The Need For Cyber Security - GE MiCOM P40 Agile Technical Manual

P44X/EN CS/Hb6
(CS) 15-6
2.

THE NEED FOR CYBER SECURITY

Cyber-security provides protection against unauthorized disclosure, transfer, modification, or
destruction of information and/or information systems, whether accidental or intentional. To
achieve this, there are several security requirements:
• Confidentiality (preventing unauthorized access to information)
• Integrity (preventing unauthorized modification)
• Availability / Authentication (preventing the denial of service and assuring
authorized access to information)
• Non-Repudiation (preventing the denial of an action that took place)
• Traceability/Detection (monitoring and logging of activity to detect intrusion and
analyze incidents)
The threats to cyber security may be unintentional (e.g. natural disasters, human error), or
intentional (e.g. cyber attacks by hackers).
Good cyber security can be achieved with a range of measures, such as closing down
vulnerability loopholes, implementing adequate security processes and procedures and
providing technology to help achieve this.
Examples of vulnerabilities are:
• Indiscretions by personnel (e.g. users keep passwords on their computer)
• Bypassing of controls (e.g. users turn off security measures)
• Bad practice (users do not change default passwords, or everyone uses the same
password to access all substation equipment)
• Inadequate technology (e.g. substation is not firewalled)
• Examples of availability issues are:
• Equipment overload, resulting in reduced or no performance
• Expiry of a certificate prevents access to equipment.
To help tackle these issues, standards organizations have produced various standards, by
which compliance significantly reduces the threats associated with lack of cyber security.
MiCOM P40 Agile P441, P442, P444
Cyber Security