March 3, 2021

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies. (arXiv:2101.10198v2 [cs.CR] UPDATED)

Cyber-physical systems (CPS) are interconnected architectures that employ
analog, digital, and communication resources for their interaction with the
physical environment. CPS are the backbone of enterprise, industrial, and
critical infrastructure. Thus, their vital importance makes them prominent
targets for malicious attacks aiming to disrupt their operations. Attacks
targeting cyber-physical energy systems (CPES), given their mission-critical
nature, can have disastrous consequences. The security of CPES can be enhanced
leveraging testbed capabilities to replicate power system operations, discover
vulnerabilities, develop security countermeasures, and evaluate grid operation
under fault-induced or maliciously constructed scenarios. In this paper, we
provide a comprehensive overview of the CPS security landscape with emphasis on
CPES. Specifically, we demonstrate a threat modeling methodology to accurately
represent the CPS elements, their interdependencies, as well as the possible
attack entry points and system vulnerabilities. Leveraging the threat model
formulation, we present a CPS framework designed to delineate the hardware,
software, and modeling resources required to simulate the CPS and construct
high-fidelity models which can be used to evaluate the system’s performance
under adverse scenarios. The system performance is assessed using
scenario-specific metrics, while risk assessment enables system vulnerability
prioritization factoring the impact on the system operation. The overarching
framework for modeling, simulating, assessing, and mitigating attacks in a CPS
is illustrated using four representative attack scenarios targeting CPES. The
key objective of this paper is to demonstrate a step-by-step process that can
be used to enact in-depth cybersecurity analyses, thus leading to more
resilient and secure CPS.