2019
Rafael de Jesus Martins, Luis Augusto Dias Knob, Eduardo Germano da Silva, Juliano Araujo Wickboldt, Alberto Egon Schaeffer-Filho, Lisandro Zambenedetti Granville
Specialized CSIRT for Incident Response Management in Smart Grids Journal Article
In: Journal of Network and Systems Management (JNSM), 27 (1), pp. 269–285, 2019, ISSN: 1064-7570.
Abstract Links BibTeX Tags: CSIRT Incident Management SCADA Smart Grids
@article{DBLP:journals/jnsm/MartinsKSWFG19,
title = {Specialized CSIRT for Incident Response Management in Smart Grids},
author = {Rafael de Jesus Martins and Luis Augusto Dias Knob and Eduardo Germano da Silva and Juliano Araujo Wickboldt and Alberto Egon Schaeffer-Filho and Lisandro Zambenedetti Granville},
url = {https://doi.org/10.1007/s10922-018-9458-z},
doi = {10.1007/s10922-018-9458-z},
issn = {1064-7570},
year = {2019},
date = {2019-01-01},
journal = {Journal of Network and Systems Management (JNSM)},
volume = {27},
number = {1},
pages = {269--285},
abstract = {Power grids are undergoing a major modernization process, which is transforming them into Smart Grids. In such cyber-physical systems, a security incident may cause catastrophic consequences. Unfortunately, the number of reported incidents in power grids has been increasing in the last years. In this article we advocate that the adoption of Computer Security Incident Response Teams (CSIRTs) is necessary for the proper management of security incidents in Smart Grids. CSIRTs for Smart Grids must cover different parts of the grid, thus consisting of specialized response teams for handling incidents not only on the physical infrastructure, but also on the Smart Grid equipment and on the IT infrastructure. We thus propose an incident classification to assist the implementation of CSIRTs for Smart Grids, considering the specific concerns of the different response teams. We evaluate attack classifications available in the literature and review a well-known database of Smart Grid security incidents.},
keywords = {CSIRT, Incident Management, SCADA, Smart Grids},
pubstate = {published},
tppubtype = {article}
}
Power grids are undergoing a major modernization process, which is transforming them into Smart Grids. In such cyber-physical systems, a security incident may cause catastrophic consequences. Unfortunately, the number of reported incidents in power grids has been increasing in the last years. In this article we advocate that the adoption of Computer Security Incident Response Teams (CSIRTs) is necessary for the proper management of security incidents in Smart Grids. CSIRTs for Smart Grids must cover different parts of the grid, thus consisting of specialized response teams for handling incidents not only on the physical infrastructure, but also on the Smart Grid equipment and on the IT infrastructure. We thus propose an incident classification to assist the implementation of CSIRTs for Smart Grids, considering the specific concerns of the different response teams. We evaluate attack classifications available in the literature and review a well-known database of Smart Grid security incidents.