Title :
Smart Grid architecture risk optimization through vulnerability scoring
Author_Institution :
Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA
Abstract :
With the increasing smart grid cybersecurity concerns it is imperative that system owners provide cost effective security mechanisms to efficiently minimize risk. This paper introduces the idea of CVSS-host scores which utilize CVSS parameters to provide impact scoring for individual systems. This scoring mechanism presents a novel view of system risk by framing an upper bounds on the criticality of potential vulnerabilities in that system. Once this scoring system has been established, the CVSS vectors can then be utilized to perform more sophisticated calculations to investigate optimal costs and benefits for future security enhancements. The benefits of this risk assessment mechanism are displayed against an example smart grid AMI architecture as documented in NIST IR 7628. The contributions of the paper are (1) the introduction of CVSS-host scoring, (2) the analysis of NIST AMI proposed architectures through the CVSS-host scoring method and (3) a binary integer program formulation for utilizing CVSS-host scoring to evaluate optimal security configurations.
Keywords :
integer programming; power system measurement; power system security; risk management; smart power grids; CVSS parameter; CVSS vectors; CVSS-host scoring; NIST AMI; NIST IR 7628; binary integer program formulation; cost effective security mechanism; optimal security configuration; potential vulnerability; risk assessment mechanism; security enhancement; smart grid AMI architecture; smart grid architecture risk optimization; smart grid cybersecurity; vulnerability scoring mechanism; Authentication; Availability; Measurement; NIST; Smart grids; Software;
Conference_Titel :
Innovative Technologies for an Efficient and Reliable Electricity Supply (CITRES), 2010 IEEE Conference on
Conference_Location :
Waltham, MA
Print_ISBN :
978-1-4244-6076-2
DOI :
10.1109/CITRES.2010.5619847
