Exploring security metrics for electric grid infrastructures leveraging attack graphs

The electric grid is a critical cyber-physical infrastructure that serves as lifeline for modern society. With the increasing trend of cyber-attacks, electric grid security has become a significant concern. System operators have the difficult task of reducing the risk exposure and maintaining operational reliability under the constant threat of cyber-attacks. Good security metrics for assessing and monitoring the risk to the cyber-physical power grid infrastructure would be very valuable for grid operators. However, security metrics to assess the security posture and risk to even traditional enterprise cyber infrastructure have been a long standing challenge. Cyber-physical systems (CPS) that have interconnected cyber and physical infrastructure add an additional layer of complexity. In this work, we explore security metrics that can be used to monitor the security posture and risk exposure of the electric grid infrastructure. These metrics take both the cyber security posture and physical impact of an attack into account. We consider both individual and coordinated attacks that can cause cascading outages. To illustrate the usefulness of the proposed metrics, we use cyber-physical models for 9-bus and 39-bus test systems. Our metrics provide a novel way to identify and prioritize assets critical to the system and help operators take steps to improve the overall security posture of the system.