题名

智慧電網之資訊安全標準的研究分析

并列篇名

Research of Information Security Standards for Smart Grid

作者

宋明軒(Ming-Xuan Sung);葉錫勳(Hsi-Hsun Yen);郭文中(Wen-Chung Kuo)

关键词

智慧電網 ; 安全標準 ; IEC 62443 ; IEC 62351 ; NISTIR 7628 ; ISO 27001 ; Smart Grid ; Security Information Standard ; IEC 62443 ; IEC 62351 ; NISTIR 7628 ; ISO 27001

期刊名称

資訊安全通訊

卷期/出版年月

27卷3期(2021 / 08 / 01)

页次

1 - 20

内容语文

繁體中文
中文摘要

智慧電網是利用資訊化以及自動化整合發、輸、配電以及用戶的電網系統,也就是將IT(Information Technology)與OT(Operational Technology)結合在發、輸、配電以及用戶的電力系統。因為電力系統是國家重要的基礎建設,若貿然將其資訊化及自動化,可能會面臨相當大的風險。因此各國專家學者都積極投入智慧電網之網路安全標準的制定,而這些標準內容繁雜,使得相關人員難以尋找所需的資訊安全標準。因此,在本篇文章中,我們首先研析智慧電網及工業自動化的相關資訊安全標準(如IEC62443、IEC62351、NISTIR7628以及ISO27001),然後針對這些標準的差異、使用的安全技術以及面臨的資安威脅進行分類及比較。最後,我們再利用美國政府制訂的網路安全框架(Cybersecurity Framework,CSF)內之五大核心功能來對這些智慧電網標準進行歸類,期望能夠以提供人們在建置或設計智慧電網時,當作資訊安全防護參考指南。
英文摘要

A smart grid is a grid system that integrates power generation, transmission, distribution, and users through information and automation technology. In other words, it combines IT (Information Technology) and OT (Operational Technology) to be used in the power system which includes the power generation, transmission, distribution and users. However, the power system is an important infrastructure, and it will face considerable risks after informatization and automation. Therefore, many expert groups from various countries are actively involved in the drafting of smart grid-related cyber security standards. The content of these standards is complex, making it difficult for relevant personnel to find the required information security standards. Firstly, we will analyze many related information security standards for smart grids and industrial automation, such as IEC 62443, IEC 62351, NISTIR 7628 and ISO 27001 in this paper. Secondly, we will classify and compare the differences between the security technologies and threats of these standards. Finally, we will use the five core functions of the Cybersecurity Framework (CSF) to category these standards and then provide an information security protection guideline when people want to set up or design the smart grids.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. 魏銪志(2020)。資訊與工控資通安全風險管理機制評估。Communications_of_the_CCISA,26(4),17-33。
    連結:
  2. (2016)。行政院國土安全政策會報,“國家關鍵基礎設施安全防護指導綱要”,2016。
  3. (2016)。行政院原子能委員會委託研究計畫研究報告行政院原子能委員會委託研究計畫研究報告,行政院原子能委員會。
  4. Gunduz, M.Z.,Das, R.(2020).Cyber-security on smart grid: Threats and potential solutions.Computer Networks,169
  5. Gunduz, M.Z.,Das, R.(2018).Analysis of cyber-attacks on smart grid applications.International Conference on Artificial Intelligence and Data Processing (IDAP)
  6. He, H.,Yan, J.(2016).Cyber-Physical Attacks and Defences in the Smart Grid: A Survey.IET Cyber-Physical Systems: Theory & Applications,1,13-27.
  7. IEC(2007).IEC, Industrial communication networks – Network and system security–Part 4: Profiles including MMS.2007..
  8. IEC(2007).IEC, Power systems management and associated information exchange –Data and communications security Part 1:Communication network and system security –Introduction to security issues.2007..
  9. IEC(2014).IEC, Industrial communication networks – Network and system security –Part 3: Security technologies for industrial automation and control systems.2014..
  10. IEC(2009).IEC , IEC 62443-3-1:Industrial communication networks – Network and system security –Part 3-1: Security technologies for industrial automation and control systems. 2009..
  11. IEC(2020).IEC, IEC 62443-3-2:Security for industrial automation and control systems –Part 3-2: Security risk assessment for system design. 2020..
  12. IEC(2009).IEC, IEC 62443-1-1:Industrial communication networks – Network and system security –Part 1-1: Terminology, concepts and models. 2009..
  13. IEC(2018).IEC, IEC 62443-4-1:Security for industrial automation and control systems –Part 4-1: Secure product development lifecycle requirements. 2018..
  14. IEC(2013).IEC, IEC 62443-3-3: Industrial communication networks – Network and system security –Part 3-3: System security requirements and security levels. 2013..
  15. IEC(2013).IEC, Industrial communication networks – Network and system security–Part 5: Security for IEC 60870-5 and derivatives .2013..
  16. IEC(2017).IEC, Industrial communication networks – Network and system security–Part 9: Cyber security key management for power system equipment .2017..
  17. ISO(2013).ISO, ISO27001:Information Security Management.2013..
  18. Leszczyna, R.(2018).A review of standards with cybersecurity requirements for smart grid.Comput. Secur,22-73.
  19. NIST(2018).NIST, Framework for Improving Critical Infrastructure Cybersecurity. 2018..
  20. NIST(2014).Guidelines for Smart Grid Cybersecurity Vol 1:Smart Grid Cyber Security Strategy, Architecture,and High-Level Requirements.
  21. NIST(2015).Guide to Industrial Control Systems (ICS) Security.
  22. Yip, S. -C.,Tan, C.,Tan, W. -N.,Gan, M. -T.,Wong, K.,Phan, R. C. -W.(2018).Detection of Energy Theft and Metering Defects in Advanced Metering Infrastructure Using Analytics.2018 International Conference on Smart Grid and Clean Energy Technologies (ICSGCE)
  23. 台灣電力公司,“513 停電事故初步調查出爐台電今提出用戶減免 4.7 億元電費方案 ” , 新聞稿 , 台灣電力公司 ,www.taipower.com.tw/tc/news_info.aspx?id=4520&chk=d7173b40-7289-46ac-82a3-3e46e400c41d&mid=17¶m=pn%3d1%26mid%3d17%26key%3d(2021/05/14)。
  24. 行政院原子能委員會(2010)。,未出版
  25. 林妍溱, ”伊朗駭客惡意程式已駭入美國電網、油氣公司”,https://www.ithome.com.tw/news/135276(2020/01/10)。
print cancel