Основні поняття
Non-technical issues, such as education, awareness, policy, standards, human factors, and solutions, are crucial for effective cybersecurity measures in the energy informatics domain.
Анотація
This literature review focuses on the non-technical aspects of cybersecurity in the field of energy informatics. The key findings are:
Education:
Training programs for professionals and students on cybersecurity in energy informatics, covering topics like cyber security for all, cyber operations, and cyber-informed engineering curriculum.
Pedagogical approaches emphasizing active learning, project-based learning, and constructivism.
Awareness:
Importance of social awareness (e.g., consumer data, load disaggregation, end-use device database) and situation awareness (e.g., architecture and tools to monitor threats) for effective cybersecurity.
Policy:
Policy challenges, such as privacy, personal data, and unclear guidance on organizational roles and mandates.
Adoption of frameworks and standards (e.g., NIST, ISO) by different regions (EU, North America, Asia).
Standards:
General cybersecurity assessment standards (e.g., IEC 62351, IEC 62443) and specific standards for systems like SCADA.
Human Factors:
Roles of human failures (intentional or unintentional) and the importance of cybersecurity leadership.
Solutions:
Addressing risks, challenges, and solutions related to cyber threats in energy systems, including power information control systems, energy internet, smart grids, and physical systems.
The findings highlight the need for a holistic, socio-technical approach to cybersecurity in energy informatics, going beyond just technical solutions.
Цитати
"Security awareness is one of the important issues in cyber-defense. Energy system devices are gradually replaced by standard IT protocols and commercial-of-the-shelf hardware and software. Energy systems thus do no longer rely on physical and local measures for their operations."
"We thus suggest that more study in assessments of maturity cyber security awareness in organizations are needed, such as awareness models or frameworks in cyber security in energy informatics."