بررسی استانداردها با مقررات امنیتی سایبری برای شبکه هوشمند A review of standards with cybersecurity requirements for smart grid

1. Introduction In traditional enterprises violation of cybersecurity in the majority of cases results in financial losses, while other, more serious consequences are rather seldom. Unfortunately, smart grids highly differ at that point. The effects of targeting them cyberattacks can be very detrimental, having an impact on the health, safety or economic situation of citizens or proper functioning of governments [61]. Securing the smart grid requires novel, multidisciplinary approaches that combine various technologies and incorporates managerial, policy, legal aspects and more [79, 61]. Security experts agree that standardised solutions and practices should be used in the first place [73, 74]. In recent years numerous smart grid standards have been published. This results in the situation that operators may find it difficult to orientate themselves in this plethora of literature. For instance, it is possible that they would miss a standard (or standards) which more than others respond to their specific problem. To address this challenge and to ensure that experts consider all applicable standards, a research was conducted that aimed at identifying all standards which define cybersecurity requirements that can be applied to the smart grid. Cybersecurity requirements depict characteristics, features or functions that need to be present in a system to assure its cybersecurity. Identification of the requirements is one of the first steps in a system safeguarding process [42]. Properly recognised and defined requirements are key factors that determine if the ∗Corresponding author achieved security is true or only illusory. This paper brings in all the identified standards that describe cybersecurity requirements applicable to smart grids (based on a structured study). The standards are characterised in regard to the requirements and criteria-based indications are provided that aim at helping the operators to choose the standards which are applicable to their area and that address their individual goals. This is in order to altogether constitute a comprehensive guideline on standardised cybersecurity requirements for smart grids. Following a systematic literature review that comprised three main stages (see Section 3), 17 cybersecurity publications of relevance have been identified, which are presented in this paper. To the best of author’s knowledge a study that addresses this subject has not been performed so far. Some of the publications are not standards in the strict meaning of this word. They are originally labelled by their authors as guidelines, technical reports, special publications or regulations. However since the studies treat these publications as standards, they are included in the evaluation. In fact the majority of these documents have become de facto standards1 .