A HOLISTIC REVIEW OF CYBER RISK FOR THE DISTRIBUTION OF POWER
Loading...
Paper number
655
Working Group Number
Conference name
CIRED 2019
Conference date
3-6 June 2019
Conference location
Madrid, Spain
Peer-reviewed
Yes
Short title
Convener
Authors
Little, Steve, Frazer-Nash Consultancy, United Kingdom
Nayyar, Anuj, IET, United Kingdom
Neilson, David, SP Energy Networks, United Kingdom
Nayyar, Anuj, IET, United Kingdom
Neilson, David, SP Energy Networks, United Kingdom
Abstract
Within any organisation, including those of a Distribution System Operator, an understanding of PPITFC is held across, Human Resources, Quality, Facilities or the IT department, and often what is documented is not always an accurate representation of reality. Given a cyber-attack is typically a combination of socio and technical elements, and in order for an organisation to respond or recover, a holistic understanding of PPITFC and the interdependencies between them are required.It is unrealistic for an organisation to think that by implementing cyber technology at its boundary, it is completely secure from a persistent attacker. For an organisation to respond or recover to a potential or real cyber-attack, it needs to consider cyber over a number of phases. The National Institute of Science and Technology (NIST) propose a framework including a number of phases where an organisation can mitigate a cyber-attack:Identify – organisational understanding to understand cyber risks across PPITFCProtect – implementation of controls to manage cyber risksDetect – defines activities to identify cyber activityRespond – activities to implement action against a detected cyber incidentRecover – identification of activities to restore capability after a cyber incidentWithin this paper we will describe the importance of having a holistic approach for PPITFC to defend against a cyber-attack within the power distribution network and how this information can be effectively captured. We will also demonstrate how this information can be used to protect a power distribution organisation across the various phases to respond or recover to potential or an actual cyber-attack.
Table of content
Keywords
Publisher
AIM
Date
2019-06-03
Published in
Permanent link to this record
https://cired-repository.org/handle/20.500.12455/97
http://dx.doi.org/10.34890/195
http://dx.doi.org/10.34890/195
ISSN
2032-9644
ISBN
978-2-9602415-0-1