An Introduction to Buildings Cybersecurity

Framework
Michael Mylrea, Sri Nikhil Gupta Gourisetti, Member, IEEE, Andrew Nicholls
Pacific Northwest National Laboratory
michael.mylrea@pnnl.gov, srinikhil.gourisetti@pnnl.gov, andrew.nicholls@pnnl.gov

Abstract—This paper presents an introduction to the product of a collaborated effort between the U.S. Department
Buildings Cybersecurity Framework (BCF). The BCF provides of Energy’s Pacific Northwest National Laboratory and
the organizations with a set of cybersecurity best practices, EERE’s Building Technologies Office. BCF applies to six of
policies and procedures to improve their cybersecurity posture; the sixteen critical infrastructure sectors designated by the
defines structured methodologies to interact cybersecurity
Department of Homeland Security, including commercial
activities and outcomes from the executive to operations levels.
The foundation of the BCF core is based on five core elements facilities (e.g., public assembly, offices, lodging), financial
defined by the National Institute of Standards and Technology services (e.g., banking and insurance), government facilities,
(NIST) Cybersecurity Framework: Identify, Protect, Detect, healthcare and public health, emergency services (e.g., fire
Respond and Recover. Those five core elements were crafted to and police stations), and information technology. Information
address evolving cybersecurity threats and vulnerabilities. With Technology (IT) is the backbone of all businesses and some of
the BCF, an organization will be able to: assess their target the critical IT applications include managing critical data,
cybersecurity state and current cybersecurity posture; identify controlling physical processes such as the power grid [2].
and prioritize improvement opportunities and necessary actions Therefore, securing the IT infrastructure and the (OT)
by continuous and repeatable process; assess progress towards
networked devices is imperative in securing the building.
the target state; and communicate cybersecurity risk among
internal and external stakeholders. This paper is a miniature of The Buildings Cybersecurity Framework (BCF) provides
the ~100-page Buildings Cybersecurity Framework, and the goal general guidance to building owners and operators to identify
of this paper is to explicate the applicability of BCF in different and implement a cybersecurity risk management strategy to
types of buildings such as Residential, Small Commercial, Large secure critical buildings Information Technology (IT) and
Commercial, and Federal buildings. Note that the framework Operational Technology (OT). To realize this goal, the
itself is a detailed version of the various aspects discussed in this framework provides insight into common vulnerabilities,
paper. threats, and potential impacts from cyber-attacks. Securing
buildings from emerging cyber threats is a process, not an end
Keywords—Buildings; Cybersecurity; Connected Buildings;
NIST; Identify; Protect; Detect; Respond; Recover
state. This process requires incorporating cybersecurity best
policies, practices, and procedures. The Framework provides
case studies and illustrations highlighting common cyber
I. INTRODUCTION threats, vulnerabilities, and mitigation recommendations to
Smart buildings are increasingly adopting automation and reduce these vulnerabilities, ensure service reliability, and
connecting to the Internet, creating an energy-internet-of- manage cyber risk.
things (EIOT) environment that converges operational The national opportunity and challenge to secure buildings
technology (OT) and information technology (IT). Today, from emerging cyber threats cannot be overstated. The recent
buildings increasingly weave together networked sensors and documented findings in government reports [3]–[9], indicate
cyber and physical systems that enable big data to be the growing threat of physical and cyber-based attacks on
collected, aggregated, exchanged, stored and monetized in electric grids and other critical infrastructure systems [10].
new ways. Building technological advances have created new Buildings technology is increasingly digitized and connected
energy technology, services, markets and value creation to cyberspace, enabling new opportunities to increase
opportunities (e.g. transactive energy, two-way grid interoperability, connectivity, and energy efficiency, and to
communications, machine learning, and increased use of use renewable energy. The nation’s 5.6 million commercial
renewable and distributed energy resources). But as larger data buildings use 19% and 36% of the nation’s primary energy
sets are being exchanged at faster speeds between an and electricity use, respectively; Department of Energy’s
increasing number of nodes, it becomes more difficult to (DOE’s) goal is to improve energy use per square foot in this
protect the security of the data life cycle. These challenges are sector by 30% by 2030, relative to 2010 [11]. Achieving this
especially difficult to overcome because the economic and goal requires the secure development, deployment, and
environmental gain (interoperability, big data, social networks management of advanced building technology that is
and ubiquitous information sharing) are driving these increasingly connected to the Internet and vulnerable to
prominent trends in the digital age—not cybersecurity. emerging cyber threats.
The Buildings Cybersecurity Framework (BCF) [1] is a As the National Academies recently observed: “These
systems provide critical services that allow a building to meet
This study has been conducted at the Pacific Northwest National the functional and operational needs of building occupants, but
Laboratory is operated for the U. S. Department of Energy by the Battelle
Memorial Institute under Contract DE-AC05-75RL01830.
they can also be easy targets for hackers and people with owners and operators to manage their cyber risk through
malicious intent. As these systems are becoming more adoption of The Framework for Improving Critical
connected, so is their vulnerability to potential cyber-attacks.” Infrastructure Cybersecurity (EO 13636) developed by the
Connectivity offers a tremendous opportunity for realizing our National Institute of Standards and Technology (NIST) in
nation’s energy efficiency and renewable energy goals, but at February 2014 [19].
the cost of increased cyber risk to our buildings. Cyber threats BCF provides a voluntary risk-based Cybersecurity
and vulnerabilities, or even the perception of the increased risk Framework—a set of industry standards and best practices to
they present, could hinder the adoption of smart, connected help building owners and operators better manage
technology in buildings. For example, converting an electric cybersecurity risks. BCF provides a common taxonomy and
grid into smart grid incorporates smart metering and load mechanism for buildings stakeholders to
management, which leads to high risk of user and corporate
privacy by making things easily accessible and available to • describe their current cybersecurity posture,
anyone; may motivate an attack on the power grid [12]-[16] • describe their target state for cybersecurity,
(an attacker reducing electricity bill). While increasing
cybersecurity awareness and risk management is essential, • identify and prioritize opportunities for improvement
buildings vary greatly in the technology they deploy and the within the context of a continuous and repeatable process,
resources available to protect it. • assess progress toward the target state, and
In response, DOE’s Building Technologies Office
developed the Framework to provide easy to follow general • communicate among internal and external stakeholders
guidance, drawn from the National Institute of Standards and about cybersecurity risk
Technology (NIST) Cybersecurity Framework and a wide
B. BCF Features
variety of industry best practices and guidance documents
(i.e., NIST 800 series, DoD United Facilities Criteria) [17]. • Practices, policies, procedures to guide cybersecurity
The Framework will facilitate buildings cybersecurity risk activities & an organization’s risk management processes.
management efforts and help increase an organization’s
cybersecurity posture by identifying security gaps and • Detailed cybersecurity activities, outcomes, and
providing energy managers and buildings personnel actionable informative references, providing detailed guidance for
guidance to help secure their buildings from various developing individual organizational risk profiles.
cybersecurity vulnerabilities and evolving cyber threats. The
• Checklists and use cases to help building stakeholders
BCF is not a one-size-fits-all approach to managing
align their cybersecurity activities with their business
cybersecurity risk for buildings. Buildings will continue to
requirements, risk tolerances, and resources.
have unique cyber risks—different threats, vulnerabilities, and
risk tolerances. While resources will help determine how users • Case studies providing real world examples of how to
implement the BCF, it will help organizations determine implement the best practices found in each chapter.
activities that are important to critical service delivery and
prioritize investments to maximize the effectiveness of C. BCF Applications
security investments. The Buildings Cybersecurity Framework complements,
but does not replace, an organization’s existing risk
II. BUILDINGS CYBERSECURITY FRAMEWORK management process and cybersecurity program. Building
owners and operators can use their current processes and
A. BCF Overview leverage the Framework to identify opportunities to strengthen
The BCF (also available as a web tool at cf.pnnl.gov) their cybersecurity risk management and adopt industry best
provides five concurrent and continuous functions (which can practices. Alternatively, an organization without an existing
also be referred as Domains) to Identify, Protect, Detect, cybersecurity program can use the Framework as a reference
Respond, and Recover from cyber threats and vulnerabilities to establish one.
to buildings. When considered together, these functions
provide a high-level, strategic view of the lifecycle of an III. CRITICAL DOMAINS OF BCF
organization’s cybersecurity risk management. The Following the core approach of the NIST Cybersecurity
Framework, provides an easy to follow set of cybersecurity Framework, the BCF provides actionable functions that can be
best practices, policies, and procedures to improve the easily adopted by an organization operator to enhance the
cybersecurity posture of our nation’s buildings. The organization security. The essence is captured in a set of
Framework is also designed to facilitate communication of “how-to” instructions for organization operators to adopt,
cybersecurity activities and outcomes across the organization adapt, and apply to their respective organizations. BCF Core
from the executive to operations levels. Functions are defined in Fig. 1.
The BCF helps to realize the goals of the Presidential Those Functions are not intended to form a serial path, or
Executive Order (EO) on Strengthening the Cybersecurity of lead to a static desired end state. Rather, the functions can be
Federal Networks and Critical Infrastructure (May 2017) [18], performed concurrently and continuously to form an
which calls on Federal agencies and critical infrastructure operational culture to address the dynamic cybersecurity risk.
 3) Governance: The policies, procedures, and processes to
manage and monitor the organization’s regulatory, legal, risk,
environmental and opeartional requirements are understood
and inform the management of cybersecurity risk.
4) Risk Assessment: The organization understands the
cybersecurity risk to organizational operations (including
mission, functions, image, or reputation), organizational
Fig. 1. Outline of Buildings Cybersecurity Framework assets, and individuals.
5) Risk Management Strategy: The organization’s
A. Identify priorities, constraints, risk tolerances, and asumptions are
The goal of this function is to identify cyber risks and established and used to support operational risk decisions.
vulnerabilities and to then develop the organizational capacity 6) Supply Chain Risk Management: The organization’s
to manage cybersecurity risk to systems, assets, data, and priorities, constraints, risk tolerances, and assumptions are
capabilities. In other word, the objective is to identify and established and used to support risk decisions associated with
inventory critical cyber assets (CCAs) and develop the managing supply chain risk. The organization has in place the
organizational capacity to manage cybersecurity risk to processes to identify, assess and manage supply chain risks.
systems, assets, data and capabilities. CCAs (an illustration is
shown in Fig. 2) are distinctively defined as Information B. Protect
Technology (IT) and Operational Technology (OT) that are The goal of this function is to protect assets by introducing
connected to the operation of the organization and associated building operators to cyber protection techniques, as shown in
organizational goals. To realize the goal, various risk framing Fig. 3, that enable risk control through risk avoidance. Protect
techniques are described to develop a risk characterization will help operators develop and implement the appropriate
matrix. Activities in the Identify domain help building safeguards to increase a building’s cybersecurity posture. The
operators focus and prioritize efforts, consistent with its risk Protect Function supports the ability to limit or contain the
management strategy and business needs. The six key impact of a potential cybersecurity event. The six core
elements of this function are: Asset Management, Business elements of this function are: Identify Management Access
Environment, Governance, Risk Assessment, Risk
Control, Awareness and Training, Data Security, Information
Management Strategy and Supply Chain Risk Management.
Protection Processes and Procedures, Maintenance, and
Protective Technology.
1) Identify Management and Access Control: Access to
physical and logical assets and associated facilities is limited
to authorize users, processes, and devices, and is managed
consistent with the assessed risk of unauthorized access.
2) Awareness and Training: The organization’s personnel
and partners are provided cybersecurity awareness education
and are adequately trained to perform their information
security-related duties and responsibilities consistent with
related policies, procedures and agreements.
3) Data Security: Information and records (data) are
managed consistent with the organization’s risk strategy to
protect the confidentiality, integrity, and availability of
information.
4) Information Protection Processes and Procedures:
Security policies (that address purpose, scope, roles,
responsibilities, management commitment, and coordination
among organizational entities), processes, and procedures are
Fig. 2. Illustration of Common Critical Cyber Asssets Found in Buildings maintained and used to manage protection of information
1) Asset Management: The data, personnel, devices, systems and assets.
systems, and facilities that enable the organization to achieve 5) Maintenance: Maintenance and repairs of industrial
business purposes are identified and managed consistent with control and information system components is performed
their relative importance to business objectives and the consistent with policies and procedures.
organization’s risk strategy. 6) Protective Technology: Technical security solutions are
2) Business Environment: The oganization’s mission, managed to ensure the security and resilience of systems and
objectives, stakeholders, and activities are understood and assets, consistent with related policies, procedures and
prioritized; this information is used to inform cybersecurity agreements.
roles, responsibilities, and risk management decisions.
 This function defines the path towards concluding an anomaly
as a cyber-attack as depicted in Fig. 4.

Fig. 4. Detection path towards concluding an anomaly as a cyberattack

The detect function also demonstrates the need of
reference cases for the critical assets and the means to use the
reference cases to monitor for any deviations or unexpected
behavior. Fig. 5 shows an illustrative structure of a reference
case that is also often referred to as baseline.

Fig. 5. Illustrative reference case for critical asstes

1) Anomalies & Events: Anomalous activity is detected in
a timely manner. Potential impact of events is understood.
2) Security Continuous Monitoring: The information
system and assets are monitored at discrete intervals to
identify cybersecurity events and verify the effectiveness of
protective measures.
3) Detection Processes: Detection processes and
procedures are maintained and tested to ensure timely and
adequate awareness of anomalous events.
D. Respond
The goal of this function is to respond to a cyber-attack by
developing and implementing the appropriate processes to
Fig. 3. Key Protection measures to defend a building against cyber attacks effectively respond to a cybersecurity event. When both
C. Detect protection and detection techniques fail to prevent an attack,
which can be expected to occur at times, it is critical for
The goal of this function is to highlight techniques that building operators to know the best course of action to
enable the detection of malicious cyber activity. The detect minimize impact.
function enables timely discovery of cybersecurity events. The
three key elements of this function are: Anomalies and Events,
Security Continuous Monitoring, and Detection Processes.
 Respond provides building operators with methodologies
to respond to an incident. The five key elements of this
function are: Response Planning, Communication, Analysis,
Mitigation, and Improvements. Fig. 6 depicts the contents of a
response plan and Fig. 7 depicts the implementation path of a
response plan.
1) Response Planning: Response processes and
procedures are executed and maintained, to ensure timely
response to detect cybersecurity events.
2) Communication: Response activities are coordinated
with internal and external stakeholders, as appropriate, to
include external support from law enforcement agencies.
3) Analysis: Analysis is conducted to ensure adequate
response and support recovery activities.
4) Mitigation: Activities are performed to prevent
expansion of an event, mitigate its effects, and eradicate the
incident.
5) Improvements: Organizational response activities are
improved by incorporating lessons learned from current and
previous detection/response activities.
E. Recover
The goal of this function is to recover and return services
to normal operation and reduce the impact of a cybersecurity
event. Recover provides insight on the creation and
implementation of a recovery plan for building operators. This
plan will include solutions to recover compromised buildings
Fig. 6. Critical contents of a Cybersecurity Response plan assets, repair or replace damaged components, and return
services to normal operation. The three key elements of this
function are: Recovery Planning, Improvements, and
Communications.
1) Recovery Planning: Recovery processes and procedures
are executed and maintained to ensure timely restoration of
systems or assets affected by cybersecurity events.
2) Improvements: Recovery planning and processes are
improved by incorporating lessons learned into future
activities.
3) Communications: Restoration activities are coordinated
with internal and external parties, such as coordinating
centers, Internet Service Providers, owners of attacking
systems, victims, other CSIRTs, and vendors.

Key attributes of a cybersecurity response plan include, but

not limited to:
1. Perform forensic analysis and preserve evidence and
findings.
2. Isolate the infected assets or part of the network, as
needed. Ensure the continuity of as many business
processes as possible by replacing the infected assets with
off-the-shelf/backup assets.
3. Backup all data and revert the firmware/software on the
assets to previous known stable patch. Efforts should also
be made to save an image of the infected version on an
offline/off-network device for further analysis.
Fig. 7. Implementation path of a response plan post cyber intrusion detection
4. Accumulate all technical details pertaining to asset • CNSSI 1253, Security Categorization and Control
reintegration (example: configuration and connectivity Selection for National Security Systems 2014 [27]
information, third party documents/datasheets, etc.).
• Department of Defense (DoD) Instruction 8500.01,
5. Establish mission priorities as sequence of recovery and Cybersecurity [28]
asset/network reintegration depends on mission priorities.
• DoD Instruction 8510.01, Risk Management Framework
6. Ensure that the newly connected/integrated assets/patches (RMF) for DoD Information Technology (IT) [29]
do not get infected and all known vulnerabilities are
mitigated before integration. • DoD Industrial Control Systems Advanced Tactics,
Techniques and Procedures Jan 2016 [30]
7. Define and follow a sequence of reconnection –
• DoD Facility-Related Control Systems Cybersecurity
a. Identify mission commander priorities. Then identify Guidelines [17]
dependencies and develop reintegration sequence.
• National Institute of Standards and Technology Special
b. Reintegrate clean assets. Ensure that the assets are Publication 800-53 R4 Security and Privacy Controls for
infection-free. Integrate the subsystem and the Federal Information Systems and Organizations 2013 [21]
network layers.
• National Institute of Standards and Technology Special
c. Finally, the recovery phase should monitor the Publication 800-82 R2 Guide to Industrial Control Systems
reintegrated components to ensure all evidence of the
(ICS) Security 2015 [22]
cyber incident has been eliminated from the network.
• National Institute of Standards and Technology Special
8. Note that the recovery plans specific to assets can be
Publication SP 800-115 [31]
found in ICS – Servers/workstations
• Unified Facilities Criteria 3-410-01 Utility Monitoring and
IV. INHERENT FRAMEWORKS AND STANDARDS IN Control System (CS) Front End and Integration 2016
BUILDINGS CYBERSECURITY SPACE (DRAFT)
Buildings Cybersecurity framework is arranged as chapters
where each cover one of the five functions of the BCF in • Unified Facilities Criteria 3-410-02 Direct Digital Control
sequence. Each chapter includes illustrative figures and for HVAC and Other Building Control Systems [32]
visualizations that building operators can employ to make
function-specific enhancements to their buildings. In addition,
• Government Accountability Office Report 15-6 Federal
for demonstration purposes, the flowcharts are applied to Facility Cybersecurity 2014 [33]
example building models at the end of each chapter, to • DoD Handbook for Self-Assessing Security Vulnerabilities
demonstrate the use of the BCF. & Risks of Industrial Control Systems on DoD
Buildings-focused BCF was developed based on a careful Installations [34]
review and adaptation of cybersecurity best practices for
ACKNOWLEDGEMENT
buildings. The BCF core is based on the five core elements of
the NIST Cybersecurity Framework for Critical Infrastructure. The authors would like to acknowledge the editorial
In addition to the Framework, BCF provides an overlay of contribution of Sraddhanjoli Bhadra.
cyber best practice and standards documents, including: The
CONCLUSION
Buildings Cybersecurity Maturity Model (B-C2M2) [20],
NIST 800-53 R4 [21], NIST 800-82 R2 Guide to Industrial This paper provides an overview of the Buildings
Control Systems (ICS) Security 2015 [22], SANS Institute 20 Cybersecurity Framework (BCF). The BCF foundation is
Critical Security Controls [23] and DoD Facility-Related based on the National Institute of Standards and Technology
Control Systems Cybersecurity Guidelines [17]. Additional (NIST) Cybersecurity Framework for Critical Infrastructure.
guidance and best practice were also leveraged from the BCF has five major operations: identify, protect, detect,
following best practices and standards documents: respond and recover – each of which details the methodologies
to mitigate cybersecurity risk in a building. It is applicable to
• SANS Institute 20 Critical Security Controls [23] wide variety of buildings, including: residential, small,
• ISA 62443-3-3:2013 [24] medium, large commercial and federal buildings. The identify
function identifies cyber security threats and vulnerabilities.
• ISO/IEC 27001:2013 [25] Based on the identification, the protect function introduces
protection recommendations to manage cyber risk. The
• DOE Cybersecurity Capability Maturity Model [26]
detection function focuses on techniques, policies and
• DOE Buildings Cybersecurity Maturity Model [20] procedures to detect anomalies and attacks. The respond
chapter highlights, a set practices to effectively respond to
• DOE’s U.S. Department of Defense, Unified Facilities cybersecurity event. Finally, the recover function focuses on
Criteria: Cybersecurity of Facility-Related Control returning services to their normal operations and mitigate the
Systems (UFC) [17]
damage caused by the cybersecurity incident. Implementing [18] The White House, “Presidential Executive Order on Strengthning the
Cybersecurity of Federal Networks and Critical Infrastructure”, May
the BCF will help buildings stakeholders manage their cyber 2017. [Online] Available: https://www.whitehouse.gov/the-press-
risk. In addition, the BCF provides an effective process to help office/2017/05/11/presidential-executive-order-strengthening-
realize the goals of recent helps to realize the goals of the cybersecurity-federal
Presidential Executive Order (EO) on Strengthening the [19] U. S. NIST, “Framework for Improving Critical Infrastructure
Cybersecurity of Federal Networks and Critical Infrastructure Cybersecurity”, February 2014. [Online] Available: https://www.nist.
gov/sites/default/files/documents/cyberframework/cybersecurity-
(May 2017), which calls on Federal agencies and critical framework-021214.pdf
infrastructure. [20] U. S. Department of Energy, “Buildings Cybersecurity Maturity Model
(B-C2M2)”, [Online]. Available: https://bc2m2.pnnl.gov/
REFERENCES [21] U. S. NIST, “Security and Privacy Controls for Federal Information
[1] Joe Haggerman, Michael Mylrea, Sri Nikhil Gupta Gourisetti, Andrew Systems and Organizations”, Apr. 2013 [Online]. Available:
Nicholls, “Buildings Cybersecurity Framework”, PNNL-EERE Working http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
Draft (Forthcoming) 2017. 53r4.pdf
[2] H. Holm et al., “P2CySeMoL: Predictive, Probabilistic Cyber Security [22] U. S. NIST, “Guide to Industrial Control Systems (ICS) Security”, May
Modeling Language”, IEEE Transc. on Dependable and Secure 2015. [Online] Available: http://nvlpubs.nist.gov/nistpubs/Special
Computing, vol. 12, no. 6, Nov.-Dec. 1, 2015. Publications/NIST.SP.800-82r2.pdf
[3] J. Eisenhauer, P. Donnelly, M. Ellis, and M. O’Brien, “Roadmap to [23] The Center for Internet Security (CIS) Critical Security Controls V6.0
Secure Control Systems in the Energy Sector”, January 2006. [Online]. [Online]. Available: https://www.sans.org/media/critical-security-
Available: http://www.controlsystemsroadmap.net/pdfs/roadmap.pdf controls/critical-controls-poster-2016.pdf
[4] Supervisory Control and Data Acquisition (SCADA) Systems, Nat. [24] NIST Cybersecurity Framework Core: Informative Reference Standards,
Commun. Syst., Arlington, VA, Oct. 2004. [Online]. Available: April 2014 [Online]. Available: https://www.americanbar.org/content
http://www. ncs.gov/library/tech_bulletins/2004/tib_04-1.pdf /dam/aba/administrative/law_national_security/nistframework/NIST%20
[5] Critical infrastructure protection report, Government Accountability Of- Cybersecurity%20Framework%20Core%20-%20ISA%2062443-3-3-
fice, Washington, DC, May 2005. [Online]. Available: http://www.gao. 2013.authcheckdam.pdf
gov/new.items/d05434.pdf [25] ISO/IEC 27001:2013 Information technology – Security techniques –
[6] Challenges and Efforts to Secure Control Systems, Government Information security management systems – Requirements [Online].
Accountability Office, Washington, DC, Mar. 2004. [Online]. Available: Available: http://www.iso27001security.com/html/27001.html
http://www.gao.gov/new.items/d04354.pdf [26] U. S. Department of Energy and U.S. Department of Homeland Security,
[7] M. R. Permann and K. Rohde, Cyber Assessment Methods for SCADA “Cybersecurity Capability Maturity Model (C2M2)”, February 2014.
Security, Research Triangle Park, NC: Instrum. Soc. Amer. [Online]. [Online]. Available: https://energy.gov/sites/prod/files/2014/03
Available: http://www.oe.energy.gov/DocumentsandMedia/Cyber_ /f13/C2M2-v1-1_cor.pdf
Assessment_Methods_for_SCADA_Security_Mays_ISA_Paper.pdf [27] Committee of National Security Systems (CNSS), “Security
[8] R. E. Carlson, J. E. Dagle, S. A. Shamsuddin, and R. P. Evans, A Categorization and Control Selection for National Security Systems”,
Summary of Control System Security Standards Activities in the Energy March 2014 [Online]. Available: http://www.dss.mil/documents/
Sector, DC: U.S. Dept. Energy, Office Electricity Delivery Energy CNSSI_No1253.pdf
Reliab., Nat. SCADA Test Bed (NSTB), Oct. 2005. [Online]. Available: [28] U. S. Department of Defense, “DoD Program Manager’s Guidebook for
http://www.oe.energy.gov/DocumentsandMedia/Control_ Integrating the Cybersecurity Risk Management Framework (RMF) into
System_Security_Standards_Activities.pdf the System Acquisition Lifecycle”, Sept. 2015. [Online]. Available:
[9] Information Security: Technologies to Secure Federal Systems, Mar. https://www.dau.mil/tools/Lists/DAUTools/Attachments/37/DoD%20-
2004, Report to Congressional Requesters, GAO-04-467. [Online]. %20Guidebook,%20Cybersecurity%20Risk%20Management%20Frame
Available: http://www.gao.gov/new.items/d04467.pdf work,%20v1.08,%20Sep%202015.pdf
[10] C. Ten et al., “Cybersecurity for Critical Infrastructures: Attack and [29] U. S. Department of Defense Instruction, “Risk Management
Defense Modeling”, IEEE Transc. on Systems, Man, and Cybernetics – Framework (RMF) for DoD Information Technology (IT), May 2016
Part A: Systems and Humans, vol. 40, no. 4, July 2010. [Online]. Available: https://www.hsdl.org/?abstract&did=793050
[11] U.S. Department of Energy Building Technologies Office, “Multi-Year [30] U. S. Department of Defense, “Advanced Cyber Industrial Control
Program Plan”, Jan. 2016. [Online]. Available: https://energy System Tactics, Techniques, and Procedures (ACI TTP) for Department
.gov/sites/prod/files/2016/02/f29/BTO_MYPP_2016.pdf of Defense (DoD) Industrial Control Systems (ICS)”, Jan. 2016 [Online]
Available: http://www.acq.osd.mil/eie/Downloads/IE/ACI%20TTP%20
[12] J. Liu et al., “Cyber Security and Privacy Issues in Smart Grids”, IEEE for%20DoD%20ICS.pdf
Communications Surveys & Tutorials, vol. 14, no. 4.
[31] U. S. NIST, “Technical Guide to Information Security Testing and
[13] H. Khurana et al., “Smart-grid security issues”, IEEE Security &
Assessment”, Sept. 2008. [Online] Available: http://nvlpubs.nist.gov/
Privacy, vol. 8, no. 1, Jan-Feb 2010.
nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
[14] X. Li et al., “Securing smart grid: cyber attacks, countermeasures, and
[32] U. S. Department of Defense, “Unified Facilities Criteria (UFC): Direct
challenges”, IEEE Communications Magazine, vol. 50, no. 8, August
Digital Control for HVAC and Other Local Building systems”, July
2012.
2013. [Online] Available: https://www.wbdg.org/FFC/DOD/UFC/
[15] Y. Mo et al., “Cyber-Physical Security of a Smart Grid Infrastructure”, ufc_3_410_02_2012_c1.pdf
Proc. IEEE, vol. 100, no. 1, Jan. 2012.
[33] Governement Accountability Office Report, “Federal Facility
[16] U. S. NIST, “Guidelines for smart grid cyber security (vol. 1 to 3),” Cybersecurity: DHS and GSA Should Address Cyber Risk to Building
NIST IR-7628, Aug. 2010. [Online] available at: http://csrc.nist.gov/ and Access Control Systems”, Dec. 2014. [Online]. Available:
publications/PubsNISTIRs.html#NIST-IR-7628. http://www.gao.gov/assets/670/667512.pdf
[17] U. S. Department of Defense, “Unified Facilities Criteria (UFC): [34] U. S. Department of Defense, “Handbook for Self-Assessing Security
Cybersecurity of Facility-Related Control Systems”, January 2017 Vulnerabilites and Risks of Industrial Control Systems on DOD
[Online]. Available: https://www.wbdg.org/FFC/DOD/UFC/ufc_4_010 Installations”, December 2012 [Online]. Available: https://www.wbdg
_06_2016_c1.pdf .org/files/pdfs/ics_handbook.pdf