ENHANCING CYBERSECURITY: MAKING THE SMART GRID SMARTER

lynxfatkidneyedNetworking and Communications

Oct 26, 2013 (3 years and 10 months ago)

87 views

B7

2195

University of Pittsburgh

Swanson School of Engineering

April 14, 2012

1

ENHANCING CYBERSECURITY: MAKING THE SMART GRID SMARTER


Jacob Kring (jak201@pitt.edu), Nick Reiter (jak201
)


Abstract


The

current process of deli
vering electricity is
antiquate.

Implementation

began in the early 20
th

century,
and a new approach is needed to create a more efficient
process. A new,
optimal
way of delivering electricity can be
obtained by focusing on one piece
of technology: the smart
grid. The smart grid is a collection of power grid networks
that are

connected through the i
nternet to allow for remote
manual control.
This system cannot properly function
without being protected from all forms of cyber
-
attacks
. T
his
paper will briefly describe the application of smart grid
technology and the implementation of security software to
protect utility control systems. Our topics will include the
multiple proposals and theories of how to increase
cyber
-
security for the s
mart grid. The paper will specifically
elaborate on security proposals including the PowerSec
approach, Cisco Grid Security Solutions, and meeting the
standards set by the North American Electric Reliability
Council. We will explore different security prog
rams and
protocols and how they can be used to prevent damage and
intrusion to the smart grid system.
This paper will reveal the
challenges of securing the smart grid and strategies for
implementing high level security.


Key Words


Cisco, Cyber
-
security, N
ERC
-
CIP, PowerSec,
SCADA, Smart Grid

W
HAT IS
THE SMART
G
RID
?

Not many people are aware of the details of the country’s
electrical delivery system. The system currently installed is
fairly simple. First, a power plant produces energy. This
generated power i
s then delivered to substations sc
attered
across the country

via transmission lines. The purpose of the
substation is to lower the voltage to a usable level for local
distribution. This low
-
voltage electricity is finally delivered
to a transformer, which d
irects the electricity to the meter
located in a household [1]. This process dates back to the
early 20
th

century, and the system is showing its age and
fragility. The modern way of delivering the country’s energy
is a delivery system using the smart grid.



The smart grid generally increases efficiency and
reliability of using electricity. The smart grid is a system that
overlooks the delivery system in order to control and
monitor the usage of electricity across the country. By doing
this, the smart g
rid can analyze situations and work to reduce
wasted power. One quarter of the electricity consumers pay
for is wasted on idle household appliances; this wasted
energy and money is what the

smart grid is attempting to
reduce

[2
]. The smart grid optimizes electrical output and
has the possibility of allowing consumers to better manage
energy consumption. This modernized electrical delivery
system will ultimately increase economic efficiency and
prove to be a great aid to the indu
stry and consumers alike.

W
HY DOES THE SMART GR
ID NEED
CYBERSECURITY
?

In the 21
st

century, technology runs our society. Consumers
as well as the industry are completely modernized,

and
nearly everything is

operated by computers. This makes
society run smoo
thly and efficiently. However, the
modernization of our lives can prove to be very dangerous.
People have ways of attacking and m
anipulating technology,
which can cause major chaos within the

country. These
attacks are protected by cyber
-
security. Cyber
-
se
curity is the
protection of computers and the information they withhold.
It focuses on detecting and preventing malicious attacks on
the systems. Because technology evolves exponentially,
cyber
-
security must continue to advance as well. Hackers
and terrori
sts constantly find new ways to attack, thus it is
imperative to maintain proper security.


The very nature of the smart grid leaves integral
components vulnerable to attack
.

A connection to the
internet allows the power c
ompanies to access the grid, b
ut

it
also allows those

who want to do damage

access as well.

Attacks can also be launched without the use of the internet
via USB flash drives and other physical mediums.

Previous
security issues such as
Supervisory Control and Data
Acquisition control sy
stems (
SCADA
)

zero
-
days and
Stuxnet have

shed

light upon the potential ramifications of
an attack and the power that people designing malware have.

Zero
-
day day flaws arise from code execution flaws that are
easily manipulated by outside sources. These wea
knesses
allow for easy exploitation of SCADA systems and
controllers. Stuxnet is often used as an example of malware
capable of exploiting these very weaknesses.

Stuxnet: Cyber
-
warfare


Stuxnet was the first major

cyber
-
warfare weapon

ever
and was muc
h more complex than any other malware.
“Stuxnet’s goal was to physically destroy a military target

not just metaphorically, but literally” [
3
]
.

Stuxnet was aimed
at controllers that were attached to a SCADA system.
SCADA is a windows application that that
allows people to
actively monitor the smart grid controller network. Stuxnet
was completely independent and was capable of running
without user input. Stuxnet was primarily transferred using
USB flash drives

and local networks
,

and

it

infected all
Windows

PCs and specific Siemens controllers.
T
he Stuxnet
malware was only found on controllers at an Iranian uranium
enrichment plant. The attack was specific; it had only one
target, and was able to move around quietly to avoid





Jacob Kring





Nick Reiter

2

detection. Until it was discovered that Stuxnet had done
damage to the controllers
,

it went undetected. An effective
cybersecurity solution will need to be able to at the very
least detect the presence of unwanted software. If an attack
is not detected
,

th
ere is no defense.


An infamous cyber
-
attack recently occurred against the
United States government itself. A man named Jonathan
James, a sixteen year old hacker, was able to gain access to
the Department of Defense mainframe. This allowed him to
view

classified reports as well as acquire usernames and
passwords of all the employees. James also hacked into
NASA computers. He managed to steal $1.7 million worth

of government
-
owned software [4
]. This example proves
that attacks can happen at any time, an
d also cause
significant disruption to society.


Hackers and malware designers have the ability to launch
attacks from any location connected to the internet, even
from
across the world. “
Because virtual attacks can be
routed through computer servers
anywhere in the world, it is
almost impossible to attribute any hack with
total certainty


[3]
.

Tracking down those responsible for attacks is simply
not feasible.

Attacks will continue to occur even if those
responsible
have been

found. The development o
f effective
cybersecurity will allow companies to
improve

current
software

and learn from previous attacks. It

is important to
consider

that there is no perfect cybersecurity solution but,
the best ones can continualy improve upon themselves
.
Hackers are a
ble to develop malware and find holes in
security as fast, if not faster, than cybersecurity companies
are able to fix the

previous problems
.

The focus for
cybersecurity will always be on
enhancing

current security
mechanisms and designing new ones.


FIGUR
E

I

STUXNET

EXPLOIT

DETAIL

[
5
]


Ethics Come Into Play

The consequences of an effective attack on the smart grid
and power grids could be devastating. The first major issue
is a potential cascading effect. Power grids are largely
interconnected and if one
portion is severely damaged it
could cause others to go down. An example of this is the
Northeast blackout of 2003, in which

an estimated 50
million Americans were without power. Many cities that
relied almost entirely on electricity came to a standstill.
Traffic lights, public transportation, hospitals and more were
shut down or crippled. The lives of those in the hospital
s

and
even throughout the city were at risk as the power grid was
being worked on. Hospitals in particular present an ethical
cause for
concern

because human lives are at risk
. A smart
grid that is unprotected from attacks that can cause
widespread power outages and hospitals can only survive
without constant power on temporary generators.

If an attack
is severe enough to disable the power

grid for longer than
the generators can last, people will die.

Engineers have the
ability to prevent catastrophic power outages by carefully
designing cybersecurity software.
It is imperative

that we
consider the lives of people dependent on hospitals and

see
that it is a necessity to protect the smart grid.


M
EETING THE
S
TANDARDS FOR
C
RITICAL
I
NFRASTRUCTURE

The
North Americ
an Electric Reliability Council

has
established

Critical Infrastructure Protection

(NERC
-
CIP)

standards for the security of

smart grids
.

“As of June 18,
2007 the U.S. Federal Energy Regulatory Commission
granted NERC the legal authority to enforce reliability
standards with all users, owners, and operators of the bulk
power system in the United St
ates, and made compliance
with those standards mandatory and enforceable” [
6
].

The
standard
s laid out by the NERC allow the smart grid
operators to focus on specific goals that have been shown to
improve grid security. The CIP standards state that
“An
eff
ective cyber security plan should include regular risk and
vulnerability assessments, hierarchical networks with access
restrictions at each level, high
-
security model deployed on
personal computers and servers, physically separated process
control and ent
erprise networks with limited access points,
security hotfix and an antivirus deployment strategy and

disaster recovery” [
7
].
The NERC has worked to refine the
standards and ensure the “security program required by the
CIP standards will contribute to a se
cure and reliable

electrical system”

[
8
].

Physical components such as the
laptops and PCs associated with the SCADA control systems
must be properly protected

as well
. As shown by Stuxnet,
malware and attacks are not limited to coming from the
internet.

Fi
gure II outlines the different levels that need to be
protected.






Jacob Kring





Nick Reiter

3

FIGURE II

SMART

GRID

COMPO
NENTS

THAT

NEED

TO

BE

SECURED

[
9
]


There is some debate that “CIP compliance may actually
take our focus away from security” [
8
].

Robert
McClanahan
,
VP/Chief Information Officer of the Arkansas Electric
Cooperative Corporation,

argues that there is an upside

to
the CIP standards

and it can be found in at least four areas:



Visibility of Cybers
ecurity

o

Groups that develop cybersecurity softwar
e
will be held accountable for the work they have
done for the power companies.



Support for Cyber Initiatives

o

Further support from government and public
sources will provide an opportunity to enhance
and improve cybersecurity software.



Better Systems Docum
entation

o

Cybersecurity software will be able to protect
the smart grid properly with better
documentation of integral components.



Improved Resilience

o

Cybersecurity will be better prepared to fend
off attack and will require less continued
updating [
8
].






Each security method will need to
demonstrate how it is

able to detect threats and respond to prevent damage.
Security is not static; it is necessary to show how software
can build upon itself and learn from

its

mistakes.

An
organization should

find several providers of threat
information and discuss these threats with other
organizations
. Overall a security solution should be able to
effectively manage information

and provide an approach to
secure all levels of the smart grid.

Each method for
i
mproving grid cybersecurity discussed will be further
analyzed using the NERC
-
CIP standards.

A

N
EW
A
PPROACH
,

A
DD
M
ORE
L
AYERS

This cyber
-
security proposal involves implementing new
ideas to the current form of security. It evolves and
modernizes the c
urrent

system, which is called “
The

Gateway Solution”
. In order to understand the Gateway
Solution, one must understand how the grid automation
system functions currently.


The power grid automati
on system is displayed in Fig. 3
.
This is a layout of how the
system operates on a daily basis.
A control center is in charge of multiple substations. The





Jacob Kring





Nick Reiter

4

control center must sustain the delivery of electricity as well
as predict amounts of electricity to be delivered to separate
transformers and consumers. The purpo
se of this is to
increase economic efficiency and reduce wasted energy.
These control centers include technology such as energy
manag
ement systems (EMS), which help

the operator
monitor and optimize performance of energy delivery. In
order for the operator

and the EMS to properly predict how
much energy to deliver, the system must communicate how
much energy is used. This is communicated by exchanging
data with intelligent electronic devices (IEDs) such as
meters, phase measuring units, and also consultan
ts

from
peer system operators [10
].


FIGURE

I
I
I

POWER

AUTOMATION

SYSTEM

[
10
]






Due to the complexity of this communication system
, the
network
is more vulnerable

to potential cyber
-
attacks. The
Gateway Solution is the current system in place to protect
the grid automation systems. This solution forces all data
that is exchanged through the network into a security
gateway, which is checked and analyzed for harmful
data or
malware [10
]. The problem with this solution is the
deliberate process of the security gateway. Crucial data that
needs to be delivered to the control system could be delayed
during the security checkpoint. The Gateway

Solution is
displayed in Fig.

3
.



In order to mend the current security s
olution, the process
needs to

act and react more quickly. It also needs to be more
flexible
,

considering there could be many different
electronic devices sending data back and forth between
through the netwo
rk. The idea proposed to cover the holes is
an integrated security system. This proposal considers using
three layers of framework. Each layer would be elected to
control separate responsibilities (Fig. 3). These multiple
layers would allow an optimal flow

of data, decreasing the
load on the entire network while increasing

performance at
the same time [10
]. For example, all data related to security
would pass through the security layer and its checkpoints,
while the other data can seamlessly pass through th
e other
two respective pathways.

FIGURE

I
V

THE

GATEWAY

SOLUTION

[
10
]





This also increases overall security of the grid because it
allows more focus on cyber
-
security and protection against
potential attack. The security layer replaces the
current
Gateway Solution with three subsystems: Security Switch,
Security Manager, and Security Agent.



Security Switch

The security switch feature has the ability to sort
networks and IP domains, which can isolate non
-
trusted domains to ensure that they ca
nnot transf
er
data to the control center [10
]. The security switch
performs scans on the system to prevent intrusion
of viruses or malware. It focuses more on the
protection and sorting of networks in the system.



Security Manager

The security manager will
be operated by a user.
The manager overlooks and distributes security
responsibilities and is essentially in charge of the
other two subsystems. It must collect and analyze
all information processed by the security agent.
This
means that

the manager
needs
to

validate all
information (such as passwords and authorizations)
that transfers between the industry and the control
center. This piece of the security must be very
flexible to all types of situations and incoming data,
and has to troubleshoot accordingl
y. This is why a
graphical user interface (GUI) is essential to the
security manager.



Security Agent

The security agent, as one may expect,

is basically
a field agent for the security system. This
subsystem deals with the IEDs and field devices
that input
informat
ion to the network [10
]. It will
act as a firewall, which will consist of logging and
encrypting data. The field devices can be a primary
point of attack, so the agent is important to the
entire infrastructure. It serves as the first line of
defens
e because it works farthest away from the
control center.






Jacob Kring





Nick Reiter

5


Implementation of this integrated security
framework to the grid automation system could be
costly. The security agents must be implemented to
separate areas

(meaning the numerous field devices

throughout the country)

in order to protect the
IEDs. Another barrier of install
ation could

be
correctly operating the security manager. It is the
keystone of the security system, and must be
properly maintained in order to protect intrusion.
With that be
ing said, the proposed idea of multiple
layers will adhere very closely to the NERC
-
CIP
standards, such as having multiple vulnerability
assessments and private security systems for each
server and substation. The

multiple layers idea
could produ
ce the des
ired outcome and could

have
the potential to properly support and protect the
smart grid.



FIGURE

V

INTEGRATED

SECURITY

FRAMEWORK

[
10
]



P
OWER
S
EC
:

A

C
OORDINATED
A
PPROACH

The Electric Power Research Institute (EPRI) has played a
large role in security of the power industry over
the recent
years.

They are a large part of overlooking the
security
currently in place over the energy industry.
It is

a nonprofit
organization cons
isting of top scientists and engineers that
focus on optimizing

and protectin
g successful energy
delivery [11
].
Most recently, they took part in installing
emergency backup transformers across the country.
EPRI
works on research and development of cyber
-
se
curity, and
recently formulated a protection plan for the smart grid. The
proposal is

called

the PowerSec Initiative.


The EIS (Energy Information Security) is a branch of
EPRI that focuses on cyber
-
security of energy deliver
and
was formed in 2000. EI
S focuses on analyzing
vulnerabilities and holes of the technology and network
applications dealing with the entire power industry [
12
]. The
recently proposed PowerSec Initiative generally involves the
same type of research and development, except it must
work
on a much bigger scale.


The entire industry, including all energy companies as
well as EPRI are proposed to work together to protect the
energy delivery system. In order for this idea to work,
industry
-
wide coordination must be achieved. This sol
ution
involves more of a preparing and reacting approach. If the
power industry can come together to analyze the possible
points of attack and protect the vulnerabilities throughout the
current system, the PowerSec Initiative can be successful.



Coordinate
and prepare

This idea does not necessarily involve the
installation of a new security system. It strives to
increase efficiency of the currently installed
protection plan. This
includes

preparing all type
s

of
employees and operators being prepared for a
po
tential cyber
-
attack. If workers and employees
across the industry were prepared for an attack, the
prevention of intrusion would be more consistent
with proper reaction from everyone involved. In
order to achieve this goal, training sessions for
employees

must focus on how to prevent and react
to cyber
-
attack and intrusion. The training itself
must also adapt accordingly because new ways of
cyber
-
intrusion are discovered daily.


Consolidating all forms of developed cyber
-
security would also be a major
step forward in
protecting the smart grid. Different companies and
organizations can offer multiple proposals to be
formulated into one program, potentially removing
a plethora of vulnerabilities across the network.
This is why it is imperative to have coo
peration all
throughout the industry.


Improvement of

SCADA

systems

and EMS are
also a major goal of the PowerSec Initiative.
SCADA and EMS overlook the entire process of
the energy delivery, so it is apparent that these must
be a top priority w
hen dis
cussing cyber
-
security
[12
].
The NERC
-
CIP also stress the importance of
individual security of the SCADA networks.
Research and development in this area would
increase optimization of delivery and more
importantly fill gaps that could potentially be
attack
ed by cyber
-
terrorists.



React and adapt

Reacting and adapting to a cyber
-
attack is just as
important as
preparing

and
researching
. Cyber
-
attacks occur every day, so it is very likely that the
smart grid
will be

hacked at some point. The
technology as well
as the employees must be
adequate in adapting and reacting to an attack in





Jacob Kring





Nick Reiter

6

order to prevent major power
-
outages throughout
the country.


The PowerSec Initiativ
e involves backing up
important
classified files and storing them in a safe
location in case
of an attack.
It

also back
s

up the
entire network in case of an attack

so that

communication can still be achieved even while

it

being invaded. Artificial Intelligence (AI) is also a
focus of reacting to intrusion. AI can potentially
adapt to an attack by
sor
ting itself out or even
identifying

an attack before it occurs [12
]. Self
-
healing technology would potentially be installed in
an attempt to sustain order during an attack.



By researching the current vulnerabilities in the system,
the PowerSec Initiative believes it can adapt and heal the
current security system in order to
become

an optimal
energy delivery system. This is a plausible option for the
smart grid,
and it

would a
lso be more cost efficient in the
long run. By focusing on preparatory actions and preventing
large scale damage, this idea can certainly fill current gaps in
the network to create a better security system. If the energy
industry can cooperate and coordina
te as a single entity, the
smart grid
will

have increased protection as well as
functionality.

C
ISCO
S
ECURITY
S
OLUTIONS

Cisco Systems is primarily involved in the design,
manufacturing, and selling of computer networking
equipment.
Cisco has grown

and
is n
ow

attempting to meet
the challenge of smart grid security.

“Security based on
established, open standards and regulatory compliance can
help ensure the reliability and security, both physical and
cyber,
of the electrical system” [13
].

Cisco has designed
t
heir security solution with the NERC
-
CIP standards in
mind. “Cisco Grid Security solutions deliver an integrated,
converged approach to security that provides critical
infrastructure
-
grade security to grid systems, data, and
assets; monitors the network wh
ile mitigating threats; and
secures utility operational facilities”[
13
].

Their solution
prevents unauthorized access, reduce
s

the amount of traffic
over the network, and increase
s

the reliability of the power
grid.

Cisco’s comprehensive solution may provid
e a
guideline by which organizations can operate their smart
grid
,

but it does not necessarily introduce new technologies.
It may not be a completely effective solution because it
relies on a combination of proven, but not perfect,
cybersecurity solutions

and does

not specifically advance or
enhance a particular technology
.


Cisco has

nonetheless

developed a plan to secure communication tools that are
used both on the business and control operations of the smart
grid.
The solution has been compiled from var
ious Cisco
software technologies that target focused portions of the
smart grid that may further secure it.

The Cisco Grid
Cybersecurity Solutions include,
Identity Management and
Access Control
,
Threat Defense
,
Data Center Security
,
Wide
Area Network (WAN
) Security

[
13
]
.

Identity Management and Access Control

The major components of Cisco’s Identity Management and
Access Control solution include Cisco Secure ACS, Cisco
Network Admission Control (NAC), Cisco Identity
-
Based
Network Services (IBNS), and customized signatures for
SCADA protocol firewalls.

Cisco’s
Secure ACS provides
centralized network identity and access control through
aggregate views of system activity at the transaction level.
This allows for secure network access and device
administration. Cisco NAC “enforces network security
policies on devic
es seeking network access”

[
13
].
The
device adheres

to the security
policies, so if it is meant to
harm the device

will, ideally, be unable to connect. Cisco
IBNS allows users
to establish authentication and access
control

by which

network connectivity and resources can be
protected. SCADA signatures are designed to identify
unauthorized requests, dangerous commands, and other
likely attacks. Unique, customized signatures allow the
Cisco security system to target the specific attack
s that may
harm the system that it is protecting.

Identity Management
and Access Control
allows
a company to effectively
organize who has established the proper credentials to access
and modify the network.

Threat Defense

Threat defense must focus on prote
cting known
vulnerabilities within the smart grid and SCADA control
systems

because a
nticipating what the next attack will target
and exploit is difficult. Cisco’s threat defense employs
network segmentation to prevent denial
-
of
-
service (DoS)
attacks.

A Do
S attack aims to stop

a system from
functioning by

simply

overloading communications requests
and can effectively prevent the service from operating at all.
“Cisco IOS Software Security offers a suite of security
technologies including firewall, VPN, IPS,
and content
security on integrated services rout
ers and WAN aggregation
routers

[
13
]
.

An effective firewall, a device designed to
check network acces
s by a set of rules, can prevent

unauthorized access to the smart grid network. Denial of
access can stop
malware fro
m operating properly and

further damage.

A secure virtual private network (VPN) can
allow important data to be transfer
red and communicated
privately. VPN technology significantly reduces cost
s

because there are no physical lines associated wit
h the
network. The control systems and communication platforms
are integral components of the smart grid. Without proper
security and threat defense
,

the smart grid could be rendered
inoperable by an attack.

Data Center Security

Cisco Data Center Security
incorporates many of the
systems put in place in other parts of the smart grid. These





Jacob Kring





Nick Reiter

7

include effective firewalls, unified communication security,
VPN, IPS, and content security services.
It also aims to
“help utilities build in security best practices, st
andards, and
compliance in data center environments”
[13]
. Cisco
implements data center facilities assessments, data center
virtualization assessments, and effective planning and
design. Cisco’s solution will include an on
-
site assessment
of the current ph
ysical structure to improve security.

Cisco
will then analyze the security requirements established in the
CIP standards and provide recommendations on how to
improve data center security.

A data center design with no
single point of failure will allow for

careful management and
security of data. Careful management of data will make any
breaches and modification very apparent and easy to stop.

The large
set of tools given by Cisco enables

organizations
to effectively secure resources.

Wide Area Network Secu
rity


A wide area network is utilized by the smart grid to relay
data between controllers and various PCs on the grid. This
communication allows the smart grid to effectively carry out
its daily function. The network is geared toward transmitting
data over

long distances
, different from the typical
connections in a household. This diffe
rence means there will
be an extended
process in which a WAN will be secured.
The WAN must be secured in such a way that

it

does not
hinder the availability and performance f
or any users on the
network. The WAN
utilizes

technologies that have
previously been mentioned such a strong firewall and VPN.
The WAN security solution will utilize the Advanced
Encryption Standard (AES). AES performs well on a variety
of hardware and
som
e of the best attacks on the AES still
required over 2
126
.71

computations with a .632 success rate.

[
14
]

The amount of time required to hack the AES by
a brute
force method simply takes far too much time and thus
increases the security of the WAN.

A

S
MARTER
G
RID

The demand for energy in the growing world is increasing
quickly, thus

it

requires an effective and efficient power
grid.
Previous malware attacks have shown that hackers
have the capability to do significant damage to physical
hardware and so
ftware. Stuxnet is a clear example of how if
someone wanted to damage the grid

they

could effectively
target important components such as controllers.
Each
security solution ha
s proposed methods in which it

can

detect potential threats
, combat those that b
reach the initial
barriers, and adapt to the growing dangers. These abilities
adhere to the NERC
-
CIP standards and establish

a

basis on
which cybersecurity can continue to grow.
The Cisco
solution attempts to combine several proven methods while
staying co
mpliant with the NERC
-
CIP standards.
The
PowerSec initiative also wishes to follow these guidelines by
focusing on security of SCADA and implementing multiple
security theories to the network. The integrated framework
could also prove to be very effective
because of how much
focus goes on each level of security. Implementing a
security system on each level will prove to be a g
reat
challenge for an attacker
of any kind. There is no room for
error when dealing with the delivery of energy. No matter
which prop
osal of cyber
-
security is implemented,
improvement upon it is essential to survival of the smart
grid.

R
EFERENCES

[1]

(2009)
"FPL | How Electricity Is Delivered to You."

Florida Power &
Light Company (FPL): Electric Power Utility
. [online] available:

http://www.fpl.com/storm/restoration_journey.shtml

[2] M. Odom, (2011) “What Consumers Need to Know About the Smart
Grid and Smart Meters”
Environmental Defense Fund

[online] available:
http://www.edf.org/sites/default/files/EDF
-
smart
-
grid
-
benefits
-
fact
-
sheet_0.pdf

[3] R. Langner, (2011, June) “Stuxnet: Dissecting a cyberwarfare Weapon”

IEEE vol
. 9 p. 49
-
51
[online] available:
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5772960&tag=1

[4] (2007) “Top 10 Most famous Hackers of All Time”
ITSecurity

[on
line]
available:
http://www.itsecurity.com/features/top
-
10
-
famous
-
hackers
-
042407/

[5] (2009) “Stuxnet Malware Targeting Scada Systems”
TrendMIcro
[online] available:
http://threatinfo.trendmicro.com/vinfo/web_attacks/Stuxnet%20Malware%2
0Targeting%20SCADA%20Systems.html

[6] K. Gronberg, (2011, October) “Cyberse
curity Legislative Update”
North
American Electric Reliability corporation
[online] available:
http://threatinfo.trendmicro.com/vinfo/we
b_attacks/Stuxnet%20Malware%2
0Targeting%20SCADA%20Systems.html

[7] (2006, December) Federal Energy Regulatory Commission [online]
available: http://www.ferc.gov/industries/electric/indus
-
act/reliability/12
-
11
-
06
-
cip.pdf

[8] (2011, October) “CIP Standards a
nd Grid Reliability”
North American
Electric Reliability corporation
[online] available:
http://www.nerc.com/files/3_GridSecCon_2011_10_19
-
McClanahan.pdf

[9] K. Staggs (2008,
July) “Security Solutions to meet NERC
-
CIP
Requirements”
Honeywell Process Solutions
[online] available:
http://www.isa.org/FileStore/Intech/WhitePaper/Security_Solutions
.pdf

[10]
M. Jafari, Y Lu, K. Rohde, P. Skare, D. Wei, (2011, December)
“Protecting Smart Grid Automation Systems Against Cyber
-
attacks”
IEEE
Transactions on Smart Grid, Vol. 2, No. 4.
[online] available:
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6003813

[11] (2012) “Grid Operations and Planning”
Electric Power Research
Institute
[online] available:
http://my.epri.com/portal/server.pt?open=512&objID=396&mode=2&in_hi
_userid=2&cached=true

[12] (April 2006) J. Douglas, T. Kropp, R. Schainker, (2006, Ap
ril)
“Electric Utlity Reponses to Grid Security Issues”
IEEE power & energy
magazine.
[online] Available:
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1597993

[13]
(
September 2011) “Cisco Smart Grid Security Solutions Brief”
Cisco
Systems
. [online] Available:

http://www.cisco.com/web/strategy/docs/energy
/CiscoSmartGridSecurity_s
olutions_brief_c22
-
556936.pdf

[14] A. Bogdanov, D. Khovratovich, C. Rechberger, (2009)
Microsoft
Research
[online] available:
http://research.micr
osoft.com/en
-
us/projects/cryptanalysis/aesbc.pdf


A
DDITIONAL
R
ESOURCES

[1] (2011) “McAfee Night Dragon Attack Unsophisticated But Effective
303870”
eWeek
[online] available:
http://go.galegroup.com/ps/i.do?action=interpret&id=GALE%7CA2488004
79&v=2.1&u=upitt_main&it=r&p=AONE&sw=w&authCount=1






Jacob Kring





Nick Reiter

8

[2
]
(2
011)
"NEMA
-

What Is Smart Grid and Why Is It Important?"

NEMA
-

National Electrical Manufacturers Association
.

[online] available:
http://www.nema.org/gov/energy/smartgrid/whatIs
SmartGrid.cfm

[3]
(2012) “The great blackout of 2003”
CBS
[online] available:
http://archives.cbc.ca/science_technology/energy_production/clips/13545/

[4
] J. Vijayan

(2011, October)
ComputerWorld
[online] available:
http://go.galegroup.com/ps/i.do?id=GALE|A271234828&v=2.1&u=upitt_m
ain&it=r&p=AONE&sw=w

[5]
(July 2009)
Subcommittee on Energy and Environment. “Effectively
Transforming Our Electric Delivery System To A Smart Grid”
U.S. House
of Representatives
[online
]
Available:
http:
//www.gpo.gov/fdsys/pkg/CHRG
-
111hhrg50954/pdf/CHRG
-
111hhrg50954.pdf

A
CKNOWLEDGMENTS

We would like to acknowledge and thank our chair, Dr.
Kerry Meyers, our co
-
chair, Jiaqi Gu, our grader, Katy Ra
nk
Lev, and Kaitlyn Livingstone.