View
216
Download
3
Category
Preview:
Citation preview
Frankfurt (Germany), 6-9 June 2011
IT COMPLIANCE IN SMART GRIDS
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
1. Smart Grid Architecture
2. Risk Scenarios
3. Comparison with other markets
4. Methods
5. Certification
IT COMPLIANCE IN SMART GRIDS
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
Martin Schaefer – Sweden – Session 6 – 0210
IT COMPLIANCE IN SMART GRIDSSmart Grid Architecture
Based on: NIST SP 1108 NIST Framework andRoadmap for Smart Grid Interoperability Standards,Release 1.0
Frankfurt (Germany), 6-9 June 2011
Martin Schaefer – Sweden – Session 6 – 0210
IT COMPLIANCE IN SMART GRIDSSmart Grid Architecture
Challenges: Introduction and expansion of a communication network for the current
and future electricity grid Introduction of new technology Introduction of intelligent control and connectivity between different
domains Constraints:
Long-term use of legacy assets in the domains of operation, bulk generation, transmission and distribution
In some parts, use of a large-scale homogeneous technical environment, e.g. Smart Meters
There are currently no common or aligned standards designed to achieve an architecturally compatible technology.
Frankfurt (Germany), 6-9 June 2011
Customer Data – Confidentiality Aggregating and sharing of customer data
throughout different grid actors Different legal environments
Fraud – Integrity Tampering with customer data Energy theft and fraud
IT COMPLIANCE IN SMART GRIDSRisk Scenarios
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
Technical threats
IT COMPLIANCE IN SMART GRIDSRisk Scenarios
Martin Schaefer – Sweden – Session 6 – 0210
Intentional Unintentional
Malicious E.g. a dedicated attackby criminal individuals,groups, terrorists or nations
E.g. an undirected attackby a ‘common’ Botnetvirus
Non-malicious E.g. a disgruntled employee/outsourcing vendorintentionally manipulatessensor data
E.g. malfunction of softwareor procedures
Frankfurt (Germany), 6-9 June 2011
Financial Market Sarbanes-Oxley Act (SOX)
adapted to EuroSOX, JSOX - global rule set for activities such as governance, reporting and enterprise risk management.
COSO guidance on organizational governance, business ethics, internal
control, enterprise risk management, fraud and financial reporting
COBIT control framework for technical compliance
IT COMPLIANCE IN SMART GRIDSComparison with other markets
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
Compliance for Telecommunications Signaling System 7 (SS7)
enabling interconnectivity between large networks basis for telecommunication services that are compliant
with different legal requirements
EU formed Body of European Regulators for Electronic Communications (BEREC)
Ensure compliance with EU regulatory framework
IT COMPLIANCE IN SMART GRIDSComparison with other markets
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
Existing frameworks/standards (ISA 99 series, NERC Critical Infrastructure Protection (CIP) series, NIST 800-82)
Maps or models to apply such standards (e.g. Zone Model / Zoning Principles)
Avoid compliance with standard A implies non-compliance with standard B Currently heavy technical focus Currently no common / complete standards that steer and enable Smart
Grid development considering all aspects (customer privacy, technical issues, fraud)
Target: framework of mutually compliant standards to enable compliant development of Smart Grids and build trust / acceptance
IT COMPLIANCE IN SMART GRIDSMethods
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
From competitive advantage to operational requirement Quality Management ISO 9000 series IT Service Management ISO 20000 series Information Security Management ISO 27000 series
Certifications for certain areas are available, giving currently competitive advantage
Focus area for certification could be Smart Meter (huge amount of homogeneous devices)
IT COMPLIANCE IN SMART GRIDSCertification
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
Increasing interconnectivity in Smart Grid architecture New risk scenarios e.g. increasing amount of customer
data throughout different grid actors IT Compliance with a framework of mutually compliant
standards could help to build secure systems and trust Certification - from competitive advantage to operational
requirement
IT COMPLIANCE IN SMART GRIDSSummary
Martin Schaefer – Sweden – Session 6 – 0210
Frankfurt (Germany), 6-9 June 2011
IT COMPLIANCE IN SMART GRIDS
Thank you for your attention!
Martin Schaefer – Sweden – Session 6 – 0210
Recommended