Privacy and Security
Traditionally, Security for Information Technology focuses on the protection required to ensure the confidentiality, integrity, and availability of the electronic information communication systems.
Security needs to be appropriately applied to the combined power system and IT communication system domains to maintain the reliability of the Smart Grid and privacy of consumer information.
Security in the Smart Grid must include a balance of both power and cyber system technologies and processes in IT and power system operations and governance. Poorly applied practices from one domain that are applied into another may degrade reliability.
Security must address not only deliberate attacks launched by disgruntled employees, agents of industrial espionage, and terrorists, but also inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, and alter load conditions to destabilize the grid in unpredictable ways. The need to address potential vulnerabilities has been acknowledged across the federal government.
The overall Security strategy used by the iURBAN project examines both domain-specific and common requirements when developing a risk mitigation approach to ensure interoperability of solutions across different parts of the infrastructure. The Security strategy addresses prevention, detection, response, and recovery.
As regards the current framework of standards and good practices for Service-Oriented Architectures (SOA), considered is the OASIS security committee that promotes security standards needed in e-business and Web services applications.
These standards range from common identity management to biometric identity assurance, policy management, digital signatures, privacy management, access control etc. to message protection cryptography.
Other standardisation organisations and initiatives are consulted such as the Trusted Computing Group (TCG), W3C and the Liberty Alliance, promoting standards, guidelines and best practices for identity management.
For the iURBAN project security framework, important design challenges stem from the fact that the solution architecture operates in a distributed, heterogeneous and wireless network environment.
iURBAN project explores the existing state-of-the-art and conceive a prototype of a security framework for the integrated architecture that fully meets these design challenges, further considering the particular operational use scenarios and corresponding security requirements for a cooperative system.
The following picture shows the iURBAN security approach: