Читать книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea - Страница 94
2.7 The Need for Security and Privacy Programs
ОглавлениеA global survey was conducted on security governance, specifically on how boards of directors and senior management are governing the security of their organizations' information, applications, and networks. The survey respondents included 75% participants from critical infrastructure companies and represented [Westby 2012]:
Energy and utilities companies.
Financial sector.
Healthcare.
Industrials.
IT and telecommunication companies.
The survey reveals issues related to security pasture of compared industries as follows:
Boards still are not undertaking key oversight activities related to cyber risks, such as reviewing budgets, security program assessments, and top‐level policies; assigning roles and responsibilities for privacy and security; and receiving regular reports on breaches and IT risks.
Utilities are one of the least prepared organizations when it comes to risk management [Westby 2012].
Utilities/energy sector and the industrial sector came in last in numerous areas – surprising is that these companies are part of critical infrastructure.
All industry sectors surveyed are not properly assigning privacy responsibilities.
Energy/utilities and IT/telecom respondents indicated that their organizations never (0%) rely upon insurance brokers to provide outside risk expertise, while the industrials sector relies upon them 100%.
Another report [GAO 2011] reveals that several security issues are missing including:
An effective mechanism for sharing information on cybersecurity and other issues.
Cybersecurity awareness.
Security features built into Smart Grid systems.
Metrics to measure cybersecurity.
In addition, the vulnerability of the power system is not mainly a matter of electric system or physical system, but is also a matter of cybersecurity. Attacks (such as attacks upon the power system, attacks by the power system, and attacks through power system) to the Smart Grid infrastructures could bring huge damages on the economy and public safety.
Smart Grid technologies and applications like smart meters, smart appliances, or customer energy management systems create new privacy risks and concerns in unexpected ways. Concerns of privacy of consumers and people are of vital importance in the energy sector. If there is any compromise of the personal data or security of the power service, it can undermine many services and applications. An incident would not only create a breach of privacy or confidentiality, integrity, or availability of the information, but it might also compromise the potential future markets the technology might have been able to create if it the service had been secure. Therefore, information security management principles, processes, and security architecture need to be applied to smart power grid systems without exception. All these objectives need to be included in the security program.