Subject Index
A
Abusive surveillance,
17,
40
Address resolution protocol (ARP),
132
Advanced measuring instrument,
12
Advanced persistent threats (APT), ,
258,
287
American National Standards Institute (ANSI),
117
Application protocol data unit (APDU),
120,
123
threat identification process,
227
Automated meter infrastructure,
256
B
Bad Data Detection (BDD),
295
Best available techniques (BAT),
25,
27,
31
Building management system (BMS),
221,
290
C
advanced metering infrastructure (AMI),
60
data protection testing of smart grids,
25
distribution grid management (DGM),
64
EU light regulatory approach to personal data protection,
31
European legal order, privacy and personal data protection in,
19
false-data injection attacks on power transmission networks,
152
IEEE 14-bus benchmark,
172
minimum-resource adversary policies,
172
regulating smart grids in Europe,
25
smart grid roll-out neglecting individual interests,
12
wide area monitoring, protection, and control (WAMPAC),
62
CEN-CENELEC-ETSI Smart Grid reference architecture framework,
196
Charter of fundamental rights (CFR),
20
Chemical mechanical polishing (CMP),
97,
99
Chip decapsulation process,
95
Cisco secure development lifecycle,
229
Smart Grid solutions,
229
static analysis tools,
229
Common vulnerabilities and exposures (CVE),
230
Common weakness enumeration (CWE),
230
Communications, basic attacks on,
132
denial of service (DoS),
132
man-in-the-middle (MITM) attacks,
133
Content addressable memory (CAM),
132
Control-centric approaches,
156
control systems, anomaly detection in,
156
fault detection, model-based,
156
fault isolation
resilient control framework,
158
active fault-tolerant control,
159
Control-centric risk assessment methodology,
152
Control-data exchange,
297
Control systems, risk assessment for,
159
adversary goals and constraints,
162
disclosure resources,
161
disruption resources,
161
Core root of trust for measurement (CRTM),
104
Court of Justice of the EU (CJEU),
21
Cryptographic algorithm,
89,
94
Current transformer (CT),
297
in cross-domain risk assessment,
49
in managing security risks,
68
in resilient control framework,
158
and smart grid communication standards,
116
in Smart Grid security,
Cyber-secure, design of,
155
control-centric approaches,
156
control systems, risk assessment for,
155
IT security reference architecture,
155
in IEC 61850 smart substations,
295
for smart grid risk assessment,
65
strategy used by CSWG,
190
Cyber security evaluation tool (CSET),
203
Cyber security working group (CSWG),
72,
190
as cyber-physical risks,
69
D
administrator environment, detecting anomalies,
265
comprehensive approach to,
248
establishing patterns,
262
operational environment, detecting anomalies,
263
understanding anomalies,
261
Data flow diagram (DFD),
226
1995 Data Protection Directive,
21,
25
Data protection impact assessment (DPIA),
12,
25,
30
Data protection risk assessment,
37,
38
Demand-side management,
49
Demilitarized zone (DMZ) network,
139
Design assurance level (DAL),
234,
239
Differential power analysis (DPA),
92,
93
Distributed denial of service (DDoS),
132
Distributed energy resources (DER), ,
52,
55,
167,
240
Distribution grid
advanced control of,
generator-based techniques,
grid reinforcement,
transformer based techniques,
Distribution grid management (DGM),
64
Distribution system operators (DSO),
29,
70
DNP3 communication protocol,
126
E
Electric energy infrastructures,
Electric power
distribution network,
247
systems, cyber security challenges in,
162
feedback-controlled smart grids, vulnerabilities in,
167
power transmission networks, control loops in,
169
smart grids, new control loops,
162
transmission network, schematic diagram of,
170
transport of,
Electric power research institute (EPRI),
261
Electric transportation (ET),
55,
240
Electronic frontier foundation,
16
2006 Energy Efficiency Directive,
12
Energy management control (EMC),
256
Energy management systems (EMS),
295
Enterprise information management (EIM),
257
Environmental impact assessments (EIA),
28
Ethernet switch-based fibre-optic networks,
297
EU mandate M/490, response to,
196,
197
gaps and limitations,
199
security projects, applications in,
200
EU regulatory framework,
26,
27
European Court of Human Rights (ECtHR),
20
European electric power systems,
292
security measures and protection mechanisms,
292
advanced security analytics,
294
intrusion detection systems,
293
physical unclonable functions,
293
resilient control algorithms,
295
European Network and Information Security Agency,
294
European Union Agency for Network and Information Security,
55
F
Failure modes and effect analysis (FMEA),
68
Federal Information Processing Standards (FIPS),
229
Feedback-controlled smart grids, vulnerabilities in,
167
local active and reactive power control,
167
supply and demand balance,
167
Feedback control system,
149
Feedback control systems, adversary model for,
160
Feeder Management Relay (FMR),
289
Foundation for intelligent physical agents (FIPA),
185
FPGA development board,
85
Fuzz testing of IEC 61850, test-bed for,
299
G
General data protection regulation,
34
Generic object oriented substation event (GOOSE),
120,
122,
297
Generic security objectives,
81
Geographic information system (GIS),
247,
257
German BSI protection profile,
102,
103
Grid automation systems,
292
GridWise architecture council (GWAC),
51
GridWise interoperablity layers,
51,
52
H
Hardware security modules (HSM),
101
Hazard and operability (HAZOP),
68
Heterogeneous communication networks,
150
Home area network (HAN),
117,
256
Home automation network (HAN),
103
Human-machine interfaces (HMI),
150
I
ICS architecture, schematic of,
151
corporate information technology systems,
151
IEC 61850
based SCADA system, network architecture of,
297
based smart substation,
296
protection-information exchange,
296
SCADA systems, architecture of,
296
IEC Smart Grid standardization roadmap,
207
IEC 60870-5-104 standard,
125
IEC 61850-5-104 standard in Wireshark,
124
IEEE
In-circuit emulation (ICE) ports,
85
Independent system operator (ISO),
185
Industrial control systems (ICS), ,
114,
149
control systems, schematic of,
150
cyber security challenges,
149
Industrial control systems cyber emergency response team (ICS-CERT),
293
Information and communication technology (ICT), ,
49,
113,
292
Information technology (IT),
149
in industrial control systems,
149
and Smart Grid enterprises,
260
Integrated circuit (IC),
82,
102
Intellectual property (IP),
80,
284
Intelligent electronic devices (IED),
125,
295,
297
Inter-control centre communication protocol (ICCP),
131
International Energy Agency (IEA),
International Society of Automation (ISA),
294
Internet control message protocol (ICMP),
130,
139
Intra-meter security analytics,
302
Intrusion detection system (IDS),
140
IT security reference architecture,
155
open systems interconnection (OSI),
155
sensor networks, security of,
155
J
JavaCard 3.0, enhanced security with,
103,
104
L
Local metering network (LMN),
103
M
Man-in-the-middle (MITM) attack, ,
85,
127,
132
Manufacturing message specification (MMS),
122
Mean time between failures (MTBF),
250
Media access control (MAC),
120
Microgrid security reference architecture (MSRA),
187,
190,
202
architecture approach, summary of,
202
gaps and limitations,
203
security projects, applications in,
205
Microsoft security development lifecycle (MSDL),
225
microsoft STRIDE method,
226
security integration,
225
software development security assurance process,
225
Modbus
request response model,
126,
127
TCP packet description,
127,
128
N
National electric sector cybersecurity organization resource (NESCOR),
55,
240
cybersecurity failure,
189
National Institute of Standards and Technology (NIST),
52,
72,
294
advanced metering infrastructure,
72
distribution grid management,
72
electric
wide area situational awareness,
72
Network security monitoring (NSM),
137
2012 New Energy Efficiency Directive,
12
NISTIR 7628 approach,
190
application to security architecture,
195
gaps and limitations,
192
detailed methodology, lack of,
194
risk, insufficient mapping of,
194
NIST 800-64 secure development method,
223
cybersecuriy, integration of,
224
waterfall model phases,
223
development and acquisition,
223
implementation and assessment,
223
operations and maintenance,
223
North-American Electric Reliability Corporation (NERC),
294
O
Open systems interconnection (OSI),
155
Open web application security project (OWASP),
230
Operational smart grid security,
247
customer information systems,
247
enterprise geographic information system (GIS),
247
interfaces with external systems,
247
Optical emanation analysis,
82
Optical fault injection,
82
Optical laser, fault attack with,
97,
98
Optical timing analysis testing,
91
Organisation for Economic Co-operation and Development (OECD),
21
P
Password check implementation,
90
People-process-technology,
275
Performance and risk-based integrated security methodology (PRISM),
72
Personal data protection,
19,
23,
40
Phasor data concentrators (PDC),
124
Phasor measurement units (PMU),
117,
255
basic protection mechanisms,
100
voltage glitching,
88,
89
integrated circuits
internal storage, limited access to,
96
local storage, access to,
83
open interfaces, access to,
84
optical fault injection,
97
fully invasive attacks,
82
semi invasive attacks,
82
electromagnetic attacks,
94
invasive
vs. non-invasive,
89
power analysis attacks,
91
differential power analysis,
92
simple power analysis,
91
on Smart Grid devices,
79
device manipulation under attack,
81
information gathering,
80
Physical uncloneable functions (PUF), ,
10,
105
physical uncloneable functions (PUF),
106
example implementations of,
107
general applications of,
109
inter-chip variation,
107
intra-chip variation,
107
Platforms bus systems,
84
Power companies, emerging risks,
253
Power grids integrate communications,
253
Power line communication (PLC),
59,
86
Power transmission networks, control loops in,
169
Primary control layer,
290
battery inverter local controller,
290
grid-connected (parallel) mode to islanded mode, experimental transition from,
291
grid-impedance on inner plant dynamics, influence of,
291
Principles of high assurance software engineering (PHASE),
235
component architecture,
235
independent expert validation,
235
minimal implementation,
235
secure development process,
235
Printed circuit board (PCB),
82
Privacy enhancing technologies (PET),
22,
25
Privacy impact assessments (PIA),
28
Privacy protection tools,
22,
32
Programmable logic controller (PLC),
149,
289
Pseudo-random generator,
100
R
Radio frequency identification (RFID),
26
Rapid application development (RAD),
221
Register-transfer-logic (RTL) system,
86
Regulatory techniques, mapping of,
31,
32
Risk management cycle,
67
S
Scanning electron microscope (SEM),
96
Secondary control layer,
289
programmable logic controller (PLC),
289
supervisory control and data acquisition (SCADA) system,
289
Secure development lifecycle (SDL),
222
microsoft security development lifecycle (MSDL),
225
other industry practices,
228
ISO/IEC 25010 standard series,
237
Secure sockets layer (SSL),
253
Security
reference architecture,
185
Security assurance requirements (SAR),
232
Security assurance standards,
231
common criteria (CC),
231
protection profile (PP) document,
232
target of evaluation (TOE),
232
evaluation assurance levels (EAL),
232
security assurance requirements (SAR),
232
security functional requirements (SFR),
232
security target (ST),
232
Security control framework,
185
Security functional requirements (SFR),
232
Security target (ST),
232,
233
Sentient hyper-optimized data access network (SHODAN),
130
Simple network management protocol (SNMP),
140
Simple power analysis (SPA),
91,
92
Smart energy reference architecture (SERA),
185
communications network,
247
conceptual reference model,
52
cyber threat risk, mitigation of,
269
data management software,
230
data protection testing,
22
distributed energy resources,
287
electric distribution network,
247
documented incidents,
283
electrical smart meters,
283
security standards, evolvution of,
286
advanced persistent threats (APT),
287
European electrical grid stability,
286
smart grid cyber security,
286
smart grid environment,
286
smart grid infrastructures,
286
employee community, engagement of,
275
user community, engagement of,
275
integrated communications strategy,
275
effective design tools,
276
enterprise integration,
276
multichannel content generation,
276
malware infection, remediation after,
271
distribution optimisation across voltage levels,
166
generator, local control at,
164
load flexibility, energy balancing with,
162
management system level, medium voltage network optimisation on,
165
substation equipment and field units, coordinated control with,
165
substation equipment and field units, coordinated voltage control with,
166
substation equipment, local control with,
164
substation equipment, local voltage control with,
165
remediation planning,
272
safety-critical system development methods,
233
principles of high assurance software engineering (PHASE),
235
secure development activities of,
236
code coverage analysis,
239
dynamic code analysis,
239
static code analysis,
238
secure system development lifecycle methods,
222
rapid application development (RAD),
221
societal changes faced by,
12,
18
software development for,
221
building management systems, companies for,
221
energy consumption monitoring,
221
utility bill payment,
221
system
applications of,
ancillary services from network participants,
distribution grids, advanced control of,
distribution grids, monitoring of,
challenges, ,
first,
second,
structure of,
component overview, ,
electric mobility charging infrastructure,
energy trading,
functional buildings,
generators,
grid sensors,
market platforms,
metering,
network operation centre,
residential customers,
substations,
virtual power plants,
gridwise interoperability context-setting framework,
51
NIST smart grid framework,
52
Smart Grid communication
attacker activities, visibility of,
137
minimal vulnerabilities,
136
protocols, attacks on,
134
IEC 60870-5 standard,
135
IEEE C37.118 standard,
135
functional groups of,
116
advanced metering infrastructure,
117
substation communication,
117
Smart Grid information security (SGIS),
114,
189,
196
Smart Grid interoperability panel cyber security working group (SGIP-CSWG),
72
Smart Grid operational model,
252
visibility into, requirement of,
252
Smart Grid reference architecture (SGRA),
185
social engineering attacks,
206
Smart Grid risk assessment,
65
complex organisational dependencies,
70
cyber-physical risks, analyzing of,
69
legacy systems, understanding risks to,
69
security risks management,
68
risk assessment frameworks,
72
Smart Grid security architecture methodology
Smart Grid security recommendations,
188
Smart Grid threat landscape,
54
Smart meter
Software defined radio (SDR),
96
Strasbourg system,
20,
22
Stuxnet attack
peer-to-peer communication capabilities,
154
data recording (dotted line),
154
infection (dash-dotted line),
154
sabotage (dash-dotted line),
154
Supervisory control and data acquisition (SCADA),
114,
149,
289,
292
human-machine interfaces,
150
programmable logic computers,
149
remote terminal units,
149
security analytics in,
300
grid voltages, phasor diagram of,
301
intra-meter security analytics,
302
phase-to-phase voltages,
300
Sustainable building integrated energy test-beds,
288
primary (local) control layer,
290
secondary (coordination) control layer,
289
tertiary (supervisory) control layer,
289
T
Tag control information (TCI),
120
Tag protocol identifier (TPID),
120
Target of evaluation (TOE),
56,
232
TCP/IP networking standards,
113
Technical Working Group 1 (TWG1),
55
Technology roadmap smart grids,
Tertiary (supervisory) control layer,
289
heating, ventilation, and air conditioning (HVAC) system,
289
integer linear programming,
289
integrated energy management system,
289
2009 Third energy package,
12
Threat modelling techniques,
54,
226
Transmission system operators (TSO),
29,
70
Transport layer security (TLS),
127
Trusted platform module (TPM),
101,
104
U
U.S. GridWise initiative,
51
V
VERIS community database project (VCDB),
255
Virtual private network (VPN),
59
Visibility into infrastructure,
255
customer information systems,
257
distributed energy resources,
257
transmission systems,
255
work management systems,
257
Vocabulary for event recording and information sharing (VERIS),
255,
278
Voltage transformer (VT),
297
W
Web application threat modelling,
227
Wet chemical etching,
97,
99
Wide area monitoring, protection, and control (WAMPAC),
55,
240