Documente Academic
Documente Profesional
Documente Cultură
ENERGYCO
WHAT CYBERSECURITY THREATS AND VULNERABILITIES COULD BE
RELEVANT FOR ENERGYCO?
Network Based Attack: IP Spoofing, DNS Spoofing, Attack to the gateway in smart meter, Sniffing on network, ZigBee and IEEE
802.15.4 networks, Black hole attacks, eavesdropping, privacy attack to metering data launched from the network, DDoS, DoS,
Network attacks in wireless ad-hoc networks
Attacks on Physical Hardware: manipulating measured energy consumptions, cyber physical attack on the smart grid, remote
access to connect/disconnect and outage reporting used by unwarranted 3rd parties, physical attacks – battery change, removal
and modification, injecting malicious codes into memory of a smart meter.
Attacks on Data: manipulated data, false data injection, checksum forgery, Cyber-attacks (Control and commands, bulk data),
parallel checksum computation attack, MiTM attack, eavesdropping of messages sent by the smart meter using Known Plaintext
Attack (KPA); Chosen Plaintext Attack (CPA); Ciphertext Only Attack (COA)
WHAT ARE SOME CYBERSECURITY CONTROLS THAT COULD
MINIMISE THESE THREATS AND VULNERABILITIES?
Type Test and Acceptance Test – WG 11 (IEC 62052-11; IEC 62052-21; IEC 60514) etc.
SSMP (Secure Smart Metering Protocol – Uses 4 cryptographic protocols with multiple keys to prevent eavesdropping)
SIEM
NIST – National Electrical Manufactures Association (NEMA) Standard SG-AMI 1-2009; The Smart Grid and Cyber-Physical
Systems Program Office
WHAT SHOULD THE ORGANISATIONAL STRUCTURE LOOK LIKE TO
BEST ENABLE CYBERSECURITY?
WHAT SHOULD BE INCLUDED WITHIN THE CYBERSECURITY
STRATEGY?
Cybersecurity Vision
Cybersecurity Mission
Company Alignment
Sustainable Future
Implementation Plan
Cybersecurity Funding
Awareness training
WHO ARE THE KEY INTERNAL AND/OR EXTERNAL STAKEHOLDERS WITH
WHOM THE CSO SHOULD SOCIALISE THE CYBERSECURITY STRATEGY TO
GAIN ENDORSEMENT?
WHAT ARE SOME HURDLES THE CSO MAY ENCOUNTER WHEN DELIVERING
THE CYBERSECURITY STRATEGY? ARE THERE AREAS WHERE EY COULD
POTENTIALLY ASSIST?
Delivering the solution/recommendation to management levels – why – EY could potentially assist with case studies with and
without cybersecurity strategies and their pitfalls.
No. of anomalies