Smart Grid architecture risk optimization through vulnerability scoring

2010 IEEE Conference on Innovative Technologies for an Efficient and Reliable Electricity Supply Pub Date : 2010-11-04 DOI:10.1109/CITRES.2010.5619847

A. Hahn

{"title":"Smart Grid architecture risk optimization through vulnerability scoring","authors":"A. Hahn","doi":"10.1109/CITRES.2010.5619847","DOIUrl":null,"url":null,"abstract":"With the increasing smart grid cybersecurity concerns it is imperative that system owners provide cost effective security mechanisms to efficiently minimize risk. This paper introduces the idea of CVSS-host scores which utilize CVSS parameters to provide impact scoring for individual systems. This scoring mechanism presents a novel view of system risk by framing an upper bounds on the criticality of potential vulnerabilities in that system. Once this scoring system has been established, the CVSS vectors can then be utilized to perform more sophisticated calculations to investigate optimal costs and benefits for future security enhancements. The benefits of this risk assessment mechanism are displayed against an example smart grid AMI architecture as documented in NIST IR 7628. The contributions of the paper are 1) the introduction of CVSS-host scoring, 2) the analysis of NIST AMI proposed architectures through the CVSS-host scoring method and 3) a binary integer program formulation for utilizing CVSS-host scoring to evaluate optimal security configurations.","PeriodicalId":354280,"journal":{"name":"2010 IEEE Conference on Innovative Technologies for an Efficient and Reliable Electricity Supply","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE Conference on Innovative Technologies for an Efficient and Reliable Electricity Supply","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CITRES.2010.5619847","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

With the increasing smart grid cybersecurity concerns it is imperative that system owners provide cost effective security mechanisms to efficiently minimize risk. This paper introduces the idea of CVSS-host scores which utilize CVSS parameters to provide impact scoring for individual systems. This scoring mechanism presents a novel view of system risk by framing an upper bounds on the criticality of potential vulnerabilities in that system. Once this scoring system has been established, the CVSS vectors can then be utilized to perform more sophisticated calculations to investigate optimal costs and benefits for future security enhancements. The benefits of this risk assessment mechanism are displayed against an example smart grid AMI architecture as documented in NIST IR 7628. The contributions of the paper are 1) the introduction of CVSS-host scoring, 2) the analysis of NIST AMI proposed architectures through the CVSS-host scoring method and 3) a binary integer program formulation for utilizing CVSS-host scoring to evaluate optimal security configurations.

查看原文本刊更多论文

基于漏洞评分的智能电网架构风险优化

随着智能电网网络安全问题的日益严重，系统所有者必须提供具有成本效益的安全机制来有效地降低风险。本文介绍了利用CVSS参数为单个系统提供影响评分的CVSS-主机分数的思想。这种评分机制通过对系统中潜在漏洞的临界性设定上限，提出了一种新的系统风险视图。一旦建立了这个评分系统，CVSS向量就可以用来执行更复杂的计算，以调查未来安全性增强的最佳成本和收益。这种风险评估机制的好处是通过NIST IR 7628中记录的示例智能电网AMI架构来展示的。本文的贡献是1)介绍CVSS-host评分，2)通过CVSS-host评分方法分析NIST AMI提出的体系结构，以及3)利用CVSS-host评分评估最佳安全配置的二进制整数程序公式。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 IEEE Conference on Innovative Technologies for an Efficient and Reliable Electricity Supply

自引率

0.00%

发文量