Smart grid cybersecurity exposure analysis and evalution framework

The complex system architecture required to support smart grid technology introduces an undetermined level of risk in power systems. Many current techniques to evaluate cyber specific risk fail to scale to such a large environment. While attack graphs and trees are frequently used to model system security, both approaches require the ability to predict potential attack vectors. Access graphs have been proposed to model trust between systems and also show how a compromised system can affect related systems. This paper introduces a framework for evaluating the security exposure of a large scale smart grid environment. The framework utilizes a model based on access graphs to determine the system´s attack exposure. This method also implements quantitative metrics to evaluate acceptable exposure levels. This framework also introduces a method to analyze the impact a mitigating security control has on the resulting architecture.