Toward a framework for managing information security for an electric power utility - CIGRE experiences

This paper deals with the increasingly important issue of proper handling of information security for electric power utilities. It is based on the efforts of CIGRE Joint Working Group (JWG) D2/B3/C2-01 on "Security for Information Systems and Intranets in Electric Power System" carried out between 2003 and 2006. The JWG has produced a technical brochure (TB), where the purpose to raise the awareness of information and cybersecurity in electric power systems, and gives some guidance on how to solve the security problem by focusing on security domain modeling, risk assessment methodology, and security framework building. Here in this paper, the focus is on the issue of awareness and to highlight some steps to achieve a framework for cybersecurity management. Also, technical considerations of some communication systems for substation automation are studied. Finally, some directions for further works in this vast area of information and cybersecurity are given.