Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia (Accepted for presentation but not published due to unforeseen withdrawal of author)

1. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 1 of 10
CONTROL SYSTEM CYBERSECURITY
– CHALLENGES IN A NEW ENERGY LANDSCAPE –
Dhana Raj Markandu
Tenaga Nasional Berhad
Technical Unit, Generation Division,
5th
Floor, Generation Building,
129, Jalan Bangsar,
59200 Kuala Lumpur, Malaysia
ABSTRACT
The boundaries between conventional information technology systems on the corporate and personal domains
and critical infrastructure control systems on the operational domain are becoming increasingly blurred with
the evolution of technology, negating the traditional paradigm of “security by obscurity”. The use of similar
hardware, software and protocols across these domains as well as the cross-boundary transmission of process
data are widespread, leading to control systems being exposed to the same cybersecurity threats commonly
faced by conventional systems. However, the risks are amplified as control systems manage critical processes
and are not typically designed with security as a primary consideration. Attacks specifically targeting control
systems have begun to surface in recent years, underlining the seriousness of the matter. Both the technical and
human aspects of cybersecurity must be addressed in order for control systems to be more resilient, with
appropriate consideration given to their inherent differences with conventional information technology systems.
The changing landscape of the energy industry, driven by the growth of sustainable power generation from
renewable sources, smart grids and intelligent energy-efficient appliances, gives rise to new cybersecurity
challenges that must be factored into the design and development of future infrastructure.
KEYWORDS: cybersecurity, control, DCS, SCADA
1. Introduction
Digital information technology (IT) systems are deployed extensively in modern power
generation facilities as well as transmission and distribution networks. The use of IT
encompasses virtually all aspects of the industry, from plant control and grid management
applications in the operational domain to planning, finance and administration functions in
the corporate domain to mobile applications in the personal domain.
Traditionally, there has always been a clear distinction between the IT systems in the
operational domain, which were seemingly isolated and proprietary, with the commercially-
available products used in the corporate and personal domains. However, these boundaries
are becoming increasingly blurred as operational systems adopt off-the-shelf components
with greater degrees of connectivity to the corporate and personal domains. As a result,
applications in the operational domain are now exposed to the same cybersecurity threats that
exist in the other domains but with greatly amplified risks due to the criticality of the physical
processes or infrastructure being controlled. A typical architecture of connected operational
and corporate domains for power plants is illustrated in Figure 1 [1].
The power industry has only recently come to terms with the significance of the
cybersecurity threats posed to the operational domain, with the emergence of malware that
specifically target control systems such as Stuxnet [2] in 2010 and Flame [3] in 2012
providing incontrovertible evidence that such treats are real and warrant serious attention. At
the same time, increasing amounts of distributed power generation from renewable sources,
higher degrees of network connectivity via smart grids and greater penetration of

2. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 2 of 10
microprocessor-controlled domestic energy efficient appliances are inevitably changing the
landscape of the industry. Combined together, these two factors signal an urgent need to
integrate the demands of cybersecurity into the sustainable energy paradigm right from the
beginning to ensure the resilience of the power system infrastructure of the future.
Figure 1: Typical operational and corporate domain architecture for power plants
This paper will first, in Section 2, trace the evolution of cybersecurity for control systems
by discussing the validity of historical assumptions in the current context. Section 3 will
compare and contrast cybersecurity implementation between conventional IT systems and
control systems. Section 4 will provide a case study of a cybersecurity assessment exercise
carried out by Tenaga Nasional Berhad (TNB) of Malaysia across their entire fleet of power
plants, while Section 5 will discuss some potential cybersecurity issues to be considered in
the emerging sustainable energy landscape. Section 6 concludes the paper.
The generic term “control system” shall be used within to describe all the relevant
technologies used for operational control of the power system infrastructure, such as, but not
limited to, Distributed Control Systems (DCS), Supervisory Control And Data Acquisition
(SCADA), Programmable Logic Controllers (PLC) and Process Control Systems (PCS).
2. The Changing Paradigm of Control System Cybersecurity.
Control systems manage critical physical processes in real-time, in most cases where
personnel safety is also of paramount importance. Due to this, the key design factors for these
systems have traditionally been system reliability, data integrity and speed of operation. The
cybersecurity aspects of typical control systems were rarely an integral part of the
development process in the past and were usually addressed by the assumption that these
systems were proprietary and isolated from external networks [4]. This principle is

3. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 3 of 10
commonly referred to as security by obscurity [5]. While this may have had some measure of
relevance during the early days of IT utilisation in the power industry, it certainly no longer
holds true in the current technological environment.
Legacy control systems were largely made up of specialised hardware, software and
communication components utilising proprietary technologies. However, commercial factors
have largely resulted in the current trend of using commonly available off-the-shelf IT
products as part of the operational domain infrastructure [6,7]. It is no longer economically
viable for control system vendors to develop and maintain custom-made operating systems,
database applications, network protocols, hardware platforms and all the other components
that make up a modern control architecture when commercial versions are highly advanced,
easily available, relatively cheap, widely utilised and well-supported. In addition, using off-
the-shelf components also facilitates the end users to be trained in, utilise and troubleshoot
the control system due to their increased familiarity with these components from the
corporate or personal IT domains. With the expansion of commercial products into the
operational domain, control systems can no longer claim security by way of being proprietary
as their vulnerabilities are now discoverable and exploitable. For example, Stuxnet and
Flame were developed to specifically exploit operating system vulnerabilities in order to gain
access to their targeted control systems [2,3].
Previously, operational domains were usually deployed as stand-alone systems that were
isolated from external IT infrastructure [6,7]. However, the physical and electronic barriers
keeping the operational domain separate from the corporate and personal domains have been
gradually breaking down over the years due to factors such as the installation of remote
access facilities for vendor technical support, the encroachment of the corporate network into
the control room for e-mail and other corporate applications, the convenience of data transfer
via removable media devices and the proliferation of personal mobile devices with direct web
access. In addition, corporations have begun to realise the enormous benefits that can be
reaped from making real-time process data available to personnel outside the control room
for the purpose of enhancing business and operational intelligence. As a result, many control
systems are now physically connected in some manner to external networks, allowing
operational data access across domain boundaries. For example, the Generation Plant
Management System (GPMS) deployed by TNB serves as a common read-only historian data
platform that resides on the corporate network, is accessible to all personnel and extracts real-
time data from the multitude of control systems used throughout its fleet of 10 power plants.
TNB has gained exceptional tangible and intangible value from the system since its inception
in 2006 due to operational cost savings, reduced plant downtime, convenient plant analysis
and troubleshooting, real-time event notification and improvement in personnel competency
[8]. However, the cost of such value creation is that the previously isolated control systems
are now exposed and require stringent perimeter protection measures, such as firewalls, to
prevent unauthorised intrusion and disruption.
Besides technical considerations, competency and awareness of plant personnel are also
important in the changing paradigm of control system cybersecurity. Tasks that may seem
harmless to the uninitiated, such as inserting a removable storage device into a plant control
terminal to transfer data, may have disastrous consequences if the device contained harmful
malware. This was, in fact, the method by which the Stuxnet virus propagated, relying on
unsuspecting humans to transfer it from compromised corporate networks to isolated
operational networks via infected removable storage devices [2]. It is, therefore, equally
critical to address the human factor of cybersecurity by propagating awareness, developing

4. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 4 of 10
vigilance and exercising caution in order to establish an operational infrastructure that is
protected against both intentional and unintentional breaches.
Several standards and guidelines have been published to address the concerns
surrounding control system cybersecurity. Some examples of these include:
 International Standards Organisation (ISO): ISO27001 [9]
 International Society for Automation (ISA): ISA99 [10]
 North American Electric Reliability Committee (NERC): Critical Infrastructure
Protection (CIP) [11]
 United States Computer Emergency Readiness Team (US-CERT): Control Systems
Security Program (CSSP) [12]
These provide critical infrastructure organisations with a framework to improve the
resilience of their installations not only from a technical standpoint, but also by establishing
proper policies and procedures as well as addressing the aforementioned human factor by
developing a culture of security.
3. Comparisons between Conventional IT Systems and Control Systems.
With the concept of security by obscurity no longer relevant in the modern context,
control systems on the operational domain can be considered, for all intents and purposes,
similar to conventional IT systems on the corporate or personal domain. Without adequate
safeguards, the operational domain can be exposed to typical IT security risks such as
software and hardware vulnerabilities, hacking and viruses leading to system disruption,
unauthorised control, information theft and many other negative effects. As stated
previously, the consequence of such risks on the operational domain are greatly amplified due
to the criticality of the physical processes or infrastructure being controlled. However, while
the threats may be similar, it is not possible to apply all the various mitigation measures
already available for conventional IT automatically onto the operational domain due to the
differing functional priorities and possible technical incompatibilities between them.
For data in conventional IT systems, priority is first given to the principle of
confidentiality followed by integrity and finally availability. This can be illustrated with the
example of online banking services, where the failure of a confidentiality check such as
password authentication would result in the funds not being available to the user. In the
event that the integrity of data is suspect, such as an incorrect account balance, it is usually
deemed acceptable for availability of the account to be denied until the matter is rectified.
For control systems, the priority is reversed with availability holding the utmost importance
followed by integrity and confidentiality. In other words, the control system must be always
available to manage its respective process regardless of any other considerations. It will be
unacceptable for access to be restricted or delayed due to data inaccuracies or a forgotten
password, as such actions could have dire consequences to the infrastructure being controlled
as well as possible safety and environmental impacts as well [7-13].
In addition to the differences in security philosophies, not all conventional IT security
solutions are readily applicable to the operational domain. For example, installing patches
and updates as well as the use of antivirus software are common practises to improve the
security of conventional IT networks. However, when these same measures are applied to
control systems, several issues, as summarised in Table 1, become evident. As a result of
these issues, the off-the-shelf components used on the control systems tend to be more
vulnerable then their counterparts on the corporate or personal domain, which are patched

5. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 5 of 10
more frequently and have antivirus software installed. In this context, perimeter protection
and disaster recovery measures carry greater significance in securing the operational domain.
Table 1: Common issues when applying conventional IT security solutions to the operational domain
Security risk Conventional IT solution Issues on operational domain
Known software
or hardware
vulnerabilities
Apply patch or update  Possible incompatibility with control system.
 Vendor verification required before application.
 System reboots may not be possible while the plant is still operational.
 Awaiting vendor verification or a suitable time window for application
increases duration that system is exposed with a known vulnerability.
Viruses and
other malware
Install antivirus and other
cybersecurity software
 Possible incompatibility with control system.
 Possible detection of genuine control processes as malicious activity.
 Utilisation of system resources causing delayed control response.
Perimeter protection consists of placing both electronic and physical boundaries around
the vulnerable core of the control system. For operational domains that are connected to
external networks, stringently configured firewalls with the means to detect, log and notify
the occurrence of any unusual network activities will form the first, and most often, only line
of electronic perimeter defence against external threats. Physical boundaries are typically
well enforced at most critical infrastructure installations such as power plants, with several
levels of security in place around the core operational domain. Finally, backup and disaster
recovery usually make up the final cybersecurity solution for a compromised control system.
Although reactive in nature and unable to prevent a threat from occurring, disaster recovery
plays a vital role in ensuring that any affected system can be expeditiously restored to an
operational state. Figure 2 presents an illustration of the typical scenario described above.
Figure 2: Physical and electronic perimeter protection

6. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 6 of 10
4. Case Study: Cybersecurity Assessment for Power Generation.
4.1 Background
Tenaga Nasional Berhad (TNB) is the Malaysian national power utility and operates a
fleet of ten power plants with a total generation capacity of approximately 8.6 GW. This fleet
comprises of one coal plant, 6 gas plants and 3 hydroelectric schemes that utilise a wide
variety of primary and auxiliary control systems. In 2010, a cybersecurity assessment was
carried out at all these plants with the objective of identifying avenues to improve the level of
IT infrastructure security and prepare the organisation for ISO27001 certification as required
by the Malaysian National Cybersecurity Policy [14]. The scope of the exercise involved a
vulnerability assessment of both the corporate domain as well as the control system
architecture. The assessment was carried out by an internal team comprising of IT security
experts, IT system administrators and control system engineers.
4.2 Methodology
Prior to the commencement of the assessment, the methods, procedures and risk
categories to be employed, based on accepted best practices, were agreed upon by the various
parties involved and documented [15]. Senior management at each power plant were briefed
before and after the assessment in order to emphasise the importance of the exercise and
disseminate awareness regarding cybersecurity issues.
On the power plant corporate domain, the assessment was carried out for the areas listed
in Table 2. The assessment methods included site walk downs, staff interviews and
utilisation of non-aggressive software scanning tools. On the power plant operational
domain, the assessment was carried out for the areas listed in Table 3. The assessment
methods included only site walk downs and staff interviews. Software scanning tools were
not used on the operational domain due to the possible risk to the live power plant control
systems. It was envisaged that a more comprehensive audit of the operational domain would
be carried out at a future date.
Table 2: Assessment scope for corporate domain
Assessment Scope Infrastructure Involved Focus areas
Physical Server rooms, server racks,
servers, networking devices
General tidiness, labelling, cabling, location, fire hazards,
maintenance, physical access controls, environmental controls
Servers Servers Configuration, electronic access controls, operating system patch
management, malware protection, activity logging, rectification of
known vulnerabilities
Network Network architecture,
networking devices
Configuration, electronic access controls, patch management,
perimeter defence, intrusion prevention & detection, activity
logging
Application
Software
Servers, clients Configuration, electronic access controls, patch management,
malware protection, rectification of known vulnerabilities
Wireless Wireless architecture,
wireless devices
Configuration, electronic access controls, patch management,
perimeter defence, intrusion prevention & detection, activity
logging, unauthorised installations
Table 3: Assessment scope for operational domain
Assessment Scope Infrastructure Involved Focus areas
Physical Server rooms, server racks,
servers, networking devices
General tidiness, labelling, cabling, location, fire hazards,
maintenance, physical access controls, environmental controls
Servers Servers Electronic access controls
Network Network architecture,
networking devices
Configuration, electronic access controls, perimeter defence,
activity logging

7. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 7 of 10
4.3 Findings
The overall statistics from the assessment are summarised in Figures 3 and 4, while some
of the common discoveries on the operational domain are listed in Table 3 [16,17].
Approximately one-third of the total findings were related to the control systems, and from
this amount, only 10% were deemed to fall in the high risk category. In contrast, about 40%
of issues on the corporate domain were considered to be high risk. However, the assessment
appreciates that the operational domain scope was reduced and carried out more passively
compared to the corporate domain. A more comprehensive assessment would possibly have
yielded more detailed findings.
Figure 3: Distribution of findings between domains Figure 4: Distribution of findings between risk categories
Table 3: Sample of the common assessment findings
Risk Findings
High Some firewalls between operational domain and corporate domain could be more stringently configured.
Medium Activities carried out by vendors during remote troubleshooting are not logged.
Medium Inconsistent level of cybersecurity competency among personnel responsible for control systems
Medium Low level of awareness regarding operational domain cybersecurity issues among general plant personnel.
Medium Default vendor passwords and weak passwords in use on some control system components.
Medium Lack of established processes and procedures to manage operational domain cybersecurity.
Medium Greater engagement with control system vendors required for technical advice on patching and updating.
Low Operational systems and corporate systems share the same physical workspace.
Low Lack of documentation on latest configuration.
Low Inconsistent demarcation of responsibility between Control and IT personnel at power plants.
4.4 Outcome and Follow-up Actions
The assessment was successful in establishing a baseline for the level of cybersecurity in
both the corporate and operational domains of TNBs power plants as well as raising the
awareness on the subject. Short-, medium- and long-term action plans were put in place to
address the findings and improve the overall resilience of the IT infrastructure.
For the operational domain, the lack of stringent cybersecurity aspects in control system
design and deployment, as previously elaborated upon in Section 2, were clearly evident
across the various systems in use throughout the fleet. In addition, the level of cybersecurity
awareness among the plant personnel using and maintaining these systems was also found to

8. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 8 of 10
be inconsistent. The initial steps taken after the assessment to address this included
establishing the TNB Power Plant Process Control System Cybersecurity Best Practise
Guidelines [18], providing basic IT security training for the relevant plant engineers
responsible for the control systems and engaging vendors to propose solutions or
workarounds to system-specific findings. In addition, cybersecurity requirements were
incorporated into the specifications for future control system projects to ensure that attention
is given to them from the design stage itself. All these actions were intended to serve as a
foundation for the continuous improvement of cybersecurity on the operational domain with
the eventual aims of ensuring the protection of the control system as well as successfully
achieving ISO27001 certification in line with Malaysian regulatory requirements. It is
envisaged that, once certification is achieved by TNB, similar cybersecurity assessments will
be carried on a periodic basis to ensure continuous vigilance.
5. Cybersecurity Concerns for a Sustainable Energy Landscape
The power system infrastructure has traditionally been comprised of large, centralised
generation units supplying power to end users via interconnected delivery grids and
substations. The drive towards a more sustainable energy landscape brings with it significant
changes to this in the form of distributed generation from renewable sources, smart grids and
intelligent energy-efficient appliances. This creates an entirely new dimension of
cybersecurity concerns as the systems to be protected are now no longer restricted to clearly
designated control rooms or substations, but spread across a much wider geographical area.
The revamping of the power generation sector in order to achieve long-term
environmental and energy sustainability has resulted in a gradual shift away from fossil fuels
towards renewable energy sources such as wind farms and solar arrays. However, these
resources are usually located in relatively remote locations requiring control and monitoring
to be carried out over long distance from centralised operation rooms that may oversee
several of such facilities simultaneously. Reliable and economical means of two-way data
transfer is required to send control commands and receive near real-time feedback, especially
since these methods of power generation can be variable and may require conventional coal,
gas, hydro and nuclear plants to respond immediately as backup generation.
On the other end of the spectrum, greater emphasis is also being placed on managing
energy consumption to reduce demand. The popularity of energy efficient appliances
continues to grow as public awareness increases and prices reduce. A greater number of
these devices are also being embedded with microprocessors as well as data exchange and
data storage capabilities to achieve a higher level of energy savings via programmable
intelligence and communication with the outside world.
Tying together the all developments towards energy sustainability is the next generation
of the electricity grid, commonly referred to as the smart grid. The adoption of the smart grid
is expected leverage on real-time data communications between IT systems across the entire
electricity supply chain in order to provide better situational awareness regarding the state of
the grid [19] as well as the capability for automated responses by generation and consumption
systems to better balance energy supply and demand. Control systems, commercial hardware
and software, intelligent domestic appliances, public telecommunications infrastructure and
the internet are among the various components expected to make up the overall architecture
of the smart grid.

9. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 9 of 10
The vision of the smart grid entails an all-pervasive network of cross boundary
connectivity and unprecedented exchange of data between a diverse range of devices and
systems. It is, in effect, a merging of the operational, corporate and personal domains into a
single amalgamated entity. All three of the criteria for cybersecurity previously discussed in
Section 3, confidentiality, integrity and availability, will be equally important for the smart
grid infrastructure and will need to be stringent across all its components since they are
interconnected. Cybersecurity of the entire smart grid will only be as strong as its weakest
point and the large geographical area as well as diverse components presents numerous
potential entry points for breaches to occur. The cross-connectivity also presents the
opportunity for a breach in one aspect of the supply chain to be exploited in order to gain
access to a completely different section of it. For example, using a security weakness in
domestic meters to disrupt a local control centre that is connected to a remote wind farm or,
conversely, accessing confidential domestic customer data via an unpatched operating system
of an unmanned solar panel array. The hazards of such scenarios are significantly amplified
as they have the potential to affect a much larger portion of the population than before
It is undeniable that the smart grid presents many cybersecurity challenges as well as
potential benefits. However, unlike the conventional power infrastructure currently in place,
there remains significant opportunity to address these concerns right from the design and
development stage of the smart grid as it is still in its relative infancy. Guidelines and
standards are being developed by many organisations towards this purpose, such as by the
European Network and Information Security Agency (ENISA) [20] and the National Institute
of Standards and Technology (NIST) [21], leading to the belief that cybersecurity will be an
inherent feature of the smart grid over the course of its deployment.
6. Conclusions
Cybersecurity of control systems used in critical infrastructure has gained increasing
prominence in recent times, with greater IT homogeneity, reduced isolation and proof of
targeted attacks debunking the previously held security by obscurity principle. Despite
increasing awareness on the matter, much remains to be done to ensure the security of
systems in the operational domain as they were not designed with IT security as a key
feature. As the industry continues to gradually work towards improving its operational IT
resiliency, the emergence of sustainable energy components and their integration into the
conventional power system infrastructure adds further complexity to the topic. Distributed
generation, smart grids, intelligent appliances and other such initiatives bring with them
enormous benefits, but at the same time pose new and unprecedented challenges for
cybersecurity. It is vital that these concerns are addressed at an early stage and as an inherent
feature of the upcoming technologies so the energy landscape of the future is secure, resilient
and reliable.
References
[1] Markandu, D.R. (2012) IS/IT & The Energy Industry - Power Generation. Undergraduate lecture for
College of Information Technology, University Tenaga Nasional, Selangor, Malaysia
[2] Falliere, N., Murchu, L.O., Chien, E. (2011) W32.Stuxnet Dossier. Symantec Security Response.
[3] Laboratory of Cryptography and System Security (2012) sKyWIper (a.k.a. Flame a.k.a. Flamer): A
complex malware for targeted attacks. Budapest University of Technology and Economics
[4] Kurtz, R.L. (2006) Securing SCADA Systems, Wiley.
[5] Khelil, A., Germanus, D., Suri, N. (2012) Protection of SCADA Communication Channels. Critical
Infrastructure Protection. Springer Berlin/Heidelberg.
[6] Dan, G., Sandberg, H., Bjorkman, G., Ekstedt, M. (2011) Challenges in Power System Information
Security. IEEE Security & Privacy, Vol. PP, 99.

10. Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but was not published due to unforeseen withdrawal of the author)
Page 10 of 10
[7] Markandu, D.R. (2009) Control System Cybersecurity. Industrial Process Automation Control Conference,
Kuala Lumpur, Malaysia.
[8] Markandu, D.R. (2012) Evolution of the PI System in Tenaga's Power Generation Fleet. OSISoft Users
Conference, San Francisco, United States of America.
[9] International Standards Organisation (ISO), ISO/IEC 27001:2005, Information Security Management
System (ISMS). http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42103
(Accessed online: 10 August 2012)
[10]International Society of Automation (ISA), ISA99, Industrial Automation and Control Systems Security.
http://www.isa.org/MSTemplate.cfm?MicrositeID=988&CommitteeID=6821 (Accessed online: 10 August
2012)
[11]North American Electric Reliability Committee (NERC), Reliability Standards – Critical Infrastructure
Protection (CIP). http://www.nerc.com/page.php?cid=2|20 (Accessed online: 10 August 2012)
[12]United States Computer Emergency Readiness Team (US-CERT), Control Systems Security Program
(CSSP). http://www.us-cert.gov/control_systems/csstandards.html. (Accessed online: 10 August 2012)
[13]Zhu, B. Joseph, A, Sastry, S. (2011) A Taxonomy of Cyber Attacks on SCADA Systems. IEEE
International Conferences on Internet of Things and Cyber, Physical and Social Computing.
[14] Ministry of Science, Technology & Innovation Malaysia, National Cyber-Security Policy
http://nitc.mosti.gov.my/portalnitc/index.php?option=com_content&view=article&id=22&Itemid=93
(Accessed online: 10 August 2012)
[15]Governance & Security Compliance Unit, ICT Division, Tenaga Nasional Berhad (2010) Generation Power
Station IT Security Assessment. (Internal document)
[16]Governance & Security Compliance Unit, ICT Division, Tenaga Nasional Berhad (2010) Generation Power
Station IT Security Assessment final reports. (Internal document)
[17]Markandu, D.R., Tun Abu Bakar, T.A.K., (2012) Data Accessibility & System Security: Achieving the
Right Balance. SCADA [in]Security v2.0 Conference, Kuala Lumpur, Malaysia.
[18]Technical Unit, Generation Division, Tenaga Nasional Berhad. (2010) Power Plant Process Control System
Cybersecurity Best Practise Guidelines. (Internal document)
[19]Mo, Y., Kim, T.H.-J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B. (2012) Cyber–Physical
Security of a Smart Grid Infrastructure. Proceedings of the IEEE. Vol. 100, 1.
[20]European Network and Information Security Agency (2012). Smart Grid Security.
[21]National Institute of Standards and Technology (NIST) (2010) NISTIR 7628: Guidelines for Smart Grid
Cyber Security.