Card image

Scholarly

Volume:16, Issue: 5, 2022 Page No: 69 - 76

International Journal of Electrical, Electronic and Communication Sciences

ISSN: 2517-9438

65 Downloads
Abstract Full Text Download References Share Add to Favorites
BibTeX JSON

Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Authors:
Keywords:
References:
[1] ScienceTech. A Green Future for Electrical
Networks. Think Magazine. (Online). Available:
https://www.um.edu.mt/think/a-green-future-for-electrical-networks/
[2] Y. Mo, T. H.-J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and
B. Sinopoli, “Cyber–Physical Security of a Smart Grid Infrastructure,”
in Proceedings of the IEEE, vol. 100, no. 1, pp. 195–209.
[3] G. Macher, E. Armengaud, E. Brenner, and C. Kreiner, “Threat and
Risk Assessment Methodologies in the Automotive Domain,” Procedia
Computer Science, vol. 83, pp. 1288–1294.
[4] G. Macher, H. Sporer, R. Berlach, E. Armengaud, and C. Kreiner,
“SAHARA: A security-aware hazard and risk analysis method,” in 2015
Design, Automation Test in Europe Conference Exhibition (DATE), pp.
621–624.
[5] G. Macher, A. H¨oller, H. Sporer, E. Armengaud, and C. Kreiner, “A
Combined Safety-Hazards and Security-Threat Analysis Method for
Automotive Systems,” in Computer Safety, Reliability, and Security, ser.
Lecture Notes in Computer Science, F. Koornneef and C. van Gulijk,
Eds. Springer International Publishing, vol. 9338, pp. 237–250.
[6] Solutions for intelligent distribution grids. UNITED-GRID. (Online).
Available: https://united-grid.eu/
[7] K. Antoniadou-Plytaria, A. Srivastava, M. A. F. Ghazvini, D. Steen,
L. A. Tuan, and O. Carlson, “Chalmers Campus as a Testbed for
Intelligent Grids and Local Energy Systems,” in 2019 International
Conference on Smart Energy Systems and Technologies (SEST), pp. 1–6.
[8] R. Fonteijn, M. Roos, P. Nguyen, J. Morren, and J. Slootweg, “The
Strijp-S living-lab: Testing innovative solutions for fault protection,
self-healing, congestion management, and voltage control,” in 2018 53rd
International Universities Power Engineering Conference (UPEC), pp.
1–6.
[9] M. Roos, R. Fonteijn, P. Nguyen, J. Morren, and H. Slootweg, “The
Strijp-S living lab for embedded microgrid studies,” in 2018 CIRED
Workshop.
[10] Generation. (Online). Available:
https://www.itc-holdings.com/a-modern-power-grid/about-the-nationalpower-
grid/generation
[11] Breaking Down Cybersecurity and Functional
Safety Requirements for Industrial Control Systems.
Totally Integrated Automation. (Online). Available:
https://www.totallyintegratedautomation.com/2019/06/breaking-downcybersecurity-
and-functional-safety-requirements-for-industrial-controlsystems/
[12] J. K. von Wedel and P. Arndt, “Safe and Secure Development:
Challenges and Opportunities,” in SAE Technical Paper, vol.
2018-01-0020. SAE.
[13] L. Pi`etre-Cambac´ed`es and C. Chaudet, “The SEMA referential
framework: Avoiding ambiguities in the terms “security” and “safety”,”
International Journal of Critical Infrastructure Protection, vol. 3, no. 2,
pp. 11–33.
[14] A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, “Basic concepts
and taxonomy of dependable and secure computing,” IEEE Transactions
on Dependable and Secure Computing, vol. 1, no. 1, pp. 11–33.
[15] Y. Cherdantseva and J. Hilton, “A Reference Model of Information
Assurance Security,” in 2013 International Conference on Availability,
Reliability and Security, pp. 546–555.
[16] Aljoscha Lautenbach and Mafijul Islam, “Deliverable D2.0, Security
models, HEAVENS (HEAling Vulnerabilities to ENhance Software
Security and Safety), Project deliverable.” (Online). Available:
https://autosec.se/holisec-results/
[17] IEC 60050 - International Electrotechnical Vocabulary -
Details for IEV number 741-01-04: ”Asset”. (Online). Available:
https://www.electropedia.org/iev/iev.nsf/display?openform&ievref=741-01-04
[18] ISO/IEC, ISO/IEC Guide 51:2014 Safety Aspects-Guidelines for their
Inclusion in Standards.
[19] R. Shirey, “Internet Security Glossary, Version 2,” vol. RFC4949.
[20] ISO/IEC, ISO/IEC 27000:2018 Information technology-Security
techniques - Information security management systems—Overview and
vocabulary.
[21] SAE Vehicle Cybersecurity Systems Engineering Committee,
Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, no.
J3061.
[22] ISO, ISO 26262:2018 Road Vehicles : Functional Safety.
[23] F. Swiderski and W. Snyder, Threat Modeling. Microsoft Press.
[24] L. Kohnfelder and P. Garg, “The threats to
our products,” Microsoft Interface. (Online). Available:
https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx
[25] A. Shostack. ”Experiences Threat Modeling
at Microsoft”. (Online). Available:
https://adam.shostack.org/modsec08/Shostack-ModSec08-Experiences-
Threat-Modeling-At-Microsoft.pdf
[26] IEC, IEC 61508:2010 Functional safety of
electrical/electronic/programmable electronic safety-related systems.
[27] IEC, IEC 61511:2010 Functional safety - Safety instrumented systems
for the process industry sector.
[28] ISO, ISO - ISO/IEC 27001:2013 — Information Security Management.
[29] ISO, ISO 13849-1:2015 Safety of machinery — Safety-related parts of
control systems — Part 1: General principles for design.
[30] ISO, ISO/TR 14121-2: 2007 Safety of Machinery-Risk Assessment-Part
2: Practical Guidance and Examples of Methods.
[31] ISO, ISO 12100:2010 Safety of Machinery–General Principles for
Design–Risk Assessment and Risk Reduction. CEN.
[32] Smart State Technology. (Online). Available:
https://www.smartstatetechnology.nl/
[33] G. Hoogsteen, M. E. Gerards, J. L. Hurink, G. J. Smit, O. Mansour,
and D. Bijwaard, “Combining distributed synchronized high frequency
measurements with a control system for smart low voltage grids,”
in Proceedings of the 25th International Conference on Electricity
Distribution (CIRED 2019). CIRED.
[34] R. Fan, A. P. S. Meliopoulos, L. Sun, Z. Tan, and Y. Liu, “Transformer
inter-turn faults detection by dynamic state estimation method,” in 2016
North American Power Symposium (NAPS).
[35] A. P. S. Meliopoulos, G. J. Cokkinides, Z. Tan, S. Choi, Y. Lee, and
P. Myrda, “Setting-Less Protection: Feasibility Study,” in 2013 46th
Hawaii International Conference on System Sciences, pp. 2345–2353.