Portal de Programas de Pós-Graduação (UnB)

SIGAA - Sistema Integrado de Gestão de Atividades Acadêmicas

PPEE PROGRAMA DE PÓS-GRADUAÇÃO PROFISSIONAL EM ENGENHARIA ELÉTRICA DEPTO ENGENHARIA ELETRICA Phone: Not available E-mail: Not available https://www.unb.br/pos-graduacao

Banca de DEFESA: EDUARDO DE OLIVEIRA LIMA

Uma banca de DEFESA de MESTRADO foi cadastrada pelo programa.
STUDENT : EDUARDO DE OLIVEIRA LIMA
DATE: 25/11/2022
TIME: 17:00
LOCAL: Teams
TITLE:

An Assessment of the Cyber Risk Management
Scenario in the Brazilian Electricity Sector

KEY WORDS:

Não possui.

PAGES: 82
BIG AREA: Engenharias
AREA: Engenharia Elétrica
SUMMARY:

The technological advance through which the Power Electric System - SEP has been going through has
inserted a series of new variables and essential issues in this environment that must consider. One is the

security of the data exchanged between power generators, transmitters, and distributors and their Protec-
tion, Command, Data Acquisition, and Supervision Systems (SPCS/SCADA). Cyber risk planning and

management have moved firmly into prevention. The National Electric System Operator - ONS, aiming to

establish minimum cyber security controls to be implemented by the agents and by ONS itself, has defined
the Regulated Cyber Environment - ARCiber, inserted in the Manual of Operating Procedures - Module 5
- Submodule 5.13, through the Operational Routine RO-CB.BR.01 R00, of 07/09/2022, which stipulated
a series of guidelines that must be compulsorily followed by the agents of the Brazilian Electric Sector -
SEB. Based on the ARCiber CyberSecurity environment, this work aims to analyze the SEB’s cyber risk
management scenario. For this purpose, two specific objectives were sought: in the first place realization
of a qualitative comparison between the controls proposed by the CIS CSC Framework and the minimum
necessary controls defined by ARCiber and, in the background, the awareness of a content analysis of the
Siemens SCADA Manual [1] to evaluate the scope of the procedures for backup and recovery of data of
the SCADA system and its compliance with the defined controls in Macro Control 11 - Data Recovery of

the CIS CSC Framework. The results show that only one of the eighteen control groups that ONS recom-
mends exceeds the requirements of this Framework. In contrast, ONS does not mention five other control

group recommendations, including Macro control 11 - Data Recovery. For the other groups, the ONS re-
quirements fall short of the CIS CSC Framework. Despite verifying the conformity between the CIS CSC

Framework and the functional and technological aspects of the SCADA system’s data recovery process, it
is impossible to guarantee that companies in the Brazilian electric power sector systematically execute the
recovery routines. The relevance of this work lies in the possibility of building a debate about the theme,
given the recent actions of ONS to address the cyber risks associated with the operational infrastructure
of the Brazilian Electric System (SEB), which, according to the results, still need improvements in their
operating and management maturity.

BANKING MEMBERS:
Externo à Instituição - IONY PATRIOTA DE SIQUEIRA - UFCG
Presidente - 2363646 - RAFAEL RABELO NUNES
Interno - 788.550.391-72 - ROBSON DE OLIVEIRA ALBUQUERQUE - UnB

Notícia cadastrada em: 17/11/2022 16:09