cybersecurity issues in power systems
DESCRIPTION
Cybersecurity Issues in Power Systems. Securing Legacy Systems to Meet NERC CIP and NISTIR Requirements By Erfan Ibrahim Founder & CEO The Bit Bazaar LLC – A Marketplace for Digital Ideas. Problem Definition. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cybersecurity Issues in Power Systems](https://reader035.vdocument.in/reader035/viewer/2022072014/56812cd3550346895d9190d1/html5/thumbnails/1.jpg)
Cybersecurity Issues in Power Systems
Securing Legacy Systems to Meet NERC CIP and NISTIR Requirements
By Erfan IbrahimFounder & CEO
The Bit Bazaar LLC – A Marketplace for Digital Ideas
![Page 2: Cybersecurity Issues in Power Systems](https://reader035.vdocument.in/reader035/viewer/2022072014/56812cd3550346895d9190d1/html5/thumbnails/2.jpg)
Problem Definition
• Legacy Systems in the electric grid have limited memory, processing capability and networking features
• NISTIR 7628 and NERC CIP requirements for interface and overall systems cybersecurity are often too stringent for legacy systems to meet
• Technical Feasibility Exceptions (TFE) from NERC CIP requirements bring legacy systems into regulatory compliance but don’t secure
• “Forklift upgrades” from legacy systems to modern systems in the electric grid to meet stringent cybersecurity requirements is not economically viable
![Page 3: Cybersecurity Issues in Power Systems](https://reader035.vdocument.in/reader035/viewer/2022072014/56812cd3550346895d9190d1/html5/thumbnails/3.jpg)
Possible Mitigations
• “Bump in the wire” type security technologies• Integrating GumStix Technologies with Legacy
Systems to introduce modern cybersecurity technologies in legacy systems communications
• Re-architecting power systems to create more redundancy and resiliency to reduce interface cybersecurity requirements for legacy systems to meet
![Page 4: Cybersecurity Issues in Power Systems](https://reader035.vdocument.in/reader035/viewer/2022072014/56812cd3550346895d9190d1/html5/thumbnails/4.jpg)
Critical Issues to Consider
• Availability is more critical than confidentiality in power systems
• Compliance does not assure security• Interface level security does not provide system level security• Cybersecurity requirements coming from use case analysis
don’t take into account asymmetric attacks by smart hackers• Cybersecurity technologies are only part of the solution.
Network architecture, data management, personnel training and proper enforcement of security policy are necessary for power system protection