Why securing smart grids is not just a straightforward consultancy exercise

The long-term vision for modernization of power management and control systems, Smart Grid, is rather complex. It comprises several scientific traditions; SCADA and automation systems, information and communication technology, safety, and security. Integrating ICT and power management and control systems causes a need for a major change regarding system design and operation, which security controls are required and implemented, and how incidents are responded to and learnt from. This paper presents concerns that need to be addressed in order for the implementation of smart grids to succeed from an information security point of view: a unified terminology, a fusion of cultures, improved methods for assessing risks in complex and interdependent systems, preserving end-users’ privacy, securing communications and devices, and being well prepared for managing unwanted incidents in a complex operating environment.