Cyber security assessment of a power plant

Fovino, Igor Nai; Guidi, Luca; Masera, Marcelo; Santarelli, Alberto

doi:10.1016/j.epsr.2010.10.012

Cited by 36 publications

(22 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A typical electrical power grid includes several control centres to manage the generation, transmission, and distribution of power throughout the grid [24]. Therefore, the electric power critical infrastructure is highly interconnected, consisting of several utilities and distributed substations.…”

Section: A the Power Chain Dimensionmentioning

confidence: 99%

A Security Assessment Model for Electrical Power Grid SCADA System

2019

IJITEE

View full text Add to dashboard Cite

Due to the wide application of SCADA systems in national critical infrastructure, their cyber security issues and vulnerabilities have been a primary concern; whereas, the impact and consequences of cyber-attacks to these systems have the potential to result in catastrophic consequences in the physical domain. Therefore, estimating possible attack impacts and identifying system vulnerabilities are major concern in SCADA management and operations. However, it is quite difficult to plan, execute and review vulnerability analysis in critical infrastructure systems as well as in industrial control systems (such as SCADA system) due to its complexity, large-scale and heterogeneity. Consequently, a consistent domain-specific conceptual model is required to establish a generic framework for cyber security analysis to examine and investigate security threats on cyber-physical systems, the role of the entities within the system as well as system operations. The main contribution of this work is to present a multi-facets model to support cyber security analysis practices such as penetration testing, vulnerability assessment and risk analysis. The proposed model presents a common insight among different SCADA configurations, implementations and the employed protocols to handle its complexity, heterogeneous and scale. To demonstrate the usability as a proof of concept and applicability of the proposed model, the paper also presents an example illustrating how the proposed model can be employed to carry out security vulnerability assessment.

show abstract

Section: A the Power Chain Dimensionmentioning

confidence: 99%

A Security Assessment Model for Electrical Power Grid SCADA System

2019

IJITEE

View full text Add to dashboard Cite

show abstract

“…The framework includes processes for a security risk and vulnerability assessment. As efforts in the nuclear industries, Nai Fovino I [12] presented the outcome of information and communication technology (ICT) security assessment targeting an operational power plant. The results show that the vulnerability of a plant to malicious attacks is severe.…”

Section: Cyber Security Accidents and Effortsmentioning

confidence: 99%

A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

Park

Suh

2014

Nuclear Engineering and Technology

View full text Add to dashboard Cite

“…(). Specific attention has been paid in the literature to power systems (see, e.g., the papers by Ericsson, ; Fovino, Guidi, Masera, & Stefanini, ; Onyeji, Bazilian, & Bronk, ; Sun, Hahn, & Liu, ), industrial control systems (dealt with in the papers by Cherdantseva et al., ; Ralston, Graham, & Hieb, ), and nuclear plants (as in the papers by Park, Suh, & Park, ; Shin, Son, & Heo, ). Whatever the specific infrastructure, securing it requires an investment in cybersecurity tools and policies.…”

Section: Introductionmentioning

confidence: 99%

“…Cyber risks represent a major source of concern for several utility and industrial infrastructures, due to both the risk arising in individual infrastructures and that deriving from the interconnections and interdependencies among them, as shown in the papers by Kröger (2008) and by Maglaras et al (2018). Specific attention has been paid in the literature to power systems (see, e.g., the papers by Ericsson, 2010;Fovino, Guidi, Masera, & Stefanini, 2011;Onyeji, Bazilian, & Bronk, 2014;Sun, Hahn, & Liu, 2018), industrial control systems (dealt with in the papers by Cherdantseva et al, 2016;Ralston, Graham, & Hieb, 2007), and nuclear plants (as in the papers by Park, Suh, & Park, 2016;Shin, Son, & Heo, 2017). Whatever the specific infrastructure, securing it requires an investment in cybersecurity tools and policies.…”

Section: Introductionmentioning

confidence: 99%

Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management

Mazzoccoli

Naldi

2019

Risk Analysis

View full text Add to dashboard Cite

An integrated risk management strategy, combining insurance and security investments, where the latter contribute to reduce the insurance premium, is investigated to assess whether it can lead to reduced overall security expenses. The optimal investment for this mixed strategy is derived under three insurance policies, covering, respectively, all the losses (total coverage), just those below the limit of maximum liability (partial coverage), and those above a threshold but below the maximum liability (partial coverage with deductibles). Under certain conditions (e.g., low potential loss, or either very low or very high vulnerability), the mixed strategy reverts however to insurance alone, because investments do not provide an additional benefit. When the mixed strategy is the best choice, the dominant component in the overall security expenses is the insurance premium in most cases. Optimal investment decisions require an accurate estimate of the vulnerability, whereas larger estimation errors may be tolerated for the investment‐effectiveness coefficient.

show abstract

Cyber security assessment of a power plant

Cited by 36 publications

References 12 publications

A Security Assessment Model for Electrical Power Grid SCADA System

A Security Assessment Model for Electrical Power Grid SCADA System

A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management

Contact Info

Product

Resources

About