Visible to the public Cybersecurity assurance control baselining for smart grid communication systems

TitleCybersecurity assurance control baselining for smart grid communication systems
Publication TypeConference Paper
Year of Publication2018
AuthorsOgundokun, A., Zavarsky, P., Swar, B.
Conference Name2018 14th IEEE International Workshop on Factory Communication Systems (WFCS)
Keywordsassurance, assurance baseline, Business, composability, computer security, control systems, cybersecurity assurance base lining concepts, cybersecurity assurance control baselining, cybersecurity assurance controls, Human Behavior, IEC standards, industrial automation, information assurance, Information systems, key cybersecurity control baselining, Metrics, national security systems, Networked Control Systems Security, policy-based governance, pubcrawl, recent innovative risk-based approaches, Resiliency, security assurance controls, security baseline, security categorization, security impact levels, security level, security levels, security of data, Security Technical Implementation Guides, security zone, Smart grid, smart grid communication networks, smart grid communication systems, smart grid security architecture, smart grid system architecture, Smart grids, Standards, Systems Security, technical functional controls, US Defense Information Systems Agency

Cybersecurity assurance plays an important role in managing trust in smart grid communication systems. In this paper, cybersecurity assurance controls for smart grid communication networks and devices are delineated from the more technical functional controls to provide insights on recent innovative risk-based approaches to cybersecurity assurance in smart grid systems. The cybersecurity assurance control baselining presented in this paper is based on requirements and guidelines of the new family of IEC 62443 standards on network and systems security of industrial automation and control systems. The paper illustrates how key cybersecurity control baselining and tailoring concepts of the U.S. NIST SP 800-53 can be adopted in smart grid security architecture. The paper outlines the application of IEC 62443 standards-based security zoning and assignment of security levels to the zones in smart grid system architectures. To manage trust in the smart grid system architecture, cybersecurity assurance base lining concepts are applied per security impact levels. Selection and justification of security assurance controls presented in the paper is utilizing the approach common in Security Technical Implementation Guides (STIGs) of the U.S. Defense Information Systems Agency. As shown in the paper, enhanced granularity for managing trust both on the overall system and subsystem levels of smart grid systems can be achieved by implementation of the instructions of the CNSSI 1253 of the U.S. Committee of National Security Systems on security categorization and control selection for national security systems.

Citation Keyogundokun_cybersecurity_2018