Cyber Security in communication of SCADA systems

using IEC 61850

Robert Czechowski*
Department of Electrical Power Engineering
Wroclaw University of Technology
Wroclaw, Poland
robert.czechowski@pwr.edu.pl
Paweá Wicher*
Department of Electrical Power Engineering
Wroclaw University of Technology
Wroclaw, Poland
pawel.wicher@pwr.edu.pl
Bernard Wiecha*
Department of Electrical Power Engineering
Wroclaw University of Technology
Wroclaw, Poland
bernard.wiecha@pwr.edu.pl

Abstract - Supervisory Control and Data Acquisition type of attack. An example of such a threat is a worm Stuxnet,
(SCADA) system play the most important roles in the remote discovered in 2009 in the Iranian nuclear power plants. This
surveillance system. The development of the communication virus, after being infected machine tries to access and modify the
system of the new substations such as renewable energy sources, software PLC SCADA system specific manufacturer. This is an
smart grid houses, new energy sources in power network, example of both the automatic threat difficult to be detected by
increases the nodes in a data communications network, which antivirus software because of the narrow specialization, while
increases the number of possibilities to connect to the SCADA the risk of direct taking into account the known weaknesses
system. In designing the new substation, no one takes into account affected system (in this case to leave the default password to
the aspect of cyber security. This is limited only to choose the mode
configure PLC). Despite the fact, that the creation of such a
of communication in the station and method of communication to
SCADA system. Preparing project major communication are
worm requires a significant financial effort, should take into
made on IEC 60870-5 [1], DNP3[2], IEC61850 [3] protocol on SS consideration this type of threat. The basic tool used to protect
level, connection to SCADA mostly works with IEC 60870-5-104 against attacks are:
[4] transmission protocol or DNP3.0 presents network access for Antivirus software - can run in monitor mode (automatic,
IEC 60870-5-101 [5] based on Transmission Control ongoing checks processed files) and scan (search disks on
Protocol/Internet Protocol (TCP/IP), which can be utilized for request). The effectiveness depends primarily on news
basic telecontrol tasks in SCADA systems. However, the IEC
signatures of known viruses. In some cases, the AV allows
60870-5-104 protocol transmits messages in clear text without any
authentication mechanism. Furthermore, the IEC 60870-5-104
identification of malicious software based on heuristic methods.
protocol is based on TCP/IP, which also has cyber-security, issues In this case, the infected files are actually detrimental only with
itself. (IEC/104 is used as the notation, instead of IEC 60870-5-104 a certain probability. As a result, the AV can detect not only
in the remainder of the paper.) known malicious software, but also suspicious software code.
The Firewall (called. Firewall) - software or hardware with
Keywords: cyber security, smart power grid, internet protocol, dedicated software. It allows you to filter so that only pass
digital communication.
comply with certain rules of network traffic. Most often
associated with blocking access from the external network to the
I. INTRODUCTION internal or local workstation. Another important, but often
The most common external threats that we encounter on a overlooked because of the cumbersome configuration function
daily basis, are automated attacks through viruses, Trojans and is to block outgoing traffic. It allows you to protect data before
software vulnerabilities on the victim workstation. Often, the leaving a local area network / workstation. A very important
main purpose of such attacks is to increase workstations botnet
by another network (a network of infected computers, forming a
group over which control is exercised by the creator of the
malicious software). These risks are relatively easy to detect and
disposal through the use of current software and virus definition
subscription and spyware. It should however be borne in mind
that many viruses can also lead to unstable operating system, and
even loss of data integrity on an infected machine.
Another type of external threats are coordinated direct
attacks aimed at the acquisition or modification of the data on
the victim machine. These attacks are usually performed using
security vulnerabilities 0-day type (ie. The newly disclosed
information about the vulnerability to attack), and the gaps
caused by incorrect configuration. They relate to greater extent
machines available in public IP addresses, such as servers. From
the perspective of technology, digital stations, Fig. 1. Digital communication in Power Line network as OSI model
a particular threat can be a combination of direct and automatic conception.

Modern Electric Power Systems 2015 – MEPS’15 Wroclaw, Poland – July 6-9, 2015
www.meps15.pwr.edu.pl

978-1-5090-3101-6/15/$31.00 ©2015 IEEE

function is to monitor and record the most important events in ports. This gates help intruder to connect into SS level. Using
the log. Correct firewall configuration possible to refute the IEC103, DNP, MODBUS protocols we have a little easier way
known types of attacks software patches (called. patch) - to connect of course on SS. Using IEC103, DNP, MODBUS
Amendments made available by the software manufacturer or protocols we have a little easier way to connect of course on SS.
operating system. It is very important to maintain the system and
programs possible date versions. Significant gaps due to the type
0-day, which are not known on a large scale. With time,
however, access to knowledge on how to apply such a gap
becomes simple, and the outdated version PC can easily become
the victim of the attack.
Encryption of connections - to ensure the confidentiality of
transmitted information over computer networks is
recommended to use encryption algorithms. The client-server
architecture, data is transferred in the form of ciphertext,
illegible for other than transmission sites. Especially
recommended is the use of encryption during authentication, so
that the username and password were not sent over the network
in clear text. Optionally, you can also use intrusion detection
systems (called. Intrusion Detection System) operating on the
basis of signatures (by searching the packets of data strings
Fig. 2. Communication in Ethernet network based on IEC 61850.
typical of the attacks) or heuristics (by analyzing headers and
protocols) on fragmented, ie. The combined packages. Because
defragmentation can be used only in those parts of the network III. PRESENT PROBLEMS IN
where delays are acceptable associated with it. More elaborate SMART COMMUNICATION
systems allow intrusion prevention (ang. Intrusion Prevention First problem for intruder is FO how to connect and where.
System) by responding to abnormal behavior in the network. If someone connect between RTU and IED the only access is to
Action on the basis of signatures are required by their live one bay. Potential place of attack is between SCADA and
updates. Substation. If someone will install converter in
telecommunication room or connect between SCADA and RTU
II. PRESENT PROBLEMS IN will get access to all devices. In those protocols when we
SMART COMMUNICATION sending a command nothing will be in history (maybe only trip
in system). Serial protocols implementations are lacking both the
On SS Level standard protocol is IEC 103 or DNP 3. Each
confidentiality and strong integrity guarantees to prevent
protection producer have own implementation of this standard
possible attacks on wire. If attacker connect to protocols is able
which is not always compatible with SCADA RTU’s or
to send commands, read values, send something to SCADA and
manufacturers. IEC61850 was development by the IEC
will causing disruption. Current state of these SCADA protocols
Technical Committee 57 by a group of manufacturers (ABB,
security spurred attacker to try to connect to some object. On
Alstom, Schneider, SEL, Siemens, Toshiba, etc.) and electrical
power station or industrial SCADA, best security is to isolated
utilities (Electricité de France, Iberdrola, Hydro-Quebec, etc.)
network to prevent such situation (Fig. 3). No one is checking
with the target of improving the interoperability of equipment
what is connected in telecommunication room. So serial
[6]. IEC 61850 is completely different than all protocols which
protocols are quite easy to attack and really hard to identify if
we are using on SS’s and it change everything. 61850 it’s
there was attack or not.
describe how connection should works (exchange information
between RTU-IED) (Fig. 2). In IEC 61850 we are using data Different is when we using TCP/IP communication.
object modelling to replace aspect of no significant of addresses. IEC62351 standard define security of TC57 protocols which
Modelling is based on logical Nodes (LN) which is a named works on TCP/IP. Connection over Ethernet is more secured
grouping of data associated services and everything have because communication is between client and server. It’s a first
relation to protection function or control function. For example problem for attacker to connect like a server to RTU but SAS
PTOC represents Overcurrent Protection, measurements we allows for remote access, since on substation we using separate
have in LN MMXU where we can read power, voltages, currents channel for various purposes. They are using it to remotely
etc. Protocol works on standard TCP IP protocol so on standard access and manage data or make settings correction.
network connection like in home. It have more advantage than
defects. Ethernet protocols are easy in implementation and for It’s less secure access to substation using engineering
cybersecurity we can use algorithms like in bank or standard channel because this network mostly is not isolated even is
Ethernet networks (Fig. 1). connected to standard industry network with limited access. In
existing remote access IED offer password but on most
Security threats to connect into Substation system can be substations is the same like “000000, AAAA, aaaa, 1234”. In
divided into two parts based on physical and cyber assets. most companies password is good know for everyone. The only
Physical assets are the hardware like GSM Modems, wireless way to disable access for some individuals is changing password
Router, some Bluetooth sticks. Also IED connected somewhere in some period of time.
on SS. Cyber assets are some software, gate in firewall, open
 Most IEDs/RTU using role based authentication. In
conclusion when we using protocols working on standard
IEC62351 for security we can use many possibilities to secure
access like Active Directory rights and authentication users.
Intruder mostly will try to connect over serial protocols (Fig. 4)
or using remote maintenance connection its mostly less secure
and employees don’t care about who have access.
IV. SAFETY FEATURES
AND DETECTION OF ATTACKS
Increased automation and communication within smart grids
certainly comes with many benefits, but it is not devoid of flaws,
either – due to the availability of the ICT technology in a new,
hitherto unknown (for such solutions) branch of industry, there
will surely be individuals willing to test their skills and abilities,
which will translate into these grids’ increased vulnerability to
attacks. Ensuring years of proper functionality of such grids,
their safety and protection from cyber-criminals or hackers
attack becomes a serious problem [7]. Resources protected in
smart power grids are: access to management software,
inventory of computer equipment, company’s data, personnel
(including a list of ICT/AMI specialists), documentation of
metering equipment, like e.g. access to the ERP (Enterprise
Resource Planning) system and company’s critical data: data
concerning contractors, commercial information, data
endangering the positive image, ways of unauthorized access,
the so-called Information Security Policy [8]. In summary,
attacks on smart power grids can be divided as follows:
a) by the attack location in the power supplier infrastructure:
• attack on AMI devices (main meters),
• attack on the data transmission medium, intermediate
devices (active and passive),
• attack on the operator’s datacenter (extortion of
passwords and access to services by use of various
Fig. 3. Example diagram of information flow in SCADA systems using IEC 61850.
techniques, even bordering on social engineering, attack
on access control servers, databases, warehouses and
permissions).
b) by the target and scale of a potential attack:
• attack on a single client [9],
• attack on the functionality of the entire system or its
significant portion [10].
Transformation of the current grid structure into a smart grid
necessitates a series of novel security solutions borrowed from
already used ones. Typical problems of modern computing
include hacking, data theft, and even cyberterrorism, which will
sooner or later also affect power grids. Introduction of smart
power grids through installation of remote reading meters,
electronic grid elements, construction of new information
systems consisting of data on energy usage causes energeticists
many new security-related problems.
A complex multi-layered security system requires an overall
concept of providing information security. Security in Smart
Grid can be divided into three groups:
a) by the continuity and security of services:
• ensuring continued electrical energy supply at a
contractually guaranteed level, binding the supplier and
customer (it also concerns cases of bidirectional energy
transfer – smart grids with the participation of prosumer),
• ensuring confidentiality of information on clients and
security of statistical data generated by them, such as
“consumption amount”, time of the greatest energy
demand or its total absence,
• security related to energy distribution management
process, and telemetry and personal data protection in
datacenters,
b) by security class:
• protection from unauthorized access to digital data
transmission media and physical security of devices in
intermediate stations,
• protection of end-use telemetric devices from
unauthorized access, transmission disruption or complete
lock of their activities,
• analytical optimization models and decision-making
processes,
c) by policy:
• data access policy – user authorization, permission
management,
• management security policy – investment processes’
principles and rules,
• system security policy – reaction to incidents, managing
confidential information like passwords, cryptographic
keys.
Making an ICT power grid available for the needs of external
users is a potential source of threat. It is necessary to separate
information transferred for the needs of the power sector to the
eternal traffic. Moreover, the administrative and office traffic
should also be separated from traffic related to remote
supervision over energy facilities. The most commonly
encountered problems related to incorrect grid architecture
design and its management are:
• lack of proper security architecture,
• errors in information security management,
• software errors,
• human errors and intentional actions,
• insufficient security monitoring.
The most common threats to information systems include:
• blocking access to a service,
• hacking into an information system’s infrastructure,
• data loss,
• data theft,
• confidential data disclosure,
Fig. 4. Communication via RS485.
Fig. 5. Exchange communication in SNMP version no 3.
• information falsification,
• software code theft,
• hardware theft,
• damage to computer systems [11].
V. GOOD PRACTICES IN SECURE
OF LOW/MEDIUM VOLTAGE POWERLINE NETWORK
In order to ensure safety, monitoring network traffic must be
taken into account in policy. For this purpose, you can use event
logs obtained from the previously described firewall. More
complex and more filtered information is available through
intrusion detection system (IDS), which greatly facilitates the
observation of anomalies in network traffic.
In the case of active network devices, ie. Network switches,
you should use the solutions divisions, with trouble reporting
software, eg. This facilitates diagnosis in case of incorrect
operation of the network and significantly reduces the time to
solve the problem.
In order to verify proper operation in / in mechanisms should
periodically perform penetration tests involving the simulation
of attacks and system errors. In this way, you can get information
whether all known methods of attacks are captured by network
protection mechanisms.
SNMP assumes the existence of two types of devices in a
managed network: managing and managed. The device
(computer) is the manager (called NMS - Network Management
Station) when it is running the appropriate program manager
SNMP (SNMP manager). The device is managed if the program
runs on an SNMP agent. Advantages and disadvantages. SNMP
is currently the most popular protocol for managing networks
(Fig. 5).
Its popularity is due to the following advantages:
• relatively small additional load on the network
generated by the protocol itself,
Fig. 6. ITC security functional diagram of Smart Grid.
• a small amount of custom commands lowers the cost of
devices supporting it,
• low costs implementation to operation.
The main disadvantage of SNMP: inability to ensure the
security of transmitted data (SNMP first and second version).
Below are listed the main safety functions
telecommunication devices in digital communications used
SNMP compatible with IEC 61850 (IEC 61850-3 IEEE 1613)
[12]: Protection - Miss-wiring avoidance, Repowered auto ring
restore (node failure protection), Loop protection. System Log -
Support System log record and remote system log server. DHCP
- Provide DHCP Client/ DHCP Server/DHCP Option 82/Port
based&VLAN based DHCP distribution (DHCP relay agent).
MAC based DHCP Server - Assign IP address by Mac that can
include dumb switch in DHCP network. DNS - Provide DNS
client feature and support Primary and Secondary DNS server.
Goose monitoring - Show individual Goose TX / RX counter
(IEC packets). Environmental Monitoring - Internal sensor to
detect temperature, voltage, current, total PoE budget (IPGS-
5400-2P-PT) and send SNMP traps and emails if any abnormal
events. Factory reset button & watch dog design - Factory
reset button to restore back to factory default settings. Watch dog
design can reboot switch automatically under certain
circumstances. Configuration backup and restore - Supports
text editable configuration files for system quick installation to
backup and restore.
With knowledge of the ICT network administration, a bit of
time and desire in a few steps, we can definitely increase the
security of our, own network. The basic functions and also the
mechanisms of defense against intruders (Fig. 6, red padlock),
can be the following:
Default Username and Password: the default
username/password set by the manufacturer, allowing access to
the configuration router, should be changed and should be set
strong enough to prevent unauthorized access to our home. The
attacker will firstly attempt to enter its default password for our
model, and in turn will make the password he used in other
models or similar devices in its class.
SSID: the default Service Set Identifier (SSID) is the name
of the network and uniquely identifies a particular network and
wireless devices must know the SSID of the wireless network to
connect to that network. Manufacturers set the default SSID that
identifies the device (name betrays their potentially default
passwords). SSID is sent in plain text, so it can be easily
overheard using sniffers, because SSID cannot be treated as
protection of network. Some believe that the SSID broadcast
should be excluded to impede unauthorized use of the network
users. However, this does not improve the security of the
network because the SSID is sent by any authorized station when
connecting to an access point, and can then be eavesdropped.
Not only that, when dispreading off SSID network is vulnerable
to masquerading as an access point person with evil intentions,
so that the data users of the network may be in danger [13].
Wireless Security: there are three types of wireless security
on routers or access points:
• WEP (Wired Equivalent Privacy),
• WPA (Wi-Fi Protected Access),
• WPA2 (Wi-Fi Protected Access 2).
It is always advisable to use WPA2 encryption CCMP/AES,
which is the safest option if WPA2 is not supported by the router,
WPA with TKIP/RC4 is an alternative, but WEP is less secure
option and should be avoided because it is as secure as hard to
break. WPA may use mode:
• Enterprise – uses a RADIUS server (for business use),
which assigns the keys to the right users,
• Personal – does not share the keys to individual users, all
connected stations use a shared key PSK (Pre-Shared
Key) – it used, e.g. in the HAN or Wi-Fi.
Limit Network Coverage: it is always advisable to limit the
broadcast coverage of a network to prevent the intruders from
gaining access to a home network.
Disable Remote Management: this feature should be
disabled on the router to prevent intruders from accessing and
changing the configuration of the router. If remote
administration is necessary, it should be realized via non-
standard ports.
Firmware Update: one should check to see if there is a new
firmware version for the router. After the security configuration
in the router, one should make a copy of the settings and store it
in a safe place in case of a forced device settings reset.
Static DHCP reserved IP addresses: since a router should
assign a private IP address to a particular device to share the
Internet connection using a DHCP concept, the reserved IP
address should be limited, so that a router can’t assign an IP
address to any device which is trying to get un-authorized access
to a home network, the number of IP addresses reserved should
be as many as the number of devices in need of internet access
within a home network. An additional difficulty is to change
from the classic network addressing Class C to Class A or B with
a very unique and unusual subnet mask of the initial and final
subnet address broadcast address.
Network Filter: enabling Media Access Control address
filtering in a router whose prevents unauthorized client from
getting right IP address and join this network. Devices with
addresses that are not included in the filter list addresses, will be
Fig. 7. Substation automation architecture with possibility of access.
dropped, and device which wants to establish a connection
cannot access transmission medium. In addition, this
information and the MAC address of the device, along with the
date and result of the events will be save in logs of router.
Universal plug and play (UPnP): this feature allows
network devices to discover and establish communication with
each other on the network, this feature makes the initial network
configuration easy but it should be disabled when not needed
because a malware within a network could use UPnP to open a
loop hole in a router firewall to let intruders in.
Turn-On Firewall: a router has an inbuilt firewall which
should be activated and configured properly to allow authorized
users to access a home network, it is advisable to create a black
list for unauthorized websites, services etc. Also a firewall
should be configured not to reply to ping requests to prevent
exposing a home network to intruders, thus firewall should be
used to control both incoming and outgoing traffic.
Network Management Tool: an efficient network
management tool can be used to monitor and manage a network
and prevent intruders from having an unauthorized access to a
network. Some other security measures are advisable to disable
remote upgrade, unnecessary services and Demilitarized Zone
(DMZ) features in a router. One should change passwords
frequently on all networking devices and make it strong enough,
so that it cannot be easily guessed by an intruder [14].
In order to maintain a high level of security, it is necessary
to observe predefined procedures and security policies. A grid
of meters and concentrators starts to look more and more like a
traditional corporate network, which means that similar security
measures can be put in place, including systems for intruder
detection, access control and event monitoring. Especially
vulnerable to packet data attacks are concentrators which,
connected to Ethernet switches, utilize the commonly used
TCP/IP protocol [15].
 VI. CONCLUSION
It is quite a challenge to protect each and every one of
extensive distribution systems, with cyberterrorism becoming
a particularly serious problem. These days, destroying important
objects (factories and power plants, but also computer databases)
does not require significant power or resources. Examples show
that a single person with proper knowledge and access to
computer technology is able to perform a successful attack on
a power grid. Additionally, cyberterrorism is cheap, it does not
put the perpetrator in immediate danger and can be catastrophic
in results. By disrupting the operation of banking computer
systems, a cyberterrorist could cause a collapse of the world
economy. By introducing false data into systems managing a
military, power and fuel infrastructure, they could initiate
explosions of pipelines, demolition of water intakes and
destruction of nuclear power plants [16].
In the future, an important role in this areas, will be
realization of infrastructure and delivering preconfigured
devices by Internet Service Provider. With time, we can except
more auto-configuration devices. Which at least in part allow
simple configurations. Unfortunately, in many cases, this
solution will not provide an adequate level of security. There are
many methods to ensure safety. Even the very simple solutions
such as changing the default password or hiding the name of the
wireless network are able to fend off the novice attacker. On the
other hand, we cannot require that each user is a specialist in the
range of telecommunications or computer science. Thus, in the
next ten years, the electricity supplier will need specialists who
possess the practical skills and IT knowledge, which may be
used in the energy sector. Smart Grid ICT specialists will take
care of not only the home devices configuration or running such
systems in Local Area Networks, but also taking care of widely
understood security in the information transmission in the
Metropolitan Area Network or Wide Area Network. A separate
group, will specialise in databases, computer networks, business
analysis layers and complex Enterprise Resource Planning
systems. Moreover, it becoming increasingly important to
ensure data verification, reliability and security. In order to
decrease the amount of incorrect data grids are secured from
hackingers attacks. Security policy procedures, that hamper the
work of normal application users, are constantly added to. It is
not difficult to predict the consequences of such security
policies.
The project network or system can be divided into three
stages: design, implementation and use. For each of them there
is a recommendation, consistent with a high grade of safety. In
the design stage, be sure to use only the required hardware and
software. Redundancy (except for redundancy links, used to
provide high availability and reliability) promotes the formation
of additional security vulnerabilities in the system. Unused
services should remain disabled or blocked by a firewall. When
you assign user rights to be reduced to a minimum. In addition,
the network should be designed to limit the ability to connect
foreign devices, eg. By disabling unused ports, network
switches and requiring authorization to change the settings
above mentioned. Similarly, in the case of workstations and
servers, turn off all unused interfaces that can facilitate such
intrusion. USB, FireWire or Bluetooth. At the design, network
monitoring mechanisms, such as the aforementioned firewall,
intrusion detection, etc. stage should be included. Access to
services should also be limited to only those parts of the
network where it is necessary (Fig. 7). Same services should be
started with the lowest possible privileges. A common mistake
is to run all services with administrator privileges, even when it
is not required. A very important aspect of security is that its
structure to make it convenient for the user and not encouraged
him to bypass security to "go for shortcuts." Implementation
phase should possibly be carried out in accordance with project
documentation and in the event of any discrepancy any changes
must be documented and included in the policy. Frequently
overlooked and forgotten in the use phase is the continuous
replenishment of documentation and security policy. Operating
stage beyond the use of computer systems and networks should
take into account the aforementioned network monitoring,
tracking anomalies, including conducting periodic penetration
testing to find possible gaps use it attacker.
ACKNOWLEDGMENT
This paper was realized within NCBR project:
ERA-NET, No 1/SMARTGRIDS/2014, acronym SALVAGE. "Cyber-Physical
Security for the Low-Voltage Grids"
REFERENCES
[1] G. Clarke, D. Reynders, “Practical Modern Scada Protocols: Dnp3,
60870.5 and Related Systems.” Newnes. pp. 47–51.
[2] 1815-2012–IEEE Standard for Electric Power Systems
CommunicationsDistributed Network Protocol (DNP3). 2012.
[3] Core IEC standards, IEC 61850: Power Utility Automation., IEC
62351:Security.Available: http:// www.iec.ch/smartgrid/standards/.
[4] Telecontrol Equipment and Systems-Part 5-104: Transmission Protocols-
Network Access for IEC 60870-5-101 Using Standard Transport
Profiles,IEC Standard 60870, 2006.
[5] IEC Telecontrol Equipment and Systems–Part 5-101: Transmission
Protocols–Companion Standard for Basic Telecontrol Tasks,IEC
Standard 60870, 2003.
[6] IEC Standard TC57. [Online]. Available: www.tc57.iec.ch
[7] C. Xavier, Power Line Communications in Practice, ArtechHouse 2006.
[8] K. Billewicz, Problematyka bezpieczeĔstwa informatycznego w
inteligentnych sieciach., Instytut Energoelektryki Politechnika
Wrocáawska, 2012.
[9] A.T. Kearney GmbH, Raport Technologiczny, Infrastruktura Sieci
Domowej (ISD) w ramach Inteligentnych Sieci / HAN within Smart
Grids., 2012.
[10] M. J. Cronin. “Smart Products, Smarter Services. Stratiegies for
Embedded Control”, cambrige University Press, 2010.
[11] K. Billewicz, “Smart Metering. Inteligentny system pomiarowy.”, Instytut
Energoelektryki Politechnika Wrocáawska,
Wydawnictwo Naukowe PWN, 2012.
[12] Lantech documentation of Industrial IEC 61850-3 Switches
http://www.lantechcom.tw/global/eng/IGS-5400-2P-PT.html
[13] W. Lewis, “LAN Switching and Wireless: CCNA Exploration
Companion Guide (Cisco Networking Academy Program),” Cisco Press
2008.
[14] R.C. Parks, “Advanced Metering Infrastructure – Security
Considerations,” Sandia Report, Sandia National Laboratories, November
2007.
[15] T. Flick, J. Morehouse, “Securing the Smart Grid. Next Generation Power
Grid Security,” Elsevier Inc. 2011.
[16] A. Fronczak, P. Fronczak, ĝwiat sieci záoĪonych. Od fizyki do Internetu.
Wydawnictwo PWN, 2009 r.