Article

Cyber Security threats in the Power Sector: Need for a domain specific regulatory framework in India

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

India is poised to spend over USD 5.8 billion as part of the National Smart Grid Mission aimed to alleviate India's ailing power sector as part of its 12th Five year plan (2012–2017). The federal government sponsored Restructured Accelerated Power Development and Reforms Program (R-APDRP) is also focused on building ICT capability in the state electricity boards. Presently however, there is no power sector specific cyber security mandates or policies in India. The Stuxnet, Shamoon and Anonymous incidents have shown that cyber attacks can cause significant damage and pose a risk to National Critical Infrastructure. A lack of security planning as part of designing the Smart grids can potentially leave gaping holes in the country's power sector stability. The paper highlights key cyber security threats across the entire power sector value chain—from generation, to transmission and distribution. It is aimed at building the case for power sector specific cyber security regulations based on the experience of regulators in other critical infrastructure sectors like Banking and Telecom in India and power sector regulations internationally.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The existing legal provisions should be examined to check if they can address cyber attacks on Indian power systems adequately. India does not have a cyber security law specific to power sector [20]. In India, Information Technology Act 2000 [21] as amended by the various amendments including the substantial amendment in 2008 [22], is the current law that is specifically meant to address the issue of Cyber Space and Crimes. ...
... So, it is important to check if IT Act 2000/2008 adequately address the cyber security issues of Indian power grid. In [20], it is mentioned that India needs power sector specific regulatory framework to address cyber security issues. However, [20] does not analyse the relevant legal frameworks. ...
... In [20], it is mentioned that India needs power sector specific regulatory framework to address cyber security issues. However, [20] does not analyse the relevant legal frameworks. In general, not much research works have been reported on the analysis of Indian laws in addressing the cyber security issues. ...
... Between 2004 and 2012, India recorded 15% increase in its populations' access to electricity from 59% to 74% but also has to deal with growing demand put at 5% per annum through 2030 [43]. As an action plan, India established a National Smart Grid Mission and budgeted over USD 5.8 billion for the period from 2012 to 2017 to deploy SGs [44]. In Malaysia, SGs investment went up from $35.2 million to $109.0 million between 2011 and 2016 with the country targeting an expansion in its renewable energies' supplies to 2080 MW and 4000 MW by 2020 and 2030 respectively. ...
... SGs deployments are envisioned to revolutionize the power schemes but the associated threats of its deployments pose major worries given the uniqueness of developing economies' various security issues involving thefts of infrastructures or attacks on them at the slightest provocation and the growing cyber-attacks [44,90]. These could manifest as a result of thefts, state attacks, war, natural disasters, terrorism or any act of sabotage [91] hence, requiring concerted efforts to curb. ...
... Transmission systems are reportedly the most targeted as over 60% of attacks on the grid targeted the subsystem. Transformers, Power relays, junction boxes, and the metering systems are also key areas suffering various attacks [44]. ...
Article
Full-text available
Considerable efforts in huge investments are being made to achieve a resilient Smart Grids (SGs) deployment for the improvement of power delivery scheme. Unsurprisingly, many developing nations are making slow progress to the achievement of this feat, which is set to revolutionize the power industry, own to several deployment and security issues. Studying these threats and challenges from both technical and non-technical view, this paper presents a highlight and assessment of each of the identified challenges. These challenges are assessed by exposing the security and deployment related threats while suggesting ways of tackling these challenges with prominence to developing nations. Although, a brief highlight, this review will help key actors in the region to identify the related challenges and it's a guide to sustainable deployments of SGs in developing nations.
... Geography. Majority selected articles come from the EU [13], North America [14], and Asia [15]. The NIST and the ISO frameworks/standards are widely adopted by the EU Critical Infrastructure (e.g., ISO 27001 for IT security, or ISA 62443 for Operational Technology security). ...
... The European Union Agency for Cyber Security (ENISA) and the Department of Homeland Security (DHS) in the USA provides security guidelines to support the implementation of high security standards for critical infrastructures. While the US and the EU's scholars focus on solutions, it seems that Asian researchers are interested in threats, and needs for cyber security solutions (e.g., a need for a domain specific regulatory framework in India [15]). ...
Article
Full-text available
Literature in cyber security including cyber security in energy informatics is overly technocentric focuses that may miss the chances of understanding a bigger picture of cyber security measures. This research thus aims to conduct a literature review focusing on non-technical issues in cyber security in the energy informatics field. The findings show that seven non-technical issues have been discussed in literature, including education, awareness, policy, standards, human, and risks, challenges, and solutions. These findings can be valuable for not only researchers, but also managers, policy makers, and educators.
... Connected devices are deployed in smart homes, toys, wearables, automotive, security cameras, healthcare, and avionics. The inexorable need to add more features and leverage connectivity creates potential attack vectors [1][2][3][4][5][6][7][8] in areas that were not subject to security concerns before. Individual's privacy could now be violated, cars and planes could crash, credit-card details could be stolen, and medical devices could critically malfunction, affecting vital life-concerning actions or leak sensitive patients' details. ...
... They often lack MMU and are small in area to save up manufacturing costs and power consumption. Historically, security was not a concern in that field, but with the recent attacks [1][2][3][4][5][6][7][8] on embedded systems, security started to get traction. Those attacks target the confidentiality, integrity, or availability of the system. ...
Thesis
Embedded system designers are facing an inexorable pressure to add more features and leverage connectivity. This creates potential attack vectors in areas that were not subject to security concerns before. Individuals’ privacy could be violated, cars and planes could crash, credit-card details could be stolen, and medical devices could critically malfunction, affecting vital life-concerning tasks or leaking sensitive patients’ details. Software compartmentalisation has the potential to manage the attack vector better, defend against unknown future software vulnerabilities, and limit the consequences of potential successful attacks to the compromised component without affecting the rest of the system. Unfortunately, the current state-of-the-art security technologies for embedded systems (e.g., MPUs) are not well-designed for implementing fine-grained software compartmentalisation while meeting embedded systems requirements. They suffer from inherent design issues that limit scalability, compatibility, security, and performance. This dissertation proposes CompartOS as a new lightweight hardware-software compartmentalisation model building on CHERI (a hardware capability architecture) to secure mainstream and complex embedded software systems. CompartOS is an automatic, linkage-based compartmentalisation model that isolates mutually distrusting linkage modules (e.g., third-party libraries) executing in a single-address-space and single-privilege-ring environment. Further, CompartOS enables the management of faults within software components by introducing support for partial recovery, thus improving availability while maintaining compatibility by requiring minimal development efforts—a critical requirement for many embedded systems. We have implemented multiple prototypes of compartmentalisation models, including MPU-based protection and CompartOS, in FreeRTOS and compared them in performance, compatibility, security, and availability. Microbenchmarks show that CompartOS’ protection-domain crossing is 95% faster than MPU based IPC. We applied the CompartOS model, with low effort, to complex, mainstream systems, including TCP servers, Amazon’s OTA updates, and a safety-critical automotive demo. CompartOS not only catches 10 out of 13 FreeRTOS-TCP published vulnerabilities that MPU-based protection (e.g., uVisor) cannot catch but can also recover from them, maintaining the availability of safety critical systems. Further, our TCP throughput evaluations show that our CompartOS prototype is 52% faster than the most relevant and advanced MPU-based compartmentalisation model (e.g., ACES), with a 15% overhead compared to an unprotected system. This comes at an FPGA’s LUTs overhead of 10.4% to support CHERI for an unprotected baseline RISC-V processor, compared to 7.6% to support MPU, while CHERI only incurs 1.3% of the registers area overhead compared to 2% for MPU.
... The software industry has a history of releasing insecure products and patching them later [177,178]. In the energy sector, this could result in "billion-dollar bugs" [179,180], which could not be easily fixed as testing would be required before patches could be applied to critical infrastructure [177]. Thus, software development in more security-sensitive sectors such as banking may provide more applicable lessons. ...
... These include advanced persistent threats, botnets, zero-days, and distributed denial of service [25,167,184]. Even though new stealthy and multistage attacks are extremely hard to defend [7], many companies may need to address more basic security concerns first [180]. For example, initial access to energy infrastructure in some of the major cyberattacks was obtained through emails [7]. ...
Article
The term resilience describes the ability to survive and quickly recover from extreme and unexpected disruptions. A high energy system resilience is of utmost importance to modern societies that are highly dependent on continued access to energy services. This review covers the terminology of energy system resilience and the assessment of a broad landscape of threats mapped with the proposed framework. A more detailed discussion on two specific threats are given: extreme weather, which is the cause for most of the energy supply disruptions, and cyberattacks, which still are a minor, but rapidly increasing concern. The framework integrates various perspectives on energy system threats by showcasing interactions between the parts of the energy system and its environment. Weather-related threats are discussed distinguishing relevant meteorological parameters and different durations of disruptions, increasingly related to the impacts of the climate change. Extremes in space weather caused by solar activity are very rare, but are nonetheless considered due to their potentially catastrophic impacts on a global scale. Digitalization of energy systems, e.g. through smart grids important to renewable electricity utilization, may as such improve resilience from traditional weather and technical failure threats, but it also introduces new vulnerabilities to cyberattacks. Major differences between the internet and smart grids limit the applicability of existing cybersecurity solutions to the energy sector. Other structural energy system changes will likely bring new threats, which call for updating the threat landscape for expected system development scenarios.
... Smart girds (SGs) deployments have improved the intelligence of grid system's interoperation by the provision of multi-directional information flow between any two or more units in the system to achieve a revolutionized power industry hence, providing adequate data from metering to substations, distributions, transmission and generations, for increased security, resiliency and efficient control and monitoring of assets and services (Camarinha-Matos, 2016;Farhangi, 2010;Ghansah, 2009;Kumar et al., 2014). The intelligence is achieved by incorporating processors in each component of the power systems, with each component having a robust operating system and independent agents connected to smart sensors linked to its own component or substation to form a large distributed computing platform. ...
... Research focus on how these attacks can be mitigated are now based on provision of meter bots, distributed DoS attacks, usage loggers, SM rootkits, meter-based anti-viruses for improved security (McDaniel and McLaughlin, 2009) and new approaches are currently being developed. The U.S. DOE and the electricity industry have jointly invested $7.9 billion between 2009 and 2015 in projects for modernization of systems in SG implementation, improve cyber security and enhance interoperability (Konstantinou et al., 2016) while India budgeted $5.8 billion in similar vain to span the deployment plan from 2012 to 2017 (Kumar et al., 2014). Global Smart Grid cybersecurity is expected to gulp about $1.8 billion and $3.2 billion in 2017 and 2026 respectively (Navigant Research, 2017). ...
Article
Full-text available
Smart grids (SGs) deployments have made power systems operation more efficient by the application of distributed computing schemes in grids’ interoperation. However, these schemes have triggered various security issues which are growing to be of major concerns. Physical attacks, cyber-attacks or natural disasters are major notable form of threats to SGs deployment which could lead to infrastructural failure, blackouts, energy theft, customer privacy breach, endangered safety of operating personnel, etc. Hence, the need to critically examine the security issues aimed at preventing possible threats or failures. In this review, various security challenges and threats are discussed with respect to their possible sources of occurrence. These threats are then classified and a framework for achieving more secured SGs is suggested.
... In 2011 and 2013, some researchers (Pearson, 2011;Umbach, 2013) highlighted the growing dependence of the electricity system's functionality on ICT, concluding that cybersecurity is becoming an essential dimension of energy policy making. In another example, the work of (Kumar et al., 2014) calls for an effective cybersecurity policy for the Indian power system, emphasizing the criticality of the national electricity infrastructure and the devastating effects a disruption of the power supply may have. The authors also highlight the complexity of implementing a sound cybersecurity policy, given the many public authorities involved and the overlap of responsibility. ...
Article
Electricity systems are critical infrastructure. With increasing digitalization, they become particularly vulnerable to cyberattacks. Cybersecurity hence becomes increasingly crucial for the security of supply. Based on a detailed analysis of the status of cybersecurity in the Swiss electricity sector, we derive a set of policy recommendations on how to raise countries’ cybersecurity levels in electricity systems. The analysis builds on a national E-survey that solicited self-assessment of cybersecurity maturity levels of 124 Swiss energy market participants. It was complemented by a detailed, comparative analysis of cybersecurity measures in Switzerland and its surrounding European neighbors. On average, we found a cybersecurity maturity that needs to be ameliorated regarding information and operation technology in the Swiss electricity sector. This situation calls for improved regulatory measures and monitoring to stimulate cyber resilience among market participants.
... The inexorable need to add more features and leverage connectivity in embedded systems creates potential attack vectors [18,19,37,12,45,31,15,35] in areas that were not subject to security concerns before. Individual's privacy could now be violated, cars and planes could crash, credit-card details could be stolen, and medical devices could critically malfunction, affecting vital lifeconcerning actions or leak sensitive patients' details. ...
Preprint
Full-text available
Existing high-end embedded systems face frequent security attacks. Software compartmentalization is one technique to limit the attacks' effects to the compromised compartment and not the entire system. Unfortunately, the existing state-of-the-art embedded hardware-software solutions do not work well to enforce software compartmentalization for high-end embedded systems. MPUs are not fine-grained and suffer from significant scalability limitations as they can only protect a small and fixed number of memory regions. On the other hand, MMUs suffer from non-determinism and coarse-grained protection. This paper introduces CompartOS as a lightweight linkage-based compartmentalization model for high-end, complex, mainstream embedded systems. CompartOS builds on CHERI, a capability-based hardware architecture, to meet scalability, availability, compatibility, and fine-grained security goals. Microbenchmarks show that CompartOS' protection-domain crossing is 95% faster than MPU-based IPC. We applied the CompartOS model, with low effort, to complex existing systems, including TCP servers and a safety-critical automotive demo. CompartOS not only catches 10 out of 13 FreeRTOS-TCP published vulnerabilities that MPU-based protection (e.g., uVisor) cannot catch but can also recover from them. Further, our TCP throughput evaluations show that our CompartOS prototype is 52% faster than relevant MPU-based compartmentalization models (e.g., ACES), with a 15% overhead compared to an unprotected system. This comes at an FPGA's LUTs overhead of 10.4% to support CHERI for an unprotected baseline RISC-V processor, compared to 7.6% to support MPU, while CHERI only incurs 1.3% of the registers area overhead compared to 2% for MPU.
... This is indicated by the terms frequently occurring in this theme, such as (energy/power) generation, renewable energy source, solar/wind energy, (electricity) grid, transmission, electricity demand, customer, competition, trading, and policy framework. The themes covered here include electricity generation [68], renewable energy [69], transmission and distribution [70,71], electricity demand [72], and governance [73][74][75]. Illustratively, Umamaheswaran and Seth [76] identify characteristics that facilitate or hinder financing for utility-scale solar and wind energy while Sahoo and Shrimali [77] evaluate the effectiveness of a requirement to source technology domestically in strengthening the local solar photovoltaic manufacturing base in India. In the context of electricity reform, Srivastava and Shahidehpour [78] and Sharma, Nair [79] critique the initial progress and draw lessons for restructuring the sector. ...
Article
Full-text available
Although India has made significant progress towards the sustainable development goal on energy (SDG 7), further policy innovations are essential for closing the gap, addressing geographic disparities, and harnessing energy for transformative change. Research can support this process by creating policy-relevant knowledge regarding the energy transition, but there is no systematic account of the literature pertaining to energy policy in India to map the research area and suggest key avenues for future research. In this study, I conduct a bibliometric review and computational text analysis of over 2700 publications to identify the key themes, geographies, and public policy concepts (not) examined in the research on energy policy in India. I find that: (i) the literature is dominated by topics in energy supply and less attention is paid to demand-side management, energy efficiency, and electricity distribution; (ii) existing studies have hardly examined subnational policy (-making), especially in the case of eastern and north-eastern India; and (iii) research on both analysis for policy and analysis of policy is limited. I conclude that the current foci lack the breadth and depth necessary for supporting the Indian energy transition and urge scholars to diversify the thematic, geographic, and conceptual engagement in future research.
... По мере внедрения более сложных ИКТ-систем в энергетических системах возникают соответствующие проблемы, связанные с обеспечением цифровой безопасности и защиты персональных данных [141]. В роль регуляторов входит внедрение вопросов защиты безопасности и личных данных в системы планирования безопасности работы электроэнергетических систем [105,142]. Аналогично возрастающие объемы генерируемых данных приводят к необходимости находить способы защиты этих данных от использования в негативных целях. ...
Book
Full-text available
Приведен подробный анализ трендов, лежащих в основе трансформации энергетической отрасли. Произведен анализ преобразований с точки зрения глобальных процессов, влияющих на отрасль, а также моделей и механизмов развития интеллектуальной энергетики. Рассмотрены вопросы регулирования электроэнергетики и направления совершенствования существующих регуляторных механизмов. Представлены перспективы развития рассматриваемых практик, инновационный потенциал традиционных электроэнергетических компаний на российском рынке, технологический и организационный базис перехода к экосистемному характеру развития электроэнергетики. Предназначена для специалистов в области экономики и управления электроэнергетикой отрасли.
... Cloud computing can provide flexibility and scalable characteristic to cope with the data storage and vast transferable real-time data [58][59] [60]. With the expanding area of the Smart Grid, cloud computing can easily adapt to present remote data storage, automatic updates, less utility cost, energy saving, and reduce human labor demand [61][62] [63]. Cloud computing architecture for Smart Grid designed by Dileep G. [21] can be found in Figure 10. ...
Article
Full-text available
Smart Grid is an advanced two way data and energy flow capable of self-healing, adaptive, resilient, and sustainable with prediction capability of possible fault. This article aimed to disclose Smart Grid communication in a logical way to facilitate the understanding of each component function. The study was focused on the improvement, advantages, common used design, and possible feature of Smart Grid communication components. The results of the study divide the Smart Grid communication application into two main category i.e. measurement equipment and network architecture. Measurement equipment consists of Advance Metering Infrastructure, Phasor Measurement Unit, Intelligent Electronic Devices, and Wide Area Measurement System. The network architecture is divided based on three hierarchies; local area network for 1 to 100 m with 100 kbps data rate, neighbour area network for 100 m to 10 km with 100 Mbps data rate, and wide area network for up to 100 km with 1 Gbps data rate. More information is provided regarding the routing protocol for each network from various available protocols. The final section presents the energy and data flow architecture for Smart Grid implementation based on the measurement equipment and the network suitability. This article is expected to provide a comprehensive guide and comparison surrounding the technologies supporting Smart Grid implementation especially on communication applications.
... This enables the system to access its own operating conditions and report to its neighbouring agents via the communications paths, circuit breakers and communication ports for the processors (Amin and Wollenberg, 2005;De Santis et al., 2017;Farhangi, 2009;Gao et al., 2012;Lawrence et al., 2017;Wang et al., 2011). This scheme provides adequate data from metering to substations, distributions, transmission and generations, for desired analysis and inferences to achieve increased security, resiliency and efficient control and monitoring of assets and services (Camarinha-Matos, 2016;El-Hawary, 2014;Farhangi, 2009Farhangi, , 2010Ghansah, 2009;Kumar et al., 2014). This platform is the basics of SUN, hence, in this thesis, SG, SGE or SUN are used interchangeably as appropriate. ...
Thesis
The successful deployment of Smart Grids (SG) clearly hinges on energy efficiency, relying majorly on the operations of the Advanced Metering Infrastructure (AMI) with Smart Electricity Meters (SEM) as its key aspect. Like every Cyber-Physical System (CPS), it is threatened by cyber-attacks and electricity theft is a notable motive of these attacks. Nonetheless, SEM offer adequate data being leveraged upon for analytical inferences. However, various research efforts mainly utilising artificial intelligence and machine learning are aimed at generating suspicious customer lists rather than a holistic approach to curbing the various aspects of the menace. In this thesis, a proactive scheme for preventing, detecting and penalizing electricity thefts is proposed. To achieve the prevention phase, a cyber security layer based on a novel Monkey-Banana Deceptive Algorithm (MBDA) for intrusion detection is introduced. This algorithm is developed from the popular 5 or 8-monkey theory by first presenting each of the stages to scenarios and then formulated to a probability assignment model. MBDA probability assignment is then applied to develop the algorithm for detecting intrusion in SEM’s communication gateway. To strengthen the prevention phase, selected factors indicative of electricity thefts are then modelled by defining a set of rules to infer security risk level using Fuzzy Inference System (FIS). The detection phase utilises a Long Short-Term Memory (LSTM) network based on time series prediction of the energy consumption data. The forecast values of the energy consumption are compared with the observed values to detect suspicious consumers based on defined anomaly detection model. To confirm true fraudulent consumers, a confirmation model is introduced based on selected monitoring parameters using FIS model. In the penalization phase, a cost estimation-based model by an analytical approach is introduced to deduce the penalty fine on confirmed fraudulent customers with considerations to energy consumed during reported theft period and modifications of some existent Electricity Theft Acts. A self-generated attack was used to implement the MBDA while the results of the FIS model determines the prevention status. The detection phase was implemented using the SEM energy consumption data of four selected consumers of different profiles to build consumer-dependent LSTM models. The anomaly and confirmation models are used to justify true fraudulent customers based on the states of the monitored parameters. The results of the cost estimation-based model implemented on twenty randomly selected electricity fraudulent consumers for the penalization phase indicate fraudulent customers reported at second and third attempts incurring 42% and 60% increase in the imposed fines, respectively. Implementation of this proactive scheme will enhance real-time protection of the SEM, reduces over reliance on energy consumption data analytics, reduces false positive rates, eliminates the usual practice of bogus financial sanctions, drastically reduce the need for the complicated on-site customer-to-customer inspections thereby saving manpower, stress, cost and time. In addition, the penalization phase also helps shift electricity theft burden from honest consumers. This proposed scheme is a suitable deployment for electricity theft prevention, detection and penalization in a smart utility network.
... Many examples can be found in recent years involving the steal of credit and debit cards from Web payment systems, the steal of part of Google's intellectual property, or the exposure of users personal information, to name a few [6]. Another essential sector is the power sector, a target to cyber-attacks whose security has also been regarded (see [7][8][9] and references within). ...
Article
Full-text available
Machine learning techniques are a set of mathematical models to solve high non-linearity problems of different topics: prediction, classification, data association, data conceptualization. In this work, the authors review the applications of machine learning techniques in the field of cybersecurity describing before the different classifications of the models based on (1) their structure, network-based or not, (2) their learning process, supervised or unsupervised and (3) their complexity. All the capabilities of machine learning techniques are to be regarded, but authors focus on prediction and classification, highlighting the possibilities of improving the models in order to minimize the error rates in the applications developed and available in the literature. This work presents the importance of different error criteria as the confusion matrix or mean absolute error in classification problems, and relative error in regression problems. Furthermore, special attention is paid to the application of the models in this review work. There are a wide variety of possibilities, applying these models to intrusion detection, or to detection and classification of attacks, to name a few. However, other important and innovative applications in the field of cybersecurity are presented. This work should serve as a guide for new researchers and those who want to immerse themselves in the field of machine learning techniques within cybersecurity.
... Russia, China and India are a few of the developing nations making giant stride in SG deployments (African Economic Outlook 2016;Fadaeenejad et al., 2014). Thailand and India have budgeted US$ 13 billion (for the next 15 years) and USD 5.8 billion (for a five year plan) (Fadaeenejad et al., 2014;Kumar, et al., 2014) to improve their power infrastructure respectively, with Malaysia targeting an expenditure of $109.0 million by 2016 (World Bank Open Data 2016). Figure 1 shows the investment in SG by region as at 2012 (Rogers, 2013) The security issues worldwide are major concerns in this deployment and has necessitated various researches (Amin, 2012;Gharavi and Hu, 2013;Giani, et al., 2012;Li, et al., 2014;Wei, et al., 2011). ...
Article
Full-text available
Smart Grids (SGs) have taken a centre stage in achieving a smarter, more reliable, robust, secured, economically efficient and more environmentally friendly mode of power generation and utilisation. Massive deployment is being recorded in developed worlds. While most of these countries are investing heavily in the development of SGs, well-articulated areas of research and development are key aspects with special emphasis on its security since it involves complex interconnection of units and systems which are expensive to install and maintain. In developing nations, especially those of Africa, realisation of adequate power supply to meeting the ever-growing demand has been a mirage with demand on geometric increase and with every increase largely meaning a drift away from the supply. Hence, attention is focused on capacity expansion in most developing nations rather than SGs deployments especially considering the various challenges militating against the development despite the huge advantages. Although, some of these nations have made tremendous achievements in this regard, the associated challenges have become major source of worry for most of the nations. This paper gives highlights of these issues and possible measures of overcoming them in order to enhance sustainable SGs deployments in developing coUntries like Nigeria
... On the other hand, caution mechanisms should be improved against cyber-attacks in order to provide a secure environment for smart grid users [48,49]. Information encryption and decryption techniques should be implemented between manufacturers and consumers in smart grids [50]. ...
Article
Smart grid technologies can be defined as self-sufficient systems that can find solutions to problems quickly in an available system that reduces the workforce and targets sustainable, reliable, safe and quality electricity to all consumers. In this respect, different technological applications can be seen from the perspective of researchers and investors. Even though these technological application studies constitute an initial step for the structure of the smart grid, they have not been fully completed in many countries. Associations of initial studies for the next step in smart grid applications will provide an economic benefit for the authorities in the long term, and will help to establish standards to be compatible with every application so that all smart grid applications can be coordinated under the control of the same authorities. In this study, a review has been made of technological methods of data transmission and the energy efficiency in smart grids as well as smart grid applications. Therefore, this study is expected to be an important guiding source for researchers and engineers studying the smart grid. It also helps transmission and distribution system operators to follow the right path as they are transforming their classical grids to smart grids.
Article
However, a growing cybercrime threat has been a significant issue for most countries even though information technology plays a vital role in economic and social growth Indian cybercrime has followed a pattern that is similar to the rest of the world in many ways. Regardless of whether the risks originate from inside or outside a company, cyber security measures are designed to protect networked systems and applications. A computer network, hardware, and software are all necessary components of information technology (IT). More specifically, cyber security focuses on securing computers, digital devices, and personal information from illegal access. A company that provides a variety of services linked to the protection of an organization's IT computer systems. To secure your company's sensitive data from illegal electronic access, you need information security, and to protect your company's sensitive data from unauthorised electronic access, you need cyber security. The subject of whether or not cyber security is more than just a matter of information technology is being asked all across the world. Thus, the study's goal is to examine the idea that cyber security is more than just a matter of information technology.
Article
Full-text available
However, a growing cybercrime threat has been a significant issue for most countries even though information technology plays a vital role in economic and social growth Indian cybercrime has followed a pattern that is similar to the rest of the world in many ways. Regardless of whether the risks originate from inside or outside a company, cyber security measures are designed to protect networked systems and applications. A computer network, hardware, and software are all necessary components of information technology (IT). More specifically, cyber security focuses on securing computers, digital devices, and personal information from illegal access. A company that provides a variety of services linked to the protection of an organization's IT computer systems. To secure your company's sensitive data from illegal electronic access, you need information security, and to protect your company's sensitive data from unauthorised electronic access, you need cyber security. The subject of whether or not cyber security is more than just a matter of information technology is being asked all across the world. Thus, the study's goal is to examine the idea that cyber security is more than just a matter of information technology.
Article
Full-text available
This paper presented the cyber security system and policy of India. Prime Minister of India, Narendra Modi has started the digital India campaign which is one of them initiative of Government of India, aimed at the digitally enabling Indian people through boosting connectivity, expanding access, provoking electronic delivery of government’s scheme and planning to the common people. Therefore, it makes progress on the systematic programme for integrating the information and is the most important that benefiting each and every citizen through digital initiative. From this perspective, India can face various type of challenges such as data localization and cyber-attack. Therefore, Indian military forces are under process of establishing a cyber-command as a part of solidification the cyber security of defence system. There are creations of cyber command which will involve a parallel hierarchical structure as being one of the most central stakeholders. While the main objectives of this policy are to aims at protection privacy of the citizen. Though, after four years since the proclamation of the Cyber Security Policy, India’s cyber landscape has witnessed in the growing platform digitization as part of the Government’s Digital India because more sophisticated cyber threats, particularly the Wanna Crypt and Petyaransom ware attacks in 2017-18 that hit Indian networks this year. These radical changes require a revision and update to India’s policy on Cyber Security. Certainly, cyber policy in Indian government has multiple stakeholders, ranging from the Ministry of Electronics & Information Technology, National Critical Infrastructure Information Protection Center, the Ministry of Home Affairs created National Cyber Coordination Centre for the counter the misunderstanding investigative authorities.
Article
Operation of modern power systems integrated by distributed energy resources is only possible if information/communication technologies are leveraged in the system. This results in cyber-physical power systems which are vulnerable to malicious cyberattacks. Hence, it is crucial to propose practical solutions to enhance the resilience of smart grids against cyberattacks. Targeting energy hubs integrated by distributed energy resources, a cyberattack based on min–max formulation is presented in this paper. A remedial action scheme, which changes status (i.e., connection/disconnection) of the energy hub components, is proposed to mitigate the economic effect of the aforementioned cyberattack. The electricity/heat demands of the energy hub are supplied by electricity/gas networks and the energy hub components including combined heat and power, wind turbine, electrical/thermal storages, boiler, and demand response. The attacker utilizes the energy hub components to increase the associated costs. However, the system operator controls the costs by changing the status of the energy hub devices. Obtained results verify that the proposed framework leads to an effective mechanism to proactively mitigate the economic-related consequences of cyberattacks on energy hubs. The simulation results demonstrate that: 1) disconnection of the energy hub from electricity networks under the cyberattack mitigates the increased cost by 40%, 2) disconnection of the energy hub from boiler and connection of thermal storage to the system under the experienced cyberattack reduce the imposed cost by 76%.
Conference Paper
Smart Grid refers to a positive transformative force that streamlines integration of different infrastructures such as energy and Information/Communication Technology (ICT) together. Further, smart grid paves the way to integrate Distributed Generations (DGs) into different energy infrastructures such as electricity and gas networks. DG includes both renewable and non-renewable energy resources such as Photovoltaic (PV), Wind Turbine (WT), and Combined Heat and Power (CHP). Moreover, Electrical Storage (ES), Thermal Storage (TS), and Demand Response (DR) Programs are effectively utilized in smart grid. Moving different energy infrastructures containing Distributed Energy Resources (DERs) toward ICT results in Cyber-Physical Power Systems (CPPSs). CPPSs are vulnerable to cyberattacks that jeopardize reliability and stability of smart grid. In this paper, the energy and communication infrastructures are connected together to form Interconnected Energy Hubs (IEHs) containing different DERs. Then, False Data Injection (FDI) cyberattacks are applied on the developed IEHs including advanced energy hubs (EHs). The effectiveness of the presented IEHs and the employed FDI model are validated on the IEEE 14-bus system. The results demonstrate that attacker is able to successfully implement the developed FDI cyberattack on the presented IEHs.
Article
Cyber-attacks are regarded as one of the most serious threats to businesses worldwide. Organizations dependent on Information Technology (IT) derive value not only from preventing cyber-attacks, but also from responding promptly and coherently when cyber-attacks happen so as to minimize their disruptive effect on operations. This capacity is known as cyber-resilience. As multiple cyber-resilience frameworks (CRF) have been proposed in literature, an increased clarity about the scope, characteristics, synergies and gaps in existing CRFs will facilitate scientific research advancement in this area. This paper uses a systematic literature review to identify extant research on CRFs. The analysis is based on a sample representing 36 different industries and 25 different research areas. Through the use of descriptive analysis and thematic categorization, this paper makes a contribution by identifying CRFs as either strategic or operational, by the hierarchy of their decision influence, by the attacks addressed, and through the methods used and the places and institutions doing CRF research. As a result, this work presents an overview map of the current CRF research landscape, identifies relevant research gaps, highlights similarities and synergies between CRFs, and proposes opportunities for interdisciplinary research, as a contribution to guide future research in this area.
Article
The Smart Grid is an advanced digital two-way power flow power system capable of self-healing, adaptive, resilient and sustainable with foresight for prediction under different uncertainties. In this paper, a survey on various Smart Grid enabling technologies, Smart Grid metering and communication, cloud computing in Smart Grid and Smart Grid applications are explored in detail. Opportunities and future of Smart Grid is also described in this paper. For Smart grid enabling technologies Smart meters, smart sensors, vehicle to grid, plug in hybrid electric vehicle technology, sensor and actuator networks are explored. Advanced metering infrastructure, intelligent electronic devices, phasor measurement units, wide area measurement systems, local area network, home access network, neighborhood area network, wide area networks and cloud computing are explored for Smart Grid metering and communication. Home and building automation, smart substation, feeder automation is explored for smart grid applications. Associations of initial studies for the next step in smart grid applications will provide an economic benefit for the authorities in the long term, and will help to establish standards to be compatible with every application so that all smart grid applications can be coordinated under the control of the same authorities. Therefore, this study is expected to be an important guiding source for researchers and engineers studying the smart grid. It also helps transmission and distribution system operators to follow the right path as they are transforming their classical grids to smart grids.
Conference Paper
Since the adequate functioning of critical infrastructures is crucially sustaining societal and economic development, the understanding and assessment of their vulnerability and interdependency become more and more important for improving resilience at system level. The paper proposes an extension of DMCI (Dynamic Functional Modelling of vulnerability and interoperability of CIs) to modelling the vulnerability and interdependencies of heterogeneous infrastructures, i.e. the interactions between electric power infrastructure and the transport infrastructure system have been modelled. The simulation tool has been implemented with the Matlab platform Simulink in order to overcome some computational limitations, that affect the first DMCI version implemented in Matlab, in quantifying the propagation of inoperability and logical interdependencies related to demand shift, and to obtain a modular and user friendly solution, even for users who are not expert at simulation. The new DMCI model has been tested with a pilot application that comprised more than 200 vulnerable nodes and covered both power transmission grid and transportation systems of the province of Milan (Italy). The most vital and vulnerable nodes have been identified under different blackout scenarios, for which specific data on vulnerable nodes has been collected directly from the operators.
Article
Full-text available
Secure communication in a wireless system or end-to-end communication requires setup of a shared secret. This shared secret can be obtained by the use of a public key cryptography system. The most widely used algorithm to obtain a shared secret is the Diffie–Hellman algorithm. However, this algorithm suffers from the Man-in-the-Middle problem; an attacker can perform an eavesdropping attack listen to the communication between participants A and B. Other algorithms as for instance ECMQV (Elliptic Curve Menezes Qo Vanstone) can handle this problem but is far more complex and slower because the algorithm is a three-pass algorithm whereas the Diffie–Hellman algorithm is a simple two-pass algorithm. Using standard cryptographic modules as AES and HMAC the purposed algorithm, Secure Plain Diffie– Hellman Algorithm, solves the Man-in-the-Middle problem and maintain its advantage from the plain Diffie–Hellman algorithm. Also the possibilities of replay attacks are solved by use of a timestamp.
Book
Many people think of the Smart Grid as a power distribution group built on advanced smart metering-but thatâ??s just one aspect of a much larger and more complex system. The "Smart Grid" requires new technologies throughout energy generation, transmission and distribution, and even the homes and businesses being served by the grid. This also represents new information paths between these new systems and services, all of which represents risk, requiring a more thorough approach to where and how cyber security controls are implemented. This insight provides a detailed architecture of the entire Smart Grid, with recommended cyber security measures for everything from the supply chain to the consumer.
Article
Drawing upon a wealth of experience from academia, industry, and government service, Cyber Security Policy Guidebook details and dissects, in simple language, current organizational cyber security policy issues on a global scale-taking great care to educate readers on the history and current approaches to the security of cyberspace. It includes thorough descriptions-as well as the pros and cons-of a plethora of issues, and documents policy alternatives for the sake of clarity with respect to policy alone. The Guidebook also delves into organizational implementation issues, and equips readers with descriptions of the positive and negative impact of specific policy choices. Inside are detailed chapters that: • Explain what is meant by cyber security and cyber security policy • Discuss the process by which cyber security policy goals are set • Educate the reader on decision-making processes related to cyber security • Describe a new framework and taxonomy for explaining cyber security policy issues • Show how the U.S. government is dealing with cyber security policy issues With a glossary that puts cyber security language in layman's terms-and diagrams that help explain complex topics-Cyber Security Policy Guidebook gives students, scholars, and technical decision-makers the necessary knowledge to make informed decisions on cyber security policy.
Smart meter security: a surver Computer Laboratory Faculty of Computer Science and Technology
  • References Anderson
  • Ross
  • Fuloria
  • Shailendra
References Anderson, Ross, Fuloria, Shailendra, 2012. Smart meter security: a surver. Computer Laboratory Faculty of Computer Science and Technology. September 15, 2011. 〈http://www.cl.cam.ac.uk/ rja14/Papers/JSAC-draft.pdf〉 (accessed 16.06.12).
National Defense University Press Joint Forces Quarterly 〈http://www.ndu.edu/press/why-iran-didnt-admit-stuxnet.html〉
  • Brown Gary
Brown Gary, D., 2011. National Defense University Press. Joint Forces Quarterly. October 2011. 〈http://www.ndu.edu/press/why-iran-didnt-admit-stuxnet.html〉. Bayuk Jennifer, L., et al., 2012. Cyber Security Policy Guide Book. John Wiley & Sons, Inc, New Jersey, ISBN: 978-1-118-02780-6.
The security vulnerabilities of smart grids
  • Clemente
  • Jude
Clemente, Jude, 2009. The security vulnerabilities of smart grids. J. Energy Secur.
This week with George Stephanopoulos. ABCNews.com 〈http://abcnews.go.com/ThisWeek/cia-director-panetta-exclusive-intelli-gence-bin-laden-location/story?id ¼11027374&page¼2〉
  • Date
  • Jack
Date, Jack, 2012. This week with George Stephanopoulos. ABCNews.com. June 27, 2010. 〈http://abcnews.go.com/ThisWeek/cia-director-panetta-exclusive-intelli-gence-bin-laden-location/story?id ¼11027374&page¼2〉 (accessed 01.05.12).
Attacking the Smart Grid penetration testing techniques for industrial control systems and advanced metering infrastructure. Ernst & Young Publication
  • Ernst
  • Young
Ernst and Young, 2013. Attacking the Smart Grid penetration testing techniques for industrial control systems and advanced metering infrastructure. Ernst & Young Publication. December 2011. 〈http://www.ey.com/Publication/vwLUAssets/Attack ing_the_smart_grid/$FILE/Attacking-the-smart-grid_AU1058.pdf〉 (accessed 26.01.13).
EU, US go separate ways on cybersecurity. Euractiv
  • Euractiv
Euractiv, 2013. EU, US go separate ways on cybersecurity. Euractiv. March 8, 2013. 〈http://www.euractiv.com/specialreport-cybersecurity/eu-us-set-different-approach-cyb-news-518252〉 (accessed 09.04.13).
Securing the Smart Grid Next Generation Power Grid Security, s.l.. Syngress An Imprint of Elsevier
  • Flick
  • Tony
  • Morehouse
  • Justin
Flick, Tony, Morehouse, Justin, 2010. Securing the Smart Grid Next Generation Power Grid Security, s.l.. Syngress An Imprint of Elsevier, Burlington, MA. (ISBN: 1597495700 9781597495707).
Securing the Smart Grid Next Generation Power Grid Security ISBN: 978-1-59749-570-7. Government of India, Ministry of Finance
  • Flick
  • Tony
  • Morehouse
  • Justin
Flick, Tony, Morehouse, Justin, 2011. Securing the Smart Grid Next Generation Power Grid Security. Syngress An Imprint of Elsevier, Burlington, ISBN: 978-1-59749-570-7. Government of India, Ministry of Finance, 2013. Plan Outlay—Expenditure Budget vol. 1 2012–13. India Budget. February 2013. 〈http://indiabudget.nic.in/ub2012-13/eb/po.pdf〉 (accessed 08.04.13).
Central Electricity Authority (CEA), 2013. Central Electricity Authority. Cyber Threats and Security for the Power Sector
  • Government
  • India
Government of India, Central Electricity Authority (CEA), 2013. Central Electricity Authority. Cyber Threats and Security for the Power Sector. 〈www.cea.nic.in〉 (accessed 22.09.13).
Amendment to the Unified Access Service License Agreement for security related concerns for expansion of Telecom Services in various zones of the country Industrial Safety and Security Source. www.isssource.com
  • Michael Joseph Gross
Gross, Michael Joseph, 2011. Vanity Fair. www.vanityfair.com. April 2011. 〈http:// www.vanityfair.com/culture/features/2011/04/stuxnet-201104〉. Government of India, Ministry of Communications & IT, Department of Telecom-munications (Access Services Wing), 2011. Amendment to the Unified Access Service License Agreement for security related concerns for expansion of Telecom Services in various zones of the country. New Delhi, New Delhi, India: s.n., May 31, 2011. Government of India, Ministry of Telecommunications & IT, Department of Tele-communications. National Telecom Policy, 2012. New Delhi, New Delhi, India: s. n., June 13, 2012. Hale, Gregory, 2011. Industrial Safety and Security Source. www.isssource.com. March 23, 2011. 〈www.isssource.com/more-scada-vulnerabilities-found/〉.
WashPost: CIA slipped bugs to Soviets. Industrial Defender History of Indian Power Sector. Indian Power Sector
  • David E Hoffman
Hoffman, David E., 2004 WashPost: CIA slipped bugs to Soviets. Industrial Defender. February 27, 2004. 〈http://industrialdefender.com/general_downloads/inci-dents/1982.06_trans_siberian_gas_pipeline_explosion.pdf〉. Indian Power Sector, 2013. History of Indian Power Sector. Indian Power Sector. 〈http://indianpowersector.com/home/about/overview/〉 (accessed 11.01.13).
Smart Grid Vision & Roadmap for India (bench-marking with other countries)—Final Recommendation from ISGF. India Smart Grid Knowledge Portal, 2013. India Smart Grid Knowledge Portal
  • India Smart
  • Forum
India Smart Grid Forum, 2012. Smart Grid Vision & Roadmap for India (bench-marking with other countries)—Final Recommendation from ISGF. India Smart Grid Knowledge Portal, 2013. India Smart Grid Knowledge Portal. IndiaSmartGrid.org. 〈http://indiasmartgrid.org/en/Pages/Projects.aspx〉 (accessed 18.09.13).
Applied Cyber Security and The Smart Grid. Syngress, An Imprint of Elsevier
  • Eric D Knapp
  • Samani
Knapp, Eric D., Samani, Raj, 2013. Applied Cyber Security and The Smart Grid. Syngress, An Imprint of Elsevier, Waltham, MA, ISBN: 978-1-59749-998-9.
TED Review—Langner—The last line of Cyber Defense Bruce Schneier Reflects on a Decade of Security Trends. Bruce Schneier
  • Langer
  • Ralph
Langer, Ralph, 2011. TED Review—Langner—The last line of Cyber Defense. March 11, 2011. 〈www.langner.com〉. Mimoso, Michael S., 2012. Bruce Schneier Reflects on a Decade of Security Trends. Bruce Schneier. January 15, 2008. 〈http://www.schneier.com/news-049.html〉 (accessed 01.05.12).
Cybersecurity and the evolving role of State Regulations: How it impacts California Public Utilities commission. California Public Utilities Commission
  • Malashenko
  • Elizaveta
  • Villarreal
  • Chris
  • Erickson
  • David
Malashenko, Elizaveta, Villarreal, Chris, Erickson, David J, 2013. Cybersecurity and the evolving role of State Regulations: How it impacts California Public Utilities commission. California Public Utilities Commission. September 19, 2012. 〈http:// www.cpuc.ca.gov/NR/rdonlyres/D77BA276-E88A-4C82-AFD2-FC3D3C76A9FC/0/ TheEvolvingRoleofStateRegulationinCybersecurity9252012FINAL.pdf〉 (accessed 10.04.13).
Black Hat USA Electricity For Free? The Dirty Underbelly of SCADA and Smart Meters. Cupfighter
  • Pollet
  • Jonathan
Pollet, Jonathan, 2012. Black Hat USA Electricity For Free? The Dirty Underbelly of SCADA and Smart Meters. Cupfighter. July 28, 2010. 〈http://www.cupfighter. net/index.php/2010/07/blackhatusa-electricity-for-free/〉 (accessed 19.06.12).
Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds. Reserve Bank of India
  • Reserve Bank
  • India
Reserve Bank of India, 2012. Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds. Reserve Bank of India. January 14, 2011. 〈http://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/ WREB210111.pdf〉 (accessed 15.08.12).
The top 7 smart meter deals of 2013 (so far). www. utilitydive.com
  • Savenije
  • Davide
Savenije, Davide, 2013. The top 7 smart meter deals of 2013 (so far). www. utilitydive.com. March 20, 2013. 〈http://www.utilitydive.com/news/the-top-7-smart-meter-deals-of-2013-so-far/111161/〉 (accessed 15.08.12).
Telemetry-for-water-networks
  • Schneider
  • Electric
Schneider Electric, 2013. Telemetry-for-water-networks. http://www.schneider-electric.co.in. 〈http://www.schneider-electric.co.in/documents/support/white-papers/telemetry-for-water-networks.pdf〉 (accessed 25.09.13).
International Cyber Incidents: Legal Consideration. NATO Cooperative Cyber Defence Centre of Excellence Talinn Estonia
  • Tikk
  • Eneken
  • Kaska
  • Kadri
  • Vihul
Tikk, Eneken, Kaska, Kadri, Vihul, Liis, 2012. International Cyber Incidents: Legal Consideration. NATO Cooperative Cyber Defence Centre of Excellence Talinn Estonia. 〈www.ccdcoe.org〉 (accessed 12.07.12).
Scada Exploits. www.wired.com
  • Zetter
  • Kim
Zetter, Kim, 2012. Scada Exploits. www.wired.com. January 19, 2012. 〈http://www. wired.com/threatlevel/2012/01/scada-exploits/〉.
Hackers allegedly breached Saudi Aramco again. Helpnet Security
  • Zorz
  • Zeljka
Zorz, Zeljka, 2012. Hackers allegedly breached Saudi Aramco again. Helpnet Security. August 28, 2012. 〈http://www.net-security.org/secworld.php?id¼ 13493〉 (accessed 30.08.12).