Power systems are one of the critical infrastructures that has seen an increase in cyber security threats due to digitalization. The digitalization also affects the size and complexity of the infrastructure and therefore makes it more difficult to gain an overview in order to secure the entire power system from attackers. One method of how to gain an overview of possible vulnerabilities and security threats is to use threat modeling. In threat modeling, information regarding the vulnerabilities and possible attacks of power systems is required to create an accurate and useful model. There are several different sources for this information. In this paper we conduct a systematic literature review to find which information sources that have been used in power system threat modeling research. Six different information sources were found: expert knowledge, logs & alerts, previous research, system's state, vulnerability scoring & databases, and vulnerability scanners.

The metric Time-To-Compromise (TTC) can be used for estimating the time taken for an attacker to compromise a component or a system. The TTC helps to identify the most critical attacks, which is useful when allocating resources for strengthening the cyber security of a system. In this paper we describe our updated version of the original definition of TTC. The updated version is specifically developed for the Industrial Control Systems domain. The Industrial Control Systems are essential for our society since they are a big part of producing, for example, electricity and clean water. Therefore, it is crucial that we keep these systems secure from cyberattacks. We align the method of estimating the TTC to Industrial Control Systems by updating the original definition’s parameters and use a vulnerability dataset specific for the domain. The new definition is evaluated by comparing estimated Time-To-Compromise values for Industrial Control System attack scenarios to previous research results. 

When protecting the Industrial Control Systems against cyber attacks, it is important to have as much information as possible to allocate defensive resources properly. In this paper we estimate the Time-To-Compromise of different Industrial Control Systems attack techniques by MITRE ATT&CK. The Time-To-Compromise is estimated using an equation that takes into consideration the vulnerability data that exists for a specific asset and category of vulnerability. The vulnerability data is derived from an Industrial Control Systems specific vulnerability dataset. As a result, we present the mapping of the attack techniques to assets and categories of vulnerability, which makes it possible to apply specific vulnerabilities to the technique. We also present the method of how to estimate the Time-To-Compromise of the techniques and finally the values of Time-To-Compromise. After mapping the attack techniques to assets and category of vulnerability we are able to estimate the Time-To-Compromise and discuss its trustworthiness.

The substation automation system consists of many different complex assets and data flows. The system is also often externally connected to allow for remote management. The complexity and remote access to the substation automation system makes it vulnerable to cyber attacks. It also makes it difficult to assess the overall security of the system. One method of assessing the potential threats against a system is threat modeling. In this paper we create a language for producing threat models specifically for the substation automation systems. We focus on the method used to create the language where we review industry designs, build the language based on existing languages and consider attack scenarios from a literature study. Finally we present the language, model two different attack scenarios and generate attack graphs from the threat models.

The complexity of ICT infrastructures is continuously increasing, presenting a formidable challenge in safeguarding them against cyber attacks. In light of escalating cyber threats and limited availability of expert resources, organizations must explore more efficient approaches to assess their resilience and undertake proactive measures. Threat modeling is an effective approach for assessing the cyber resilience of ICT systems. One method is to utilize Attack Graphs, which visually represent the steps taken by adversaries during an attack. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework for developing Domain-Specific Languages (DSLs) and generating Attack Graphs for modeled infrastructures. coreLang is a MAL-based threat modeling language that utilizes such Attack Graphs to enable attack simulations and security assessments for the generic ICT domain. Developing domain-specific languages for threat modeling and attack simulations provides a powerful approach for conducting security assessments of infrastructures. However, ensuring the correctness of these modeling languages raises a separate research question. In this study we conduct an empirical experiment aiming to falsify such a domain-specific threat modeling language. The potential inability to falsify the language through our empirical testing would lead to its corroboration, strengthening our belief in its validity within the parameters of our study. The outcomes of this approach indicated that, on average, the assessments generated by attack simulations outperformed those of human experts. Additionally, both human experts and simulations exhibited significantly superior performance compared to random guessers in their assessments. While specific human experts occasionally achieved better assessments for particular questions in the experiments, the efficiency of simulation-generated assessments surpasses that of human domain experts.

The substation plays an important role in the electricgrid and can transform voltage when distributing electricity,as well as serve other functions. The modern substation is aCyber-Physical System, which inherently makes it complex andvulnerable to cybersecurity threats. Two methods for assessingcybersecurity are the use of threat models that give an overviewof the potential threats of a system and attack graphs that cangive details of potential paths of an attack. In this paper, wedescribe a parser for automatically creating threat models andattack graphs of a substation by using a threat modeling languagefor Substation Automation Systems and the configuration files ofsubstations according to IEC 61850. By modeling attack scenariosand discussing the automatically generated attack graphs withexperts in the industry, we were able to evaluate the threatmodeling language and show how it can be used to generateaccurate attack scenarios.