Risk Assessment of Cyber Attacks on Cyber-Physical Power Systems: A Quantitative Analysis using Attack Graphs
More Info
expand_more
Abstract
Power grids rely on Operational Technology (OT) networks, for real-time monitoring and control. These traditionally segregated systems are now being integrated with general-purpose Information and Communication Technologies (ICTs). The coupling of the physical power system and its communications infrastructure forms a complex, interdependent structure referred to as a Cyber-Physical System (CPS). As cyber attacks on critical infrastructures become more frequent, power systems are especially vulnerable, as their OT systems were not designed with cyber security considerations. Hence, identifying and quantifying the risk of cyber attacks on power grids is of utmost importance.
In this dissertation, a method for quantitative risk assessment is proposed. The impact of cyber attacks is examined on a holistic model of a cyber-physical power system and their likelihood is assessed through attack graphs. Firstly, the physical power system is modelled to analyze the impact of cyber attacks on power system operation. The dynamic model of the IEEE 39-bus is used to validate the proposed risk assessment method. Various protection schemes are implemented and coordinated to analyze how cyber attacks can lead to cascading failures and a blackout. The communication networks of digital substations are modelled and integrated with the power system model. They emulate the communication network traffic between the control center and digital substations. The physical and cyber system models are integrated via co-simulation.
Secondly, attack graphs for digital substations are designed and used for cyber attack analysis. The attack graph model is based on the topology of a digital substation, specified by industry and academia. A novel method is proposed for defining the probability distributions of the time-to-compromise for each attack step, which is used in the attack simulations to extract the global time-to-compromise of the targeted asset.
Furthermore, an impact assessment method is proposed, which correlates the impact on both layers of the cyber-physical system. Key performance indicators for the power system operation as well as the operation of its communication system are defined and implemented. The overall risk of a specific cyber attack scenario is assessed based on the impact indices, likelihood of the cyber attack to commence, and a proposed metric regarding power system restoration. The proposed methods are validated by examining various cyber attack scenarios on the developed cyber-physical system model. The examined scenarios are based on real-world cyber attacks. Additionally, a study regarding the effect of different attack sequences is conducted. The impact is assessed on both layers of the cyber-physical power system by running dynamic simulations.
On overall, the CPS simulation results show the effectiveness of the proposed methods to assess risks and identify the most critical systems per cyber attack scenario. The proposed methods correlate the vulnerability assessment of the modelled security infrastructure with the corresponding impact on the cyber-physical system. The risk assessment is validated by a comprehensive analysis of selected study cases, examining the cascading failure chains of the power system. These studies show the importance of examining various attack scenarios in order to identify the weak points and bottlenecks in the integrated cyber-physical power system.