Abstract
Smart Grid includes critical hardware and software applications that can be misused by an unauthorized person or a hacker. Failures can bring critical parts of the system to a halt. The destruction is not only limited to the monetary losses but also human loss due to a disgruntled action. There have been reports including one from United States Department of Homeland Security that cyber spies have managed to inject malicious software into the electric grid, water, sewage, and other infrastructure control software. This software could enable hackers or unauthorized users to take control of key facilities or networks via the Internet, causing power outages and tremendous damage to all sectors of the economy. As the grid becomes more central to our energy infrastructure, it will become more important to ensure its security. Smart Grid systems create a link between physical and software systems, both of which can fail. There is a strong need of building a secure and intelligent system that can handle all the exceptions and results in consistency of information flow. The System Development Life Cycle (SDLC) of Smart Grid should involve the tactics and techniques to address the Cyber-Security issues of the Grid. Cyber-Security comprises maintaining the confidentiality, integrity and availability of the Smart Grid system. Security threats which arise due to improper security requirements, malicious code, Denial of Service (DOS), malfunctioning device, lack of security testing etc. can be tackled in the SDLC of Smart Grid. This Project demonstrates how different security practices can be used in the SDLC to enhance the security of the Smart Grid. This research focuses on the security practices and controls for each phase of the SDLC to secure the Smart Grid by Design, Deployment and Default so that if somehow it fails it can fail securely. As Smart grid system is a System-of-Systems (SoS), it includes different software and applications which are acquired from different vendors or parties and outsourced teams. These outsourced and Commercial-of-the-shelf (COTS) hardware and software components increase the risks of compromised software or third party tampering in the supply chain process. This project also includes some of the key practices and controls which can help to reduce the security vulnerabilities due to Supply Chain in Smart Grid Environment.