IDEAS home Printed from https://ideas.repec.org/a/gam/jeners/v14y2021i21p6862-d660281.html
   My bibliography  Save this article

Towards Cross-Standard Compliance Readiness: Security Requirements Model for Smart Grid

Author

Listed:
  • Milan Stojkov

    (Faculty of Technical Sciences, University of Novi Sad, Trg D. Obradovića 6, 21000 Novi Sad, Serbia)

  • Nikola Dalčeković

    (Faculty of Technical Sciences, University of Novi Sad, Trg D. Obradovića 6, 21000 Novi Sad, Serbia)

  • Branko Markoski

    (Technical Faculty Mihajlo Pupin, University of Novi Sad, Đure Đakovića bb, 23000 Zrenjanin, Serbia)

  • Branko Milosavljević

    (Faculty of Technical Sciences, University of Novi Sad, Trg D. Obradovića 6, 21000 Novi Sad, Serbia)

  • Goran Sladić

    (Faculty of Technical Sciences, University of Novi Sad, Trg D. Obradovića 6, 21000 Novi Sad, Serbia)

Abstract

The critical infrastructure is constantly under cyber and physical threats. Applying security controls without guidance or traceability can create a false sense of security. Security standards facilitate security knowledge and control best practices in a more systematic way. However, the number of standards is continually increasing. Product providers that operate in multiple geographical regions often face the obligation to comply with multiple standards simultaneously. This introduces the problem of the convenient interpretation of different standards. Thus, a comprehensive analysis of the requirements from different security standards and guidelines applicable to the smart grid has been performed to detect similarities that can be shaped into entities of the conceptual model for requirement representation. The purpose of the model—presented in a form of a Unified Modeling Language (UML) class diagram—is to give product providers a canonical way to map requirements from arbitrary standards, guidelines, and regulations and accelerate the cross-standard compliance readiness by defining priority for requirement implementation. In addition, the research showed that multiple vectors should impact the priority of the implementation of the security controls defined through the requirements: domain affiliation, the essence of the requirement, associated threats, risks, and social dependencies between actors involved in the implementation. To examine the model correctness, NISTIR 7628—de facto smart grid standard—was used to provide insights into how the model would be used for requirements implementation tracking. The structure of individual requirements was analyzed to detect the building blocks and extract relevant parts that can be mapped to the model components. Further, all requirements were classified into one of the defined domains to provide the basis for referencing similar requirements from different standards. Finally, one arbitrary requirement was used to demonstrate model usage, and depict all available information that can be provided to the users in a custom-made scenario where the need arises to have simultaneous alignment with three standards—NISTIR 7628, NIST 800-53, and IEC 62443-3-3.

Suggested Citation

  • Milan Stojkov & Nikola Dalčeković & Branko Markoski & Branko Milosavljević & Goran Sladić, 2021. "Towards Cross-Standard Compliance Readiness: Security Requirements Model for Smart Grid," Energies, MDPI, vol. 14(21), pages 1-29, October.
    • Handle: RePEc:gam:jeners:v:14:y:2021:i:21:p:6862-:d:660281
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1996-1073/14/21/6862/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1996-1073/14/21/6862/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Leszczyna, Rafał, 2018. "Standards on cyber security assessment of smart grid," International Journal of Critical Infrastructure Protection, Elsevier, vol. 22(C), pages 70-89.
    2. Alcaraz, Cristina & Zeadally, Sherali, 2015. "Critical infrastructure protection: Requirements and challenges for the 21st century," International Journal of Critical Infrastructure Protection, Elsevier, vol. 8(C), pages 53-66.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Muhammad Waseem & Muhammad Adnan Khan & Arman Goudarzi & Shah Fahad & Intisar Ali Sajjad & Pierluigi Siano, 2023. "Incorporation of Blockchain Technology for Different Smart Grid Applications: Architecture, Prospects, and Challenges," Energies, MDPI, vol. 16(2), pages 1-29, January.
    2. Khazaei, Javad & Amini, M. Hadi, 2021. "Protection of large-scale smart grids against false data injection cyberattacks leading to blackouts," International Journal of Critical Infrastructure Protection, Elsevier, vol. 35(C).
    3. Hamed Taherdoost, 2022. "Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview," Post-Print hal-03741855, HAL.
    4. Bell, Alison J.C. & Rogers, M. Brooke & Pearce, Julia M., 2019. "The insider threat: Behavioral indicators and factors influencing likelihood of intervention," International Journal of Critical Infrastructure Protection, Elsevier, vol. 24(C), pages 166-176.
    5. Farzam Nejabatkhah & Yun Wei Li & Hao Liang & Rouzbeh Reza Ahrabi, 2020. "Cyber-Security of Smart Microgrids: A Survey," Energies, MDPI, vol. 14(1), pages 1-27, December.
    6. Bhandari, Pratik & Creighton, Douglas & Gong, Jinzhe & Boyle, Carol & Law, Kris M.Y., 2023. "Evolution of cyber-physical-human water systems: Challenges and gaps," Technological Forecasting and Social Change, Elsevier, vol. 191(C).
    7. CHERIFI, Tarek & HAMAMI, Lamia, 2018. "A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol," International Journal of Critical Infrastructure Protection, Elsevier, vol. 20(C), pages 68-84.
    8. Randall, Rick G. & Allen, Stuart, 2021. "Cybersecurity professionals information sharing sources and networks in the U.S. electrical power industry," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    9. Giudicianni, Carlo & Herrera, Manuel & Di Nardo, Armando & Oliva, Gabriele & Scala, Antonio, 2021. "The faster the better: On the shortest paths role for near real-time decision making of water utilities," Reliability Engineering and System Safety, Elsevier, vol. 212(C).
    10. Tomáš Fröhlich & Zdeněk Hon & Martin Staněk & Jiří Slabý, 2023. "Method of Identification and Assessment of Security Needs of a Region against the Threat of a Large Power Outage," Energies, MDPI, vol. 16(11), pages 1-16, May.
    11. Hadi Alizadeh & Ayyoob Sharifi, 2020. "Assessing Resilience of Urban Critical Infrastructure Networks: A Case Study of Ahvaz, Iran," Sustainability, MDPI, vol. 12(9), pages 1-20, May.
    12. Katarzyna Rostek & Michał Wiśniewski & Witold Skomra, 2022. "Analysis and Evaluation of Business Continuity Measures Employed in Critical Infrastructure during the COVID-19 Pandemic," Sustainability, MDPI, vol. 14(22), pages 1-22, November.
    13. Jinchao Li & Tianzhi Li & Liu Han, 2018. "Research on the Evaluation Model of a Smart Grid Development Level Based on Differentiation of Development Demand," Sustainability, MDPI, vol. 10(11), pages 1-25, November.
    14. David Rehak & Michal Radimsky & Martin Hromada & Zdenek Dvorak, 2019. "Dynamic Impact Modeling as a Road Transport Crisis Management Support Tool," Administrative Sciences, MDPI, vol. 9(2), pages 1-16, March.
    15. Chaoqi, Fu & Yangjun, Gao & Jilong, Zhong & Yun, Sun & Pengtao, Zhang & Tao, Wu, 2021. "Attack-defense game for critical infrastructure considering the cascade effect," Reliability Engineering and System Safety, Elsevier, vol. 216(C).
    16. Michal Wisniewski, 2021. "The Role of Integral Model of Critical Infrastructure Safety in Industry 4.0," European Research Studies Journal, European Research Studies Journal, vol. 0(3), pages 1153-1188.
    17. Arman Goudarzi & Farzad Ghayoor & Muhammad Waseem & Shah Fahad & Issa Traore, 2022. "A Survey on IoT-Enabled Smart Grids: Emerging, Applications, Challenges, and Outlook," Energies, MDPI, vol. 15(19), pages 1-32, September.
    18. Mohamed Amine Ferrag & Leandros Maglaras & Ahmed Ahmim & Makhlouf Derdour & Helge Janicke, 2020. "RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks," Future Internet, MDPI, vol. 12(3), pages 1-14, March.
    19. Luiz Fernando Ribas Monteiro & Yuri R. Rodrigues & A. C. Zambroni de Souza, 2023. "Cybersecurity in Cyber–Physical Power Systems," Energies, MDPI, vol. 16(12), pages 1-34, June.
    20. Chaoqi, Fu & Pengtao, Zhang & Lin, Zhou & Yangjun, Gao & Na, Du, 2021. "Camouflage strategy of a Stackelberg game based on evolution rules," Chaos, Solitons & Fractals, Elsevier, vol. 153(P2).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jeners:v:14:y:2021:i:21:p:6862-:d:660281. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.