Defending Smart Grid Infrastructure—A Scenario-Based Analysis of Cybersecurity and Privacy Rules in China, France, Russia, UK, and USA
Abstract:
The digitization of the electric energy grid enlarges its attack surface and makes the infrastructure increasingly vulnerable to digital warfare. Therefore, national legislation is central to defending critical energy infrastructure against terrorist and nation-state attacks in cyberspace. Still, previous studies have found shortcomings in cybersecurity legislation. To support smaller countries in their policymaking, this study describes a normative ideal in the form of a consolidated security policy framework. The framework consists of 25 policies that are based on cybersecurity and privacy rules of five countries with strong cyber defence capabilities; the framework addresses five cyberattack scenarios with a very high consequence potential. This study shows that the consolidated policies provide a holistic cyber defence framework, covering strategic, tactical, and operational levels, including obligations on both authority and industry levels.
AUTHORS
Department of Information Security and Communication Technology Norwegian University of Science and Technology
Gjøvik, Norway
Norwegian Institute for Defence Studies Norwegian Defence University College
Oslo, Norway
Energy Market Law Norwegian Energy Regulatory Authority
Oslo, Norway
Øyvind Toftegaard is a PhD candidate in information and network security at the Norwegian University of Science and Technology, Gjøvik, Norway, a guest researcher at the Norwegian Institute for Defence Studies, Oslo, Norway, and a security adviser at the Norwegian Energy Regulatory Authority, Oslo, Norway. His research interests include cyber security management, critical infrastructure protection, policymaking, policy analysis, and regulatory compliance.
Department of Information Security and Communication Technology
Norwegian University of Science and Technology
Gjøvik, Norway
Luyi Sun is a PhD in Information and Network Security at the Norwegian University of Science and Technology, Gjøvik, Norway. She received her bachelor’s degree in electronic and information engineering from Huazhong University of Science and Technology, Wuhan, China. In 2018, she was admitted to a joint program between Huazhong University of Science and Technology and KTH Royal Institute of Technology. She spent the fourth year of the bachelor’s program in KTH, Stockholm, Sweden, and started her first year of the master's program in the meantime. She received her Master's degree in Computer Science from KTH in 2020.
Lucerne School of Computer Science and Information Technology Lucerne University of Applied Sciences and Arts
Rotkreuz, Switzerland
Lucerne School of Computer Science and Information Technology
Lucerne University of Applied Sciences and Arts
Rotkreuz, Switzerland
Bernhard Hämmerli is a Professor of Information and Network Security at the Norwegian University of Science and Technology, Gjøvik, Norway, and a Professor of Information and Cyber Security at Lucerne University of Applied Sciences and Arts, Lucerne, Switzerland. His research interests include cyber security, critical infrastructure, and operational technology—ranging from the technical to the governance and strategic levels.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive