Journal Online

Evolving Perimeter Information Security
Naresh Kurada, CISA,
MSEE, P.Eng., is a senior
consultant at KPMG LLP,
Toronto, Canada. Kurada
can be reached at nkurada@
Models in Smart Grids and Utilities
kpmg.ca.
In September 2012, Telvent, the smart-grid framework for smart-grid perimeter (network
giant owned by Schneider Electric, reported that edge) devices, with an eye for adapting the
A. Alex Dhanjal, P.Eng., is
hackers broke through its firewall and security lessons learned from other information sensitive
a partner at KPMG Canada.
systems with breaches on OASyS SCADA. industries. At the same time, the article presents
Dhanjal can be reached at
Telvent uses the same system to control various and compares the evolving last-mile information
adhanjal@kpmg.ca.
power grids, oil and gas pipelines, and industrial security models to the North American Electric
controls around the world and integrate with Reliability Corporation (NERC) Critical
Bala Venkatesh, Ph.D.,
utility enterprise systems and new smart-grid Infrastructure Protection (CIP) Reliability
P.Eng., is an associate
platforms.1 Incidents such as this, the Stuxnet Standards (CIP-002-4 through CIP-009-4). This
professor and academic
worm, the night dragon attacks and cyberhacking contextualization provides the specific boundaries
director for the Center for
for sport are being highly monetized and targeted for the treatment of information security for the
Urban Energy, Ryerson
toward the power and utility industry’s assets. value players in the last-mile transmission and
University (Toronto, Ontario,
In this case, a major part of the existing distribution operations of a smart grid.
Canada). Venkatesh can be
electric grid architecture and infrastructure
reached at bala@ryerson.ca.
components in the operations of the distribution THE SMART-GRID VALUE NETWORK
electric networks are relatively basic without The National Institute of Standards and
advanced information analytics and resultant Technology (NIST) has developed the NIST
self-healing capabilities for power redistribution. Smart Grid Framework 1.0 as a reference model
However, as these grid infrastructure components for all other smart-grid architectures.
are fitted with information and communications Figure 1 reveals the stakeholders and illustrates
technology (ICT) for analytics and self-healing a high-level landscape of the interplay among
capabilities, the entire grid becomes even more the various players of the value network. The
susceptible to malicious attacks. Further, a recent value network players are the various technical
survey of 213 utility and smart-grid professionals equipment manufacturers that develop control,
revealed that 65 percent of executives believe that communications, monitoring and analytics
the technology most vulnerable to cyberattacks products within and across domains. Additionally,
is grid operations and information technologies. the technology standards committees and
It is estimated that cumulative investments in regulatory bodies are the other stakeholders.
smart-grid cybersecurity alone will total Interestingly, the demands in the 21st century for
US $14 billion through 2018. This is cleaner energy have given rise to new stakeholders
notwithstanding the US $200 billion investment who normally tap renewable energy sources such
in global smart grids, which includes a US $53 as wind and solar energy to generate power. The
billion investment in the US alone by 2015.2, 3 industry terms these stakeholders distributed
The existing electric-grid architecture is energy generators (DG). The DGs are incentivized
relatively a linear model with clear boundaries by government programs such as feed-in-traffic
among generation, transmission and distribution (FIT) programs that sell and supply energy to
of power. However, the smart-grid architecture consumers (and utilities) using the existing power-
brings about a paradigm shift from the linear to a grid infrastructure. Depending on the size, DGs
distributed energy-generation model. Therefore, normally tap into transmission and distribution
to devise a conceptual smart-grid security networks. The consumer is the ultimate
architecture, it is necessary to contextualize the stakeholder with demands for efficient and
smart-grid business with respect to the value smarter power consumption, including charging
network and the stakeholders. electric vehicles.
This article introduces and puts into
perspective the last-mile InfoSec Frames

©2013 ISACA. All rights reserved. www.isaca.org ISACA JOURNAL Volume 4, 2013 1

transmission and distribution. pole-mounted transformers. unlike the systems of enterprise switchgears.0. www. representing dynamic and compromised. the very critical nature of generating and delivering asset is critical for the reliable operation of the grid. networks where the information security is primarily focused flexible alternating current transmission systems (FACTS). the focus of information security in the capacitor banks. critical fact clearly differentiates and high-availability networks. availability must ensure protection of data for safe and reliable Consequently. This simple. in some instances.pdf ENTERPRISE NETWORK AND SMART-GRID NETWORK SECURITY the less important analytical data (such as for metering and Unlike traditional information security in enterprise networks. which emphasize economics as electrical isolation and protection relays. feeders. and efficiency. manufacturing and banking. STANDARDS AND EQUIPMENT MANUFACTURERS BULK POWER CONSUMER GENERATOR TRANSMISSION SERVICE PROVIDER DISTRIBUTION SERVICE PROVIDER GRID GRID BPG OPERATIONS TRANSMISSION OPERATIONS DISTRIBUTION OPERATIONS INFORMATION AND COMMUNICATION NETWORKS FOR SMART GRID OPERATIONS AND MANAGEMENT Source: Adapted from the National Institute of Standards and Technology. and auxiliaries. with attributes such as efficiency. the business precedence for human safety grid operation. power transformers. command and control. Furthermore. delivery of power. www. In general. on protecting data. power establishes a business objective that requires 100 percent the information security tenets of confidentiality. the the transmission and distribution of power within the grid. All rights reserved. The smart-grid perimeter devices generate intelligent machine-to-machine communications for reliable 2 ISACA JOURNAL Volume 4.gov/public_affairs/releases/upload/smartgrid_interoperability_final. 2013 ©2013 ISACA.4 and reliability is set for utilities and normally overrides other In addition to the general enterprise networks. With the smart grid. Release 1. economics and.nist. therefore. devices and systems become numerous active perimeter information security has to primarily address what will happen devices of the smart-grid network and leverage ICT for to the electrical state of the grid when one of its devices is analytics.isaca. key objective of information security in smart-grid networks Compromises to the control data and signals can significantly is to protect human life and ensure system reliability during alter the state of the grid and negatively affect the reliable power generation. January 2010. electric grids have a variety of the utilities from other enterprise business networks such as critical energy storage and switching devices and systems such retail. bus-bars. In smart-grid networks. systems such as enterprise resource planning (ERP) systems quality of power. Figure 1—Practical Layout of the Key Value Players in the Value Network ENERGY REGULATION. the smart-grid network asset power and electricity encompass every aspect of human society has a higher value than the information it generates because the and nations. Additionally. efficiency purposes) and the more important control data for which has as its primary objective the protection of data.org . NIST Framework and Roadmap for Smart Grid Interoperability Standards. NIST Special Publication 1108. integrity and reliable availability and delivery of power at any cost. these smart-grid network is multifaceted.

one or more documented processes that collectively include each of the applicable requirement parts in CIP-010-1. individually or by specified grouping. the configuration of those ports and services.1 Access points to the electronic security perimeter(s) shall include any externally connected communication end point (e.2 At all access points to the electronic security perimeter.grid operation. to models of information security architecture. data modeling and treatment. end points of these communication links within the electronic security perimeter shall be considered access points to the electronic security perimeter. data requirements. Compliance requirements of standard of CIP-005-4a are: •R  1. systems and facilities critical to system restoration. Source: North American Electric Reliability Corporation (NERC). generation resources. replacing or removing critical cyberasset hardware or software. The requirements from pertinent standards are listed in figure 2.5 Cyberassets used in the access control and/or monitoring of the electronic security perimeter shall be afforded the protective measures as specified in standard CIP-003-4. standard CIP-005-4a requirements R2 and R3. Furthermore. 2013 3 . transmission stations and substations. 3.5 Figure 2—Requirements From NERC CIP Standards 1. electric system (BES). as such..com/page. been established. the BES cybersystem can be viewed as a grouping of critical cyberassets and includes control centers and a backup control center. and standard CIP-009-4. 4. dial-up modems) terminating at any device within the electronic security perimeter(s).org ISACA JOURNAL Volume 4.g. • R2.1 The processes and mechanisms shall use an access control model that denies access by default such that explicit access permissions must be specified. Therefore. •R  2. focus. unlike enterprise networks. when the information criteria have system-to-system trust models. assesses and corrects deficiencies. including Blackstart Resources. standard CIP-008-4. and implement supporting configuration management activities to identify. control and document all entity. and asset management because of of cyberassets in support of reliable operation of the bulk the scale and scope of the large number of active devices. Analyses of these standards reveal Finally. Critical Information Protection. cranking paths and initial switching requirements. the smart-grid network that they are generally accepted principles of confidentiality. for the purposes of this article’s challenges for all of the players in the value network. www. Compliance requirements of standard CIP-003-3: • R1 Cybersecurity policy—The responsible entity shall document and implement a cybersecurity policy that represents management’s commitment and ability to secure its critical cyberassets. All rights reserved. standard CIP-006-4c requirement R3.php?cid=2|20 ©2013 ISACA. • R3 The responsible entity shall implement and document an electronic or manual process(es) for monitoring and logging access at access points to the electronic security perimeter 24/7. •R  1. as per CIP-002-5. the responsible entity shall enable only ports and services required for operations and for monitoring cyberassets within the electronic security perimeter and shall document. standard CIP-007-4 requirements R1 and R3 through R9. standard CIP-004-4 requirement R3. definitions and frameworks for the protection modeling and treatment. Compliance requirements of standard CIP-002-4a (Critical Cyberasset Identification): • R2 Critical cyberassets are qualified as those assets having at least one of the following characteristics: – Uses a routable protocol to communicate outside the electronic security perimeter – Uses a routable protocol within a control center – Is dial-up accessible Furthermore. in a manner that identifies. integrity and availability of information during transit and no corroboration and/or benchmark frameworks exist for residency. developing a balance between NERC CRITICAL INFORMATION PROTECTION STANDARDS information security and reliable grid operation is a unique NERC has developed the CIP standards to set the compliance challenge for establishing system-to-system trust models.3 Communication links connecting discrete electronic security perimeters shall not be considered part of the electronic security perimeter. these compliance requirements can be easily and asset management that pose practical implementation mapped to COBIT® and. 2. However. and special protection systems that support the reliable operation of the BES and protection systems. Compliance requirements of standard CIP-010-1: • R1 Each responsible entity shall implement. • R6 Change control and configuration management—The responsible entity shall establish and document a process of change control and configuration management for adding. • R4 The responsible entity shall perform a cybervulnerability assessment of the electronic access points to the electronic security perimeter at least annually. (especially for perimeter devices) is in its infancy.or vendor-related changes to hardware and software components of critical cyberassets pursuant to the change control process.isaca. www. modifying. •R  1.nerc.

org .6 Distributed flexibility of the Internet Protocol (IP) and WAN technologies. DNP3 and foreseen with respect to creating efficient and optimized Modbus. Network Protocol (DNP 3) and Modbus. grid asset maintenance supervisory control and data acquisition (SCADA) systems in and advanced asset monitoring. the The Transmission Control Protocol/Internet Protocol current power grid wide area networks (WANs) also utilize (TCP/IP) stack and the widely available WAN technologies power line communication and dark fiber. distribution and transmission when these systems make up the existing grid and BES are localized and operate can be interconnected. In addition.7. These technical challenges are in addition various network technologies. Etc. 9. Consequently. numerous challenges can be IEC 61850 communication standards. However. the opportunities are huge in terms Figure 3—Smart-grid ICT Energy Service Provider Enterprise Systems and Networks GRID Master Energy Consumption Energy Demand Response Control System Analytics Management Systems WAN Public/Private Network Service Providers LANX/Frame Relay ATM/ MPLS/VPN/Power Line IP/Internet Access IP\Int IP/Internet Access Technologies ernet Communications.isaca. 11 Furthermore. they provide a uniform data and system-to-system trust models for analytics as abstraction of the network that hides the differences among well as control. Control Center/SCADA Systems Technologies Acces s Tec hnolo gies Smart Substation Mic row ave RF Com Substation mu LAN on nica Modbus/DNP3 tion Substation LAN on Modbus/DNP3 Smart Substation 4 ISACA JOURNAL Volume 4. 2013 ©2013 ISACA. The existing intelligent electronic self-healing power networks realized by redistribution of devices (IEDs). numerous substations and automation controls are networked together equipment manufacturers either have attempted or are over Ethernet or serial communication ports using protocols attempting to evolve BES by leveraging the technical such as IEC 61850 communications standards. 10. 8. and the power through alternative paths. This evolution has led to the creation of be generated for meaningful warehousing and mining communication network setups (see figure 3). www. All rights reserved. Examples of such effectiveness are as independent networks. the remote terminal units (RTUs). purposes. INTEROPERABILITY WITH EXISTING GRID TECHNOLOGIES of improved efficiency and effectiveness of reliable power The current communication and control of the devices that generation. are technically flexible with capabilities to encapsulate or As these devices and systems begin to evolve into active tunnel existing grid communication protocols such as devices in the smart grid. 13 facilitating enhanced to the management of the huge amount of data that could interoperability.12.

The controls. water heaters. for example. the devices in subnetworks of NANs Department of Energy-led GridWise Domain Expert Working and HANs of the smart grid network have information Groups of Building to Grid (B2G). feeders. 2013 5 . pole-mounted transformers. important compared to availability. organization of the network and these devices are networked together with utilities communication architectures based on criticality (electrical demand-response and energy-forecasting systems and.and the US put into perspective.isaca. HANs and SUNs the evolution of renewable. Figure 4—InfoSec Frames for Smart-grid Networks Concept of FANs FANs essentially comprise energy-transformation and Architecture (InfoSec switching devices with intelligence. InfoSec Frames (figure 4) specifically describes reliable operation of the grid is normally confined to the data the security treatment for the subnetwork architectures for and not the device. communication and control of switching operation of devices (systems) and status parameters devices such as oil temperature levels in transformers. integrity and nonrepudiation of data are abstraction with a common set of security attributes. control networks (CNs). www. The security risk for the network. Just as in the case of HAN/ operation SUN network elements. Home to Grid (H2G) and security characteristics similar to point of sale (POS) in the Industrial to Grid (I2G). the data are quite critical for home area networks (HANs). such network setups seem machine-to-machine (M2M) communications. these devices Frames) Confidentiality Integrity Availability (also known as IEDs) are localized to electrical substations HAN/SUN/NAN High High Medium to low and. Furthermore. the framework facilitates confidentiality.14 retail industry. these devices typically attach to the power accordance to the NERC CIP Reliability Standards. The emergence and organization of smart. the FAN elements of the smart grid Risk: The communication and control of devices are networked together and leverage the TCP/IP stack for CN Very high Very high Very high communications and control. a FACTS. switching and control). field area networks (FANs) and customer billing and in-direct outage monitoring. are directly deployed along the electrical Application criticality: Trust and nonrepudiation grid. home energy classification because their criticality is higher on the grid. generation and consumption is ultimately. architectures of networks of devices are evolving in Furthermore. All rights reserved. Application criticality: Human safety and reliable capacitor banks. HVAC and plug-in hybrid electric vehicles (PHEV) security risk for the reliable operation of the grid is normally the are leveraging TCP/IP smart objects with capabilities of ©2013 ISACA. Therefore. and auxiliaries. power FAN High Very high Very high transformers. and the grouping of these devices is InfoSec Frames is an information security framework for in accordance with CIP-005-4a and CIP-002-4a. bus-bars. to an extent. The energy-demand forecasting (demand-response systems). with low asset value. Generally. 16 Examples of IEDs are electrical isolation and Risk: Analytical data generated by the devices protection relays. such devices are part Application criticality: Human safety and reliable of power transmission and distribution networks. (NANs). The data operation from these devices typically involve. Nevertheless. different conceptual involve power consumption and feed as analytics for architectural models are beginning to emerge. HANs or smart-utility networks (SUNs). The data from these devices typically As the smart-grid models evolve. In essence. However. Although. distribution networks. the information security treatment of the perimeter devices each device’s criticality for the safe operation of the grid is that fits into the subnetwork architectures of the smart-grid relatively low. chaotic and amorphous.org ISACA JOURNAL Volume 4. To further grid networks is also evidenced by the NIST. form subnetworks of neighborhood area networks emerging. switchgears.15. control of Risk: The network. distributed energy generation and Numerous devices such as smart energy meters (advanced storage make their respective IEDs suitable candidates for FAN metering infrastructure [AMI]). with slightly heightened security (to protect individual power consumption profiles) and extensive SECURITY ARCHITECTURE IN SMART GRIDS useful-device life. Concept of NANs. on the surface. In addition. Typically.

www. 20 Just as in the traditional Open Systems Interconnect (OSI) transformers and relays along the electric grid is normally seven-layer models. the vulnerabilities of IP for the smart grid accomplished using SCADA systems and programmable are grouped as follows: logic controllers (PLCs). just as in operation of the grid is not just the control system but other information-sensitive systems. 1. especially in FAN devices and CN systems and compromises to them could seriously alter the state of 2. They can control and operate environmental conditions. Historian). All rights reserved. The intention for capturing and transmitting data critical data about the state and analytical information of the Once these are clearly established. These instruments transmit 4. no matter how they are deployed. Depending on the technical goals electromagnetic fields.isaca. and the devices generate strong a large number of devices. communication and control of the device and the device itself. transform and redistribute leverage Ethernet technology. measurement of electrical characteristics of device management traffic and data traffic (including voltage. it is at the network and transport layer are denial-of-service critical to identify and rationalize: (DoS) attacks by TCP SYN flooding. due diligence has to be afforded to establish system-to-system and user-to-system trust models.18.17 Consequently. substation CNs are deployed in harsh and trending (e. to an extent. Individuals/systems that have access to the data out using instruments such as potential transformers (PT) 3. because they are directly involved in energy transformation and device status monitoring or analytical. threats 6 ISACA JOURNAL Volume 4. Furthermore.e. as most of the devices in FANs their ability to directly control. can be mitigated with existing security features already specified by the protocol or by leveraging the security services offered Concept of CNs by other Internet Engineering Task Force (IETF) protocols. 3. Control of transmission and distribution devices of 19. identify switching. That is.. integrity and stack. However. these attacks and vulnerabilities reliable operation. which given for: includes analytics. communications and devices. Finally.g.org . which is normally carried 2. control. The origin and destination of the data and current transformers (CT). in which confidentiality. Therefore. Smart-grid information security should be established on the • Network and transport layer security—As the devices in foundations of confidentiality. they can be distributed in substations interference (EMI) implications when the communication or centrally control multiple substations. precedence is set to transformers. satellite).. Consequently. NANs and CNs run on the TCP/IP stack. they normally have to be highly address spoofing. 2013 ©2013 ISACA. SCADA systems normally have • Physical and data link layer security—The IEDs in FANs associated systems for human machine interfacing (HMI) and. 1. Consideration must be given to securing available and highly secure. Furthermore. data are being transmitted Grouping of these devices into FANs is a consequence of CIP. VLANs. over conventional WAN/LAN technologies on the TCP/IP 002-4a and CIP-002-5. form some of the most cellular. Additionally. This has particular electromagnetic and requirements. microwave. the common range of attacks and availability on communication networks are all important for vulnerabilities apply. Another vulnerability with wireless is important critical assets in a bulk energy system because of eavesdropping. Avoidance of single-point-of-communication link failure These three points become extremely important when TECHNOLOGY THREATS AND CONSIDERATIONS IN SMART GRIDS wireless SCADA systems are deployed. cellular and satellite communications. Alternative paths for physical and logical the entire grid. control and communication). current and phase from high voltage devices such as communications and control). transformers is an indirect process. The security risk for the reliable wireless links (Wi-Fi and WiMax). SCADA systems. integrity and availability of FANs. threats data for safe and reliable operation of the grid. all securing data (analytical. as shown in figure 3. they are subject to MAC power. IP spoofing. SCADA systems are advance systems and redundancy such as sourcing services from different can be deployed using wireless technology built on private telecommunications service providers microwave radios. The type of data being transmitted such as device control. Separating management traffic from data traffic to separate CNs essentially control large subnetworks of the smart grid. channel is established wirelessly (i. Therefore. consideration must be the entire control subnetwork of the smart grid.

” This requirement sets the Sreenivasan.com/The_Internet_of_Things_2538 TCP/IP stack. Dynamic Host Configuration Protocol (DHCP). For all these network services. This article puts the regulatory and technical bodies satellite communications. In logging—from the enterprise networks to these devices. O. “A New Revolution Part 2: IP Enabled Smart authentication. the devices on FANs. accordance with NERC CIP-005-4a requirements. principle as per the NERC CIP requirements is.com/page. for information security and audit professionals. like smartphones and tablets—have operating systems. without compromising performance. Myers. 2013 7 . cellular and engineers. When these systems are deployed between information security practitioners and power wirelessly through private microwave radios.. B. However. March 2010. they are experiencing the proliferation TCP/UDP ports and ensure TCP session state integrity using of perimeter devices with uncontrolled intelligence along the stateful firewalls. All rights reserved. www. REFERENCES • Network services. The intent in all these cases is to either principles of authentication (dual-factor). “The www. the secure and DMZ and protected by firewalls.isaca. the guiding Objects and the Smart Grid. This article outlines the • Application layer security—Application layer security is threats to information security practitioners and assurance specifically relevant to CN systems (such as SCADA) and professionals and suggests the use of InfoSec Frames to NAN devices (such as Smart Meters). in some instances.php?cid=2|20 Network Management Protocol (SNMP). firewalls and next-generation firewalls provide mitigation techniques to CONCLUSION detect DoS attacks and IP spoofing with capabilities to block As smart grids evolve. R. resulting in information security issues for safe be given to routing traffic through firewalls. “The Internet Of Things. threat with NANs is exploiting vulnerabilities to determine Furthermore. G. forward functions and illustrations of role-based groupings of devices as they align web applications.nettedautomation.sensorsmag.com/sensors-mag/a-new-revolution-part-2- processes and mechanisms shall use an access control ip-enabled-smart-objects-and-smart-g-7465 model that denies access by default.org ISACA JOURNAL Volume 4. Critical Information Protection. NANs. for user access to systems and system-to-system access. The primary play in generating.nerc. nature of devices in critical infrastructure and the role they they may utilize power-line communications. the reliable operation of the electric grid has end-user power consumption profiles.. such that explicit access permissions must be specified. especially of the application data in transit. CNs will align to the Internet of Things running on the www. Naval.” Sensors. Therefore. HANs. CNs and FANs are architectural embedded databases for storage. network services such as Domain Name System (DNS). SUNs. due traditionally been a discipline within electrical engineering consideration must be given to ensure that the application and power systems engineering. Roberts. In FAN and CN devices. as the existing gateways are within the utility provider’s enterprise network electric grid evolves into the smart grid. traceability and alter the routing table database or overload the processor. IEC 61850 Protocol API precedent for establishing information security trust models User Manual: Protocol Integration Stack. SCADA systems in general reliable operation of the electric grid becomes interdisciplinary are highly critical systems. and access and Mulligan. Simple www. 27 Augugst 2010. access and authentication—As the Chui. consideration must power grid.com/iec61850li/beck/dk61/IEC%20 ©2013 ISACA. B. www. M. and threats to IP Efforts must be made to extend the established security routing protocols.mckinseyquarterly.. Therefore. on well-known TCP and UDP ports. M. transmitting and distributing power. These devices typically connect to the with the Internet of Things for smart-grid networks. due consideration must of knowledge for power-grid infrastructure into perspective be taken to prevent exposure to eavesdropping. Loffler. The distribution and transmission networks and other analytic security risk profiles in smart grids are different from those of systems in the service provider utility through a gateway on traditional businesses and enterprise networks because of the the HTTPS service over the Internet or. NAN devices—much contain the threats. and reliable distribution of power.” smart grid evolves. NANs and McKinsey Quarterly. they will utilize enterprise North American Electric Reliability Corporation (NERC).

“IEC 61850 6 19 Op cit.com/support/scada.” Standards. www. entitles one to receive an annual subscription to the ISACA Journal. Cisco Systems Inc.pdf 2008. Salem. Popper. permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC). S. volume. Cisco Systems Inc. reprint or republication. Copying for other than personal use or internal reference. 2012 Communications Surveys & Tutorials.” case study. Y. H. Where necessary. www. Rasmussen.com/support/ 2012.com/private/images/ Grid Interoperability. © 2013 ISACA. ISACA Journal does not attest to the originality of authors’ content. 2011 16 fourth quarter 2012.” requirements of standards.pdf 7 National Institute for Standards and Technology. Send payment to the CCC stating the ISSN (1526-7407).com.. “Building the Smart Grid Promise.org/pdfs/grid_interop_08_ 4 Yan. and first and last page number of each article. 4. 1 March 2012. Cisco Connected Grid Security for Field 8 GridWise Architecture Council (GWAC). D. M. D. O.. et al Challenge and Transformation. 27 Congress St..” Alcatel-Lucent. p..com/ Grid. case-studies/mepso/mepso. Michael.. “Internet Protocols for the Smart Hacked. For other copying.. Sharif. Baker and Meyer Overview for Users.com/page. 14 GridWise Architecture Council (GWAC). Proceedings of the 18th ACM Conference on Computer and January 2010. A Standardized and Flexible IPv6 16Mar2012_Final.” Cisco Systems threatlevel/2012/09/scada-vendor-telvent-hacked 11 Rugged. www.com/web/strategy/docs/ Interoperability Maturity Model Summary.nerc.” 1 March Macedonia. N. www.php smart-grid-cyber-security-to-total-14-billion-through-2018 12 Op cit. 2012 Adamiak.com/files/NERC_GridEx_AAR_ 9 Cisco Systems Inc. Yan. 11-13 November public/si/pdf_smartBuilding..  18 Op cit. 2011.. NIST Special Publication 1108.org . R.pdf Cyber Security for Smart Grid Communications. K. “KONCAR-KET Chooses Rugged.isaca. www. Tipper.” Wired. 14. F.pdf www.50 per article plus 25¢ per page.cisco. Framework and Roadmap for Smart Grid Interoperability “On the Requirements for Successful GPS Spoofing Attacks. Cisco Systems Inc.isaca. Baker and Meyer 3 Roney. for a flat fee of US $2.” IEEE 15 Op cit. “Maker of Smart-Grid Control Software 10 Baker. Release 1.pdf Cisco Systems Inc. MA 01970. D. NIST Tippenhauer.nist. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees.cisco. or the editors of this Journal.scadalink. Qian. K.org 8 ISACA JOURNAL Volume 4.gridwiseac.nerc. 2011 Communication Networks and Systems in Substations: An 20 Op cit..alcatel-lucent.” 16 March 2012. B.html www. “Smart Grid Area Network.php?cid=2|20.” proceedings. 2013 ©2013 ISACA. C. permission must be obtained in writing from the association. energy/C11-696279-00_cgs_fan_white_paper. to photocopy articles owned by ISACA.. a voluntary organization serving IT governance professionals. Opinions expressed in the ISACA Journal represent the views of the authors and advertisers.0.pdf 1 Zetter. Mackiewicz. 998 17 Bentek Systems SCADA & Telemetry Solutions. and from opinions endorsed by authors’ employers. or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited. Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. Membership in the association.ruggedcom. p. “Ensuring Smart http://enterprise. www. Baigent.com/newsroom/investments-in. 75-86 upload/smartgrid_interoperability_final. Meyer. 2012. 61850%20Protocol%20API%20User%20Manual.com/web/strategy/ ENDNOTES docs/energy/ip_arch_sg_wp. “A Survey on proceedings. www. 13 Op cit. All rights reserved. www. www. date. 26 September 2012.wired. Cisco Systems Inc.com for 2 Navigant Research.. Y. refer to www. “Investments in Smart Grid Cyber Refurbishment of MEPSO High Voltage Substation in Security to Total $14 Billion Through 2018. vol. no.pdf Architecture for Field Area Networks Smart: Grid Last Mile Infrastructure.gov/public_affairs/releases/ Communications Security. All rights reserved.. 5 For a comprehensive list of the NERC compliance “An Introduction to SCADA. Capkun. Op cit.” GE Digital Energy The ISACA Journal is published by ISACA.pikeresearch. 2011.