Embed Size (px)
Citation preview
Identifying Risks and Assessing Vulnerabilities
Analytics for Smart Grid Cybersecurity
This work was funded by the Cooperative Agreement between the Masdar Institute of Science and Technology (Masdar Institute), Abu Dhabi, UAE
and the Massachusetts Institute of Technology (MIT), Cambridge, MA, USA - 02/MI/MIT/CP/11/07633/GEN/G/00.
Nazli Choucri
Professor of Political Science
Gaurav Agarwal
SM - Engineering and Management ’10
Boston Global Citizenship Forum
Page 2
Source: United States Government Accountability Office, “Electricity grid
modernization, GAO-11-117, January 2011.
Analytics for Smart Grid Cybersecurity: Identifying Risks and Assessing Vulnerabilities
N Choucri and G Agarwal, September 22
Smart Grid of Power Systems
Highlights of Smart Grid Cybersecurity Risk Management Practice
Enterprise Risk
Management Practice
Cybersecurity Risk
Management Practice
Other Risk
Management Practice
NIST Supply Chain RMP
DoE RMP
Compliance to Technical
Standards
Compliance to Federal
Regulations
Implementation of
Capability Maturity Models
DoE C2M2 Guide
DoE C2M2
NIST Cybersecurity
Framework
White House Executive
Order: 13636
NIST 7628 Guidelines
NIST 800:53
NIST 1108R3
CIM/61850 for DGM
SGIP Framework
mapping to Guidelines
US CERT Cyber Resilience Review
ICS CERT Cyber Security Evaluation Tool
Primary Documents
Supporting
Documents
Other Documents
Focus on
Smart Grid
①
②
③
④
⑤
⑥
Advancing Cybersecurity and Sustainability for Critical Infrastructure: Ecosystem
of Cybersecurity Risk Management Practices – Situating NIST Initiatives and
Expanding Capabilities. • April 17, 2016
Page 3
Smart Grid Cyber
Security Focus
RMP stands for Risk Management Practice
Page 4
Smart Grid Elements – in numbers
Domains : 7
Actors (Nodes) : 47
Logical Interfaces (Edges) : 130
Security Requirements Types: 180
Vulnerabilities Classes: 53
Spatial distance between nodes is importance and
distance to other nodes.
Node represents an actor.
Node color based on domain.
Node size based on eigenvector centrality of node in the network.
Edge represents a logical interface (or connection) between two actors.
Interface strength – illustrated by thickness of connection
Impact scale and scope, defined in system-wide terms – represented by edge color.
•
Network View of NIST Guidelines from Design Structure Matrix (DSM)
Analytics for Smart Grid Cybersecurity: Identifying Risks and Assessing Vulnerabilities
N Choucri and G Agarwal September 22, 2016
Page 5
HIGHMODERATELOW
Co
nfi
de
nti
ali
tyIn
teg
rity
Ava
ila
bilit
y
Se
cu
rity
Ob
jec
tive
s
Impact Levels
Analytics for Smart Grid Cybersecurity: Identifying Risks and Assessing Vulnerabilities •
N Choucri and G Agarwal, September 22,, 2016
These images: (1) provide greater transparency, (2) identify high threat areas,
(3) support selection of priority actions, and (4) help align resources to goals
Risk Identification and Assessment based on NIST Guidelines 7628 R1
