A Feasibility Study of a Method for Identification and Modelling of Cybersecurity Risks in the Context of Smart Power Grids

Aida Omerovic, Hanne Vefsnmo, Gencer Erdogan, O. Gjerde, E. Gramme, S. Simonsen
{"title":"A Feasibility Study of a Method for Identification and Modelling of Cybersecurity Risks in the Context of Smart Power Grids","authors":"Aida Omerovic, Hanne Vefsnmo, Gencer Erdogan, O. Gjerde, E. Gramme, S. Simonsen","doi":"10.5220/0007697800390051","DOIUrl":null,"url":null,"abstract":"Power grids are undergoing a digital transformation are therefore becoming increasingly complex. As a result of this they are also becoming vulnerable in new ways. With this development come also numerous risks. Cybersecurity is therefore becoming crucial for ensuring resilience of this infrastructure which is critical to safety of humans and societies. Risk analysis of cybersecurity in the context of smart power grids is, however, particularly demanding due to its interdisciplinary nature, including domains such as digital security, the energy domain, power networks, the numerous control systems involved, and the human in the loop. This poses special requirements to cybersecurity risk identification within smart power grids, which challenge the existing state-of-the-art. This paper proposes a customized four-step approach to identification and modelling of cybersecurity risks in the context of smart power grids. The aim is that the risk model can be presented to decision makers in a suitable interface, thereby serving as a useful support for planning, design and operation of smart power grids. The approach applied in this study is based on parts of the \"CORAS\" method for model-based risk analysis. The paper also reports on results and experiences from applying the approach in a realistic industrial case with a distribution system operator (DSO) responsible for hosting a pilot installation of the self-healing functionality within a power distribution grid. The evaluation indicates that the approach can be applied in a realistic setting to identify cybersecurity risks. The experiences from the case study moreover show that the presented approach is, to a large degree, well suited for its intended purpose, but it also points to areas in need for improvement and further evaluation.","PeriodicalId":414016,"journal":{"name":"International Conference on Complex Information Systems","volume":"95 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Complex Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0007697800390051","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10

Abstract

Power grids are undergoing a digital transformation are therefore becoming increasingly complex. As a result of this they are also becoming vulnerable in new ways. With this development come also numerous risks. Cybersecurity is therefore becoming crucial for ensuring resilience of this infrastructure which is critical to safety of humans and societies. Risk analysis of cybersecurity in the context of smart power grids is, however, particularly demanding due to its interdisciplinary nature, including domains such as digital security, the energy domain, power networks, the numerous control systems involved, and the human in the loop. This poses special requirements to cybersecurity risk identification within smart power grids, which challenge the existing state-of-the-art. This paper proposes a customized four-step approach to identification and modelling of cybersecurity risks in the context of smart power grids. The aim is that the risk model can be presented to decision makers in a suitable interface, thereby serving as a useful support for planning, design and operation of smart power grids. The approach applied in this study is based on parts of the "CORAS" method for model-based risk analysis. The paper also reports on results and experiences from applying the approach in a realistic industrial case with a distribution system operator (DSO) responsible for hosting a pilot installation of the self-healing functionality within a power distribution grid. The evaluation indicates that the approach can be applied in a realistic setting to identify cybersecurity risks. The experiences from the case study moreover show that the presented approach is, to a large degree, well suited for its intended purpose, but it also points to areas in need for improvement and further evaluation.
智能电网环境下网络安全风险识别与建模方法的可行性研究
因此,正在经历数字化转型的电网变得越来越复杂。因此,他们也以新的方式变得脆弱。这种发展也带来了许多风险。因此,网络安全对于确保对人类和社会安全至关重要的基础设施的恢复能力变得至关重要。然而,由于其跨学科的性质,智能电网背景下的网络安全风险分析特别苛刻,包括数字安全,能源领域,电网,所涉及的众多控制系统以及循环中的人等领域。这对智能电网中的网络安全风险识别提出了特殊要求,对现有技术提出了挑战。本文提出了一种定制的四步方法来识别和建模智能电网背景下的网络安全风险。目的是将风险模型以合适的界面呈现给决策者,从而为智能电网的规划、设计和运行提供有用的支持。本研究中应用的方法是基于基于模型的风险分析的“CORAS”方法的部分内容。本文还报告了将该方法应用于实际工业案例的结果和经验,该案例中,配电系统运营商(DSO)负责在配电网中托管自愈功能的试点安装。评估结果表明,该方法可以应用于现实环境中识别网络安全风险。此外,个案研究的经验表明,所提出的方法在很大程度上非常适合其预期目的,但它也指出了需要改进和进一步评价的领域。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信