. Stuxnet is “malware made specifically for sabotaging SCADA processes using PCS7 and Siemens WinCC control systems” (Byres, Ginter, & Langil, 2011) . The Stuxnet attack which targeted nuclear power plants in Iran propagated using multiple vectors including USB flash drives, infected PDF files and unpatched hosts. Apart from considering all of the possible attack vectors used, it is important to know that targeted machines used for command and control of the worm were mainly Windows based. The worm took advantage of Windows vulnerabilities in order to infiltrate the network targeting specific models of Siemens control systems. The attack was not detected by antivirus software since signatures did not exist at the time of attack. Furthermore, the sophisticated design of the Stuxnet worm allowed it to “live on the victim’s network for a long time undetected while penetrating all the way through to reach critical control
  • 4. 4 systems.” (Malcho, Harley, Rodionov, & Matrosov, 2010) Many security researchers who have examined the Stuxnet worm believe it would successfully infiltrate utility networks in the U.S. today even if the victims followed all of the standards outlined by Siemens in their security best practices documentation. The Stuxnet attack is a clear indication that highly sophisticated and targeted attacks are a reality today. Utilities must not wait until the next attack occurs on a U.S. facility to take serious measures to secure their environments. 3.2 Regulators Regulators have always played an important role in directing and shaping the landscape for which utilities and equipment manufacturers operate in any industry. In 2007, the Department of Energy was directed by the Energy Independence and Security act to “modernize the nation’s electricity grid to improve its reliability and efficiency.” (DoE, 2010) Since then, utilities and manufacturers have scrambled to begin shaping this new and rapidly changing environment now called the smart grid. This monumental task comes with great risk. Cyber-security considerations were not heavily measured when initial policies emerged directing and shaping the smart grid. Focus has improved, however it is increasingly clear that confusion and gaps among interested parties is prohibiting progress. The following diagram presented in a Depart of Energy briefing in March of 2011 visually depicts a confusing and difficult to follow landscape. Figure 1 below depicts government entities at the state and federal level, working groups, commissions, Industry associations and utilities. Figure 1: Cyber Security Standards / Requirements relationship map (Hunteman, 2011)
  • 5. 5 As the title suggests, this map depicts the relationships between organizations involved in developing standards for manufacturers and utilities to follow in order to secure the smart grid. Context is missing from this diagram however in the briefing Mr. Hunteman specifically highlights several key challenges to addressing cyber-security for the smart grid which include inconsistent standards at the federal, state, and local levels; significant gaps between implementation of policies by Federal and State agencies and lack of clearly defined roles and responsibilities for cyber-security in the smart grid. This sentiment is shared by several utilities and equipment manufacturers who responded to the DoE’s request for comments on addressing policy and logistical challenges to smart grid implementation. For example Edison Electric Institute states in their response that “there is insufficient coordination among the many independent groups doing testing, or proposing to do testing, and that there should be a certifying body to oversee compliance with testing and certification procedures.” (EEI, 2010) Others such as Cisco systems commented that “various federal agencies involved in the creation of the Smart Grid and the standards on which it will be based can and should address risks as early as possible.” (Cisco, 2010) The Department of Energy web site contains over seventy five responses from equipment manufacturers and utilities, many of which repeat this sentiment over and over. We can say a few things with certainty regarding the organizational structure of the regulatory environment and smart grid cyber-security today. First, congress has directed the Department of Energy to lead the charge with development and implementation of the smart grid including cyber-security related issues as discussed above. Second, congress has charged the National Institute of Standards and Technology (NIST) with developing standards for smart grid technology and implementation. NIST issued standards and/or best practices for smart grid security in a 2010 document. The policy is a good attempt to lead utilities and equipment manufacturers in the right direction however several key pieces of information were not addressed. In the January 2011 Government Accountability Office (GAO) report titled “Electricity Grid Modernization” the GAO states that while NIST efforts to include missing pieces to policy are underway, “the plan and schedule are still in draft form.” “Until the missing elements are addressed, there is an increased risk that smart grid implementations will not be secure as otherwise possible.” The Federal Energy Regulatory Commission (FERC) is a federal yet independent agency similar to the Federal Communications Commission and is charged with “regulation of public utility transmission and sales” (Greenfield, 2010). This is an oversimplified description of FERC responsibilities, but in their own words, FERCs authority to regulate does not include local distribution or resale. If the smart grid is supposed to be an end-to-end system, this policy must change. The National Energy Reliability Commission (NERC) which is designated by FERC to develop reliability standards for bulk power generation and transmission within North America has published seventeen cyber-security guidelines to date. These guidelines fall under their Critical Infrastructure Protection (CIP) standards addressing critical asset identification, security management controls, personnel and training, electronic security parameters, physical security, systems security management, incident reporting and recovery management. NERC according to their Chief Information Officer Mark Weatherford, believes that CIP standards are having an impact. Industry experts agree with one caveat, which is that “utilities are focusing on regulatory
  • 6. 6 compliance instead of comprehensive security” (GAO, 2011). Regardless, NERC regulatory oversight governs bulk power generation and transmission only. To date there is no uniform regulation or cross cutting authority given to any agency to provide a common direction and oversight to smart grid cyber-security efforts. 3.3 Equipment Manufacturers Equipment manufacturers have an important role in assisting utilities and regulators implement smart grid technologies. Similar to auto and computer manufacturers, they are the subject matter experts for the systems they sell and support. As such they play a key role in the development and employment of robust end-to-end cyber-security technology and policies with respect to the smart grid. During the onset of smart grid deployment, many service providers and manufacturers considered security only relevant to smart metering thus ignoring the attention required towards automation, substation, control systems and SCADA. Recent events such as Stuxnet already discussed in this paper have reinvigorated attention to these critical control systems that sit at the heart of power utilities. It is not immediately clear what specific security concerns that equipment manufacturers have. For the purpose of discussion we consider open source information from Siemens, Cisco and others who all provide systems critical to the smart grid. Several manufacturers produce SCADA systems. One of the major players is Siemens who develops hardware, software and networking equipment for utilities. Siemens happened to be the system targeted by Stuxnet; however this paper in no way intends to cast blame on Siemens alone for exploits used by Stuxnet. A common Siemens control system is the SIMATIC PCS 7 product suite which is primarily a Distributed Control System (DCS) automation technology for process control systems is developed around a defense-in-depth strategy. The system uses security features like automated Windows security patch management, remote access using IPSec and VPNs, virus scans and firewalls, time synchronization, user and access rights, active directory and work groups, network management, disaster recovery and system segmentation. Siemens has a published framework describing best practices to secure their systems. Unfortunately this framework is “not often implemented in practice” (Byres, Ginter, & Langil, 2011) according to reports describing how Stuxnet infected and damaged critical control systems. Cisco Systems who is a manufacturer of enterprise level network devices, strongly believes that in order to approach the modern smart grid infrastructure, “a comprehensive security architecture is a must that has improved integration of diverse digital devices, increased use of sensors, layers of physical and cyber security integrated across all operational aspects of the grid.” (Cisco, 2010) Cisco like Siemens has developed their own security framework with best practices as they see them for securing the smart grid. Figure 2 depicts the Cisco approach for developing a smart grid security plan.
  • 7. 7 Figure 2: Cisco Grid Security Implementation Model This model loosely depicts the idea of wrapping layers of security around critical infrastructure. Cisco’s report goes on to describe their technologies and implementation strategies to protect and defend critical infrastructure. The challenge with the Cisco model along with Siemens or others is applying it to an environment where multiple vender technologies exist. In many cases, the interoperability gap will interfere with best practices described in their security guideline framework. Equipment manufacturers need to continue working on development of interoperable standards for the safety and security of the smart grid. In an ideal scenario, equipment manufacturers providing equipment for all portions of a utility network would be drawn into the plant development process in order to deliver a robust end-to-end security framework. This is a utopia scenario which assumes that manufacturers will work together in harmony and openly share information that is often times considered proprietary and sensitive in nature. We know this will likely never happen, however if manufacturers knew that utilities would generally choose a manufacturer based on their ability to integrate whole solutions which incorporated cross brand solutions, manufacturers would start working towards common standards. Cisco highlighted this in their response to the DoE’s RFI noting that “the convergence of networking industry participants on the TCP/IP standard was critical to the rapid evolution of the internet.” (Cisco, 2010) Similar behavior on the part of smart grid manufacturers will “play the same role in the emerging Smart Grid, by ensuring that utilities and their customers will benefit from choices among standards-compliant devices that together will comprise the Smart Grid.” (Cisco, 2010)
  • 8. 8 4 Recommendations Through our analysis of the stakeholder positions, we concur with statements made in the very recent report released by the Government Accountability Office. Specifically, we believe that “key players have to work together as a team” (GAO, 2011) in order to secure the smart grid. Figure 3: The Vicious Circle of Smart Grid Security Figure 3 above graphically depicts the vicious circle of smart grid security as we see it today. Starting with utility companies, we see policies and requirements put in front of them by regulators which do not always come with clear direction or a supporting business case. Moving clockwise around the circle we see equipment manufacturers who are working to respond to the needs of utility companies demanding secure, cost effective and flexible solutions, but do not have a clear understanding of what is required or standards to develop to. Finally we see regulators working to develop and provide smart grid standards and security measures to manufacturers while pushing utilities to modernize and deliver the smart grid to society. It is a difficult problem that will take some time to correct.
  • 9. 9 We recommend the following actions at a minimum to help correct the security crisis that we are facing with respect to smart grid implementation: i. Appoint or nominate a single authority with national reach to assess and measure compliance with security standards developed by NIST, NERC and any other federal authority appointed to develop cyber-security standards. This authority should have the ability to evaluate the entire grid from SCADA system to the household meter. ii. Reconsider time tables outlined in guidelines used by utilities to secure government assistance in deployment of smart grid technologies. The sense of urgency to meet these deadlines to acquire funding is causing utilities and manufacturers to rush through what should be carefully thought out security plans and implementation testing. iii. Create a testing and certification body which independently tests and evaluates systems and technologies to ensure security and standards compliance. Regulators (Governments) must clearly define standards for the testing body to use. Utilities and Equipment manufacturers must participate in the development of these standards without bias. Leverage the process used by the Department of Defense to test and certify communications systems (Joint Interoperability Testing and Certification) iv. Develop an anonymous reporting and discussion forum where utilities, manufacturers, government entities and possibly law enforcement authorities can exchange information and ideas freely without fear of recourse. 5 Conclusion The cyber threats that we face today are very real and dangerous. We know that cyber- attacks like Night Dragon and Stuxnet will continue to occur as networked technologies are integrated with the power grid. We also know that new cyber vulnerabilities are emerging with increasing frequency. Overcoming these challenges will require the entire smart grid industry from utilities to equipment manufacturers to regulators to work together to form a secure end-to- end power grid. Having explained the challenges faced by three of the key players, we hope that our recommendations will generate more action across the industry at a minimum. Security is paramount and we are all responsible for ensuring it is sufficiently addressed to make the smart grid a reality. Acknowledgement Our research project was successfully completed with the efforts and guidance of numerous people from academia and industry alike. We would like to thank our project mentor, Jose Santos and advisor Prof. Stephen Barnes for all their time and valuable insights throughout every stage of our project. We had two amazing opportunities to speak with the chief Cyber Security advisor at the Department of Energy, Mr. William Hunteman and the Chief Security Officer at the National Energy Reliability Corporation (NERC) Mr. Mark Weatherford. Each provided
  • 10. 10 volumes of important insight from multiple perspectives. They each provided some level of confirmation of conclusions that we have drawn throughout this paper. We would also like to thank Arun Gerra, Security Engineer at Alchemy Security, LLC for his inputs and industry perspective of smart grid security. Finally, we would like to take this opportunity to sincerely thank Prof. Tim Brown for all his patience and detailed guidance in completing this paper. References Bigger, J., & Willingham, M. (2005). Critical Infrastructure Protection in the National Capital Region. George Mason University. Byres, E., Ginter, A., & Langil, J. (2011). White Paper: How Stuxnet Spreads. Multiple Cities: White Paper. Cisco. (2010, April 3). Cisco Smart Grid Security Solutions. Retrieved April 4, 2011, from Cisco.com: http://www.cisco.com/web/strategy/docs/energy/CiscoSmartGridSecurity_solutions_brief_c22- 556936.pdf Cisco. (2010). Comments of Cisco Systems to Office of Electricity Delivery and Energy Reliability Department of Energy. San Jose: Cisco Systems. Clements, S., & Kirkham, H. (2010). Cyber-security considerations for the smart grid. Power and Energy Society General Meeting, 2010 IEEE, (pp. 1-5). Minneapolis. DoE. (2010). What a Smart Grid means to our Nations Future. Washington D.C.: U.S. Department of Energy. EEI. (2010). RE: Smart Grid RFI: Addressing Policy and Logistical Challenges to Smart Grid Implementation. Washington D.C.: Edison Electric Institute. GAO. (2011). Electricity Grid Modernization Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed. Washington D.C.: United States Government Accountability Office. Greenfield, L. R. (2010). An Overview of the Federal Energy Regulatory Commission and Federal Regulation of Public Utilities in the United States. Washington D.C.: Associate General Counsel – Energy Markets 1 Office of the General Counsel Federal Energy Regulatory Commission. Hunteman, W. (2011). Electric Sector and Smart Grid Cyber Security. Smart Grid Security East. Washington D.C.: U.S. Department of Energy. Idaho National Laboratory. (2006, May). Control Systems Cyber Security: Defense in Depth Strategies. Retrieved from United States Computer Emergency Readiness Team: http://www.us- cert.gov/control_systems/practices/documents/Defense%20in%20Depth%20Strategies.pdf
  • 11. 11 Lee, A. (2011, January 11). NIST and the Smart Grid. Retrieved from National Institute of Standards and Technology: http://csrc.nist.gov/cyber-md-summit/documents/presentations/nist-and-smart- grid_ALee.pdf Leeds, D. J. (2010, February 10). The 2010 North American Utility Smart Grid Deployment Survey. Retrieved from GTM Research: http://www.gtmresearch.com/report/the-2010-north-american- utility-smart-grid-deployment-survey Malcho, J., Harley, D., Rodionov, E., & Matrosov, A. (2010). Stuxnet Under the Microscope [White paper]. McAfee Foundstone Professional Services and McAfee Labs. (2011). Global Energy Cyberattacks: “Night Dragon” [White paper]. Retrieved from McAfee: http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night- dragon.pdf Mills, E. (2010, May 15). Money trumps security in smart-meter rollouts, experts say | InSecurity Complex - CNET News. Retrieved from Technology News - CNET News: http://news.cnet.com/8301-27080_3-20007672-245.html Pike Research. (2010, February 4). Utilities to Invest $21 Billion in Smart Grid Cyber Security by 2015. Retrieved from Pike Research: http://www.pikeresearch.com/newsroom/utilities-to-invest-21- billion-in-smart-grid-cyber-security-by-2015 Smart Grid Request for Information and Public Comments. (n.d.). Retrieved from U.S. Department of Energy: http://www.oe.energy.gov/Smart Grid Request for Information and Public Comments.htm Ten, W., Liu, C., & Manimaran, G. (2008). Vulnerability assessment of cybersecurity for SCADA systems. Power Systems. IEEE Transactions on Power Systems, 23(4), 1836-1846. Wheatman, J. (2011, February 16). Why Communication Fails: Five Reasons the Business Doesn't Get Security's Message. Retrieved from Gartner: www.gartner.com/DisplayDocument?id=1549927