Читать книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea - Страница 95

Cybersecurity implies the implementation of security measures (safeguards) to ensure protection of an organization assets (tangible and intangible), people, and safety. Tangible assets are physical assets that include power equipment, computers, devices, facilities, and supplies. Intangible assets include data, information, reputation, intellectual property, copyrights, trade secrets, business strategies, and any other information valuable to an organization.

The destruction of power grid systems and assets would have a debilitating impact on energy security, economic security, public health, or safety. With a system that handles power generation, transmission, and distribution, security responsibility extends beyond the traditional walls of the data center. An intruder can, intentionally or unintentionally, cause a power line to be energized that would endanger lives. Similarly, a power line may be de‐energized in such a way as to cause damage to transmission and control systems and possibly endanger the safety of employees and the public. Therefore, each organization should develop its own policy to protect assets, employees, and general public who are at risk when human (intentional or unintentional) threats or natural disasters occur. Each organization should develop its own cybersecurity strategy for the implementation of a security program. Cybersecurity must address not only deliberate attacks launched by disgruntled employees, agents of industrial espionage, and terrorists but also inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters [NISTIR 7628].

Security program is a plan or outline that must cover security governance, planning, prevention, operations, incident response, and business continuity. Variants of Smart Grid implementations have already been rolled out in various jurisdictions across the United States as well as the rest of the world for several years. The window of opportunity to integrate security into the Smart Grid from the beginning is shrinking fast. However, it is also necessary to understand the interdependency and mutual vulnerability of the wholesale electric grid and the wholesale electric market in maintaining the security and stability of the smart power grid. Market participants require to ensure protection of their critical cyber assets and to support an appropriate security program.

A security program needs to be built using the security engineering approach. This requires focus on building systems to remain dependable in the face of malice, error, or mischance [Anderson 2008]. Also, the successful implementation of a security program requires certain basic functions that should be included in any budget allocation [Whitman 2014].