BAGS: A Tool to Quantify Smart Grid Resilience
Yatin Wadhawan, Clifford Neuman
DOI: http://dx.doi.org/10.15439/2017F77
Citation: Communication Papers of the 2017 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 13, pages 323–332 (2017)
Abstract. In this paper, we present the Bayesian Attack Graph for Smart Grid (BAGS) tool to quantify smart grid resilience in the presence of multiple cyber-physical attacks. BAGS takes system functions, network architecture, applications and a vulnerability report as input and generates three Bayesian Networks at three different levels of hierarchy. The top level network is called Functional Bayesian Network that defines how smart grid functions are connected. System engineers can select a particular function on a dashboard and view the Network Bayesian Network of that function at the second level. They can also choose a particular network component to see the list of vulnerabilities and the probability of associated compromise at the third level. System engineers can incorporate this functionality into their system and analyze the impact of any compromised component of the smart grid system on its resilience. Furthermore, BAGS helps to identify the failure paths in advance from one power grid function to another so that they can devise secure strategies and deploy resources effectively and efficiently.
References
- Li, S., Tryfonas, T., Russell, G., & Andriotis, P. (2016). Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. IEEE transactions on cybernetics, 46(8), 1749-1759.
- Yodo, N., & Wang, P. (2016). Resilience modeling and quantification for engineered systems using Bayesian networks. Journal of Mechanical Design, 138(3), 031404.
- Hosseini, S., & Barker, K. (2016). Modeling infrastructure resilience using Bayesian networks: a case study of inland waterway ports. Computers & Industrial Engineering, 93, 252-266.
- Poolsappasit, N., Dewri, R., & Ray, I. (2012). Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1), 61-74.
- Srikantha, Pirathayini, and Deepa Kundur. "A DER Attack-Mitigation Differential Game for Smart Grid Security Analysis." IEEE Transactions on Smart Grid 7, no. 3 (2016): 1476-1485.
- Tan, Rui, Hoang Hai Nguyen, Eddy YS Foo, Xinshu Dong, David KY Yau, Zbigniew Kalbarczyk, Ravishankar K. Iyer, and Hoay Beng Gooi. "Optimal False Data Injection Attack against Automatic Generation Control in Power Grids." In 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS), pp. 1-10. IEEE, 2016.
- AlMajali, A., Rice, E., Viswanathan, A., Tan, K., & Neuman, C. A systems approach to analysing cyber-physical threats in the Smart Grid. In 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm).
- Neuman, C., and Tan, K.: Mediating cyber and physical threat propagation in secure smart grid architectures. In Smart Grid Communications (SmartGridComm), IEEE International Conference on (pp. 238-243). (2011)
- Yi, Ping, Ting Zhu, Qingquan Zhang, Yue Wu, and Li Pan. "Puppet attack: A denial of service attack in advanced metering infrastructure network." Journal of Network and Computer Applications 59 (2016): 325-332.
- Sanjab, A., Saad, W., Guvenc, I., Sarwat, A., & Biswas, S. (2016). Smart Grid Security: Threats, Challenges, and Solutions. arXiv preprint https://arxiv.org/abs/1606.06992.
- Findrik, M., Smith, P., Kazmi, J. H., Faschang, M., & Kupzog, F. (2016, November). Towards secure and resilient networked power distribution grids: Process and tool adoption. In Smart Grid Communications (SmartGridComm), 2016 IEEE International Conference on (pp. 435-440). IEEE.
- CVSS Score. https://www.first.org/cvss/specification-document
- Ukraine’s Power outage was a cyber attack: Ukrenergo, 2017. http://www.reuters.com/article/us-ukraine-cyber-attack-energy-idUSKBN1521BA
- Analysis of the Cyber Attack on the Ukrainian Power Grid, March 2016. http://www.nerc.com/pa/CI/ESISAC/Documents/E- ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
- Stuxnet style attack on US Smart Grid could cost governemnt $1 trillion. https://www.scmagazineuk.com/stuxnet-style-attack-on-us-smart-grid-could-cost-government-1-trillion/article/535452/
- Baheti, Radhakisan, and Helen Gill. "Cyber-physical systems." The impact of control technology 12 (2011): 161-166.
- Lu, D., Liu, Y., & Zeng, Y. (2016, November). Risk assessment of power grid considering the reliability of the information system. In Smart Grid Communications (SmartGridComm), 2016 IEEE International Conference on (pp. 723-728). IEEE.
- J. Zalewski, S. Drager, W. McKeever, A. Kornecki, B. Czejdo, Modeling Resiliency and Its Essential Components for Cyberphysical Systems, Annals of Computer Science and Information Systems (Proc. FedCSIS'2015), Vol. 6, 107–114 (2015)
- A. Kornecki, N Subramanian, J. Zalewski, Studying Interrelationships of Safety and Security for Software Assurance in Cyber-Physical Systems: Approach Based on Bayesian Belief Networks, Proceedings of the 2013 FedCSIS Conference, pp. 1381–1387.