Change search
ReferencesLink to record
Permanent link

Direct link
Cyber attack modelling and security graded approach: Key elements when designing security architecture for Electric Power Utilities (EPUs)
Show others and affiliations
2012 (English)In: 44th International Conference on Large High Voltage Electric Systems 2012, 2012, 1-8 p.Conference paper (Refereed)
Abstract [en]

The multiplication of access interfaces and technologies in Electric Power Utilities (EPUs) communication architectures and the smart grid developments, which will enable numerous new services with new traffic patterns, will change radically both network accesses and core architectures. This evolution could introduce new vulnerabilities to the reliability of electricity supply, based on the introduction and exposure of vulnerabilities in digital systems, architectures, and communications. This situation calls for new security requirements for digital systems and the underlying architecture used in EPUs. Security requirements have to be derived from appropriate risk assessments and general architectural decisions. Numerous existing cyber security standards provide guidance and use-cases which represent valuable inputs for the development of such requirements. The proliferation of standards suggests, however, that the existing documents either do not meet completely the needs of EPUs or are difficult to combine together. This paper focuses on two weak points of the existing cyber security standards in the area. Initially, the paper addresses the characterization, categorization and modeling of malicious cyber threats, which represent key steps in a risk assessment process. The paper presents a conceptual model expressing the meaning and the links between the key concepts of cyber security risks. Following this, the work examines attack modeling, addressing some pertinent technical and architectural issues. In addition, the paper explains why attack modeling is central to risk assessment and present graphical approaches to attack modeling. The second part the paper addresses the use of security architecture principles, notably the graded security approach as a fundamental framework to classify and structure a process of risk mitigation by security controls in both current and future EPU architectures. This discussion starts with the clarification of the terminology related to a graded security approach and then gives a general overview of the characteristics of known standards and best practices of graded security architectures. Following this, the paper presents an outlook of classification criteria to enable the implementation of a graded security approach in a real world environment and then illustrates the effectiveness and adaptability of a graded security approach in a real-world attack case.

Place, publisher, year, edition, pages
2012. 1-8 p.
Keyword [en]
Critical infrastructure, CYBER risk assessment, Cyber security, Defense in depth, Graded security approach, Graphical attack modelling, Security architecture, SMART grid applications, Zone model
National Category
Engineering and Technology
URN: urn:nbn:se:kth:diva-116843ScopusID: 2-s2.0-84872106675OAI: diva2:601269
44th International Conference on Large High Voltage Electric Systems 2012, 26 August 2012 through 31 August 2012, Paris

QC 20130129

Available from: 2013-01-29 Created: 2013-01-28 Last updated: 2013-01-29Bibliographically approved

Open Access in DiVA

No full text


Search in DiVA

By author/editor
Ekstedt, Mathias
By organisation
Industrial Information and Control Systems
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 170 hits
ReferencesLink to record
Permanent link

Direct link