ibm end-to-end security for smart gridsdocshare04.docshare.tips/files/3071/30719034.pdfibm...

White paperSeptember 2009

IBM end-to-end security forsmart grids

http://www.ibm.com

IBM end-to-end security for smart gridsPage 2

Contents

2 Introduction3 Why we need a smart grid4 Security for the smart grid5 How can IBM address

smart grid security?6 Security for the utility

business6 Security for advanced

metering data manage-ment systems

8 Security for SCADA networks

10 Supporting CriticalInfrastructure Protectionstandards

14 Conclusion15 For more information

IntroductionThe electric grid has been providing reliable electric energy for decades.

Comprised of generating, transmission, and distribution equipment along with

its associated control systems and operating staff, the electric grid is vital to

the world. And when it fails, civilization comes to a standstill.

The grid infrastructure has been subjected to minimal maintenance-mode

investment for decades, and it needs to be overhauled. An aging workforce,

rising energy costs, globalization, environmental issues, and terrorism or mali-

cious abuse of these systems threaten the grid’s sustainability. Security con-

cerns for these critical infrastructures in North America and Europe have

recently been heightened.1

Around the globe, the reliability of the grid is governed by various entities:

government mandates and commissions, industry consortiums, and regulatory

bodies. In December 2008, the U.S. Department of Energy (DOE) published a

report on the nation’s goal to transform its energy grid into a more intelligent,

resilient, reliable, secure, self-balancing, and interactive network.2 In

March 2009, the U.S. Federal Energy Regulatory Commission (FERC) pro-

posed a policy statement and action plan that provides guidance for the devel-

opment of a smarter grid for the nation’s electric transmission system. This

plan focuses on the development of key standards to achieve interoperability

of smart grid devices and systems.3 An IBM white paper published five years

ago concurs with these views of DOE and FERC to build smart grids.4

The Council of the European Union recently adopted a Council Directive

for the identification and designation of European critical infrastructures and

the assessment of the need to improve their protection.5 While EU member

states are responsible for policies regarding the security of energy facilities in


Highlights

A smart grid applies a set of diverse

digital technologies to enhance the

value chain of the electric power

industry, improving not only man-

agement of energy flow but also

information exchange and equip-

ment operation.

their territories, the European Commission for Energy is responsible for

developing pan-EU critical infrastructure protection policies and recommen-

dations.6 In the UK, the Centre for the Protection of National Infrastructure

(CPNI) is the government authority that provides protective security advice to

businesses and organizations across the national infrastructure.7

This paper focuses on the security aspects of protecting the electric grid. It

discusses the end-to-end security needs and solutions at various points in the

smart grid chain. Security solutions related to the North American Electric

Reliability Corporation – Critical Infrastructure Protection (NERC-CIP)

requirements are used as examples of best-practice methods for securing the

grid. In addition, this paper addresses security for remote device monitoring,

Supervisory Control And Data Acquisition (SCADA) systems, and the

Advanced Meter Infrastructure (AMI). The paper then explains how IBM soft-

ware, hardware and services can help you meet these regulations and security

requirements.

Why we need a smart gridThe concept of a smart grid is the application of a set of diverse digital tech-

nologies that enhance the value chain of the electric power industry. These

digital technologies, comprised of new devices and applications, some of

which are Internet Protocol (IP) enabled, will aid in the sharing of informa-

tion and coordination of management of the generation, transmission, and dis-

tribution aspects of the infrastructure across distributed energy resources.

Grid modernization will overhaul the energy industry, creating better visu-

alization and control for operators. The application of digital technologies can

help reduce peak demand through dynamic optimization, reduce operations

and maintenance costs, integrate renewable sources of energy, improve grid

reliability, and make transmission and distribution more efficient. Such effi-

ciencies can be established only with smart devices and applications that

enable a finer level of visibility, control and automation.


Highlights

A digital infrastructure can be more

flexible and dynamic, but it can also

introduce new security vulnerabili-

ties that threaten the safe and effi-

cient functioning of the grid.

On the residential front, consumers can be given more options to control

home appliances and to derive on-demand information to better understand

and manage their consumption.

We need a smart grid to manage not only energy flow but also information

exchange and equipment operation. Regulations imposed by governments or

industry consortiums oversee the development and enforcement of reliability

standards and monitor the bulk-power systems. The stakeholders of the elec-

trical grid include independent service operators (ISOs), remote transmission

operators (RTOs), various utilities, and consumers.

Security for the smart gridSecurity is a vital element of any technology related to sensitive assets, and

new technological advancements force organizations to face new security con-

cerns and risks. When devices like smart meters are made more secure, their

business value increases because organizations can respond dynamically and

with confidence to new market opportunities or changing conditions. This

allows for improved efficiency, reduced costs, and improved continuity of serv-

ices. Robust security for the grid can have a tremendous positive impact, as a

lack of security directly threatens the safety of the public and all of those who

are affected by grid failures.

As an example, there is a global effort to transform the electric grid to a

digital infrastructure. A fundamental move like this is considered necessary in

order to keep up with energy and utility operational demands while maintain-

ing or improving the bottom line. A digital infrastructure can be more flexible

and dynamic; however, such a network may expose the critical infrastructure

to additional security concerns such as unapproved access and cyber attacks.


A lack of adequate security in the energy industry could pose threats of serv-

ice disruption, which can impede safe and efficient functioning of the system.

Added layers of security controls, policies, and procedures are necessary to

help protect and manage the grid.

The best approach to securing smart grids is to identify and quantify the

risks across the entire value chain, develop the appropriate policies and con-

trols to manage these risks, deploy the policies and controls, and then perform

systematic, periodic reviews, including vulnerability testing.

How can IBM address smart grid security?IBM has been very successful in providing security consulting, design, build,

and managed services solutions for critical infrastructure in a wide range of

demanding industries, including defense, financial services, and energy and

utilities. IBM security solutions are based on the IBM Security Framework

(see Figure 1), which defines an end-to-end approach to developing, deploying

and supporting security solutions across domains of people, networks, applica-

tions, data, and the physical plant.

Figure 1: IBM takes a holistic approach to security through the IBM Security Framework.


Highlights

IBM has the technology and expert-

ise to deploy end-to-end security

solutions for smart grid implemen-

tations, and is committed to provid-

ing security solutions within the

context of regulatory standards.

IBM has the technology and expertise to deploy end-to-end security solutions

for smart grid implementations, and is committed to providing security solu-

tions within the context of regulatory standards.

Security for the utility businessIn-depth IT security design principles state that better security management is

achieved when an entity is protected by not just one layer or one component,

but by multiple, diverse mechanisms. These and many other IT security prin-

ciples are addressed by global IT security standards ISO 27002:2005 and

ISO 15408. They cover areas such as defense-in-depth principles, trusted and

consistent identities, authentication and access control, information flow con-

trol, encryption of sensitive data at-rest and in-transit, audit and compliance,

and resiliency. All energy and utility organizations should leverage these prin-

ciples for their corporate business and IT infrastructures.

Business applications can pose a serious security threat when accessed by

unauthorized users. Applications can produce unintended results with mal-

formed input data. Thus, utility applications must be immune to issues such

as suspicious demand-response bids from a home, a negative meter reading,

or more subtle but seemingly valid scenarios. IBM can help utilities scan

applications with security penetration testing for vulnerabilities before they

are deployed and while they are in operation.

Security for advanced metering data management systemsIBM is working with utilities to implement smart meters as a core component

of a new intelligent utility network infrastructure that uses digital technology.

Many meter vendors have implemented their own protocols between the smart

meter and the head-end collectors to comply with the security requirements


Highlights

Advanced meter management from

IBM is a cornerstone of the

IBM Intelligent Utility Network

solution suite.

The IBM Solution Architecture for

Energy (SAFE) framework enables

the utility to build and extend new

services to customers easily and

cost-effectively through the effi-

cient flow of information across the

enterprise.

released by the Advanced Metering Infrastructure (AMI-SEC) Task Force.8

These security requirements take into account security standards from organi-

zations such as NERC, IEC, and National Institute of Standards and

Technology (NIST).

While the jurisdiction between smart meters and the head-end collectors

often lies with the meter vendor of choice, the utility meter network data is

fed into different business processes and applications such as meter demand

management, enterprise asset management, financial management, customer

support, and outage management. IBM has been working with utility

companies to rapidly adopt a service-oriented architecture (SOA) approach for

such business processes and applications. Advanced meter management from

IBM is a cornerstone of the IBM Intelligent Utility Network solution suite.9

IBM has also developed the Solution Architecture for Energy (SAFE), a

framework which enables integration across the enterprise with grid and dis-

tribution management, finance and administration, customer management,

human resources, and procurement. As shown in Figure 2, the enterprise por-

tion of SAFE is based on SOA, which enables the utility to build and extend

new services to customers easily and cost-effectively through the efficient flow

of information across the enterprise. This architecture is intended to provide

business applications and services that can securely interoperate with business

partners, suppliers, regulators, and utility customers while securely maintain-

ing the confidentiality, integrity, and accountability of data exchanged, and

that can also link to embedded and operational systems.


Figure 2: The IBM Solution Architecture for Energy (SAFE) framework for utilities enables secure integrationacross the enterprise.

Security for SCADA systemsIBM recognizes that security for the smart grid goes beyond the business and

IT domains. Conventional enterprise IT security measures must be adapted

and extended into the industrial process control systems, which involve a myr-

iad of proprietary interfaces, protocols, and heterogeneous devices spread over

a large geographic and governance space. The challenge for smart grid secu-

rity is that there are two distinct spaces that must be bridged securely.

The business enterprise operations of the energy utility often engage in

data sharing that relies on the Internet as well as corporate intranets and

extranets. Existing programmable logic controllers, remote terminal units

(RTUs), and SCADA systems may have been designed with security based on

physical isolation. Some utilities are using corporate intranets or even the

Internet to access devices on the control systems in order to increase produc-

tivity and offer seamless connectivity. These approaches require thoughtful

analysis because they may introduce new security vulnerabilities.


Industrial control systems security typically involves securing two different

computing systems and networks. First, the operator consoles and applications

that use commercial operating systems must be secured. These consoles are

typically protected by enterprise role-based access control and governed by

business-driven policy.

Second, the process equipment control systems that receive commands,

measure data, and generate actions and events must be secured. These field

devices were designed to reside in isolated process-control networks, with the

assumption that only a few, trusted operators would have the ability to access

them. IP-enabling this field equipment into intelligent electronic devices

(IEDs) allows for seamless remote control but can make the control infra-

structure more vulnerable. Proper network demarcation and protection of net-

works with appropriate security controls is essential for robust smart grid

security (see Figure 3).

TRANSMISSION ANDSUBSTATION SYSTEM

DISTRIBUTIONSYSTEM

Meter to concentratorSCADA network

systems

Residentialcustomer

Concentrator Concentrator

Commercialcustomer

Advanced metering datamanagement system

Utility communication link

Substation remotemonitoring equipment

Utility

Step-downsubstation

Generating station

WIRELESSCOMMUNICATIONS LINK

WIRELESSCOMMUNICATIONS LINK

Figure 3: Robust smart grid security addresses security focus points all along the utility value chain.


Highlights

IBM’s IT security capabilities can be

used for remote device monitoring,

along with enterprise asset

management software and grid

operations.

IBM participates in open security standards committees and embraces these

standards to facilitate integration with industry-leading components, including

integration with different end-point devices and with independent service ven-

dors (ISVs) who are helping to create successful solutions. This is essential for

SCADA security where there are several players that comprise the process

control grid equipment.

Remote device monitoring is the key to enhancing the reliability of the

grid. The substations along the electricity supply chain contain many RTUs or

IEDs. However, the monitored data from these substations can only be relied

upon if the integrity of the data is assured by the security of the substation

equipment. Currently, there is a need to perform case-by-case technical

assessments of vendor products, studying the interfaces they expose and the

protocols they use so that their security can be assured within the greater

cyber security context. Security for such devices is being standardized accord-

ing to the IEC/TS 62351 and 62443 standards.

As more standardization occurs in smart grids, the process control networks

can benefit from lessons learned from IT networks running business applica-

tions. This allows for some Internet technologies to be applied for remote

device monitoring where applicable. Timing and deterministic properties have

to be evaluated so security does not disrupt the prime mission of these sys-

tems. IBM’s IT security capabilities can be used for remote device monitoring,

along with enterprise asset management software and grid operations.

Supporting Critical Infrastructure Protection standardsMost countries have developed mandatory reliability standards applicable to

all energy-producing and transmitting utilities, like the NERC Critical

Infrastructure Protection (CIP) standard in North America.10 One area of regu-

latory reliability specifically addresses protecting electric grid bulk-power

cyber assets.


Highlights

IBM can help utilities comply with

critical infrastructure protection

standards such as NERC-CIP by

applying a range of industry-

leading security solutions.

IBM can help utilities comply with critical infrastructure protection stan-

dards like the ones listed in NERC CIP-001 through CIP-009 by applying

security offerings at consulting, design, development, build, and operational

levels. Leveraging the IBM Security Framework infuses security into the

lifecycle of energy management software and the networking of field

control devices.

Sabotage Reporting (CIP-001) – NERC provides directives and proce-dures for detection, recognition and reporting of sabotage events. It specifies

procedures for communications to appropriate parties and local authorities. It

expects security monitoring tools to provide near real-time notifications for

reporting. IBM solutions enable the utility to continuously monitor security

violations during operations, as well as detect out-of-compliance conditions.

These products can even help track user activity for privileged users, includ-

ing physical location, deterring insider attacks.

Critical Cyber Asset Identification (CIP-002) – NERC has recognizedthe need for identification and documentation of critical cyber assets.

Identifying these assets and their relationships helps lay the foundation for

applying security principles within each asset’s function as well as communi-

cations between the asset and other assets in the grid value chain. IBM can

assist in building an integrated asset management solution.

Security Management Controls (CIP-003) – This directive calls forresponsible organizations to document and implement a cyber security policy

to represent the company’s commitment to security and their ability to secure

critical cyber assets. IBM can assist with a comprehensive cyber security solu-

tion with functions like policy management, authentication and authorization


Highlights

IBM’s command and control center

solution provides advanced physi-

cal security integration, enabling

organizations to control, monitor

and maintain disparate security

systems and assets through a sin-

gle interface.

of grid systems commands, protection and inspection of all XML traffic across

network boundaries, management of keys used in encryption of data stored on

tapes and disk, enablement of change management processes for configuration

changes to cyber assets, comparison of activity logs against security policies,

and provision of centralized identity, access, attestation and audit services.

Personnel & Training (CIP-004) – With this directive, NERC defines theobligations of utility management to conduct thorough personnel risk assess-

ments in accordance with federal, state, provincial, and local laws. All person-

nel having authorized cyber access or authorized unescorted physical access

to critical cyber assets as well as field assets must get access on a “need-to-

know” basis. IBM solutions can help oversee the entire process of managing

personnel risk assessments, including enrollment, proofing, and background

checks as part of the identity vetting process. IBM also provides tools for man-

aging learning/training programs.

Electronic Security Perimeter (CIP-005) – According to NERC, the util-ity is responsible for ensuring that every critical cyber asset resides within an

electronic security perimeter. This perimeter needs to be identified and all

access points to it need to be identified, documented, and controlled.

IBM solutions for intrusion and anomaly detection can not only protect IT

networks from worms, malware and viruses, but also monitor traffic between

intelligent field devices for signs of suspicious activity.

Physical Security of Critical Cyber Assets (CIP-006) – This directivedefines the physical security of a critical cyber asset as being comprised of five

distinct elements: deterrence, detection, assessment, communications, and


Highlights

IBM’s service, incident, and prob-

lem management capabilities help

manage processes for security inci-

dents with a well-documented,

repeatable workflow.

response. IBM’s command and control center solution provides advanced

physical security integration, enabling organizations to control, monitor and

maintain disparate security systems and assets through a single interface.

Systems Security Management (CIP-007) – This item in the standarddirects security management and testing procedures, patch management,

account management, and vulnerability analysis. Organizations need to ensure

that new cyber assets and significant changes to existing cyber assets within

the electronic security perimeter do not adversely affect existing cyber security

controls.

IBM provides a comprehensive management suite that provides uniform

patch management for heterogeneous platforms, change and configuration

management, intrusion detection and analysis, authoring and enforcement of

strict identity provisioning policies, vulnerability testing for applications, con-

solidated logging, event correlation, dashboards for visualization, and escala-

tion mechanisms.

Incident Reporting and Response Planning (CIP-008) – This directivecalls for the IT and process-control operations to develop and maintain a

cyber security incident response plan, documenting procedures to classify and

escalate events and report security incidents to authorities. IBM’s service,

incident, and problem management capabilities help manage processes for

security incidents with a well-documented, repeatable workflow.

Recovery Plans for Critical Cyber Assets (CIP-009) – Standard CIP-009 ensures that recovery plans are put in place for critical cyber assets

and that these plans follow established business continuity and disaster


Highlights

IBM enables a holistic approach to

grid security, providing hardware,

software, and services that build on

an integrated security framework to

deliver comprehensive capabilities.

recovery techniques and practices. IBM’s asset management solutions enable

services delivery and support processes for the most dynamic IT infrastruc-

tures, ensuring business resilience and promoting faster recovery during

failures.

ConclusionIBM’s holistic approach to grid security is about not only the comprehensive

set of capabilities listed above, but the ability to build on our common secu-

rity framework, integrating and optimizing the built-in security features of

IBM hardware, software and service offerings while providing a platform for

other ISV security products as well (see Figure 4).

Figure 4: The IBM Security Framework integrates IBM hardware, software, and services while providing a platform for other ISV security products.


IBM provides a comprehensive set of products and consulting, design, deploy-

ment, and managed service offerings to help comply with NERC-CIP security

requirements and other industry regulations. IBM also has the expertise to

implement the 21 steps recommended by the DOE for SCADA security.11

IBM has a proven track record in securing our nation’s most critical infra-

structures including military, banking, stock markets, and utilities. IBM is

unique in its ability to provide an unparalleled breadth and depth of technol-

ogy, services, and scalability for proven, quantifiable results.

For more informationTo learn more about how IBM solutions can help your organization meet

security regulations and requirements, contact your IBM representative or

IBM Business Partner, or visit: ibm.com/security and ibm.com/energy

http://www.ibm.com/securityhttp://www.ibm.com/energy

© Copyright IBM Corporation 2009

IBM Corporation Software GroupRoute 100Somers, NY 10589U.S.A.

Produced in the United States of AmericaSeptember 2009All Rights Reserved

IBM, the IBM logo, and ibm.com are trademarksor registered trademarks of InternationalBusiness Machines Corporation in the United States, other countries, or both. If theseand other IBM trademarked terms are markedon their first occurrence in this information witha trademark symbol (® or ™), these symbolsindicate U.S. registered or common lawtrademarks owned by IBM at the time thisinformation was published. Such trademarksmay also be registered or common lawtrademarks in other countries. A current list ofIBM trademarks is available on the Web at“Copyright and trademark information” atibm.com/legal/copytrade.shtml

Other company, product and service namesmay be trademarks or service marks of others.

References in this publication to IBM productsand services do not imply that IBM intends tomake them available in all countries in whichIBM operates.

No part of this document may be reproduced ortransmitted in any form without writtenpermission from IBM Corporation.

Product data has been reviewed for accuracyas of the date of initial publication. Product datais subject to change without notice. Anystatements regarding IBM’s future direction andintent are subject to change or withdrawalwithout notice, and represent goals andobjectives only.

THE INFORMATION PROVIDED IN THISDOCUMENT IS DISTRIBUTED “AS IS”WITHOUT ANY WARRANTY, EITHER EXPRESSOR IMPLIED. IBM EXPRESSLY DISCLAIMSANY WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements (e.g. IBM Customer Agreement, Statement of Limited Warranty, International ProgramLicense Agreement, etc.) under which they are provided.

The customer is responsible for ensuringcompliance with legal requirements. It is thecustomer’s sole responsibility to obtain advice ofcompetent legal counsel as to the identificationand interpretation of any relevant laws andregulatory requirements that may affect thecustomer’s business and any actions thecustomer may need to take to comply with suchlaws. IBM does not provide legal advice orrepresent or warrant that its services orproducts will ensure that the customer is incompliance with any law or regulation.

1 Gorman, Siobhan, “Electricity Grid in U.S.Penetrated by Spies,” The Wall Street Journal.April 8, 2009. http://online.wsj.com/article_email/SB123914805204099085-lMyQjAxMDI5MzA5ODEwNDg4Wj.html

2 “Smart Grid: Enabler of the New EnergyEconomy,” The Electricity Advisory Committee of the U.S. Department of Energy.December 2008. Guido Bartels, IBM GeneralManager, Energy & Utilities Industry andChairman, Gridwise Alliance, provided keyleadership for this paper. www.oe.energy.gov/DocumentsandMedia/final-smart-grid-report.pdf

3 “FERC accelerates Smart Grid developmentwith proposed policy, action plan,” Federal Energy Regulatory Commission. March 19, 2009. www.ferc.gov/news/news-releases/2009/2009-1/03-19-09.asp

4 Callahan, Stephen J., “Rebuilding the grid,”IBM. April, 2004. www-935.ibm.com/services/in/igs/pdf/ge510-3587-00f-rebuild-grid.pdf

5 Council Directive 2008/114/EC, Official Journalof the European Union. December 2008.http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF

6 European Commission, Energy, CriticalInfrastructure Protection. http://ec.europa.eu/energy/infrastructure/critical_en.htm

7 Centre for the Protection of NationalInfrastructure. www.cpni.gov.uk

8 AMI System Security Requirements V1.01,UCAIUG: AMI-SEC-ASAP. December 17, 2008.www.controlsystemsroadmap.net/pdfs/AMI_System_Security_Requirements-v1_01-1.pdf

9 “Smarter Grids for a Smarter Planet: IBM’sIntelligent Utility Network Solutions,” IBM. May 28, 2009.https://www950.ibm.com/events/wwe/grp/grp018.nsf/vLookupPDFs/T2_4_Smarter_Grids/$file/T2_4_Smarter_Grids.pdf

10 North American Electric Reliability Corporation,Reliability Standards, Critical InfrastructureProtection (CIP). www.nerc.com/page.php?cid=2|20

11 “21 Steps to Improve Cyber Security of SCADANetworks,” The President’s Critical InfrastructureProtection Board, U.S. Department of Energy.www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf

TIW14041-USEN-00

http://www.ibm.com/legal/copytrade.shtmlhttp://online.wsj.com/article_email/SB123914805204099085-lMyQjAxMDI5MzA5ODEwNDg4Wj.htmlhttp://online.wsj.com/article_email/SB123914805204099085-lMyQjAxMDI5MzA5ODEwNDg4Wj.htmlhttp://online.wsj.com/article_email/SB123914805204099085-lMyQjAxMDI5MzA5ODEwNDg4Wj.htmlhttp://www.oe.energy.gov/DocumentsandMedia/final-smart-grid-report.pdfhttp://www.oe.energy.gov/DocumentsandMedia/final-smart-grid-report.pdfhttp://www.ferc.gov/news/news-releases/2009/2009-1/03-19-09.asphttp://www.ferc.gov/news/news-releases/2009/2009-1/03-19-09.asphttp://www-935.ibm.com/services/in/igs/pdf/ge510-3587-00f-rebuild-grid.pdfhttp://www-935.ibm.com/services/in/igs/pdf/ge510-3587-00f-rebuild-grid.pdfhttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDFhttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDFhttp://ec.europa.eu/energy/infrastructure/critical_en.htmhttp://ec.europa.eu/energy/infrastructure/critical_en.htmhttp://www.cpni.gov.ukhttp://www.controlsystemsroadmap.net/pdfs/AMI_System_Security_Requirements-v1_01-1.pdfhttp://www.controlsystemsroadmap.net/pdfs/AMI_System_Security_Requirements-v1_01-1.pdfhttp://www.controlsystemsroadmap.net/pdfs/AMI_System_Security_Requirements-v1_01-1.pdfhttps://www950.ibm.com/events/wwe/grp/grp018.nsf/vLookupPDFs/T2_4_Smarter_Grids/$file/T2_4_Smarter_Grids.pdfhttps://www950.ibm.com/events/wwe/grp/grp018.nsf/vLookupPDFs/T2_4_Smarter_Grids/$file/T2_4_Smarter_Grids.pdfhttps://www950.ibm.com/events/wwe/grp/grp018.nsf/vLookupPDFs/T2_4_Smarter_Grids/$file/T2_4_Smarter_Grids.pdfhttp://www.nerc.com/page.php?cid=2|20http://www.nerc.com/page.php?cid=2|20http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdfhttp://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdfhttp://www.ibm.com

UntitledWhite paperSeptember 2009IBMend-to-end security forsmart gridsIBMend-to-end security for smart gridsContentsIntroductionHighlightsWhy we need a smart gridHighlightsSecurity for the smart gridHow can IBMaddress smart grid security?HighlightsSecurity for the utility businessSecurity for advanced metering data manaHighlightsSecurity for SCADA systemsHighlightsSupporting Critical Infrastructure ProteHighlightsHighlightsHighlightsHighlightsConclusionFor more information