Part I Understanding Security and Privacy Problem -- 1 Security -- 1.1 Introduction -- 1.2 Smart Grid -- 1.2.1 Traditional Power Grid Architecture -- 1.2.2 Smart Grid Definitions -- 1.2.3 Drivers for Change -- 1.2.4 Smart Grid Communication Infrastructure -- 1.3 Distributed Energy Resources -- 1.3.1 DER Characteristics -- 1.3.2 DER Uses -- 1.3.3 DER Systems -- 1.3.4 Microgrid -- 1.3.5 Virtual Power Plant -- 1.4 Scope of Security and Privacy -- 1.4.1 Security for the Smart Grid -- 1.4.2 Privacy -- 1.4.3 The Need for Security and Privacy -- 1.5 Computing and Information Systems for Business and Industrial Applications -- 1.5.1 Information Systems Classification -- 1.5.2 Information Systems in Power Grids -- 1.5.3 DER Information Systems -- 1.6 Integrated Systems in a Smart Grid -- 1.6.1 Trends -- 1.6.2 Characteristics -- 1.7 Critical Smart Grid Systems -- 1.7.1 Industrial Control Systems -- 1.7.2 SCADA Systems -- 1.7.3 Energy Management Systems -- 1.7.4 Advanced Meter Systems -- 1.8 Standards, Guidelines, and Recommendations -- 1.8.1 Overview of Various Standards -- 1.8.2 Key Standard Attributes and Conformance -- 1.8.3 Smart Grid Standards -- 1.8.3.1 Key Players in Smart Grid Standards Development -- 1.8.3.2 How to Use Standards -- 1.8.4 Cybersecurity Standards -- 2 Advancing Security -- 2.1 Emerging Technologies -- 2.1.1 Internet of Things -- 2.1.1.1 Characteristics of Objects -- 2.1.1.2 Technologies -- 2.1.1.3 IoT Applications -- 2.1.1.4 IoT Security and Privacy -- 2.1.1.5 Challenges -- 2.1.2 Internet of Everything (IoE) -- 2.1.3 Cyber-Physical Systems -- 2.1.4 Cyber-Physical Systems Applications -- 2.2 Cybersecurity -- 2.2.1 Cybersecurity Definitions -- 2.2.2 Understanding Cybersecurity Terms -- 2.2.3 Cybersecurity Evolution -- 2.3 Advancing Cybersecurity -- 2.3.1 Contributing Factors to Cybersecurity Success -- 2.3.2 Advancing Cybersecurity and Privacy Design -- 2.4 Smart Grid Cybersecurity: A Perspective on Comprehensive Characterization -- 2.4.1 Forces Shaping Cybersecurity -- 2.4.2 Smart Grid Trends -- 2.5 Security as a Personal, Organizational, National, and Global Priority -- 2.5.1 Security as Personal Priority -- 2.5.2 Protection of Private Information -- 2.5.3 Protecting Cyberspace as a National Asset -- 2.6 Cybersecurity for Electrical Sector as a National Priority -- 2.6.1 Need for Cybersecurity Solutions -- 2.6.2 The US Plans -- 2.7 The Need for Security and Privacy Programs -- 2.7.1 Security Program -- 2.7.2 Privacy Program -- 2.8 Standards, Guidelines, and Recommendations -- 2.8.1 Electricity Sector Guidance -- 2.8.2 International Collaboration -- References-Part1 -- Part II Applying Security Principles to Smart Grid -- 3 Principles of Cybersecurity -- 3.1 Introduction -- 3.2 Information Security -- 3.2.1 Terminology -- 3.2.2 Information Security Components -- 3.2.3 Security Principles -- 3.3 Security Related Concepts -- 3.3.1 Basic Security Concepts -- 3.3.2 The Basis for Security -- 3.4 Characteristics of Information -- 3.4.1 Data Transformation -- 3.4.2 Data Characteristics -- 3.4.3 Data Quality -- 3.4.4 Information Quality -- 3.4.5 System Quality -- 3.4.6 Data Quality Characteristics Assigned to Systems -- 3.5 Information Systems Characteristics -- 3.5.1 Software Quality -- 3.5.2 System Quality Attributes -- 3.6 Critical Information Systems -- 3.6.1 Critical Systems Characteristics -- 3.6.2 Information Life Cycle -- 3.6.3 Information Assurance -- 3.6.4 Critical Security Characteristics of Information -- 3.7 Information Security Models -- 3.7.1 Evolving Models -- 3.7.2 RMIAS Model -- 3.7.3 Information Security Goals -- 3.8 Standards, Guidelines, and Recommendations -- 3.8.1 SGIP Catalog of Standards -- 3.8.2 Cybersecurity Standards for Smart Grid -- 4 Applying Security Principles to Smart Grid -- 4.1 Smart Grid Security Goals -- 4.2 DERs Information Security Characteristics -- 4.2.1 Information Classification -- 4.2.2 Information Classification Levels -- 4.2.3 Information Evaluation Criteria -- 4.3 Infrastructure -- 4.3.1 Information Infrastructure -- 4.3.2 Information Assurance Infrastructure -- 4.3.3 Information Management Infrastructure -- 4.3.4 Outsourced Services -- 4.3.5 Information Security Management Infrastructure -- 4.3.6 Cloud Infrastructure -- 4.4 Smart Grid Infrastructure -- 4.4.1 Hierarchical Structures -- 4.4.2 Smart Grid Needs -- 4.4.3 Cyber Infrastructure -- 4.4.4 Smart Grid Technologies -- 4.5 Building an Information Infrastructure for Smart Grid -- 4.5.1 Various Perspectives -- 4.5.2 Challenges and Relevant Approaches -- 4.5.3 Common Employed Infrastructures -- 4.6 IT Systems versus Industrial Control Systems Infrastructure -- 4.6.1 Industrial Control Systems General Concepts -- 4.6.2 Supervisory Control and Data Acquisition Systems (SCADA) -- 4.6.3 Differences and Similarities -- 4.7 Convergence Trends -- 4.8 Standards, Guidelines, and Recommendations -- 5 Planning Security Protection -- 5.1 Threats and Vulnerabilities -- 5.1.1 Threats Characterization -- 5.1.2 Vulnerabilities Characteristics -- 5.2 Attacks -- 5.2.1 Attacks Categories -- 5.2.2 Reasons for Attack -- 5.3 Energy Sector: Threats, Vulnerabilities, and Attacks Overview -- 5.3.1 Threats -- 5.3.2 Vulnerabilities -- 5.3.3 Energy Sector Attacks -- 5.3.4 Smart Grid Cybersecurity Challenges -- 5.4 Security Controls -- 5.4.1 Security Controls Categories -- 5.4.2 Common Security Controls -- 5.4.3 Applying Security Controls to Smart Grid -- 5.5 Security Training and Skills -- 5.5.1 Education, Training, and Awareness -- 5.5.2 Security Awareness Program -- 5.6 Planning for Security and Privacy -- 5.6.1 Plan Structure -- 5.6.2 Security Team -- 5.7 Legal and Ethical Issues -- 5.8 Standards, Guidelines, and Recommendations -- References-Part2 -- Part III Security of Critical Infrastructure -- 6 Critical Infrastructure -- 6.1 Introduction -- 6.1.1 Critical Infrastructure -- 6.1.2 Critical Information Infrastructure -- 6.2 Associated Industries with Critical Infrastructure -- 6.2.1 US Critical Sectors -- 6.2.2 Other Countries -- 6.3 Critical Infrastructure Components -- 6.4 Energy Sector -- 6.4.1 Electrical Subsector -- 6.4.2 Smart Grid Infrastructure -- 6.5 Critical Infrastructures Interdependencies -- 6.5.1 Interdependency Dimensions -- 6.5.2 Dependencies -- 6.6 Electrical Power System -- 6.6.1 Electrical Power System Components -- 6.6.2 Electrical Power System Evolution and Challenges -- 6.6.3 Needs -- 6.7 Recent Threats and Vulnerabilities -- 6.7.1 Reported Cyber Attacks -- 6.7.2 ICS/SCADA Incidents and Challenges -- 6.7.2.1 Stuxnet Exploitation -- 6.7.2.2 Exposure to Post Stuxnet Malware in Rise -- 6.7.2.3 Inappropriate Design and Lack of Management -- 6.7.2.4 Safety -- 6.7.3 Equipment Failure -- 6.8 Standards, Guidelines, and Recommendations -- 7 Critical Infrastructure Protection -- 7.1 Critical Infrastructure Attacks and Challenges -- 7.1.1 Power Grid -- 7.1.2 Attacks on Information Technology and Telecommunications -- 7.1.3 Attacks in Manufacturing -- 7.1.4 Defense -- 7.2 The Internet as a Critical Infrastructure -- 7.3 Critical Infrastructure Protection -- 7.3.1 Policies, Laws, and Regulations -- 7.3.2 Protection Issues -- 7.4 Information Security Frameworks -- 7.4.1 NIST Cybersecurity Framework -- 7.4.2 NIST Updated Cybersecurity Framework -- 7.4.3 Generic Framework -- 7.5 NIST Privacy Framework -- 7.6 Addressing Security of Control Systems -- 7.6.1 Challenges -- 7.6.2 Terrorism Challenges -- 7.7 Emerging Technologies and Impacts -- 7.7.1 Control Systems Open to Internet -- 7.7.2 Wireless and Mobile -- 7.7.3 Internet of Things and Internet of Everything -- 7.7.4 WEB Technologies -- 7.7.5 Embedded Systems -- 7.7.6 Cloud Computing -- 7.8 Standards, Guidelines, and Recommendations -- 7.8.1 Department of Homeland Security (DHS) -- 7.8.2 Federal Communications Commission (FCC) -- 7.8.3 National Institute of Standards and Technology (NIST) -- 7.8.4 North American Energy Reliability Corporation (NERC) -- 7.8.5 Federal Regulatory Energy Commission -- 7.8.6 DOE Critical Infrastructure Guidance -- 7.8.7 US-CERT -- References-Part3 -- Part IV The Characteristics of Smart Grid and DER Systems -- 8 Smart Power Grid -- 8.1 Electric Power System -- 8.1.1 Power System Services -- 8.1.2 Power System Operations -- 8.1.3 Energy Management System Overview -- 8.1.4 Electrical Utilities Evolution -- 8.2 Smart Grid -- What it Is? -- 8.2.1 Definitions -- 8.2.2 Vision of the Future Smart Grid -- 8.2.3 Tomorrow's Utility -- 8.2.4 EMS Upgrades -- 8.2.5

Electricity Trade -- 8.2.6 Trading Capabilities -- 8.3 Smart Grid Characteristics -- 8.3.1 Relevant Characteristics -- 8.3.2 Electrical Infrastructure Evolution -- 8.4 Smart Grid Conceptual Models -- 8.4.1 NIST Conceptual Model -- 8.4.2 IEEE Model -- 8.4.3 European Conceptual Model -- 8.5 Power and Smart Devices -- 8.5.1 Smart Meters -- 8.5.2 Intelligent Electronic Devices -- 8.5.3 Phasor Measurement Units -- 8.5.4 Intelligent Universal Transformers -- 8.6 Examples of Key Technologies and Solutions -- 8.6.1 Communications Networks -- 8.6.2 Integrated Communications -- 8.6.3 Sensor Networks -- 8.6.4 Infrastructure for Transmission and Substations -- 8.6.5 Wireless Technologies -- 8.6.6 Advanced Metering Infrastructure -- 8.7 Networking Challenges -- 8.7.1 Architecture -- 8.7.2 Protocols -- 8.7.2 Constraints -- 8.8 Standards, Guidelines, and Recommendations -- 8.8.1 Smart Grid Interoperability -- 8.8.2 Representative Standards -- 9 Power Systems Characteristics -- 9.1 Analysis of Power Systems -- 9.1.1 Analysis of Basic Characteristics -- 9.1.2 Stability -- 9.1.3 Partial Stability -- 9.2 Analysis of Impacts -- 9.2.1 DERs Impacts -- 9.2.2 Interconnectivity -- 9.3 Reliability -- 9.3.1 Reliable System Characteristics -- 9.3.2 Addressing Reliability -- 9.3.3 Evaluating Reliability -- 9.3.4 ICT Reliability ...