Chapter 18 - Cyber-Security
2
THE NEED FOR CYBER-SECURITY
Cyber-security provides protection against unauthorised disclosure, transfer, modification, or destruction of
information or information systems, whether accidental or intentional. To achieve this, there are several security
requirements:
Confidentiality (preventing unauthorised access to information)
●
●
Integrity (preventing unauthorised modification)
Availability / Authentication (preventing the denial of service and assuring authorised access to information)
●
Non-repudiation (preventing the denial of an action that took place)
●
Traceability / Detection (monitoring and logging of activity to detect intrusion and analyse incidents)
●
The threats to cyber-security may be unintentional (e.g. natural disasters, human error), or intentional (e.g. cyber-
attacks by hackers).
Good cyber-security can be achieved with a range of measures, such as closing down vulnerability loopholes,
implementing adequate security processes and procedures and providing technology to help achieve this.
Examples of vulnerabilities are:
Indiscretions by personnel (users keep passwords on their computer)
●
●
Bad practice (users do not change default passwords, or everyone uses the same password to access all
substation equipment)
Bypassing of controls (users turn off security measures)
●
Inadequate technology (substation is not firewalled)
●
Examples of availability issues are:
Equipment overload, resulting in reduced or no performance
●
Expiry of a certificate preventing access to equipment
●
To help tackle these issues, standards organisations have produced various standards. Compliance with these
standards significantly reduces the threats associated with lack of cyber-security.
402
P14D
P14D-TM-EN-8