Cost modeling of response actions for automated response and recovery in AMI

Abstract

The smart grid is creating new security vulnerabilities due to the deployment of networked devices into the traditional grid. A core component of the smart grid is the advanced metering infrastructures (AMIs), which increase the attack surface due to smart devices deployed at households. Manual management of security incidents in such a large and complex system is impractical, and the need for automated response and recovery to attacks is critical. This paper addresses that challenge through two main contributions. First, we introduce and classify an extended set of AMI-specific cyber incident response actions. Second, we define a cost model and an approach to translate security properties into monetary costs. The cost model is a key element in enabling an automated response engine to make optimal decisions and mitigate cyber incidents.