ABSTRACT
There have been significant cyber security developments that affect the substation automation (SA) industry and broader critical infrastructure with the advent of four defining events; the development of the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards [1], the U.S. Department of Energy (DoE) stimulus funding of Smart Grid projects, the development of National Institute of Standards Technology (NIST) Smart Grid Guidelines [2], and the first verified automated and targeted cyber attack on control systems known as Stuxnet [3,4] that is believed to have had significant physical impacts on the assets which it was programmed to strike. The NERC CIP standards that are mandated on the bulk power system (BPS) [5] have created a tidal shift in how cyber security is viewed by asset-owning organizations and it is having significant impacts on operations and 17-2associated technologies both positive and negative as all stakeholders try to wrestle with what security means in this new technical domain. For the first time, noncompliance to the CIPs carries the levying of significant fines of up to one million dollars per day. The advent of the U.S. DoE-backed Smart Grid has meant an unprecedented infusion of government investment matched by utility organizations to modernize the power grid and introduce a wide range of control system automation, communications, and information technologies to enable general modernization, smart meters (for demand response), distribution automation, large introduction of clean distributed generation (DG), large-scale support of electric vehicles, wide area situational awareness, and many other applications.
