Cybersecurity in Distribution Automation: approach for common referential leveraging Standardization
Loading...
Paper number
2086
Working Group Number
Conference name
CIRED 2019
Conference date
3-6 June 2019
Conference location
Madrid, Spain
Peer-reviewed
Yes
Short title
Convener
Authors
Jean-Luc, Batard, Schneider Electric, France
Ludovic, Lamberti, Schneider Electric, France
Matthieu, Salles, Schneider Electric, France
Eric, Suptitz , Schneider Electric, France
Ludovic, Lamberti, Schneider Electric, France
Matthieu, Salles, Schneider Electric, France
Eric, Suptitz , Schneider Electric, France
Abstract
This article provides some approach to ease definition and analysis of Cybersecurity requirement during Projects for Distributed Automation Equipments, while still taking into account Utility specificities. It is based on appropriate usage of IEC 62443 standard.Defining and analyzing a common Cybersecurity requirement referential is today a nightmare both for Utilities&PrivateCustomers (Hereafter referred to as "Customers") and for Monitoring&Control product suppliers. 1/ Situation as per todayCurrent usage for Request for projects consist most often in extracting from various standards and existing literature (whitepapers, local regulations,…) a list of requirements of different nature. In best case it is based on the output of a risk assessment process.Current standardization state has been significantly improved on the past years, and is still evolving. However there as still numerous limits (to be listed)… Resulting difficulties for actors are time&money consuming, and expand with the number of private referential2/ Proposed approach is based on leveraging functional requirements defined in IEC 62443, but also referring to the defined Security levels, enabling then to refer to consistent profiles rather than a dedicated list of functional requirements.Flexibility remains to adapt to each Customer specificities by selecting the most relevant security level. This decision is based on Customer risk assessment, made according to ISO 27000 standard.In complement, specification should require that functional requirements from IEC 62443 are implemented in compliance to IEC 62351 serie.
Table of content
Keywords
Publisher
AIM
Date
2019-06-03
Published in
Permanent link to this record
https://cired-repository.org/handle/20.500.12455/728
http://dx.doi.org/10.34890/952
http://dx.doi.org/10.34890/952
ISSN
2032-9644
ISBN
978-2-9602415-0-1