Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM

The security assessment is a key function that should be performed in advance of any security deployment. Since experiences of cyber attack in power control systems are still limited, a complete methodology of security assessment for communication networks of power control systems is needed. According to past research, the difficulties of security assessment include the security analysis of power control process, and the security degree of each control step. Therefore, the attack graph and multiple criteria decision-making (MCDM) are introduced to deal with these difficulties. The overall security assessment is decomposed into two parts. One is the security analysis model for power control systems using attack graph, includes the basic concepts definition, construction algorithm, vulnerability function of each control step, and connection model-based system vulnerability calculation. Another one is focused on the quantification of the security degree in each control step-a hybrid MCDM approach integrated with an analytic hierarchy process (AHP) and a technique for order preference by similarity to ideal solution (TOPSIS) are proposed to value the vulnerability factors derived by the security analysis model. Finally, an instance communication network of power control system is modeling to test the validity of security assessment. The result supports the usefulness of the security assessment.

[1]  Zeng Xiangjun,et al.  Context Information-Based Cyber Security Defense of Protection System , 2007, IEEE Transactions on Power Delivery.

[2]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[3]  G.N. Ericsson,et al.  Management of information security for an electric power Utility-on security domains and use of ISO/IEC17799 standard , 2005, IEEE Transactions on Power Delivery.

[4]  Wenxia Liu,et al.  A Security Mechanism of Web Services-Based Communication for Wind Power Plants , 2008, IEEE Transactions on Power Delivery.

[5]  Lin Wang,et al.  Security Operation Modes for Enhancement of Utility Computer Network Cyber-Security , 2007, 2007 IEEE Power Engineering Society General Meeting.

[6]  C. Hwang,et al.  Fuzzy Multiple Attribute Decision Making Methods , 1992 .

[7]  K.E. Holbert,et al.  PRA for vulnerability assessment of power system infrastructure security , 2005, Proceedings of the 37th Annual North American Power Symposium, 2005..

[8]  Lars Nordström Assessment of Information Security Levels in Power Communication Systems Using Evidential Reasoning , 2008 .

[9]  Jim Alves-Foss,et al.  Risk Analysis and Probabilistic Survivability Assessment ( RAPSA ) : An Assessment Approach for Power Substation Hardening , 2002 .

[10]  Lian Yi-feng,et al.  A Vulnerability Model of Distributed Systems Based on Reliability Theory , 2006 .

[11]  Jim Alves-Foss,et al.  Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack , 2002 .

[12]  Gen-Yih Liao,et al.  Toward Authenticating the Master in the Modbus Protocol , 2008, IEEE Transactions on Power Delivery.

[13]  Wenxia Liu,et al.  A security mechanism of Web Services-based communication for wind power plants , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[14]  G.N. Ericsson Toward a Framework for Managing Information Security for an Electric Power Utility—CIGRÉ Experiences , 2007, IEEE Transactions on Power Delivery.

[15]  Guo Zhizhong,et al.  Vulnerability Assessment of Cyber Security in Power Industry , 2006, 2006 IEEE PES Power Systems Conference and Exposition.

[16]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[17]  F. Cleveland,et al.  IEC TC57 Security Standards for the Power System's Information Infrastructure - Beyond Simple Encryption , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.

[18]  T. Saaty,et al.  The Analytic Hierarchy Process , 1985 .

[19]  Jian Wang,et al.  Study on PMI based access control of substation automation system , 2006, 2006 IEEE Power Engineering Society General Meeting.