Information Security for Electric Power Utilities (EPUs)-CIGRE Developments on Frameworks, Risk Assessment, and Technology

This paper deals with the important issue of proper treatment of information security for electric power utilities. It is based on the efforts of CIGRE Working Group (WG) D2.22 on "Treatment of Information Security for Electric Power Utilities (EPUs)" carried out between 2006 and 2008/2009. The WG produces a Technical Brochure (TB), where the purpose is to emphasize three main issues: Security Frameworks, Risk Assessment, and Security Technology. Here, guidance is given on different Security Frameworks based on an Information Security Domain Model. Also, baseline controls are treated. For Risk Assessment, a survey has been carried out. Only few commonalities, but several differences, have been found. Here, a methodology must be developed together with practical recommendations. For Security Technologies, guidance is given for deployment of different solutions, based on a logical diagram using different controls. Last, proposal on further work is given.