Journal Online

Evolving Perimeter Information Security
Naresh Kurada, CISA,
MSEE, P.Eng., is a senior
consultant at KPMG LLP,
Toronto, Canada. Kurada
can be reached at nkurada@
Models in Smart Grids and Utilities
kpmg.ca.
In September 2012, Telvent, the smart-grid framework for smart-grid perimeter (network
giant owned by Schneider Electric, reported that edge) devices, with an eye for adapting the
A. Alex Dhanjal, P.Eng., is
hackers broke through its firewall and security lessons learned from other information sensitive
a partner at KPMG Canada.
systems with breaches on OASyS SCADA. industries. At the same time, the article presents
Dhanjal can be reached at
Telvent uses the same system to control various and compares the evolving last-mile information
adhanjal@kpmg.ca.
power grids, oil and gas pipelines, and industrial security models to the North American Electric
controls around the world and integrate with Reliability Corporation (NERC) Critical
Bala Venkatesh, Ph.D.,
utility enterprise systems and new smart-grid Infrastructure Protection (CIP) Reliability
P.Eng., is an associate
platforms.1 Incidents such as this, the Stuxnet Standards (CIP-002-4 through CIP-009-4). This
professor and academic
worm, the night dragon attacks and cyberhacking contextualization provides the specific boundaries
director for the Center for
for sport are being highly monetized and targeted for the treatment of information security for the
Urban Energy, Ryerson
toward the power and utility industry’s assets. value players in the last-mile transmission and
University (Toronto, Ontario,
In this case, a major part of the existing distribution operations of a smart grid.
Canada). Venkatesh can be
electric grid architecture and infrastructure
reached at bala@ryerson.ca.
components in the operations of the distribution THE SMART-GRID VALUE NETWORK
electric networks are relatively basic without The National Institute of Standards and
advanced information analytics and resultant Technology (NIST) has developed the NIST
self-healing capabilities for power redistribution. Smart Grid Framework 1.0 as a reference model
However, as these grid infrastructure components for all other smart-grid architectures.
are fitted with information and communications Figure 1 reveals the stakeholders and illustrates
technology (ICT) for analytics and self-healing a high-level landscape of the interplay among
capabilities, the entire grid becomes even more the various players of the value network. The
susceptible to malicious attacks. Further, a recent value network players are the various technical
survey of 213 utility and smart-grid professionals equipment manufacturers that develop control,
revealed that 65 percent of executives believe that communications, monitoring and analytics
the technology most vulnerable to cyberattacks products within and across domains. Additionally,
is grid operations and information technologies. the technology standards committees and
It is estimated that cumulative investments in regulatory bodies are the other stakeholders.
smart-grid cybersecurity alone will total Interestingly, the demands in the 21st century for
US $14 billion through 2018. This is cleaner energy have given rise to new stakeholders
notwithstanding the US $200 billion investment who normally tap renewable energy sources such
in global smart grids, which includes a US $53 as wind and solar energy to generate power. The
billion investment in the US alone by 2015.2, 3 industry terms these stakeholders distributed
The existing electric-grid architecture is energy generators (DG). The DGs are incentivized
relatively a linear model with clear boundaries by government programs such as feed-in-traffic
among generation, transmission and distribution (FIT) programs that sell and supply energy to
of power. However, the smart-grid architecture consumers (and utilities) using the existing power-
brings about a paradigm shift from the linear to a grid infrastructure. Depending on the size, DGs
distributed energy-generation model. Therefore, normally tap into transmission and distribution
to devise a conceptual smart-grid security networks. The consumer is the ultimate
architecture, it is necessary to contextualize the stakeholder with demands for efficient and
smart-grid business with respect to the value smarter power consumption, including charging
network and the stakeholders. electric vehicles.
This article introduces and puts into
perspective the last-mile InfoSec Frames

©2013 ISACA. All rights reserved. www.isaca.org ISACA JOURNAL Volume 4, 2013 1

on protecting data. bus-bars. In smart-grid networks.pdf ENTERPRISE NETWORK AND SMART-GRID NETWORK SECURITY the less important analytical data (such as for metering and Unlike traditional information security in enterprise networks. therefore. availability must ensure protection of data for safe and reliable Consequently. NIST Framework and Roadmap for Smart Grid Interoperability Standards. The smart-grid perimeter devices generate intelligent machine-to-machine communications for reliable 2 ISACA JOURNAL Volume 4. manufacturing and banking. the smart-grid network asset power and electricity encompass every aspect of human society has a higher value than the information it generates because the and nations. power establishes a business objective that requires 100 percent the information security tenets of confidentiality. unlike the systems of enterprise switchgears. the very critical nature of generating and delivering asset is critical for the reliable operation of the grid.org . command and control. economics and. representing dynamic and compromised.isaca. Additionally. critical fact clearly differentiates and high-availability networks. transmission and distribution. Release 1. the the transmission and distribution of power within the grid. With the smart grid.4 and reliability is set for utilities and normally overrides other In addition to the general enterprise networks. All rights reserved. integrity and reliable availability and delivery of power at any cost. and efficiency. 2013 ©2013 ISACA. devices and systems become numerous active perimeter information security has to primarily address what will happen devices of the smart-grid network and leverage ICT for to the electrical state of the grid when one of its devices is analytics. electric grids have a variety of the utilities from other enterprise business networks such as critical energy storage and switching devices and systems such retail. Furthermore.0. in some instances. efficiency purposes) and the more important control data for which has as its primary objective the protection of data. January 2010.nist.gov/public_affairs/releases/upload/smartgrid_interoperability_final. NIST Special Publication 1108. Figure 1—Practical Layout of the Key Value Players in the Value Network ENERGY REGULATION. delivery of power. pole-mounted transformers. This simple. www. with attributes such as efficiency. the focus of information security in the capacitor banks. which emphasize economics as electrical isolation and protection relays. systems such as enterprise resource planning (ERP) systems quality of power. these smart-grid network is multifaceted. feeders. the business precedence for human safety grid operation. www. networks where the information security is primarily focused flexible alternating current transmission systems (FACTS). key objective of information security in smart-grid networks Compromises to the control data and signals can significantly is to protect human life and ensure system reliability during alter the state of the grid and negatively affect the reliable power generation. power transformers. STANDARDS AND EQUIPMENT MANUFACTURERS BULK POWER CONSUMER GENERATOR TRANSMISSION SERVICE PROVIDER DISTRIBUTION SERVICE PROVIDER GRID GRID BPG OPERATIONS TRANSMISSION OPERATIONS DISTRIBUTION OPERATIONS INFORMATION AND COMMUNICATION NETWORKS FOR SMART GRID OPERATIONS AND MANAGEMENT Source: Adapted from the National Institute of Standards and Technology. In general. and auxiliaries.

4. • R3 The responsible entity shall implement and document an electronic or manual process(es) for monitoring and logging access at access points to the electronic security perimeter 24/7. Furthermore. data requirements. dial-up modems) terminating at any device within the electronic security perimeter(s). (especially for perimeter devices) is in its infancy.php?cid=2|20 ©2013 ISACA. •R  1.isaca. assesses and corrects deficiencies. including Blackstart Resources. and special protection systems that support the reliable operation of the BES and protection systems. replacing or removing critical cyberasset hardware or software. end points of these communication links within the electronic security perimeter shall be considered access points to the electronic security perimeter. All rights reserved. individually or by specified grouping. the smart-grid network that they are generally accepted principles of confidentiality. Critical Information Protection. definitions and frameworks for the protection modeling and treatment.5 Figure 2—Requirements From NERC CIP Standards 1. The requirements from pertinent standards are listed in figure 2.or vendor-related changes to hardware and software components of critical cyberassets pursuant to the change control process. • R2. control and document all entity.1 Access points to the electronic security perimeter(s) shall include any externally connected communication end point (e. and implement supporting configuration management activities to identify. focus. in a manner that identifies. www. transmission stations and substations.grid operation. and asset management because of of cyberassets in support of reliable operation of the bulk the scale and scope of the large number of active devices. standard CIP-006-4c requirement R3. developing a balance between NERC CRITICAL INFORMATION PROTECTION STANDARDS information security and reliable grid operation is a unique NERC has developed the CIP standards to set the compliance challenge for establishing system-to-system trust models.com/page. as such.2 At all access points to the electronic security perimeter. generation resources. the responsible entity shall enable only ports and services required for operations and for monitoring cyberassets within the electronic security perimeter and shall document. However. www. • R4 The responsible entity shall perform a cybervulnerability assessment of the electronic access points to the electronic security perimeter at least annually. Compliance requirements of standard CIP-002-4a (Critical Cyberasset Identification): • R2 Critical cyberassets are qualified as those assets having at least one of the following characteristics: – Uses a routable protocol to communicate outside the electronic security perimeter – Uses a routable protocol within a control center – Is dial-up accessible Furthermore. 2. cranking paths and initial switching requirements. standard CIP-007-4 requirements R1 and R3 through R9. standard CIP-005-4a requirements R2 and R3. the BES cybersystem can be viewed as a grouping of critical cyberassets and includes control centers and a backup control center. Compliance requirements of standard CIP-003-3: • R1 Cybersecurity policy—The responsible entity shall document and implement a cybersecurity policy that represents management’s commitment and ability to secure its critical cyberassets. 2013 3 . •R  2. Analyses of these standards reveal Finally. 3. Compliance requirements of standard CIP-010-1: • R1 Each responsible entity shall implement. standard CIP-004-4 requirement R3. when the information criteria have system-to-system trust models. modifying. Therefore.3 Communication links connecting discrete electronic security perimeters shall not be considered part of the electronic security perimeter. for the purposes of this article’s challenges for all of the players in the value network.org ISACA JOURNAL Volume 4.nerc. integrity and availability of information during transit and no corroboration and/or benchmark frameworks exist for residency. one or more documented processes that collectively include each of the applicable requirement parts in CIP-010-1. as per CIP-002-5.g. these compliance requirements can be easily and asset management that pose practical implementation mapped to COBIT® and. and standard CIP-009-4. data modeling and treatment..5 Cyberassets used in the access control and/or monitoring of the electronic security perimeter shall be afforded the protective measures as specified in standard CIP-003-4. standard CIP-008-4. Compliance requirements of standard of CIP-005-4a are: •R  1. •R  1. the configuration of those ports and services. Source: North American Electric Reliability Corporation (NERC). to models of information security architecture. electric system (BES). unlike enterprise networks. systems and facilities critical to system restoration. • R6 Change control and configuration management—The responsible entity shall establish and document a process of change control and configuration management for adding. been established.1 The processes and mechanisms shall use an access control model that denies access by default such that explicit access permissions must be specified.

All rights reserved. Network Protocol (DNP 3) and Modbus. INTEROPERABILITY WITH EXISTING GRID TECHNOLOGIES of improved efficiency and effectiveness of reliable power The current communication and control of the devices that generation. 10. Control Center/SCADA Systems Technologies Acces s Tec hnolo gies Smart Substation Mic row ave RF Com Substation mu LAN on nica Modbus/DNP3 tion Substation LAN on Modbus/DNP3 Smart Substation 4 ISACA JOURNAL Volume 4. the opportunities are huge in terms Figure 3—Smart-grid ICT Energy Service Provider Enterprise Systems and Networks GRID Master Energy Consumption Energy Demand Response Control System Analytics Management Systems WAN Public/Private Network Service Providers LANX/Frame Relay ATM/ MPLS/VPN/Power Line IP/Internet Access IP\Int IP/Internet Access Technologies ernet Communications. Examples of such effectiveness are as independent networks. 13 facilitating enhanced to the management of the huge amount of data that could interoperability. are technically flexible with capabilities to encapsulate or As these devices and systems begin to evolve into active tunnel existing grid communication protocols such as devices in the smart grid. In addition. 8. and the power through alternative paths. This evolution has led to the creation of be generated for meaningful warehousing and mining communication network setups (see figure 3). DNP3 and foreseen with respect to creating efficient and optimized Modbus. they provide a uniform data and system-to-system trust models for analytics as abstraction of the network that hides the differences among well as control. distribution and transmission when these systems make up the existing grid and BES are localized and operate can be interconnected.6 Distributed flexibility of the Internet Protocol (IP) and WAN technologies. numerous challenges can be IEC 61850 communication standards.org . 2013 ©2013 ISACA. grid asset maintenance supervisory control and data acquisition (SCADA) systems in and advanced asset monitoring.isaca. The existing intelligent electronic self-healing power networks realized by redistribution of devices (IEDs). purposes. Etc. numerous substations and automation controls are networked together equipment manufacturers either have attempted or are over Ethernet or serial communication ports using protocols attempting to evolve BES by leveraging the technical such as IEC 61850 communications standards. 9. 11 Furthermore. the remote terminal units (RTUs). the The Transmission Control Protocol/Internet Protocol current power grid wide area networks (WANs) also utilize (TCP/IP) stack and the widely available WAN technologies power line communication and dark fiber. However. These technical challenges are in addition various network technologies.12. Consequently. www.7.

the data are quite critical for home area networks (HANs). However. HANs or smart-utility networks (SUNs).and the US put into perspective. control of Risk: The network. generation and consumption is ultimately. different conceptual involve power consumption and feed as analytics for architectural models are beginning to emerge. field area networks (FANs) and customer billing and in-direct outage monitoring. www. the framework facilitates confidentiality. and the grouping of these devices is InfoSec Frames is an information security framework for in accordance with CIP-005-4a and CIP-002-4a.15. such devices are part Application criticality: Human safety and reliable of power transmission and distribution networks. The data from these devices typically As the smart-grid models evolve. control networks (CNs). integrity and nonrepudiation of data are abstraction with a common set of security attributes. feeders.isaca. Just as in the case of HAN/ operation SUN network elements. Therefore.org ISACA JOURNAL Volume 4. a FACTS. the FAN elements of the smart grid Risk: The communication and control of devices are networked together and leverage the TCP/IP stack for CN Very high Very high Very high communications and control. such network setups seem machine-to-machine (M2M) communications. form subnetworks of neighborhood area networks emerging. with low asset value. In essence. bus-bars. HANs and SUNs the evolution of renewable. are directly deployed along the electrical Application criticality: Trust and nonrepudiation grid. The controls. switching and control). 2013 5 . Nevertheless. these devices Frames) Confidentiality Integrity Availability (also known as IEDs) are localized to electrical substations HAN/SUN/NAN High High Medium to low and. (NANs). To further grid networks is also evidenced by the NIST. The security risk for the network. important compared to availability. water heaters. HVAC and plug-in hybrid electric vehicles (PHEV) security risk for the reliable operation of the grid is normally the are leveraging TCP/IP smart objects with capabilities of ©2013 ISACA. communication and control of switching operation of devices (systems) and status parameters devices such as oil temperature levels in transformers. the information security treatment of the perimeter devices each device’s criticality for the safe operation of the grid is that fits into the subnetwork architectures of the smart-grid relatively low. The emergence and organization of smart. on the surface. these devices typically attach to the power accordance to the NERC CIP Reliability Standards. The energy-demand forecasting (demand-response systems). In addition. Generally. 16 Examples of IEDs are electrical isolation and Risk: Analytical data generated by the devices protection relays. architectures of networks of devices are evolving in Furthermore. Furthermore. Application criticality: Human safety and reliable capacitor banks. for example. switchgears.14 retail industry. Although. chaotic and amorphous. All rights reserved. power FAN High Very high Very high transformers. to an extent. Typically. The data operation from these devices typically involve. the devices in subnetworks of NANs Department of Energy-led GridWise Domain Expert Working and HANs of the smart grid network have information Groups of Building to Grid (B2G). organization of the network and these devices are networked together with utilities communication architectures based on criticality (electrical demand-response and energy-forecasting systems and. InfoSec Frames (figure 4) specifically describes reliable operation of the grid is normally confined to the data the security treatment for the subnetwork architectures for and not the device. distribution networks. Figure 4—InfoSec Frames for Smart-grid Networks Concept of FANs FANs essentially comprise energy-transformation and Architecture (InfoSec switching devices with intelligence. and auxiliaries. distributed energy generation and Numerous devices such as smart energy meters (advanced storage make their respective IEDs suitable candidates for FAN metering infrastructure [AMI]). pole-mounted transformers. Concept of NANs. with slightly heightened security (to protect individual power consumption profiles) and extensive SECURITY ARCHITECTURE IN SMART GRIDS useful-device life. Home to Grid (H2G) and security characteristics similar to point of sale (POS) in the Industrial to Grid (I2G). home energy classification because their criticality is higher on the grid.

to an extent. which given for: includes analytics. 20 Just as in the traditional Open Systems Interconnect (OSI) transformers and relays along the electric grid is normally seven-layer models. Historian). the common range of attacks and availability on communication networks are all important for vulnerabilities apply. and the devices generate strong a large number of devices. Avoidance of single-point-of-communication link failure These three points become extremely important when TECHNOLOGY THREATS AND CONSIDERATIONS IN SMART GRIDS wireless SCADA systems are deployed. integrity and availability of FANs. That is. All rights reserved. However. Therefore. 3. This has particular electromagnetic and requirements. transformers is an indirect process. 1. 1. because they are directly involved in energy transformation and device status monitoring or analytical. Control of transmission and distribution devices of 19. substation CNs are deployed in harsh and trending (e. Therefore. communications and devices. microwave. IP spoofing. channel is established wirelessly (i. Smart-grid information security should be established on the • Network and transport layer security—As the devices in foundations of confidentiality. they can be distributed in substations interference (EMI) implications when the communication or centrally control multiple substations. in which confidentiality. cellular and satellite communications. which is normally carried 2. integrity and stack.18. they are subject to MAC power. 2013 ©2013 ISACA. it is at the network and transport layer are denial-of-service critical to identify and rationalize: (DoS) attacks by TCP SYN flooding. as most of the devices in FANs their ability to directly control. NANs and CNs run on the TCP/IP stack.. data are being transmitted Grouping of these devices into FANs is a consequence of CIP. Additionally. www. especially in FAN devices and CN systems and compromises to them could seriously alter the state of 2. all securing data (analytical. control and communication). current and phase from high voltage devices such as communications and control). Furthermore. SCADA systems are advance systems and redundancy such as sourcing services from different can be deployed using wireless technology built on private telecommunications service providers microwave radios. over conventional WAN/LAN technologies on the TCP/IP 002-4a and CIP-002-5. They can control and operate environmental conditions. The type of data being transmitted such as device control. The security risk for the reliable wireless links (Wi-Fi and WiMax). just as in operation of the grid is not just the control system but other information-sensitive systems.org .g. transform and redistribute leverage Ethernet technology. as shown in figure 3. identify switching. communication and control of the device and the device itself. can be mitigated with existing security features already specified by the protocol or by leveraging the security services offered Concept of CNs by other Internet Engineering Task Force (IETF) protocols. no matter how they are deployed. Consequently. VLANs. measurement of electrical characteristics of device management traffic and data traffic (including voltage. Furthermore. Depending on the technical goals electromagnetic fields. due diligence has to be afforded to establish system-to-system and user-to-system trust models. Finally. The intention for capturing and transmitting data critical data about the state and analytical information of the Once these are clearly established.isaca. Alternative paths for physical and logical the entire grid. form some of the most cellular. they normally have to be highly address spoofing.. precedence is set to transformers. satellite). These instruments transmit 4. control. consideration must be the entire control subnetwork of the smart grid. Separating management traffic from data traffic to separate CNs essentially control large subnetworks of the smart grid. the vulnerabilities of IP for the smart grid accomplished using SCADA systems and programmable are grouped as follows: logic controllers (PLCs). threats 6 ISACA JOURNAL Volume 4. these attacks and vulnerabilities reliable operation. threats data for safe and reliable operation of the grid. SCADA systems. Individuals/systems that have access to the data out using instruments such as potential transformers (PT) 3. The origin and destination of the data and current transformers (CT).17 Consequently. SCADA systems normally have • Physical and data link layer security—The IEDs in FANs associated systems for human machine interfacing (HMI) and. Consideration must be given to securing available and highly secure. Another vulnerability with wireless is important critical assets in a bulk energy system because of eavesdropping.e.

they will utilize enterprise North American Electric Reliability Corporation (NERC). and reliable distribution of power. M. NAN devices—much contain the threats. CNs will align to the Internet of Things running on the www. in some instances. cellular and engineers. 27 Augugst 2010. SCADA systems in general reliable operation of the electric grid becomes interdisciplinary are highly critical systems. 2013 7 . G. O.” smart grid evolves. as the existing gateways are within the utility provider’s enterprise network electric grid evolves into the smart grid. consideration must power grid. This article outlines the • Application layer security—Application layer security is threats to information security practitioners and assurance specifically relevant to CN systems (such as SCADA) and professionals and suggests the use of InfoSec Frames to NAN devices (such as Smart Meters). “A New Revolution Part 2: IP Enabled Smart authentication. When these systems are deployed between information security practitioners and power wirelessly through private microwave radios. nature of devices in critical infrastructure and the role they they may utilize power-line communications. “The www. principle as per the NERC CIP requirements is. B. Therefore. www. transmitting and distributing power. like smartphones and tablets—have operating systems. The primary play in generating. “The Internet Of Things. NANs and McKinsey Quarterly. The intent in all these cases is to either principles of authentication (dual-factor).com/page. and threats to IP Efforts must be made to extend the established security routing protocols. the reliable operation of the electric grid has end-user power consumption profiles.. SUNs. on well-known TCP and UDP ports. Therefore. the devices on FANs. traceability and alter the routing table database or overload the processor.nerc. HANs. network services such as Domain Name System (DNS).com/The_Internet_of_Things_2538 TCP/IP stack. This article puts the regulatory and technical bodies satellite communications. Simple www. NANs. These devices typically connect to the with the Internet of Things for smart-grid networks. Dynamic Host Configuration Protocol (DHCP). However.. In FAN and CN devices.com/iec61850li/beck/dk61/IEC%20 ©2013 ISACA. In logging—from the enterprise networks to these devices. for user access to systems and system-to-system access.. The distribution and transmission networks and other analytic security risk profiles in smart grids are different from those of systems in the service provider utility through a gateway on traditional businesses and enterprise networks because of the the HTTPS service over the Internet or. firewalls and next-generation firewalls provide mitigation techniques to CONCLUSION detect DoS attacks and IP spoofing with capabilities to block As smart grids evolve. CNs and FANs are architectural embedded databases for storage.nettedautomation. Myers. they are experiencing the proliferation TCP/UDP ports and ensure TCP session state integrity using of perimeter devices with uncontrolled intelligence along the stateful firewalls.com/sensors-mag/a-new-revolution-part-2- processes and mechanisms shall use an access control ip-enabled-smart-objects-and-smart-g-7465 model that denies access by default. For all these network services. especially of the application data in transit. accordance with NERC CIP-005-4a requirements.php?cid=2|20 Network Management Protocol (SNMP). Roberts. due traditionally been a discipline within electrical engineering consideration must be given to ensure that the application and power systems engineering. Critical Information Protection. for information security and audit professionals. All rights reserved. access and authentication—As the Chui. such that explicit access permissions must be specified. REFERENCES • Network services. IEC 61850 Protocol API precedent for establishing information security trust models User Manual: Protocol Integration Stack. B. and access and Mulligan. the secure and DMZ and protected by firewalls. forward functions and illustrations of role-based groupings of devices as they align web applications. resulting in information security issues for safe be given to routing traffic through firewalls. M.mckinseyquarterly. Loffler. due consideration must of knowledge for power-grid infrastructure into perspective be taken to prevent exposure to eavesdropping. www. R. without compromising performance.” This requirement sets the Sreenivasan. the guiding Objects and the Smart Grid. threat with NANs is exploiting vulnerabilities to determine Furthermore.sensorsmag.org ISACA JOURNAL Volume 4.isaca. March 2010. Naval.” Sensors.

p.pdf Cyber Security for Smart Grid Communications. 2012 Communications Surveys & Tutorials. M.html www.com/newsroom/investments-in. Michael.” Cisco Systems threatlevel/2012/09/scada-vendor-telvent-hacked 11 Rugged. refer to www. Framework and Roadmap for Smart Grid Interoperability “On the Requirements for Successful GPS Spoofing Attacks.com/files/NERC_GridEx_AAR_ 9 Cisco Systems Inc.” IEEE 15 Op cit. 2012 Adamiak. date. Cisco Systems Inc. F.pikeresearch.com/private/images/ Grid Interoperability. and from opinions endorsed by authors’ employers. Release 1. “A Survey on proceedings. “KONCAR-KET Chooses Rugged. p. and first and last page number of each article.” 16 March 2012. 61850%20Protocol%20API%20User%20Manual. 26 September 2012. “Ensuring Smart http://enterprise. or the editors of this Journal. Cisco Systems Inc. www. Baigent.com/web/strategy/docs/ Interoperability Maturity Model Summary.” requirements of standards. Sharif.gov/public_affairs/releases/ Communications Security. no.  18 Op cit.php?cid=2|20. volume. www. NIST Special Publication 1108. All rights reserved.” Alcatel-Lucent. H.. “Internet Protocols for the Smart Hacked.. Tipper.cisco.com/web/strategy/ ENDNOTES docs/energy/ip_arch_sg_wp. Qian. 14. 27 Congress St. reprint or republication. Send payment to the CCC stating the ISSN (1526-7407). B.org 8 ISACA JOURNAL Volume 4. www. 2012. 13 Op cit. a voluntary organization serving IT governance professionals. www. 2013 ©2013 ISACA.pdf 7 National Institute for Standards and Technology.org/pdfs/grid_interop_08_ 4 Yan..pdf www. Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. R. D.” case study.cisco. “IEC 61850 6 19 Op cit. entitles one to receive an annual subscription to the ISACA Journal. case-studies/mepso/mepso. Cisco Connected Grid Security for Field 8 GridWise Architecture Council (GWAC).isaca. 2011. MA 01970. Meyer..” Wired.pdf 2008. 998 17 Bentek Systems SCADA & Telemetry Solutions. Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. Membership in the association... Cisco Systems Inc. ISACA Journal does not attest to the originality of authors’ content. www.ruggedcom. Op cit.scadalink.nerc. Mackiewicz. O. K.nerc. 2011 16 fourth quarter 2012.com/ Grid. www.. to photocopy articles owned by ISACA. 14 GridWise Architecture Council (GWAC).. permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC). Rasmussen. A Standardized and Flexible IPv6 16Mar2012_Final. S.wired. All rights reserved. vol. “Building the Smart Grid Promise.php smart-grid-cyber-security-to-total-14-billion-through-2018 12 Op cit. 5 For a comprehensive list of the NERC compliance “An Introduction to SCADA.” GE Digital Energy The ISACA Journal is published by ISACA.com/support/scada. permission must be obtained in writing from the association.com. Y. 4. “Maker of Smart-Grid Control Software 10 Baker. 2011 Communication Networks and Systems in Substations: An 20 Op cit. For other copying. Popper. www.com/support/ 2012. “Investments in Smart Grid Cyber Refurbishment of MEPSO High Voltage Substation in Security to Total $14 Billion Through 2018.nist.. 2011. Capkun.” 1 March Macedonia. Where necessary.0. Baker and Meyer 3 Roney.pdf Cisco Systems Inc.com/page. Salem. D. for a flat fee of US $2. www. 75-86 upload/smartgrid_interoperability_final. www.. or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited. et al Challenge and Transformation. N.. C.” Standards..” proceedings. Copying for other than personal use or internal reference. Proceedings of the 18th ACM Conference on Computer and January 2010. 1 March 2012. “Smart Grid Area Network.pdf Architecture for Field Area Networks Smart: Grid Last Mile Infrastructure. K.gridwiseac.50 per article plus 25¢ per page. © 2013 ISACA. D. Baker and Meyer Overview for Users.com for 2 Navigant Research. 11-13 November public/si/pdf_smartBuilding. Y.pdf 1 Zetter. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees.alcatel-lucent. Yan. Cisco Systems Inc. energy/C11-696279-00_cgs_fan_white_paper. NIST Tippenhauer.org .isaca.