This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. The SCADA system and other communication networks interact with the power system on a real ti...This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. The SCADA system and other communication networks interact with the power system on a real time basis, so it is important to understand the interaction between two layers to protect the power system from potential cyber threats. This paper has shown the risks of the open architecture SCADA in a quantitative method and proposed effective security measures through case studies.展开更多
Smart grids have the characteristics of being observable,controllable,adaptive,self-healing,embedded independent processing,and real-time analysis.With the development of smart grids,constructing a grid to cover globa...Smart grids have the characteristics of being observable,controllable,adaptive,self-healing,embedded independent processing,and real-time analysis.With the development of smart grids,constructing a grid to cover global,unified information systems,which should be adapted to fulf ill the requirements of the characteristics,is essential.This paper presents an service-oriented architecture(SOA)for smart grid information-engineering systems based on knowledge grid,which could form as a service-oriented architecture through business,technology and management;it would extract potentially valuable information from the massive amount of information on the generation side,the grid side,and the electricity side,then share the useful information to improve availability,security and stability.展开更多
The most important elements of “intellectual networks” (Smart Grid) are the systems of monitoring the parameters of electrical equipment. Information-measuring systems (IMS), which described in this paper, were prop...The most important elements of “intellectual networks” (Smart Grid) are the systems of monitoring the parameters of electrical equipment. Information-measuring systems (IMS), which described in this paper, were proposed to use together with rapid digital protection against short-circuit regimes in transformer windings. This paper presents an application’s experience of LVI-testing, some results of the use of Frequency Response Analysis (FRA) to check the condition of transformer windings and infra-red control results of electrical equipment. The LVI method and short-circuit inductive reactance measurements are sensitive for detecting such faults as radial, axial winding deformations, a twisting of low-voltage or regulating winding, a losing of winding’s pressing and others.展开更多
Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when ...Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.展开更多
Advanced intelligent or "smart" meters are being deployed in Asia. A result of deployment of smart meters, with associated equipment, is the electric power industry faced with new and changing threats, vulnerabiliti...Advanced intelligent or "smart" meters are being deployed in Asia. A result of deployment of smart meters, with associated equipment, is the electric power industry faced with new and changing threats, vulnerabilities and re-evaluate traditional approaches to cyber security. Protection against emerging cyber-security threats targeting smart meter infrastructures will increase risk to both the utility and customer if not addressed within initial rollouts. This paper will discuss the issues in SMI (smart meter infrastructures) deployments that pertain to cyber security. It will cover topics such as the threats to operations, infrastructure, network and people and organization and their associated risks. SMI deployments include not only the smart meter, but also the interfaces for home energy management systems as well as communication interfaces back to the utility. Utilities must recognize and anticipate the new threat landscape that can attack and compromise the meter and the associated field network collectors. They must also include threats to the WAN (wide-area-network) backhaul networks, smart meter headends, MDMS (meter data management systems) and their interfaces to CIS (customer information systems) and billing and OMS (outage management systems). Lessons learned from SMI implementations from North America, Europe and recently, Japan, will be discussed. How white-box and black-box testing techniques are applied to determine the threat impact to the SMI. Finally, organizational change risk will be discussed and how utilities have responded to re-organizing and developing a security governance structure for the SMI and other smart grid applications.展开更多
为了辨识油气智慧管道系统中存在的信息安全风险,通过基于系统论事故分析模型(systems-theoretic accident modeling and process,STAMP)的方法,对油气智慧管道系统的信息物理安全进行全面评估与分析。首先,系统综合分析了油气智慧管道...为了辨识油气智慧管道系统中存在的信息安全风险,通过基于系统论事故分析模型(systems-theoretic accident modeling and process,STAMP)的方法,对油气智慧管道系统的信息物理安全进行全面评估与分析。首先,系统综合分析了油气智慧管道涉及的设备、设施、工艺、元件,评估其安全性。其次,通过建立STAMP模型,深入分析了各层级、元件之间的反馈信息与控制动作,形成了明确的控制反馈回路,突显了元件之间的关联与控制关系。在此基础上,系统辨识出了潜在的信息风险因素,推导并构建了可能发生的系统失效场景。以天然气输气首站油气智慧管道系统为例,研究验证了基于STAMP模型的可行性和有效性。结果显示,该方法不仅直观地描述了元件之间的关联与控制关系,而且从物理层功能安全的角度全面考虑了信息风险,特别凸显了过程控制系统(process control systems,PCS)及易受攻击的操作员站。与传统方法相比,本研究所提出的方法将信息物理安全风险因素的识别率提升至80%以上,提高了40%以上,有助于避免不必要的安全措施冗余设计,提高了安全风险管控的准确性。展开更多
信息安全风险评估是一项非常重要的信息安全保障活动.依据信息安全相关标准,可从资产、威胁和脆弱性3方面识别出重要的风险因素,并确定相应的信息安全风险评估指标.参考等保2.0确定风险评估指标是一种可行的方法.在进行信息安全风险评估...信息安全风险评估是一项非常重要的信息安全保障活动.依据信息安全相关标准,可从资产、威胁和脆弱性3方面识别出重要的风险因素,并确定相应的信息安全风险评估指标.参考等保2.0确定风险评估指标是一种可行的方法.在进行信息安全风险评估时,采用熵权法进行客观的指标赋权,并结合优劣解距离法(technique for order preference by similarity to ideal solution,TOPSIS)和灰色关联分析(grey relational analysis,GRA)进行综合评估.实例分析表明,依据信息熵进行客观赋权相对减少了主观因素的影响;基于TOPSIS和GRA进行信息安全风险评估,综合被评价对象整体因素和内部因素,较有效地将多项信息安全风险评估指标综合成单一评分,便于对多个被评对象进行信息安全风险的择优与排序.展开更多
Modern electric power grids face a variety of new challenges and there is an urgent need to improve grid resilience more than ever before. The best approach would be to focus primarily on the grid intelligence rather ...Modern electric power grids face a variety of new challenges and there is an urgent need to improve grid resilience more than ever before. The best approach would be to focus primarily on the grid intelligence rather than implementing redundant preventive measures. This paper presents the foundation for an intelligent operational strategy so as to enable the grid to assess its current dynamic state instantaneously. Traditional forms of real-time power system security assessment consist mainly of methods based on power flow analyses and hence, are static in nature. For dynamic security assessment, it is necessary to carry out time-domain simulations (TDS) that are computationally too involved to be performed in real-time. The paper employs machine learning (ML) techniques for real-time assessment of grid resiliency. ML techniques have the capability to organize large amounts of data gathered from such time-domain simulations and thereby extract useful information in order to better assess the system security instantaneously. Further, this paper develops an approach to show that a few operating points of the system called as landmark points contain enough information to capture the nonlinear dynamics present in the system. The proposed approach shows improvement in comparison to the case without landmark points.展开更多
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
文摘This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. The SCADA system and other communication networks interact with the power system on a real time basis, so it is important to understand the interaction between two layers to protect the power system from potential cyber threats. This paper has shown the risks of the open architecture SCADA in a quantitative method and proposed effective security measures through case studies.
文摘Smart grids have the characteristics of being observable,controllable,adaptive,self-healing,embedded independent processing,and real-time analysis.With the development of smart grids,constructing a grid to cover global,unified information systems,which should be adapted to fulf ill the requirements of the characteristics,is essential.This paper presents an service-oriented architecture(SOA)for smart grid information-engineering systems based on knowledge grid,which could form as a service-oriented architecture through business,technology and management;it would extract potentially valuable information from the massive amount of information on the generation side,the grid side,and the electricity side,then share the useful information to improve availability,security and stability.
文摘The most important elements of “intellectual networks” (Smart Grid) are the systems of monitoring the parameters of electrical equipment. Information-measuring systems (IMS), which described in this paper, were proposed to use together with rapid digital protection against short-circuit regimes in transformer windings. This paper presents an application’s experience of LVI-testing, some results of the use of Frequency Response Analysis (FRA) to check the condition of transformer windings and infra-red control results of electrical equipment. The LVI method and short-circuit inductive reactance measurements are sensitive for detecting such faults as radial, axial winding deformations, a twisting of low-voltage or regulating winding, a losing of winding’s pressing and others.
基金supported by the National Nature Science Foundation of China(Grant No.71401052)the National Social Science Foundation of China(Grant No.17BGL156)the Key Project of the National Social Science Foundation of China(Grant No.14AZD024)
文摘Identification of security risk factors for small reservoirs is the basis for implementation of early warning systems.The manner of identification of the factors for small reservoirs is of practical significance when data are incomplete.The existing grey relational models have some disadvantages in measuring the correlation between categorical data sequences.To this end,this paper introduces a new grey relational model to analyze heterogeneous data.In this study,a set of security risk factors for small reservoirs was first constructed based on theoretical analysis,and heterogeneous data of these factors were recorded as sequences.The sequences were regarded as random variables,and the information entropy and conditional entropy between sequences were measured to analyze the relational degree between risk factors.Then,a new grey relational analysis model for heterogeneous data was constructed,and a comprehensive security risk factor identification method was developed.A case study of small reservoirs in Guangxi Zhuang Autonomous Region in China shows that the model constructed in this study is applicable to security risk factor identification for small reservoirs with heterogeneous and sparse data.
文摘Advanced intelligent or "smart" meters are being deployed in Asia. A result of deployment of smart meters, with associated equipment, is the electric power industry faced with new and changing threats, vulnerabilities and re-evaluate traditional approaches to cyber security. Protection against emerging cyber-security threats targeting smart meter infrastructures will increase risk to both the utility and customer if not addressed within initial rollouts. This paper will discuss the issues in SMI (smart meter infrastructures) deployments that pertain to cyber security. It will cover topics such as the threats to operations, infrastructure, network and people and organization and their associated risks. SMI deployments include not only the smart meter, but also the interfaces for home energy management systems as well as communication interfaces back to the utility. Utilities must recognize and anticipate the new threat landscape that can attack and compromise the meter and the associated field network collectors. They must also include threats to the WAN (wide-area-network) backhaul networks, smart meter headends, MDMS (meter data management systems) and their interfaces to CIS (customer information systems) and billing and OMS (outage management systems). Lessons learned from SMI implementations from North America, Europe and recently, Japan, will be discussed. How white-box and black-box testing techniques are applied to determine the threat impact to the SMI. Finally, organizational change risk will be discussed and how utilities have responded to re-organizing and developing a security governance structure for the SMI and other smart grid applications.
文摘为了辨识油气智慧管道系统中存在的信息安全风险,通过基于系统论事故分析模型(systems-theoretic accident modeling and process,STAMP)的方法,对油气智慧管道系统的信息物理安全进行全面评估与分析。首先,系统综合分析了油气智慧管道涉及的设备、设施、工艺、元件,评估其安全性。其次,通过建立STAMP模型,深入分析了各层级、元件之间的反馈信息与控制动作,形成了明确的控制反馈回路,突显了元件之间的关联与控制关系。在此基础上,系统辨识出了潜在的信息风险因素,推导并构建了可能发生的系统失效场景。以天然气输气首站油气智慧管道系统为例,研究验证了基于STAMP模型的可行性和有效性。结果显示,该方法不仅直观地描述了元件之间的关联与控制关系,而且从物理层功能安全的角度全面考虑了信息风险,特别凸显了过程控制系统(process control systems,PCS)及易受攻击的操作员站。与传统方法相比,本研究所提出的方法将信息物理安全风险因素的识别率提升至80%以上,提高了40%以上,有助于避免不必要的安全措施冗余设计,提高了安全风险管控的准确性。
文摘信息安全风险评估是一项非常重要的信息安全保障活动.依据信息安全相关标准,可从资产、威胁和脆弱性3方面识别出重要的风险因素,并确定相应的信息安全风险评估指标.参考等保2.0确定风险评估指标是一种可行的方法.在进行信息安全风险评估时,采用熵权法进行客观的指标赋权,并结合优劣解距离法(technique for order preference by similarity to ideal solution,TOPSIS)和灰色关联分析(grey relational analysis,GRA)进行综合评估.实例分析表明,依据信息熵进行客观赋权相对减少了主观因素的影响;基于TOPSIS和GRA进行信息安全风险评估,综合被评价对象整体因素和内部因素,较有效地将多项信息安全风险评估指标综合成单一评分,便于对多个被评对象进行信息安全风险的择优与排序.
文摘Modern electric power grids face a variety of new challenges and there is an urgent need to improve grid resilience more than ever before. The best approach would be to focus primarily on the grid intelligence rather than implementing redundant preventive measures. This paper presents the foundation for an intelligent operational strategy so as to enable the grid to assess its current dynamic state instantaneously. Traditional forms of real-time power system security assessment consist mainly of methods based on power flow analyses and hence, are static in nature. For dynamic security assessment, it is necessary to carry out time-domain simulations (TDS) that are computationally too involved to be performed in real-time. The paper employs machine learning (ML) techniques for real-time assessment of grid resiliency. ML techniques have the capability to organize large amounts of data gathered from such time-domain simulations and thereby extract useful information in order to better assess the system security instantaneously. Further, this paper develops an approach to show that a few operating points of the system called as landmark points contain enough information to capture the nonlinear dynamics present in the system. The proposed approach shows improvement in comparison to the case without landmark points.
