Security of the Smart Grid
Abstract
Given the incorporation of a communication network into the traditionalpower grid, the smart grid is equipped with devices that provide sensing,measurement, and control. This gives the smart grid numerous advantagesover the traditional power grid. However, the smart grid has a risk of cyberattacks which can result in failures of critical systems. Understandingthe threats to the smart grid is paramount in ensuring adequate security.
This thesis aims at identifying the attacks that can be used in compromisingthe smart grid as well as security modeling techniques thataid in identifying and presenting the security risks. It first reviews existingliterature on security modeling techniques that aid in security riskanalysis and compare the techniques so as to evaluate its applicabilityto the smart grid. A demonstration of the efficacy of using a modelingtechnique in identifying risks in the Advanced Metering Infrastructure(AMI) network of the smart grid. Finally, an attack tree is presentedwhich provides an overview of attacks against smart grid obtained fromliterature.
A review of 84 relevant papers is done to identify the attacks against thesmart grid in order to create an attack tree which gives an overview ofhow security requirements can be compromised. Furthermore, another26 relevant papers are reviewed to identify modeling techniques that canbe used in security analyses. This is followed by an evaluation of theidentified techniques based on four groupings: asset identification, riskidentification, risk evaluation, and mitigation steps. Lastly, a demonstrationof how Consultative Objective Risk Analysis System (CORAS)can be used in identifying and understanding the security risks in thesmart grid is done. The application of CORAS shows how effective it isin helping to achieve the research objectives of this thesis. Lastly, theattack tree revealed how individual attacks stack up in compromising themajor security requirements.
The results of the review give insights as to directions for future workand improvements: (i) It is important to extend the CORAS applicationevaluate the risks identified in this thesis and document mitigation stepsby first performing research on formalizing evaluation criteria for the risks(ii) It is paramount to perform develop formal assessment criteria for allsecurity modeling techniques to assess the strengths and short-comingsof each of the techniques.