Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A case study applying the cyber security modeling language
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3014-5609
2010 (English)In: 43rd International Conference on Large High Voltage Electric Systems 2010, CIGRE 2010, 2010Conference paper, Published paper (Refereed)
Abstract [en]

The operation of the power system is today highly dependent on computerized control systems. These SCADA systems resemble the central nervous system of the power system. At the same time as control systems enables more efficient, qualitative, and safe power systems, their vulnerabilities are also vulnerabilities to the power system. This paper presents a modeling language specifically developed for assessing the cyber security of SCADA systems. The modeling language uses the formalism Probabilistic Relational Models to integrate a mathematical inference engine with the modeling notation. If a SCADA system is modeled using this cyber security modeling language the cyber security of this SCADA system can be assessed probabilistically. Given a graphical description of a system, a quantitative analysis of threats is provided. This makes it possible to use the framework for evaluating the current solution as well as elaborate with what-if scenarios and the trade-offs between these. This cyber security modeling language could for example be used to model two control centers and the communication between them together with security mechanisms such as access control and communication protection The modeling language can also be used to describe a complete SCADA system and infer its security. The data associated with the probabilistic inference engine is only preliminary. In this paper we present a case study where cyber security modeling language has been applied to assess the security of a SCADA system. It is demonstrated how the modeling language can be applied and how a value for security can be inferred from architectural models (using the preliminary data). Future work will focus on the quantitative side of the modeling language. Probabilities will be elicited from literature, experiments, and field studies and through the opinion of domain experts. A tool is also being developed to support inference and analysis.

Place, publisher, year, edition, pages
2010.
Keyword [en]
Cyber security, Information security, Information technology, Probabilistic relational models, SCADA
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-79837Scopus ID: 2-s2.0-84876765284OAI: oai:DiVA.org:kth-79837DiVA: diva2:495735
Conference
43rd International Conference on Large High Voltage Electric Systems 2010, CIGRE 2010; Paris; France; 22 August 2010 through 27 August 2010
Note

QC 20120329

Available from: 2012-02-09 Created: 2012-02-09 Last updated: 2014-08-14Bibliographically approved

Open Access in DiVA

No full text

Scopus

Authority records BETA

Ekstedt, MathiasNordström, Lars

Search in DiVA

By author/editor
Sommestad, TeodorEkstedt, MathiasNordström, Lars
By organisation
Industrial Information and Control Systems
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 79 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf