Smart Grid architecture risk optimization through vulnerability scoring

With the increasing smart grid cybersecurity concerns it is imperative that system owners provide cost effective security mechanisms to efficiently minimize risk. This paper introduces the idea of CVSS-host scores which utilize CVSS parameters to provide impact scoring for individual systems. This scoring mechanism presents a novel view of system risk by framing an upper bounds on the criticality of potential vulnerabilities in that system. Once this scoring system has been established, the CVSS vectors can then be utilized to perform more sophisticated calculations to investigate optimal costs and benefits for future security enhancements. The benefits of this risk assessment mechanism are displayed against an example smart grid AMI architecture as documented in NIST IR 7628. The contributions of the paper are (1) the introduction of CVSS-host scoring, (2) the analysis of NIST AMI proposed architectures through the CVSS-host scoring method and (3) a binary integer program formulation for utilizing CVSS-host scoring to evaluate optimal security configurations.