Security Requirements and Practices for Smart Grids

Gopalakrishnan, Pavithra

January 2021

The electricity sector has a huge role in decarbonization of the energy system in order to meet climate targets and achieve net zero emission goals in different countries across the world. Present day electric power systems are increasingly dependent on less carbon intensive renewable energy sources for power generation. Rapid penetration of renewables leads to an increase in distributed generation and active consumer participation resulting in complex interactions within the power system. Therefore, traditional electric power grids are evolving to smart grids with the help of information and communication advancements. As a result, there is greater integration of Information Technology (IT) and Operational Technology (OT) actors, inclusion of clean energy sources, improved connectivity, sustainable supply and demand balance management of power etc. However, this sustainable transition gives rise to new attack points for malicious actors, who intend to disrupt the functioning of these smart grids. Therefore, this study aims to identify and analyse the most significant risks to smart grids in the next 10 years. The methodology for this research is two-fold: reviewing state-of-the-art research publications on smart grid security and conducting a semi-qualitative power grid security assessment through interviews with experts across countries. False Data Injection (FDI), Denial of Service (DoS) and supply chain attacks are some of the most important threats according to these methods. Finally, findings from the two research methods are compared to provide a comprehensive overview of the most significant risks to smart grids. / Elsektorn har en enorm roll att spela när det gäller att minska koldioxidutsläppen från energisystemet för att uppfylla klimatmålen och uppnå nettonollutsläpp i länder runt om i världen. Dagens elsystem är alltmer beroende av mindre koldioxidintensiva förnybara energikällor för elproduktion. Den snabba utbyggnaden av förnybara energikällor leder till en ökning av distribuerad produktion och aktivt konsumentdeltagande, vilket leder till komplexa interaktioner inom elsystemet. Traditionella elnät håller därför på att utvecklas till smarta nät med hjälp av informations- och kommunikationsframsteg. Som ett resultat av detta sker en större integration av aktörer inom informationsteknik (IT) och driftsteknik (OT), införande av förnyelsebara energikällor, förbättrad konnektivitet, hållbar hantering av balans mellan konsumtion och produktion av el. Denna hållbara övergång ger dock upphov till nya ingångar för illasinnade aktörer som vill störa de smarta nätmens funktion. Syftet med denna studie är därför att identifiera och analysera de viktigaste riskerna för smarta nät under de kommande tio åren. Metoden för denna forskning är tvåfaldig: genomgång av de senaste forskningspublikationerna om säkerhet i smarta nät och en semikvalitativ bedömning av säkerheten i smarta nät genom intervjuer med experter från olika länder. FDI (False Data Injection), DoS (Denial of Service) och attacker mot leveranskedjan är några av de största hoten enligt dessa metoder. Slutligen jämförs resultaten från de två forskningsmetoderna för att ge en heltäckande översikt över de viktigaste riskerna för smarta nät.

smart grids

security risk assessment

risk identification

risk analysis.

smarta nät

säkerhetsriskbedömning

riskidentifiering

riskanalys.

Elektroteknik och elektronik

Risk management a zvládání rizik spojených s podnikovou činností / Risk management and risk management associated with business activities

PETRŮ, Soňa

January 2009

Work deals with risk management of selected company. Risks are described in the company based on the three phases of crisis management. The first phase is to identify risks, the second valuation and risk quantification and the third control and risk financing. The work is focused mainly on prevention and company insurance. Furthermore, there are raised two fictitious crisis situations and its solutions.

Programa de biossegurança em laboratório oficial de análise e diagnóstico veterinário de Goiânia, Goiás / Biosafety program in a n official laboratory of analysis and veterinary diagnosis in Goiania, Goias

Alves, Cláudia Bueno

27 June 2014

Submitted by Cássia Santos (cassia.bcufg@gmail.com) on 2015-02-03T09:20:26Z No. of bitstreams: 2 Tese - Claudia Bueno Alves - 2014.pdf: 4444685 bytes, checksum: e658ba7d06afa845c5f9ed19c3305111 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) / Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2015-02-05T12:28:47Z (GMT) No. of bitstreams: 2 Tese - Claudia Bueno Alves - 2014.pdf: 4444685 bytes, checksum: e658ba7d06afa845c5f9ed19c3305111 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) / Made available in DSpace on 2015-02-05T12:28:47Z (GMT). No. of bitstreams: 2 Tese - Claudia Bueno Alves - 2014.pdf: 4444685 bytes, checksum: e658ba7d06afa845c5f9ed19c3305111 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) Previous issue date: 2014-06-27 / Biosafety can be defined as the actions taken to prevent, reduce or eliminate risks inherent in activities that could endanger human health and the environment. Especially on veterinary environments, there is not much information on the subject. Moreover, the habit of neglecting the adoption of containment measures is not uncommon, which can exacerbate the potential hazards present. Thus, the objective of this study was to identify the types of risks present in each section of the laboratory, prepare risk maps with graphical representations of intensity and types of risks, disclose these maps to workers as well as to recognize the types of waste generated in the laboratory and the management adopted to the wastes to elaborate and implement a Waste Management Plan. The study was conducted at an official laboratory for veterinary diagnosis from October, 2013 to March, 2014. In this research, a check list was conducted based on the current legislation on good laboratory practices, risk mapping and waste management. The results showed that all risks and degrees of intensity were present in the laboratory with predominance of biological risk, which had severe intensity in most departments. On the other hand, chemical risk was the least frequent, although it showed the highest coefficient of variation. Regarding intensity, the highest and the lowest amount of riskwere observed in the departments of microbiological diagnosis and equine infectious anemia, respectively. As for waste management, failures were observed in all stages, especially segregation, internal transportation, handling and temporary storage, despite the generation of all types of RSS, but radioactive waste. The risk assessment in the laboratory facilities contributed to the preparation of risk maps in each sector, representing the potential hazards identified and containment measures recommended. Furthermore, a waste management plan was developed and implemented, seeking correction of nonconformities observed and, consequently, minimizing workers exposure to hazards present in the laboratory. With this study, it was possible to evidence that the physical structure as well as material and human resources influence directly the success of a biosafety plan. Thus, it is essential the adoption of a continuing education program to maintain the adherence to preventive measures indicated to minimize risks in the laboratory studied. / A biossegurança pode ser definida como um conjunto de ações destinadas a prevenir, diminuir ou eliminar riscos inerentes às atividades que possam comprometer a saúde humana, animal e o meio ambiente. Particularmente, sobre estabelecimentos veterinários, não há muitas informações a respeito do assunto. Aliado a isso, o hábito de negligenciar as medidas de contenção não é situação incomum, o que, por sua vez, pode agravar os potenciais riscos presentes nesses ambientes. Neste contexto, objetivou-se com este estudo, identificar os tipos de riscos presentes em cada setor de um laboratório de análises e diagnóstico veterinário, elaborar os mapas de riscos com representações gráfica da intensidade e tipos de riscos, divulgar estes mapas junto aos trabalhadores, diagnosticar os tipos de resíduos gerados no laboratório e o manejo adotado para elaboração e implementação do Plano de Gestão dos Resíduos. O estudo foi realizado no período de outubro de 2013 a março de 2014, por meio de check list baseado na legislação vigente, sobre boas práticas laboratoriais, mapeamento de riscos e gestão dos resíduos. Os resultados demonstraram que todos os riscos e graus de intensidade foram observados no laboratório avaliado, com predominância do risco biológico e intensidade grave na maioria dos setores. O risco químico foi o de menor ocorrência, apesar de apresentar maior coeficiente de variação. A maior e menor intensidade de risco foram observadas nos setores de microbiologia e diagnóstico de anemia infecciosa equina, respectivamente. Quanto ao manejo dos resíduos, foram observadas falhas em todas as etapas, especialmente, na segregação, transporte interno, tratamento e armazenamento temporário, apesar da geração de todos os tipos de resíduos, exceto rejeito radioativo. A identificação dos riscos existentes no estabelecimento contribuiu para a elaboração dos mapas de riscos em cada setor, representando os potenciais riscos identificados e as medidas de contenção preconizadas. Além disso, foi elaborado e implementado o plano de gestão dos resíduos, visando correções das não conformidades observadas e, consequentemente, a minimização da exposição dos trabalhadores aos riscos presentes no laboratório. Com este estudo, pôde-se evidenciar que a estrutura física e os recursos materiais e humanos exercem influência direta para o sucesso de um plano de biossegurança, sendo também imprescindível a adoção de um programa de educação continuada para manutenção da adesão às medidas preventivas indicadas para minimização dos riscos existentes no laboratório em estudo.

Gestão de resíduos

Identificação dos riscos

Mapeamento dos riscos

Saúde ocupacional

Sustentabilidade ambiental

Environmental sustainability

Occupational health

Risk identification

Risk mapping

Waste management

Návrh systému řízení rizik ve společnosti / Proposal of Risk Management in a Company

Bráblík, Richard

January 2018

The diploma thesis deals with the issue of risk management in selected business and a proposal of risk management system is created. Described company is Technické služby Vsetín, s.r.o. The company is mainly engaged in the collection and storage of mixed municipal solid waste. In the first part the theoretical information is processed. The second part of the thesis focuses on analysis of the selected business, risk analysis and a proposal of solutions. The final part proposes a risk management system.

Problémy současné bezpečnosti práce a jejich vliv na fungování organizace / Contemporary Health and Safety at Work Problems and their Influence on the Functioning of an Organization

Králik, Tomáš

January 2013

This diploma thesis elaborated on the subject „Contemporary Health and Safety at Work Problems and their Influence on the Functioning of an Organization“ focuses on the description of contemporary state of Health and safety at work problems in work activities, where the source of risk is represented by chemical substances, from the point of view of a company. The thesis sets out a view of legislative definition for the mentioned topic and also the possible application of safety at work management programs. This part also includes a summary description of risk analysis methods. In the practical part of the thesis, there is an organizational directive for a fictive company engaged in chemical production made. This directive will identify possible occupational risks resulting from the manufacturing process, and it will also evaluate the amount of risk for particular work activities in conjunction with hazard factors. The next part of the thesis contains a proposal of measures for risk reduction, based upon the previously mentioned evaluation. In the final part of the thesis, the author contemplates the possibilities of health and safety at work system improvement.

Introducing Risk Management Process to a manufacturing industry : Master thesis in identification of risk avoidance strategies at Coca Cola Enterprises Sweden

Bayer, Emma, Öberg Bustad, Gabriel

January 2013

Risk can be viewed as a state where there is a possibility of a loss but also a hope of gain. To realise the existence of a risk, one must be aware of both the gains and losses incurred.Increased number of natural disasters and companies having global supply chains to a higher extent, are both factors which have increased the number of risks that can affect anorganisation’s supply chain negatively. This fact has made it even more important to focus on risk prevention. In the beverage industry market, characterized by fast-moving products,manufacturing companies like Coca-Cola Enterprises Sweden (CCES) can be highly affected if disturbances occur in their supply chain. Risk management is, according to ISO 31000, “coordinated activities to direct and control an organization with regard to risk “. A risk management processes therefore aims at mitigatingnegative impact of external and internal disturbances in order to avoid interruptions in production, product quality issues and financial losses. CCES’s control over internal processes and its disturbances is mostly based on reactive approaches rather than a proactive strategy and there exist no guidelines of how to identify and handle occurring disturbances. The main purpose of the project has therefore been to identify the most critical risks the company is facing within their “Source” and “Make” processes, and find both proactive and reactive mitigation actions. Another significant part of the project delivery is to present a model for how the company should organize and maintain a sustainable risk picture. The model aims to present a dynamic risk management process that can be used by CCES as well as other companies in the future. The project consists of three major phases; Risk Identification, Risk Avoidance Mapping and Implementation of a Risk Management Process. In the first phase, the brainstorming tool Hazard and Operability (HAZOP) has been used during workshop events for risk identification and assessment. Some of the most critical risks identified are; Sabotage during  transport from supplier to CCES, Lack of spare parts for maintenance, Lost production time due to long beverage change overs and Filling bottles with too much beverage. In order to find feasible preventive and reactive mitigation actions for the critical risks, both employee interviews and the Supply Chain Operations Reference (SCOR) model has been applied. Some of the actions recommended to perform are concluded to be; Let suppliers own transports, Standardize the product change process and the shift hand overs and Implement routines of having locked transports from supplier to CCES. The structure of the project has acted as a basis for the recommended way of continuing the risk management work at CCES. The authors have identified the importance of keeping the risk management process dynamic, and therefore a Risk Register have been introduced for documentation and follow-up. Another way of following up the risk management work, is to perform Risk Audits after the event of a disturbance. This will help the organisation to realize the impact a certain disturbance brings, but it will also measure of the recovery work’s effectiveness. The authors highlight the importance of having a dedicated owner of the risk management process in order to keep it dynamic. A complete risk management process has finally been created, adaptable to different kind of organisations. By making this process a part of SCOR, the authors believes that the process can be used to identify individual risks within the management processes Plan, Source, Make, Deliver and Return for all SCOR member companies. Thereafter, a general risk mapping can be created from the individual risks that can be used to share information and experiences among the member companies. / En risk kan förklaras som ett tillstånd där det finns en chans att vinna, men också en sannolikhet för förlust. För att vara medveten om en risks existens måste man därför förstå både vad det finns att förlora och vinna. Under de senaste årtiondena har antalet naturkatastrofer och annan extern påverkan ökat. Detta i kombination med att företag idag har globala värdekedjor i allt större utsträckning, har gjort att organisationer utsätter sig för risker till en större grad idag. Därför har betydelsen av att fokusera på riskförmildrande åtgärder ökat. I dryckesindustrin, karaktäriserat av snabbrörliga produkter, kan företag såsom Coca-Cola Enterprises Sweden (CCES) påverkas hårt om störningar sker i deras värdekedja. Risk Management är, enligt ISO 31000, ”koordinerade aktiviteter för att styra och kontrollera riskhantering i en organisation”. En riskhanteringsprocess ämnar därför förmildra negativ påverkan av interna och externa störningar för att undvika till exempel avvikelser i produktion, försämrad produktkvalitet och finansiella förluster. CCES’s kontroll över interna processer och dess störningar baseras främst på reaktiva åtgärder, och företaget har inga riktlinjer för hur de ska identifiera och hantera uppkommande störningar. Syftet med detta projekt har därför varit att identifiera kritiska risker inom företagets leverantörs- och produktionsprocesser och att hitta proaktiva och reaktiva lösningar för att förmildra och undvika störningar. Ytterligare en stor del av projektets syfte har varit att presentera en dynamisk process för hur CCES, samt andra företag, ska organisera en hållbar riskbild. Projektet består av tre huvudsakliga delar; riskidentifiering, riskförmildrande åtgärder och implementering av en riskhanteringsprocess. I den första fasen har verktyget Hazard and Operability (HAZOP) används under workshops för att identifiera och värdera risker. Några av de mest kritiska riskerna som identifierats är; Sabotage under transport från leverantör till CCES, Brist på reservdelar för underhållsarbete, Förlorad produktionstid på grund av för långa dryckesbytartider och Fyller flaskor med för mycket dryck. För att hitta passande reaktiva och proaktiva lösningar för de kritiska riskerna har både intervjuer med anställda genomförts och referensmodellen Supply Chain Reference Model (SCOR) använts. Några av de åtgärder rekommenderade att göra har identifierats till att vara; Låta leverantörerna själva sköta transporter, Standardisera produktbytesprocessen samt skiftöverlämningar och Implementera rutiner för att ha låsta transporter från leverantör till CCES. Strukturen av projektet har använts som en bas för den rekommenderade strukturen på CCE’s fortskridande arbete inom riskhantering. Författarna vill bestryka vikten av att hålla den framtida riskhanteringsprocessen dynamisk och i detta syfte har därför ett riskregister tagits fram för dokumentation och uppföljning. Ett annat sätt att följa upp riskprocessarbetet är att genomföra så kallade audits efter en störning har inträffat. Detta hjälper organisationen både att förstår en störnings påverkan på verksamheten, men fungerar också som ett verktyg för att mäta hur effektivt återhämtningsarbetet efter en störning har varit. Författarna menar också att en dedikerad ägare till riskprocessen är av stor betydelse för ett dynamiskt, framgångsrikt och effektivt riskarbete. En fullständig riskhanteringsprocess har slutligen sammanställts, användbar för många olika typer av organisationer. Genom att göra processen till en del av SCOR-modellen, kan processen i framtiden användas till att identifiera individuella risker inom de fem managementprocesserna Planering, Inköp, Tillverkning, Leverans och Retur för alla SCOR’s medlemsföretag. Därefter menar författarna att en generell kartläggning över de mest kritiska riskerna inom varje managementprocess kan skapas för att dela information och utbyta erfarenheter mellan medlemsföretagen.

Coca-Cola Enterprises

Risk management process

Risk identification

assessment and avoidance mapping

SCOR

HAZOP

Risk Register

Risk auditing

Resilience

Coca-Cola Enterprises

Riskprocess

Riskidentifiering

Riskvärdering

SCOR

HAZOP

Riskregister

Riskuppföljning

Motståndskraft

Engineering and Technology

Teknik och teknologier

Systém pro podporu managementu rizik v IT projektech / System for Risk Management Support in IT Projects

Birkus, Kristián

January 2009

This thesis presents a system designed to support risk management in IT projects. The presented system is based on an in depth analysis of project and risk management in the field of information Technologies. The implementation started only after the exhaustive analyzation process. The system was implemented in programming language C#. On the database level MS SQL server is used.

Det är bättre med tidigare insatser! : En kvalitativ studie om socialtjänstens förebyggande arbete med ungdomar i riskzon för brottslighet.

Kazemi, Gloria, Krasnici, Arjeta

January 2024

Youth crime is a topic that has taken place in the media and has engaged politicians as well as researchers. This is a problematic phenomenon that can contribute to various social problems in the future by affecting youth and society. Since youth crime can lead to various social problems, it is important to examine and highlight the problem, how it can lead to various social problems, but also how society can prevent these social problems. The purpose of this study is to create a deeper understanding of how social workers imagine and frame crime among young people and how they work preventively in their practical work. Based on the collected empirical evidence and previous research, we can draw conclusions that juvenile delinquency is very complex and there is no clear explanation about that subject. We have collected empirical evidence through eight semi-structured interviews where the respondents were selected with conscious selection.The results show that the social worker's individual beliefs about risk identification depend on academic discipline, experiences, collaboration and further education. However, the respondents specify that family and dysfunctional schooling is central. The results show that the material we have collected from the respondents is consistent with previous research and theories about juvenile delinquency.

Juvenile delinquency

social worker

social work´s risk identification

risk factors

social worker´s risk prevention work.

Ungdomsbrottslighet

socialarbetare

socialarbetarens riskidentifiering

riskfaktorer

Social Work

Socialt arbete

Разработка финансовой модели для оценки эффективности рискоориентированных проектов цифровой трансформации производственных сервисов : магистерская диссертация / Development of a financial model for evaluating the effectiveness of risk-oriented projects for the digital transformation of production services

Фирсова, Т. А., Phirsova, T. A.

January 2024

В работе описаны сервисные бизнес-модели, разработаны электронные инструменты для выявления основных рисковых факторов проекта. На примере высокорискованого проекта по внедрению цифровой платформы структурированы основные факторы развертывания проекта. Проведена апробация применения карты стресс-тестирования проекта. Составлен алгоритм получения одновременно нескольких решений для различных условий проекта. / The paper describes service business models and developed electronic tools to identify the main risk factors of the project. Using the example of a high-risk project to implement a digital platform, the main factors of project deployment are structured. The application of the project stress testing map was tested. An algorithm has been compiled for obtaining several solutions simultaneously for various project conditions.

БИЗНЕС-ПРОЦЕССЫ

ИДЕНТИФИКАЦИЯ РИСКОВ

СТРЕСС-ТЕСТИРОВАНИЕ

ФИНАНСОВАЯ МОДЕЛЬ

MASTER'S THESIS

INVESTMENT PROJECT

BUSINESS PROCESSES

RISK IDENTIFICATION

PRODUCTION SERVICES

INDUSTRIAL DIGITALIZATION

STRESS TESTING

FINANCIAL MODEL

Posouzení ekonomického rizika investora při realizaci investičního projektu / Valuation of Economic Risk of Investor in Realization of Investment Project

Rusínová, Alena

January 2013

This thesis is focused on assessing the economic risk for the investor in the implementation of the investment project. An investor's decision on the implementation of the project depends on the economic feasibility analysis identified outputs, these outputs are burdened by economic uncertainty, which raises the risk. Therefore, it is necessary to manage risk. The process of risk management consists of a phase of risk analysis and risk management phase. In the analysis phase is to identify risks, assessments of materiality and risk measurement. In the phase of risk management risks identified evaluate and establish measures to prevent their occurrence or impact.