1 / 4

Cybersecurity Issues in Power Systems

Cybersecurity Issues in Power Systems. Securing Legacy Systems to Meet NERC CIP and NISTIR Requirements By Erfan Ibrahim Founder & CEO The Bit Bazaar LLC – A Marketplace for Digital Ideas. Problem Definition.

amber-drake
Download Presentation

Cybersecurity Issues in Power Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity Issues in Power Systems Securing Legacy Systems to Meet NERC CIP and NISTIR Requirements By Erfan Ibrahim Founder & CEO The Bit Bazaar LLC – A Marketplace for Digital Ideas

  2. Problem Definition • Legacy Systems in the electric grid have limited memory, processing capability and networking features • NISTIR 7628 and NERC CIP requirements for interface and overall systems cybersecurity are often too stringent for legacy systems to meet • Technical Feasibility Exceptions (TFE) from NERC CIP requirements bring legacy systems into regulatory compliance but don’t secure • “Forklift upgrades” from legacy systems to modern systems in the electric grid to meet stringent cybersecurity requirements is not economically viable

  3. Possible Mitigations • “Bump in the wire” type security technologies • Integrating GumStix Technologies with Legacy Systems to introduce modern cybersecurity technologies in legacy systems communications • Re-architecting power systems to create more redundancy and resiliency to reduce interface cybersecurity requirements for legacy systems to meet

  4. Critical Issues to Consider • Availability is more critical than confidentiality in power systems • Compliance does not assure security • Interface level security does not provide system level security • Cybersecurity requirements coming from use case analysis don’t take into account asymmetric attacks by smart hackers • Cybersecurity technologies are only part of the solution. Network architecture, data management, personnel training and proper enforcement of security policy are necessary for power system protection

More Related