Journal ArticleDOI
Vulnerability Assessment of Cybersecurity for SCADA Systems
TLDR
A vulnerability assessment framework to systematically evaluate the vulnerabilities of SCADA systems at three levels: system, scenarios, and access points is proposed based on cyber systems embedded with the firewall and password models, the primary mode of protection in the power industry today.Abstract:
Vulnerability assessment is a requirement of NERC's cybersecurity standards for electric power systems. The purpose is to study the impact of a cyber attack on supervisory control and data acquisition (SCADA) systems. Compliance of the requirement to meet the standard has become increasingly challenging as the system becomes more dispersed in wide areas. Interdependencies between computer communication system and the physical infrastructure also become more complex as information technologies are further integrated into devices and networks. This paper proposes a vulnerability assessment framework to systematically evaluate the vulnerabilities of SCADA systems at three levels: system, scenarios, and access points. The proposed method is based on cyber systems embedded with the firewall and password models, the primary mode of protection in the power industry today. The impact of a potential electronic intrusion is evaluated by its potential loss of load in the power system. This capability is enabled by integration of a logic-based simulation method and a module for the power flow computation. The IEEE 30-bus system is used to evaluate the impact of attacks launched from outside or from within the substation networks. Countermeasures are identified for improvement of the cybersecurity.read more
Citations
More filters
Journal ArticleDOI
Cyber–Physical System Security for the Electric Power Grid
TL;DR: The significance of cyber infrastructure security in conjunction with power application security to prevent, mitigate, and tolerate cyber attacks is highlighted and a layered approach is introduced to evaluating risk based on the security of both the physical power applications and the supporting cyber infrastructure.
Proceedings ArticleDOI
Secure Control: Towards Survivable Cyber-Physical Systems
TL;DR: This position paper identifies and defines the problem of secure control, investigates the defenses that information security and control theory can provide, and proposes a set of challenges that need to be addressed to improve the survivability of cyber-physical systems.
Journal ArticleDOI
Design Techniques and Applications of Cyberphysical Systems: A Survey
TL;DR: The aim of this survey is to enable researchers and system designers to get insights into the working and applications of CPSs and motivate them to propose novel solutions for making wide-scale adoption of CPS a tangible reality.
Journal ArticleDOI
Cybersecurity for Critical Infrastructures: Attack and Defense Modeling
TL;DR: A supervisory control and data acquisition security framework with the following four major components is proposed: (1) real-time monitoring; (2) anomaly detection; (3) impact analysis; and (4) mitigation strategies; an attack-tree-based methodology for impact analysis is developed.
Journal ArticleDOI
Cyber-physical attacks and defences in the smart grid: a survey
TL;DR: This paper provides a comprehensive and systematic review of the critical attack threats and defence strategies in the smart grid, and focuses on prominent CP attack schemes with significant impact on the smartgrid operation and corresponding defense solutions.
References
More filters
Journal ArticleDOI
Model-based evaluation: from dependability to security
TL;DR: It is found that many techniques from dependiveness evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.
Book
Stochastic Petri Nets: An Introduction to the Theory
Falko Bause,Pieter S. Kritzinger +1 more
TL;DR: In this paper, a Petri net specifi cation is used to test for deadlock, liveness and boundedness of a discrete event system specified in Specification and Description Language (SDL).
BookDOI
Stochastic Petri Nets
BauseFalko,S KritzingerPieter +1 more
TL;DR: Reading stochastic petri nets is a good habit; you can develop this habit to be such interesting way as to not make it as disturbing activities or as boring activity.
Proceedings ArticleDOI
Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees
TL;DR: A methodology to evaluate the cybersecurity vulnerability using attack trees based on power system control networks is proposed and can be extended to security investment analysis.
Proceedings ArticleDOI
SCADA Cyber Security Testbed Development
Charles M. Davis,Joseph Euzebe Tate,Hamed Okhravi,Chris Grier,Thomas J. Overbye,David M. Nicol +5 more
TL;DR: The development of a testbed designed to assess the vulnerabilities introduced by using public networks for communication is presented, to help utilities deal with cyber security threats.