Cyber risk assessment of power control systems - A metrics weighed by attack experiments

IEEE Power and Energy Society General Meeting

Volumn , Issue , 2011, Pages

  Dondossola, G ^a   Garrone, F ^a   Szanto, J ^a  

^a RICERCA SUL SISTEMA ENERGETICO RSE S P A   (Italy)

Author keywords

Computer based attacks; Cyber risk assessment; Information and communication security; Power emergency management; Power grid control; Resilience testing; SCADA systems; Substation Automation; Test beds

Indexed keywords

COMPUTER-BASED ATTACKS; EMERGENCY MANAGEMENT; INFORMATION AND COMMUNICATION; POWER GRIDS; SUBSTATION AUTOMATION;

COMMUNICATION; COMPUTER CONTROL SYSTEMS; COMPUTER CRIME; ELECTRIC POWER DISTRIBUTION; ELECTRIC UTILITIES; EQUIPMENT TESTING; EXPERIMENTS; RATING; RISK ASSESSMENT; RISK MANAGEMENT; RISK PERCEPTION; SCADA SYSTEMS;

SECURITY OF DATA;

EID: 82855178000     PISSN: 19449925     EISSN: 19449933     Source Type: Conference Proceeding    
DOI: 10.1109/PES.2011.6039589     Document Type: Conference Paper

References (34)

1. IEC Smart Grid Standardization RoadMap, 2010, SMB Smart Grid Strategic Group SG3, Edition 1.0.
2. N. Falliere, L.O. Murchu, E. Chien, 2010, "W32.Stuxnet Dossier".
3. COM(2009)149 Communication from the Commission on "Critical Information Infrastructure Protection - Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience", 30 March 2009.
4. Draft Technical Report IEC 61850-90-1 Ed 1 "Communication networks and systems for power utility automation - Part 90-1: Use of 61850 for the communication between substations", Draft Technical Report 57/992/DTR, March 2009.
5. th Annual Hawaii International Conference on Systems Sciences, January 2004, pp.54-61.
6. A. Wenger, V. Mauer, M. Dunn "Critical Information Infrastructure Protection", International CIIP Handbook 2008, ETH the Swiss Federal Institute of Technology Zurich, September 2008.
7. Department of Energy National SCADA Testbed http://www.oe.energy.gov/ nstb.htm.
8. Electric Power Research Institute, IntelliGrid, www.epriintelligrid.com/ intelligrid/home.jsp.
9. M. Amin, "Toward Self-Healing Energy Infrastructure Systems", IEEE Computer Applications in Power, vol. 14, Jan.2001, pp. 20-28. (Pubitemid 32136400)
10. CIGRE (2007): "Review of on-line dynamic security assessment tools and techniques", WG C4.601 Technical Brochure, January 2007.
11. PSERC (Power Systems Engineering Research Center) (2005), "Detection, Prevention and Mitigation of Cascading Events", Final Report, Part I, III (October 2005), Part II (November 2005), http://www.pserc.org.
12. NIST Internal Report 7628, "Guidelines for Smart Grid Cyber Security", 3 Volumes, The Smart Grid Interoperability Panel - Cyber Security Working Group, August 2010.
13. Smart Grid Resource Center, http://www.smartgrid.epri.com/.
14. European Technology Platform for the Electricity Networks of the future, http://www.smartgrids.eu/.
15. M. Beccuti, G. Franceschinis, S. Donatelli, S. Chiaradonna, F. Di Giandomenico, P. Lollini, G. Dondossola, F. Garrone "Quantification of Dependencies in Electrical and Information Infrastructures: the CRUTIAL approach", Fourth International CRIS conference on Critical Infrastructures, CRIS 2009, Linkoping, Svezia, April 2009.
16. C-W. Ten, C-C. Liu, G. Manimaran "Vulnerability assessment of Cybersecurity for SCADA Systems", IEEE Trans. On Power Systems, vol 23, no. 4, November 2008.
17. G. Franceschinis, E. Alata, J. Antunes, H. Beitollah, A. N. Bessani, M. Correira, W. Dantaa, G. Deconinck, M. Kaaniche, N. Neves, V. Nicomette, P. Sousa, P. Verissimo "Experimental validation of architectural solutions", CRUTIAL Workpackage 5 Deliverable D20, CRUTIAL consortium, pp. 88, March 2009. Available: http://crutial/Dissemination/DELIVERABLES-OF-THE- PROJECT.asp.
18. L. Pietre-Cambacedes, T. Kropp, J. Weiss, R. Pellizzoni, "Cybersecurity standards for the electric power industry - a "survival kit", in in Proc. 2008 Cigré Session, Study Committee D2, paper n. 217, August 2008.
19. Technical Specification IEC 62351-3 "Power System Management and associated information exchange - Data and Communication Security - Part 3:Communication network and system security - Profiles including TCP/IP", Technical Specification, First Edition, June 2007.
20. Technical Specification IEC 62351-5 "Power System Management and associated information exchange - Data and Communication Security - Part 5: Security for IEC 60870-5 and derivates", Technical Specification, Ed. 1.0, August 2009.
21. Working Draft IEC 62351-7 "Data and Communication Security - Network and System Data objects for End-to-End network Management and System Security", First Working Draft, Version 1, July 2006.
22. M. Tritschler, G. Dondossola "Information/ICT Security Risk Assessment of Operational IT Systems at Electric Power Utilities", Cigré Colloquium SC D2, Fukuoka, Japan 21-22 October 2009.
23. G. Deconinck, H. Beitollahi, T. Loix, G. Dondossola, F. Garrone, J. Szanto "On EPS-ICT interdependencies in the testbed", CRUTIAL Workpackage 3 Deliverable D17, CRUTIAL consortium, pp. 74, March 2009. Available: http://crutial/Dissemination/DELIVERABLES-OF-THE-PROJECT.asp.
24. International Standard IEC 60870-5 "Telecontrol equipment and systems - Part 5-104: Transmission protocols - Network access for IEC 60870-5-101 using standard transport profiles", International Standard, Second Edition, Reference Number IEC 60870-5-104(E), June 2006.
25. RFC 4301 "Security Architecture for the Internet Protocol".
26. G. Dondossola, F. Garrone, J. Szanto, G. Fiorenza, 2009, "Assessment of power control systems communications through testbed experiments", Proceedings CIRED 2009, paper no. 0650.
27. CIGRE (2008): "Integrated Management Information in Utilities", WG D2.17 Technical Brochure, February 2008.
28. Cigré Technical Brochure, "Operational services using IP Virtual private Networks", Task Force D2.10, Technical Brochure 321, June 2007.
29. RFC 2281 "Cisco Hot Stanby Router Protocol".
30. Cisco "Hot Standby Router Protocol Features and Functionality", Document ID: 9234.
31. "Cisco IOS Intrusion Prevention System Deployment Guide", White Paper, 2009.
32. NISTIR 7628 "NIST Guidelines for Smart Grid Cyber Security", The Smart Grid Interoperability Panel - Cyber Security Working Group, August 2010.
33. G. Dondossola, F. Garrone, J. Szanto, "Supporting Cyber Risk Assessment of Power Control Systems with experimental data" IEEE (Institute of Electrical and Electronic Engineers) Power Systems Conference and Exhibition (PSCE) 2009, Seattle, WA 15-18 March 2009.
34. M.-Y. Huang, T. M. Wicks, "A large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis", Applied Research and Technology, The Boeing Company, Seattle, WA, USA.