1. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 1 of 10CONTROL SYSTEM CYBERSECURITY– CHALLENGES IN A NEW ENERGY LANDSCAPE –Dhana Raj MarkanduTenaga Nasional BerhadTechnical Unit, Generation Division,5thFloor, Generation Building,129, Jalan Bangsar,59200 Kuala Lumpur, MalaysiaABSTRACTThe boundaries between conventional information technology systems on the corporate and personal domainsand critical infrastructure control systems on the operational domain are becoming increasingly blurred withthe evolution of technology, negating the traditional paradigm of “security by obscurity”. The use of similarhardware, software and protocols across these domains as well as the cross-boundary transmission of processdata are widespread, leading to control systems being exposed to the same cybersecurity threats commonlyfaced by conventional systems. However, the risks are amplified as control systems manage critical processesand are not typically designed with security as a primary consideration. Attacks specifically targeting controlsystems have begun to surface in recent years, underlining the seriousness of the matter. Both the technical andhuman aspects of cybersecurity must be addressed in order for control systems to be more resilient, withappropriate consideration given to their inherent differences with conventional information technology systems.The changing landscape of the energy industry, driven by the growth of sustainable power generation fromrenewable sources, smart grids and intelligent energy-efficient appliances, gives rise to new cybersecuritychallenges that must be factored into the design and development of future infrastructure.KEYWORDS: cybersecurity, control, DCS, SCADA1. IntroductionDigital information technology (IT) systems are deployed extensively in modern powergeneration facilities as well as transmission and distribution networks. The use of ITencompasses virtually all aspects of the industry, from plant control and grid managementapplications in the operational domain to planning, finance and administration functions inthe corporate domain to mobile applications in the personal domain.Traditionally, there has always been a clear distinction between the IT systems in theoperational domain, which were seemingly isolated and proprietary, with the commercially-available products used in the corporate and personal domains. However, these boundariesare becoming increasingly blurred as operational systems adopt off-the-shelf componentswith greater degrees of connectivity to the corporate and personal domains. As a result,applications in the operational domain are now exposed to the same cybersecurity threats thatexist in the other domains but with greatly amplified risks due to the criticality of the physicalprocesses or infrastructure being controlled. A typical architecture of connected operationaland corporate domains for power plants is illustrated in Figure 1 .The power industry has only recently come to terms with the significance of thecybersecurity threats posed to the operational domain, with the emergence of malware thatspecifically target control systems such as Stuxnet  in 2010 and Flame  in 2012providing incontrovertible evidence that such treats are real and warrant serious attention. Atthe same time, increasing amounts of distributed power generation from renewable sources,higher degrees of network connectivity via smart grids and greater penetration of
2. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 2 of 10microprocessor-controlled domestic energy efficient appliances are inevitably changing thelandscape of the industry. Combined together, these two factors signal an urgent need tointegrate the demands of cybersecurity into the sustainable energy paradigm right from thebeginning to ensure the resilience of the power system infrastructure of the future.Figure 1: Typical operational and corporate domain architecture for power plantsThis paper will first, in Section 2, trace the evolution of cybersecurity for control systemsby discussing the validity of historical assumptions in the current context. Section 3 willcompare and contrast cybersecurity implementation between conventional IT systems andcontrol systems. Section 4 will provide a case study of a cybersecurity assessment exercisecarried out by Tenaga Nasional Berhad (TNB) of Malaysia across their entire fleet of powerplants, while Section 5 will discuss some potential cybersecurity issues to be considered inthe emerging sustainable energy landscape. Section 6 concludes the paper.The generic term “control system” shall be used within to describe all the relevanttechnologies used for operational control of the power system infrastructure, such as, but notlimited to, Distributed Control Systems (DCS), Supervisory Control And Data Acquisition(SCADA), Programmable Logic Controllers (PLC) and Process Control Systems (PCS).2. The Changing Paradigm of Control System Cybersecurity.Control systems manage critical physical processes in real-time, in most cases wherepersonnel safety is also of paramount importance. Due to this, the key design factors for thesesystems have traditionally been system reliability, data integrity and speed of operation. Thecybersecurity aspects of typical control systems were rarely an integral part of thedevelopment process in the past and were usually addressed by the assumption that thesesystems were proprietary and isolated from external networks . This principle is
3. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 3 of 10commonly referred to as security by obscurity . While this may have had some measure ofrelevance during the early days of IT utilisation in the power industry, it certainly no longerholds true in the current technological environment.Legacy control systems were largely made up of specialised hardware, software andcommunication components utilising proprietary technologies. However, commercial factorshave largely resulted in the current trend of using commonly available off-the-shelf ITproducts as part of the operational domain infrastructure [6,7]. It is no longer economicallyviable for control system vendors to develop and maintain custom-made operating systems,database applications, network protocols, hardware platforms and all the other componentsthat make up a modern control architecture when commercial versions are highly advanced,easily available, relatively cheap, widely utilised and well-supported. In addition, using off-the-shelf components also facilitates the end users to be trained in, utilise and troubleshootthe control system due to their increased familiarity with these components from thecorporate or personal IT domains. With the expansion of commercial products into theoperational domain, control systems can no longer claim security by way of being proprietaryas their vulnerabilities are now discoverable and exploitable. For example, Stuxnet andFlame were developed to specifically exploit operating system vulnerabilities in order to gainaccess to their targeted control systems [2,3].Previously, operational domains were usually deployed as stand-alone systems that wereisolated from external IT infrastructure [6,7]. However, the physical and electronic barrierskeeping the operational domain separate from the corporate and personal domains have beengradually breaking down over the years due to factors such as the installation of remoteaccess facilities for vendor technical support, the encroachment of the corporate network intothe control room for e-mail and other corporate applications, the convenience of data transfervia removable media devices and the proliferation of personal mobile devices with direct webaccess. In addition, corporations have begun to realise the enormous benefits that can bereaped from making real-time process data available to personnel outside the control roomfor the purpose of enhancing business and operational intelligence. As a result, many controlsystems are now physically connected in some manner to external networks, allowingoperational data access across domain boundaries. For example, the Generation PlantManagement System (GPMS) deployed by TNB serves as a common read-only historian dataplatform that resides on the corporate network, is accessible to all personnel and extracts real-time data from the multitude of control systems used throughout its fleet of 10 power plants.TNB has gained exceptional tangible and intangible value from the system since its inceptionin 2006 due to operational cost savings, reduced plant downtime, convenient plant analysisand troubleshooting, real-time event notification and improvement in personnel competency. However, the cost of such value creation is that the previously isolated control systemsare now exposed and require stringent perimeter protection measures, such as firewalls, toprevent unauthorised intrusion and disruption.Besides technical considerations, competency and awareness of plant personnel are alsoimportant in the changing paradigm of control system cybersecurity. Tasks that may seemharmless to the uninitiated, such as inserting a removable storage device into a plant controlterminal to transfer data, may have disastrous consequences if the device contained harmfulmalware. This was, in fact, the method by which the Stuxnet virus propagated, relying onunsuspecting humans to transfer it from compromised corporate networks to isolatedoperational networks via infected removable storage devices . It is, therefore, equallycritical to address the human factor of cybersecurity by propagating awareness, developing
4. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 4 of 10vigilance and exercising caution in order to establish an operational infrastructure that isprotected against both intentional and unintentional breaches.Several standards and guidelines have been published to address the concernssurrounding control system cybersecurity. Some examples of these include: International Standards Organisation (ISO): ISO27001  International Society for Automation (ISA): ISA99  North American Electric Reliability Committee (NERC): Critical InfrastructureProtection (CIP)  United States Computer Emergency Readiness Team (US-CERT): Control SystemsSecurity Program (CSSP) These provide critical infrastructure organisations with a framework to improve theresilience of their installations not only from a technical standpoint, but also by establishingproper policies and procedures as well as addressing the aforementioned human factor bydeveloping a culture of security.3. Comparisons between Conventional IT Systems and Control Systems.With the concept of security by obscurity no longer relevant in the modern context,control systems on the operational domain can be considered, for all intents and purposes,similar to conventional IT systems on the corporate or personal domain. Without adequatesafeguards, the operational domain can be exposed to typical IT security risks such assoftware and hardware vulnerabilities, hacking and viruses leading to system disruption,unauthorised control, information theft and many other negative effects. As statedpreviously, the consequence of such risks on the operational domain are greatly amplified dueto the criticality of the physical processes or infrastructure being controlled. However, whilethe threats may be similar, it is not possible to apply all the various mitigation measuresalready available for conventional IT automatically onto the operational domain due to thediffering functional priorities and possible technical incompatibilities between them.For data in conventional IT systems, priority is first given to the principle ofconfidentiality followed by integrity and finally availability. This can be illustrated with theexample of online banking services, where the failure of a confidentiality check such aspassword authentication would result in the funds not being available to the user. In theevent that the integrity of data is suspect, such as an incorrect account balance, it is usuallydeemed acceptable for availability of the account to be denied until the matter is rectified.For control systems, the priority is reversed with availability holding the utmost importancefollowed by integrity and confidentiality. In other words, the control system must be alwaysavailable to manage its respective process regardless of any other considerations. It will beunacceptable for access to be restricted or delayed due to data inaccuracies or a forgottenpassword, as such actions could have dire consequences to the infrastructure being controlledas well as possible safety and environmental impacts as well [7-13].In addition to the differences in security philosophies, not all conventional IT securitysolutions are readily applicable to the operational domain. For example, installing patchesand updates as well as the use of antivirus software are common practises to improve thesecurity of conventional IT networks. However, when these same measures are applied tocontrol systems, several issues, as summarised in Table 1, become evident. As a result ofthese issues, the off-the-shelf components used on the control systems tend to be morevulnerable then their counterparts on the corporate or personal domain, which are patched
5. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 5 of 10more frequently and have antivirus software installed. In this context, perimeter protectionand disaster recovery measures carry greater significance in securing the operational domain.Table 1: Common issues when applying conventional IT security solutions to the operational domainSecurity risk Conventional IT solution Issues on operational domainKnown softwareor hardwarevulnerabilitiesApply patch or update Possible incompatibility with control system. Vendor verification required before application. System reboots may not be possible while the plant is still operational. Awaiting vendor verification or a suitable time window for applicationincreases duration that system is exposed with a known vulnerability.Viruses andother malwareInstall antivirus and othercybersecurity software Possible incompatibility with control system. Possible detection of genuine control processes as malicious activity. Utilisation of system resources causing delayed control response.Perimeter protection consists of placing both electronic and physical boundaries aroundthe vulnerable core of the control system. For operational domains that are connected toexternal networks, stringently configured firewalls with the means to detect, log and notifythe occurrence of any unusual network activities will form the first, and most often, only lineof electronic perimeter defence against external threats. Physical boundaries are typicallywell enforced at most critical infrastructure installations such as power plants, with severallevels of security in place around the core operational domain. Finally, backup and disasterrecovery usually make up the final cybersecurity solution for a compromised control system.Although reactive in nature and unable to prevent a threat from occurring, disaster recoveryplays a vital role in ensuring that any affected system can be expeditiously restored to anoperational state. Figure 2 presents an illustration of the typical scenario described above.Figure 2: Physical and electronic perimeter protection
6. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 6 of 104. Case Study: Cybersecurity Assessment for Power Generation.4.1 BackgroundTenaga Nasional Berhad (TNB) is the Malaysian national power utility and operates afleet of ten power plants with a total generation capacity of approximately 8.6 GW. This fleetcomprises of one coal plant, 6 gas plants and 3 hydroelectric schemes that utilise a widevariety of primary and auxiliary control systems. In 2010, a cybersecurity assessment wascarried out at all these plants with the objective of identifying avenues to improve the level ofIT infrastructure security and prepare the organisation for ISO27001 certification as requiredby the Malaysian National Cybersecurity Policy . The scope of the exercise involved avulnerability assessment of both the corporate domain as well as the control systemarchitecture. The assessment was carried out by an internal team comprising of IT securityexperts, IT system administrators and control system engineers.4.2 MethodologyPrior to the commencement of the assessment, the methods, procedures and riskcategories to be employed, based on accepted best practices, were agreed upon by the variousparties involved and documented . Senior management at each power plant were briefedbefore and after the assessment in order to emphasise the importance of the exercise anddisseminate awareness regarding cybersecurity issues.On the power plant corporate domain, the assessment was carried out for the areas listedin Table 2. The assessment methods included site walk downs, staff interviews andutilisation of non-aggressive software scanning tools. On the power plant operationaldomain, the assessment was carried out for the areas listed in Table 3. The assessmentmethods included only site walk downs and staff interviews. Software scanning tools werenot used on the operational domain due to the possible risk to the live power plant controlsystems. It was envisaged that a more comprehensive audit of the operational domain wouldbe carried out at a future date.Table 2: Assessment scope for corporate domainAssessment Scope Infrastructure Involved Focus areasPhysical Server rooms, server racks,servers, networking devicesGeneral tidiness, labelling, cabling, location, fire hazards,maintenance, physical access controls, environmental controlsServers Servers Configuration, electronic access controls, operating system patchmanagement, malware protection, activity logging, rectification ofknown vulnerabilitiesNetwork Network architecture,networking devicesConfiguration, electronic access controls, patch management,perimeter defence, intrusion prevention & detection, activityloggingApplicationSoftwareServers, clients Configuration, electronic access controls, patch management,malware protection, rectification of known vulnerabilitiesWireless Wireless architecture,wireless devicesConfiguration, electronic access controls, patch management,perimeter defence, intrusion prevention & detection, activitylogging, unauthorised installationsTable 3: Assessment scope for operational domainAssessment Scope Infrastructure Involved Focus areasPhysical Server rooms, server racks,servers, networking devicesGeneral tidiness, labelling, cabling, location, fire hazards,maintenance, physical access controls, environmental controlsServers Servers Electronic access controlsNetwork Network architecture,networking devicesConfiguration, electronic access controls, perimeter defence,activity logging
7. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 7 of 104.3 FindingsThe overall statistics from the assessment are summarised in Figures 3 and 4, while someof the common discoveries on the operational domain are listed in Table 3 [16,17].Approximately one-third of the total findings were related to the control systems, and fromthis amount, only 10% were deemed to fall in the high risk category. In contrast, about 40%of issues on the corporate domain were considered to be high risk. However, the assessmentappreciates that the operational domain scope was reduced and carried out more passivelycompared to the corporate domain. A more comprehensive assessment would possibly haveyielded more detailed findings.Figure 3: Distribution of findings between domains Figure 4: Distribution of findings between risk categoriesTable 3: Sample of the common assessment findingsRisk FindingsHigh Some firewalls between operational domain and corporate domain could be more stringently configured.Medium Activities carried out by vendors during remote troubleshooting are not logged.Medium Inconsistent level of cybersecurity competency among personnel responsible for control systemsMedium Low level of awareness regarding operational domain cybersecurity issues among general plant personnel.Medium Default vendor passwords and weak passwords in use on some control system components.Medium Lack of established processes and procedures to manage operational domain cybersecurity.Medium Greater engagement with control system vendors required for technical advice on patching and updating.Low Operational systems and corporate systems share the same physical workspace.Low Lack of documentation on latest configuration.Low Inconsistent demarcation of responsibility between Control and IT personnel at power plants.4.4 Outcome and Follow-up ActionsThe assessment was successful in establishing a baseline for the level of cybersecurity inboth the corporate and operational domains of TNBs power plants as well as raising theawareness on the subject. Short-, medium- and long-term action plans were put in place toaddress the findings and improve the overall resilience of the IT infrastructure.For the operational domain, the lack of stringent cybersecurity aspects in control systemdesign and deployment, as previously elaborated upon in Section 2, were clearly evidentacross the various systems in use throughout the fleet. In addition, the level of cybersecurityawareness among the plant personnel using and maintaining these systems was also found to
8. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 8 of 10be inconsistent. The initial steps taken after the assessment to address this includedestablishing the TNB Power Plant Process Control System Cybersecurity Best PractiseGuidelines , providing basic IT security training for the relevant plant engineersresponsible for the control systems and engaging vendors to propose solutions orworkarounds to system-specific findings. In addition, cybersecurity requirements wereincorporated into the specifications for future control system projects to ensure that attentionis given to them from the design stage itself. All these actions were intended to serve as afoundation for the continuous improvement of cybersecurity on the operational domain withthe eventual aims of ensuring the protection of the control system as well as successfullyachieving ISO27001 certification in line with Malaysian regulatory requirements. It isenvisaged that, once certification is achieved by TNB, similar cybersecurity assessments willbe carried on a periodic basis to ensure continuous vigilance.5. Cybersecurity Concerns for a Sustainable Energy LandscapeThe power system infrastructure has traditionally been comprised of large, centralisedgeneration units supplying power to end users via interconnected delivery grids andsubstations. The drive towards a more sustainable energy landscape brings with it significantchanges to this in the form of distributed generation from renewable sources, smart grids andintelligent energy-efficient appliances. This creates an entirely new dimension ofcybersecurity concerns as the systems to be protected are now no longer restricted to clearlydesignated control rooms or substations, but spread across a much wider geographical area.The revamping of the power generation sector in order to achieve long-termenvironmental and energy sustainability has resulted in a gradual shift away from fossil fuelstowards renewable energy sources such as wind farms and solar arrays. However, theseresources are usually located in relatively remote locations requiring control and monitoringto be carried out over long distance from centralised operation rooms that may overseeseveral of such facilities simultaneously. Reliable and economical means of two-way datatransfer is required to send control commands and receive near real-time feedback, especiallysince these methods of power generation can be variable and may require conventional coal,gas, hydro and nuclear plants to respond immediately as backup generation.On the other end of the spectrum, greater emphasis is also being placed on managingenergy consumption to reduce demand. The popularity of energy efficient appliancescontinues to grow as public awareness increases and prices reduce. A greater number ofthese devices are also being embedded with microprocessors as well as data exchange anddata storage capabilities to achieve a higher level of energy savings via programmableintelligence and communication with the outside world.Tying together the all developments towards energy sustainability is the next generationof the electricity grid, commonly referred to as the smart grid. The adoption of the smart gridis expected leverage on real-time data communications between IT systems across the entireelectricity supply chain in order to provide better situational awareness regarding the state ofthe grid  as well as the capability for automated responses by generation and consumptionsystems to better balance energy supply and demand. Control systems, commercial hardwareand software, intelligent domestic appliances, public telecommunications infrastructure andthe internet are among the various components expected to make up the overall architectureof the smart grid.
9. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 9 of 10The vision of the smart grid entails an all-pervasive network of cross boundaryconnectivity and unprecedented exchange of data between a diverse range of devices andsystems. It is, in effect, a merging of the operational, corporate and personal domains into asingle amalgamated entity. All three of the criteria for cybersecurity previously discussed inSection 3, confidentiality, integrity and availability, will be equally important for the smartgrid infrastructure and will need to be stringent across all its components since they areinterconnected. Cybersecurity of the entire smart grid will only be as strong as its weakestpoint and the large geographical area as well as diverse components presents numerouspotential entry points for breaches to occur. The cross-connectivity also presents theopportunity for a breach in one aspect of the supply chain to be exploited in order to gainaccess to a completely different section of it. For example, using a security weakness indomestic meters to disrupt a local control centre that is connected to a remote wind farm or,conversely, accessing confidential domestic customer data via an unpatched operating systemof an unmanned solar panel array. The hazards of such scenarios are significantly amplifiedas they have the potential to affect a much larger portion of the population than beforeIt is undeniable that the smart grid presents many cybersecurity challenges as well aspotential benefits. However, unlike the conventional power infrastructure currently in place,there remains significant opportunity to address these concerns right from the design anddevelopment stage of the smart grid as it is still in its relative infancy. Guidelines andstandards are being developed by many organisations towards this purpose, such as by theEuropean Network and Information Security Agency (ENISA)  and the National Instituteof Standards and Technology (NIST) , leading to the belief that cybersecurity will be aninherent feature of the smart grid over the course of its deployment.6. ConclusionsCybersecurity of control systems used in critical infrastructure has gained increasingprominence in recent times, with greater IT homogeneity, reduced isolation and proof oftargeted attacks debunking the previously held security by obscurity principle. Despiteincreasing awareness on the matter, much remains to be done to ensure the security ofsystems in the operational domain as they were not designed with IT security as a keyfeature. As the industry continues to gradually work towards improving its operational ITresiliency, the emergence of sustainable energy components and their integration into theconventional power system infrastructure adds further complexity to the topic. Distributedgeneration, smart grids, intelligent appliances and other such initiatives bring with themenormous benefits, but at the same time pose new and unprecedented challenges forcybersecurity. It is vital that these concerns are addressed at an early stage and as an inherentfeature of the upcoming technologies so the energy landscape of the future is secure, resilientand reliable.References Markandu, D.R. (2012) IS/IT & The Energy Industry - Power Generation. Undergraduate lecture forCollege of Information Technology, University Tenaga Nasional, Selangor, Malaysia Falliere, N., Murchu, L.O., Chien, E. (2011) W32.Stuxnet Dossier. Symantec Security Response. Laboratory of Cryptography and System Security (2012) sKyWIper (a.k.a. Flame a.k.a. Flamer): Acomplex malware for targeted attacks. Budapest University of Technology and Economics Kurtz, R.L. (2006) Securing SCADA Systems, Wiley. Khelil, A., Germanus, D., Suri, N. (2012) Protection of SCADA Communication Channels. CriticalInfrastructure Protection. Springer Berlin/Heidelberg. Dan, G., Sandberg, H., Bjorkman, G., Ekstedt, M. (2011) Challenges in Power System InformationSecurity. IEEE Security & Privacy, Vol. PP, 99.
10. Dhana Raj MarkanduConference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia(Accepted for presentation but was not published due to unforeseen withdrawal of the author)Page 10 of 10 Markandu, D.R. (2009) Control System Cybersecurity. Industrial Process Automation Control Conference,Kuala Lumpur, Malaysia. Markandu, D.R. (2012) Evolution of the PI System in Tenagas Power Generation Fleet. OSISoft UsersConference, San Francisco, United States of America. International Standards Organisation (ISO), ISO/IEC 27001:2005, Information Security ManagementSystem (ISMS). http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42103(Accessed online: 10 August 2012)International Society of Automation (ISA), ISA99, Industrial Automation and Control Systems Security.http://www.isa.org/MSTemplate.cfm?MicrositeID=988&CommitteeID=6821 (Accessed online: 10 August2012)North American Electric Reliability Committee (NERC), Reliability Standards – Critical InfrastructureProtection (CIP). http://www.nerc.com/page.php?cid=2|20 (Accessed online: 10 August 2012)United States Computer Emergency Readiness Team (US-CERT), Control Systems Security Program(CSSP). http://www.us-cert.gov/control_systems/csstandards.html. (Accessed online: 10 August 2012)Zhu, B. Joseph, A, Sastry, S. (2011) A Taxonomy of Cyber Attacks on SCADA Systems. IEEEInternational Conferences on Internet of Things and Cyber, Physical and Social Computing. Ministry of Science, Technology & Innovation Malaysia, National Cyber-Security Policyhttp://nitc.mosti.gov.my/portalnitc/index.php?option=com_content&view=article&id=22&Itemid=93(Accessed online: 10 August 2012)Governance & Security Compliance Unit, ICT Division, Tenaga Nasional Berhad (2010) Generation PowerStation IT Security Assessment. (Internal document)Governance & Security Compliance Unit, ICT Division, Tenaga Nasional Berhad (2010) Generation PowerStation IT Security Assessment final reports. (Internal document)Markandu, D.R., Tun Abu Bakar, T.A.K., (2012) Data Accessibility & System Security: Achieving theRight Balance. SCADA [in]Security v2.0 Conference, Kuala Lumpur, Malaysia.Technical Unit, Generation Division, Tenaga Nasional Berhad. (2010) Power Plant Process Control SystemCybersecurity Best Practise Guidelines. (Internal document)Mo, Y., Kim, T.H.-J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B. (2012) Cyber–PhysicalSecurity of a Smart Grid Infrastructure. Proceedings of the IEEE. Vol. 100, 1.European Network and Information Security Agency (2012). Smart Grid Security.National Institute of Standards and Technology (NIST) (2010) NISTIR 7628: Guidelines for Smart GridCyber Security.