Software Security Assurance of Electrical Grid Systems Relating Mechatronics to Software Security Engineering

Mechatronics engineering addresses the design and development of correct and safe integrated mechanical, electronic control systems and embedded computers in the electrical energy and other industries. Many mechatronics engineers still concentrate on traditional approaches to the exclusion of security requirements for the gathering, processing, storing and distribution of data. This lack results in a dangerous gap in what engineers must address in order to ensure that modern electricity generation, transmission and distribution systems, such as comprise the smart grid, are properly protected. There is an increasing number of threats from inappropriate access to proprietary systems and data. Consequently, mechatronics engineers need to invoke software security assurance approaches, methods and tools to counteract these threats. Significant changes are needed in research, teaching and practice to ensure that systems are protected from external attackers as well as from inside staff with nefarious intentions. Unintentional actions are also damaging and must be addressed. Software security assurance is already established in the development lifecycles of many security-critical systems in other sectors, such as financial services. Within the electrical energy sector, however, while various authorities have stated the need to ensure that the sector's systems are secure from cyber attacks, the guidance given with such mandates is considered by some to be inadequate. Consequently, we need new, more effective models for securing the smart grid based on chains of command, team participation and the use of specific techniques. We first describe relevant research areas relating to the security of safety-critical systems. It is suggested that the lack of communication among these research areas is a major reason why progress has been so slow. We then suggest how various approaches might be applied to existing electrical grid software systems to achieve a higher level of cybersecurity assurance across current and new systems, such as those developed for electrical grids.