Cyber Security Governance and Management for Smart Grids in Brazilian Energy Utilities

Daniel Jardim Pardini, Astrid Maria Carneiro Heinisch, Fernando Silva Parreiras

Abstract


The event of cyber security in critical infrastructures has aroused the interest and the worry of energy utilities, government, regulatory agencies, and consumers as well as of the academic and research institutions. If on one hand it is prominent the vulnerability of the cyberspace, which augments the risk of attacks in the organizational environment, on the other hand, the research leading to alternatives for the governance and management of these critical structures are still too incipient. This study aims at building a theoretical-empirical model of cyber security governance and management and testing it along with academic experts and professionals from the energy sector. By using the Delphi method and statistics techniques for validation, an assessment instrument was developed based on both the constructs: governance and management; and nine dimensions with their respective variables that allowed for an analysis of the situation of the Brazilian energy utilities regarding the protection of their cyberspaces. The contribution of the article reaches two fronts: a conceptual and empirical one as it expands and systematizes the knowledge about aspects of the governance and management of cyberspaces; and a methodological one as it proposes measuring those dimensions in energy utilities.

Keywords


Governance, Management, Cyber Security, Operational Risk, Smart Grids

Full Text:

PDF

References


AITEL, Dave (2013). Cybersecurity Essentials for Electric Operators. The Electricity Journal, v. 26, p. 52-58.

ALLEN, Julia (2005). Governing for Enterprise Security. Pittsburgh: Carnegie Mellon University. Disponível em: . Acesso em: 15 abr. 2012.

ANSI (2009) AMERICAN NATIONAL STANDARDS INSTITUTE - ISA – 99.00.02-2009. Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program. USA, 2009.

BODEAU, Deb et al. (2010). Cyber Security Governance: A Component of MITRE’s Cyber Prep Methodology. Washington: MITRE Corporation. Disponível em: . Acesso em: 15 abr. 2012.

CEBULA, James J.; YOUNG, Lisa R. (2010). A Taxonomy of Operational Cyber Security Risks. Pittsburgh: Carnegie Mellon University. Disponível em: . Acesso em: 15 maio 2012.

COOPER, Donald R.; SCHINDLER, Pamela S. (2003). Métodos de pesquisa em administração. 7 ed. Porto Alegre: Bookman.

COUTINHO, Maurílio Pereira (2007). Detecção de Ataques em infraestruturas críticas de sistemas elétricos de potência usando técnicas inteligentes.Tese de Doutorado em Ciências em Engenharia Elétrica, Universidade UNIFEI, Itajubá.

DALLA, Werner Duarte (2008). O pensador estrategista: fatores privilegiados na tomada de decisão estratégica em pequenas e médias empresas. Dissertação de Mestrado em Administração, Faculdade de Ciências Econômicas, Universidade Federal de Minas Gerais, Belo Horizonte.

DOE - US DEPARTMENT OF ENERGY; DHS - US DEPARTMENT Of HOMELAND SECURITY (2012). Electricity Subsector – Cybersecurity Capability Maturity Model – ES-C2M2. Washington. Disponível em: . Acesso em: 2 jul. 2012.

GELLINGS, Clark W. (2009). The Smart Grid: Enabling Energy Efficiency and Demand Response. Lilburn: TFP/CRC.

HATCH, Mary Jo. (1997). Organization Theory: Modern, Symbolic and Postmodern Perspectives. 2 ed. Oxford: Oxford University Press.

ISA99 COMMITTEE ON INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS SECURITY (2012). Disponível em: . Acesso em: 21 maio 2012.

ITU-T (2008). INTERNATIONAL TELECOMUNICATION UNION: Recommendation X.1205: Overview of Cybersecurity. Geneva: ITU-T, 2008.

LOBÃO, Edison (2008). Panorama energético brasileiro. Brasília: Ministério de Minas e Energia.

MESQUITA, José Marcos Carvalho de (2010). Estatística Multivariada Aplicada à Administração. Guia Prático para utilização do SPSS. Curitiba: CRV.

MIT (2011) The Future of the Electric Grid: An Interdisciplinary MIT Study. Cambridge: MASSACHUSETS INSTITUTE OF TECHNOLOGY -MIT.

MOMOH, James (2012). Smart Grid: Fundamentals of Design and Analysis. Piscataway: IEEE Press; Wiley.

NIST (2010). NISTIR 7628: Guidelines for Smart Grid Cyber Security National Institute of Standards and Technology Interagency Report 7628. Gaithersburg: Department of Commerce/NIST. Disponível em: . Acesso em: 4 fev. 2011.

OCDE (2003). Latin American White Paper on Corporate Governance. Disponível em: . Acesso em: 25 out. 2012

OCDE (2004). Os Princípios da OCDE sobre o Governo das Sociedades. Disponível em: .Acesso em: 25 out. 2012.

OCDE (2005). Diretrizes da OCDE sobre Governança Corporativa para Empresas de Controle Estatal.

ROTH, Ana Lúcia et al.(2012). Diferenças e inter-relações dos conceitos de governança e gestão de redes horizontais de empresas: contribuições para o campo de estudos. Revista de Administração da Universidade de São Paulo – RAUSP, v. 47, n. 1, p. 112-123.

SOREBO, Gilbert N.; ECHOLS, Michael C. (2012). Smart Grid Security: An End-to-End View of Security in the New Electrical Grid. Boca Raton: CRC Press.

TURNBULL, Shann (1997). Corporate Governance: Its Scope, Concerns and Theories. Scholarly Research and Theory Papers, v. 5, n. 4.

WRIGHT, James Terence Coulter; GIOVANAZZO, Renata Alves (2000). Delphi: uma Ferramenta de Apoio ao Planejamento Prospectivo. Caderno de Pesquisa em Administração, São Paulo, FIA/FEA/USP, v. 1, n. 12, p. 54-65.




DOI: http://dx.doi.org/10.4301/S1807-17752017000300006

Copyright (c) 2018 Journal of Information Systems and Technology Management

Licensed under