Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios

Sumeet Jauhar, Binbin Chen, William G. Temple, Xinshu Dong, Zbigniew T Kalbarczyk, William H Sanders, David Malcolm Nicol

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The transformation of traditional power systems to smart grids brings significant benefits, but also exposes the grids to various cyber threats. The recent effort led by US National Electric Sector Cybersecurity Organization Resource (NESCOR) Technical Working Group 1 to compile failure scenarios is an important initiative to document typical cybersecurity threats to smart grids. While these scenarios are an invaluable thought-aid, companies still face challenges in systematically and efficiently applying the failure scenarios to assess security risks for their specific infrastructure. In this work, we develop a model-based process for assessing the security risks from NESCOR failure scenarios. We extend our cybersecurity assessment tool, Cyber-SAGE, to support this process, and use it to analyze 25 failure scenarios. Our results show that CyberSAGE can generate precise and structured security argument graphs to quantitatively reason about the risk of each failure scenario. Further, CyberSAGE can significantly reduce the assessment effort by allowing the reuse of models across different failure scenarios, systems, and attacker profiles to perform what if? analysis.

Original languageEnglish (US)
Title of host publicationProceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015
EditorsDong Xiang, Tatsuhiro Tsuchiya, Guojun Wang
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages319-324
Number of pages6
ISBN (Electronic)9781467393768
DOIs
StatePublished - Jan 4 2016
Event21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015 - Zhangjiajie, China
Duration: Nov 18 2015Nov 20 2015

Publication series

NameProceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015

Other

Other21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015
CountryChina
CityZhangjiajie
Period11/18/1511/20/15

Fingerprint

Industry

Keywords

  • NESCOR
  • Smart grid
  • cybersecurity

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Jauhar, S., Chen, B., Temple, W. G., Dong, X., Kalbarczyk, Z. T., Sanders, W. H., & Nicol, D. M. (2016). Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios. In D. Xiang, T. Tsuchiya, & G. Wang (Eds.), Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015 (pp. 319-324). [7371417] (Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PRDC.2015.37

Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios. / Jauhar, Sumeet; Chen, Binbin; Temple, William G.; Dong, Xinshu; Kalbarczyk, Zbigniew T; Sanders, William H; Nicol, David Malcolm.

Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015. ed. / Dong Xiang; Tatsuhiro Tsuchiya; Guojun Wang. Institute of Electrical and Electronics Engineers Inc., 2016. p. 319-324 7371417 (Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jauhar, S, Chen, B, Temple, WG, Dong, X, Kalbarczyk, ZT, Sanders, WH & Nicol, DM 2016, Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios. in D Xiang, T Tsuchiya & G Wang (eds), Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015., 7371417, Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015, Institute of Electrical and Electronics Engineers Inc., pp. 319-324, 21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015, Zhangjiajie, China, 11/18/15. https://doi.org/10.1109/PRDC.2015.37
Jauhar S, Chen B, Temple WG, Dong X, Kalbarczyk ZT, Sanders WH et al. Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios. In Xiang D, Tsuchiya T, Wang G, editors, Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015. Institute of Electrical and Electronics Engineers Inc. 2016. p. 319-324. 7371417. (Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015). https://doi.org/10.1109/PRDC.2015.37
Jauhar, Sumeet ; Chen, Binbin ; Temple, William G. ; Dong, Xinshu ; Kalbarczyk, Zbigniew T ; Sanders, William H ; Nicol, David Malcolm. / Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios. Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015. editor / Dong Xiang ; Tatsuhiro Tsuchiya ; Guojun Wang. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 319-324 (Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015).
@inproceedings{854e39ac592041f7a57f619564eb9d0f,
title = "Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios",
abstract = "The transformation of traditional power systems to smart grids brings significant benefits, but also exposes the grids to various cyber threats. The recent effort led by US National Electric Sector Cybersecurity Organization Resource (NESCOR) Technical Working Group 1 to compile failure scenarios is an important initiative to document typical cybersecurity threats to smart grids. While these scenarios are an invaluable thought-aid, companies still face challenges in systematically and efficiently applying the failure scenarios to assess security risks for their specific infrastructure. In this work, we develop a model-based process for assessing the security risks from NESCOR failure scenarios. We extend our cybersecurity assessment tool, Cyber-SAGE, to support this process, and use it to analyze 25 failure scenarios. Our results show that CyberSAGE can generate precise and structured security argument graphs to quantitatively reason about the risk of each failure scenario. Further, CyberSAGE can significantly reduce the assessment effort by allowing the reuse of models across different failure scenarios, systems, and attacker profiles to perform what if? analysis.",
keywords = "NESCOR, Smart grid, cybersecurity",
author = "Sumeet Jauhar and Binbin Chen and Temple, {William G.} and Xinshu Dong and Kalbarczyk, {Zbigniew T} and Sanders, {William H} and Nicol, {David Malcolm}",
year = "2016",
month = "1",
day = "4",
doi = "10.1109/PRDC.2015.37",
language = "English (US)",
series = "Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "319--324",
editor = "Dong Xiang and Tatsuhiro Tsuchiya and Guojun Wang",
booktitle = "Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015",
address = "United States",

}

TY - GEN

T1 - Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios

AU - Jauhar, Sumeet

AU - Chen, Binbin

AU - Temple, William G.

AU - Dong, Xinshu

AU - Kalbarczyk, Zbigniew T

AU - Sanders, William H

AU - Nicol, David Malcolm

PY - 2016/1/4

Y1 - 2016/1/4

N2 - The transformation of traditional power systems to smart grids brings significant benefits, but also exposes the grids to various cyber threats. The recent effort led by US National Electric Sector Cybersecurity Organization Resource (NESCOR) Technical Working Group 1 to compile failure scenarios is an important initiative to document typical cybersecurity threats to smart grids. While these scenarios are an invaluable thought-aid, companies still face challenges in systematically and efficiently applying the failure scenarios to assess security risks for their specific infrastructure. In this work, we develop a model-based process for assessing the security risks from NESCOR failure scenarios. We extend our cybersecurity assessment tool, Cyber-SAGE, to support this process, and use it to analyze 25 failure scenarios. Our results show that CyberSAGE can generate precise and structured security argument graphs to quantitatively reason about the risk of each failure scenario. Further, CyberSAGE can significantly reduce the assessment effort by allowing the reuse of models across different failure scenarios, systems, and attacker profiles to perform what if? analysis.

AB - The transformation of traditional power systems to smart grids brings significant benefits, but also exposes the grids to various cyber threats. The recent effort led by US National Electric Sector Cybersecurity Organization Resource (NESCOR) Technical Working Group 1 to compile failure scenarios is an important initiative to document typical cybersecurity threats to smart grids. While these scenarios are an invaluable thought-aid, companies still face challenges in systematically and efficiently applying the failure scenarios to assess security risks for their specific infrastructure. In this work, we develop a model-based process for assessing the security risks from NESCOR failure scenarios. We extend our cybersecurity assessment tool, Cyber-SAGE, to support this process, and use it to analyze 25 failure scenarios. Our results show that CyberSAGE can generate precise and structured security argument graphs to quantitatively reason about the risk of each failure scenario. Further, CyberSAGE can significantly reduce the assessment effort by allowing the reuse of models across different failure scenarios, systems, and attacker profiles to perform what if? analysis.

KW - NESCOR

KW - Smart grid

KW - cybersecurity

UR - http://www.scopus.com/inward/record.url?scp=84964318272&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84964318272&partnerID=8YFLogxK

U2 - 10.1109/PRDC.2015.37

DO - 10.1109/PRDC.2015.37

M3 - Conference contribution

AN - SCOPUS:84964318272

T3 - Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015

SP - 319

EP - 324

BT - Proceedings - 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015

A2 - Xiang, Dong

A2 - Tsuchiya, Tatsuhiro

A2 - Wang, Guojun

PB - Institute of Electrical and Electronics Engineers Inc.

ER -