2 THE NEED FOR CYBER-SECURITY
Cyber-security provides protection against unauthorised disclosure, transfer, modification, or destruction of
information or information systems, whether accidental or intentional. T
o achieve this, there are several security
requirements:
● Confidentiality (preventing unauthorised access to information)
● Integrity (preventing unauthorised modification)
● Availability / Authentication (preventing the denial of service and assuring authorised access to information)
● Non-repudiation (preventing the denial of an action that took place)
● Traceability / Detection (monitoring and logging of activity to detect intrusion and analyse incidents)
The threats to cyber-security may be unintentional (e.g. natural disasters, human error), or intentional (e.g. cyber-
attacks by hackers).
Good cyber-security can be achieved with a range of measures, such as closing down vulnerability loopholes,
implementing adequate security processes and procedures and providing technology to help achieve this.
Examples of vulnerabilities are:
● Indiscretions by personnel (users keep passwords on their computer)
● Bad practice (users do not change default passwords, or everyone uses the same password to access all
substation equipment)
● Bypassing of controls (users turn off security measures)
● Inadequate technology (substation is not firewalled)
Examples of availability issues are:
● Equipment overload, resulting in reduced or no performance
● Expiry of a certificate preventing access to equipment
To help tackle these issues, standards organisations have produced various standards. Compliance with these
standards significantly reduces the threats associated with lack of cyber-security.
Chapter 18 - Cyber-Security P54A/B/C/E
416 P54xMED-TM-EN-1
To Next Page
Loading...
Need help?
General
