against human error automatically raises the barrier against malicious attack.

•   Investment in process and personnel must be a priority. There has been a serious lack of investment in power system infrastructure in recent years, and market-based priorities are unlikely to support strategically increasing security in power systems. Cyber security, like the reliability of the grid, probably has to be mandated by the FERC/ERO process, which usually means that the mandatory standard (i.e., the minimum required) will lag behind best practices. Because cyber security weaknesses tend to provide highly opportunistic windows for would-be attackers, and mandatory standards processes tend to be slow, the industry must continue to look for ways to facilitate rapid and the reliable implementation of security upgrades and patches and to ensure that its personnel are well trained and applying best practices. Simply conforming to the last round of standards will often not be sufficient to provide adequate protection.


AGA (American Gas Association). AGA-12 Cryptographic Protection of SCADA Communications. Available at Accessed August 2007.

Amin, M. 2000. “Toward Self-Healing Infrastructure Systems.” IEEE Computer Magazine 33(8): 44-53.

Amin, M. 2001. “Toward Self-Healing Energy Infrastructure Systems.” IEEE Computer Applications in Power Magazine 14(1): 20-28.

Amin, M. 2001 and 2002. Special issues on control of complex networks. IEEE Control Systems Magazine 21(6) and 22(1).

Amin, M. 2002. “Security Challenges for the Electricity Infrastructure.” IEEE Computer Magazine 35(4)(Part Supplement): 8-10.

Amin, M. 2003. “North America’s Electricity Infrastructure: Are We Ready for More Perfect Storms?” IEEE Security and Privacy Magazine 1(5): 19-25.

Amin, M. 2004a. “Balancing Market Priorities with Security Issues: Interconnected System Operations and Control Under the Restructured Electricity Enterprise.” IEEE Power and Energy Magazine 2(4): 30-38.

Amin, M. 2004b. “Electricity.” Pp. 116-140 in Digital Infrastructures: Enabling Civil and Environmental Systems Through Information Technology, R. Zimmerman and T.A. Horan, eds. London, U.K.: Routledge.

Amin, M. 2004c. “North American Electricity Infrastructure: System Security, Quality, Reliability, Availability, and Efficiency Challenges and their Societal Impacts.” chapter 2 in National Science Foundation (NSF), Continuing Crises in National Transmission Infrastructure: Impacts and Options for Modernization. Arlington, Va.: NSF.

Amin, M. 2005a. “Energy Infrastructure Defense Systems.” Proceedings of the IEEE 93(5): 861-875.

Amin, M. 2005b. “Scanning the Issue.” Proceedings of the IEEE 93(5): 855-860.

Amin, M. 2005c. Special issue on energy infrastructure defense systems. Proceedings of the IEEE. May.

Amin, M., and C.W. Gellings. 2006. “The North American Power Delivery System: Balancing Market Restructuring and Environmental Economics with Infrastructure Security.” Energy 31(6-7): 967-999.

DHS (U.S. Department of Homeland Security). 2006. “National Infrastructure Protection Plan.” June. Available at Accessed August 2007.

DOE (U.S. Department of Energy). 2002. “National Transmission Grid Study.” Available at Accessed August 2007.

DOE. 2003. “Annual Energy Outlook 2003.” Energy Information Administration.

Dy Liacco, T.E. 1967. “The Adaptive Reliability Control System.” IEEE Transactions on Power Apparatus and Systems 86(5): 517-531.

Eisenhauer, J., P. Donnelly, M. Ellis, and M. O’Brien. 2006. “Roadmap to Secure Control Systems in the Energy Sector.” Report prepared by Energetics Incorporated, Columbia, Md., sponsored by the U.S. Department of Energy and the U.S. Department of Homeland Security in collaboration with Natural Resources Canada, January. Available at

EPRI (Electric Power Research Institute). 1999. Electricity Technology Roadmap: 1999 Summary and Synthesis. Technical Report CI-112677-V1. 160 pp. Palo Alto, Calif.: EPRI.

EPRI. 2000. Communication Security Assessment for the United States Electric Utility Infrastructure. EPRI Report 1001174. Palo Alto, Calif.: EPRI.

EPRI. 2001. Electricity Infrastructure Security Assessment. Vol. I-II. Palo Alto, Calif.: EPRI.

EPRI. 2003a. Complex Interactive Networks/Systems Initiative: Final Summary Report—Overview and Summary Final Report for Joint EPRI and U.S. Department of Defense University Research Initiative. Palo Alto, Calif.: EPRI, 155 pp.

EPRI. 2003b. Electricity Technology Roadmap: Synthesis Module on Power Delivery System and Electricity Markets of the Future. Palo Alto, Calif.: EPRI.

EPRI. 2004. Supervisory Control and Data Acquisition (SCADA) Systems Security Guide. EPRI Report 1002604. Palo Alto, Calif.: EPRI. Available at

EPRI. 2005a. Guideline for Securing Control System and Corporate Network Interfaces. EPRI Report 1010714. Palo Alto, Calif.: EPRI. Available at

EPRI. 2005b. “Strategic Insights into Security, Quality, Reliability, and Availability” (co-authors: M. Amin et al.). Report 1008566. Palo Alto, Calif.: EPRI, 128 pp.

Fink, L.H., and K. Carlsen. 1978. “Operating Under Stress and Strain.” IEEE Spectrum 15(March): 48-53.

Gellings, C.W., and K.E. Yeager. 2004. “Transforming the Electric Infrastructure.” Physics Today 57(12): 45-52.

Hauer, F.F., and J.E. Dagle. 1999. Review of Recent Reliability Issues and System Events. Consortium for Electric Reliability Technology Solutions, Transmission Reliability Program, Office of Power Technologies, U.S. DOE, August 30.

House Committee on Energy and Commerce. 2003. Blackout 2003: How Did It Happen and Why? Committee hearing September 3-4, 2003. Available at Accessed August 2007.

Kropp, T. 2006. “System Threats and Vulnerabilities: An EMS and SCADA Security Overview.” IEEE Power and Energy Magazine 4(2): 46-50.

Kundur, P. 1994. Power System Stability and Control. EPRI Power System Engineering Series. New York: McGraw-Hill.

Marburger, J. 2002. Testimony before the House Committee on Science, June 14.

National Science Foundation, Division of Science Resources Statistics. 2003. Research and Development in Industry: 2000. NSF 03-318. Available at Accessed August 2007.

NERC (North American Electric Reliability Council). Undated. Disturbance Analysis Working Group database. Available at Accessed November 2007.

NERC. 2002. “NERC Security Guidelines for the Electricity Sector.” Available at Accessed August 2007.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement