Vulnerability Assessment of Cybersecurity for SCADA Systems
Top Cited Papers
- 28 October 2008
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Power Systems
- Vol. 23 (4), 1836-1846
- https://doi.org/10.1109/tpwrs.2008.2002298
Abstract
Vulnerability assessment is a requirement of NERC's cybersecurity standards for electric power systems. The purpose is to study the impact of a cyber attack on supervisory control and data acquisition (SCADA) systems. Compliance of the requirement to meet the standard has become increasingly challenging as the system becomes more dispersed in wide areas. Interdependencies between computer communication system and the physical infrastructure also become more complex as information technologies are further integrated into devices and networks. This paper proposes a vulnerability assessment framework to systematically evaluate the vulnerabilities of SCADA systems at three levels: system, scenarios, and access points. The proposed method is based on cyber systems embedded with the firewall and password models, the primary mode of protection in the power industry today. The impact of a potential electronic intrusion is evaluated by its potential loss of load in the power system. This capability is enabled by integration of a logic-based simulation method and a module for the power flow computation. The IEEE 30-bus system is used to evaluate the impact of attacks launched from outside or from within the substation networks. Countermeasures are identified for improvement of the cybersecurity.Keywords
This publication has 12 references indexed in Scilit:
- Toward a Framework for Managing Information Security for an Electric Power Utility—CIGRÉ ExperiencesIEEE Transactions on Power Delivery, 2007
- Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees2007 IEEE Power Engineering Society General Meeting, 2007
- Application of Sensor Network for Secure Electric Energy InfrastructureIEEE Transactions on Power Delivery, 2007
- SCADA Cyber Security Testbed DevelopmentPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Assessment of Interactions Between Power and Telecommunications InfrastructuresIEEE Transactions on Power Systems, 2006
- IEC TC57 Security Standards for the Power System's Information Infrastructure - Beyond Simple EncryptionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Model-based evaluation: from dependability to securityIEEE Transactions on Dependable and Secure Computing, 2004
- An information architecture for future power systems and its reliability analysisIEEE Transactions on Power Systems, 2002
- Security challenges for the electricity infrastructureComputer, 2002
- A process control approach to cyber attack detectionCommunications of the ACM, 2001