d2-02_12 comprehensive cybersecurity strategy for smartgrid equipment manufacturers
DESCRIPTION
D2-02_12 Comprehensive Cybersecurity strategy for Smartgrid equipment manufacturers. SC D2 2013 Colloquium in Mysore, Karnataka, India. GAP of knowledge. SMARTGRID. Energy knowledge. Communication knowledge. Security knowledge. What is cybersecurity. Standards for cybersecurity. - PowerPoint PPT PresentationTRANSCRIPT
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
D2-02_12Comprehensive Cybersecurity
strategy for Smartgrid equipment manufacturers
SC D2 2013 Colloquium in Mysore, Karnataka, India
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
GAP of knowledge
Energy knowledge
Communication knowledge SMARTGRID
Security knowledge
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
Use cases & SGIS Use cases:
Split the whole problem into more affordable issues Vs. maximalist approaches
At least take into account information assets, owners and actors
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
Other aspects
Detection
Response
Prevention
Information security is not only prevention
Bottom down approach: Penetration testing
Awareness
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
Conclusions
Day to day task
Not dealing with securities but probabilities
Need to incorporate the body of knowledge of cybersecurity experts
Risks Vs. Performance
Efforts in different standardization groups
Cybersecurity must be part of the design process
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
Special report Q2_10: questions
What are the recommendations of the authors for integrated operations of end-consumers/ devices with utility systems – given the current state of cyber security maturity in the domain?
Can a security breach occur from a consumer appliance or by consumer?
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
S.R. Q2_10: contribution (I)
Q: What are the recommendations of the authors for integrated operations of end-consumers/ devices with utility systems – given the current state of cyber security maturity in the domain?
A: Recommendations: No security through obscurity or proprietary
solutions Incorporate security body of knowledge Use common sense = risk analysis Security in depth Vs. panic
Author: M.A. Álvarez & T. Arzuaga
CG Automation November 2013
S.R. Q2_10: contribution (II) Q: Can a security breach occur from a consumer
appliance or by consumer? A: What is a security breach? To which scale?
Availability: Easy to some extent. Vital? Confidentiality: Privacy & duration Integrity: Perhaps the most risky? Take control of other devices: Early detection