IEC 62443 Standard for Hydro Power Plants
This study approaches cyber security in industrial environments focusing on hydro power plants, since they are part of the critical infrastructure and are the main source of renewable energy in some countries. The theoretical study case follows the standard IEC 62443-2-1 to implement a cyber securit...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-02-01
|
| Series: | Energies |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1996-1073/16/3/1452 |
| _version_ | 1797624688911843328 |
|---|---|
| author | Jessica B. Heluany Ricardo Galvão |
| author_facet | Jessica B. Heluany Ricardo Galvão |
| author_sort | Jessica B. Heluany |
| collection | DOAJ |
| description | This study approaches cyber security in industrial environments focusing on hydro power plants, since they are part of the critical infrastructure and are the main source of renewable energy in some countries. The theoretical study case follows the standard IEC 62443-2-1 to implement a cyber security management system (CSMS) in a hydro power plant with two generation units. The CSMS is composed of six steps: (1) initiate CSMS, (2) high level risk assessment, (3) detailed risk assessment, (4) establish policies, procedures, and awareness, (5) select and implement countermeasures, and (6) maintain the CSMS. To perform the high-level risk assessment, an overview of the most common activities and vulnerabilities in hydro power plants systems is presented. After defining the priorities, the detailed risk assessment is performed based on a HAZOP risk analysis methodology focusing on hackable digital assets (cyber-HAZOP). The analysis of the cyber-HAZOP assessment leads to mitigations of the cyber risks that are addressed proposing modifications in the automation architecture, and this also involves checking lists to be used by the stakeholders during the implementation of the solution, emphasizing security configurations in digital assets groups. |
| first_indexed | 2024-03-11T09:46:07Z |
| format | Article |
| id | doaj.art-8ed1a5d4bd5648f3b98570a1de0eeea2 |
| institution | Directory Open Access Journal |
| issn | 1996-1073 |
| language | English |
| last_indexed | 2024-03-11T09:46:07Z |
| publishDate | 2023-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Energies |
| spelling | doaj.art-8ed1a5d4bd5648f3b98570a1de0eeea22023-11-16T16:37:40ZengMDPI AGEnergies1996-10732023-02-01163145210.3390/en16031452IEC 62443 Standard for Hydro Power PlantsJessica B. Heluany0Ricardo Galvão1Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2815 Gjøvik, NorwayPECE—Industrial Automation, University of São Paulo, São Paulo 2373, BrazilThis study approaches cyber security in industrial environments focusing on hydro power plants, since they are part of the critical infrastructure and are the main source of renewable energy in some countries. The theoretical study case follows the standard IEC 62443-2-1 to implement a cyber security management system (CSMS) in a hydro power plant with two generation units. The CSMS is composed of six steps: (1) initiate CSMS, (2) high level risk assessment, (3) detailed risk assessment, (4) establish policies, procedures, and awareness, (5) select and implement countermeasures, and (6) maintain the CSMS. To perform the high-level risk assessment, an overview of the most common activities and vulnerabilities in hydro power plants systems is presented. After defining the priorities, the detailed risk assessment is performed based on a HAZOP risk analysis methodology focusing on hackable digital assets (cyber-HAZOP). The analysis of the cyber-HAZOP assessment leads to mitigations of the cyber risks that are addressed proposing modifications in the automation architecture, and this also involves checking lists to be used by the stakeholders during the implementation of the solution, emphasizing security configurations in digital assets groups.https://www.mdpi.com/1996-1073/16/3/1452HPPs cybersecuritycyber-HAZOPIEC 62443CSMSsmart grid |
| spellingShingle | Jessica B. Heluany Ricardo Galvão IEC 62443 Standard for Hydro Power Plants Energies HPPs cybersecurity cyber-HAZOP IEC 62443 CSMS smart grid |
| title | IEC 62443 Standard for Hydro Power Plants |
| title_full | IEC 62443 Standard for Hydro Power Plants |
| title_fullStr | IEC 62443 Standard for Hydro Power Plants |
| title_full_unstemmed | IEC 62443 Standard for Hydro Power Plants |
| title_short | IEC 62443 Standard for Hydro Power Plants |
| title_sort | iec 62443 standard for hydro power plants |
| topic | HPPs cybersecurity cyber-HAZOP IEC 62443 CSMS smart grid |
| url | https://www.mdpi.com/1996-1073/16/3/1452 |
| work_keys_str_mv | AT jessicabheluany iec62443standardforhydropowerplants AT ricardogalvao iec62443standardforhydropowerplants |