Building Codes for Software Security for Power Systems


  • National Science Foundation
  • The Department of Energy
  • The IEEE Cybersecurity Initiative



Both the attractiveness of power systems as targets of cyberattack and their vulnerability to remote attack via digital networks has been made clear by recent world events. While policy makers seek means to deter such attacks politically, surely the most effective way to reduce their attractiveness as targets is to reduce their vulnerability to such attacks. This can be done; these are engineered systems built to satisfy specifications. The results of the workshop presented here have the objective of reducing the vulnerability of future power systems to remote attacks that exploit vulnerabilities in the code – software or firmware – that controls their operation. The approach taken is to develop a consensus “building code” for building the software that controls these systems. Such a building code can provide a basis for customers to specify the security required of power system software components, for vendors to produce them, and for third parties to evaluate important aspects of their security properties. The availability and use of such a code can enable the marketplace to reward producers of systems with stronger security properties.





Dr. Carl Landwehr