Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.5.873

Security Threat Evaluation for Smartgrid Control System  

Ko, Jongbin (Division of Computer Engineering, Ajou University)
Lee, Seokjun (Division of Computer Engineering, Ajou University)
Shon, Taeshik (Division of Information Computer Engineering, Ajou University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.5, 2013 , pp. 873-883 More about this Journal
Abstract
Security vulnerability quantification is the method that identify potential vulnerabilities by scoring vulnerabilities themselves and their countermeasures. However, due to the structural feature of smart grid system, it is difficult to apply existing security threat evaluation schemes. In this paper, we propose a network model to evaluate smartgrid security threat for AMI and derive attack scenarios. Additionally, we show that the result of security threat evaluation for proposed network model and attack scenario by applying MTTC scheme.
Keywords
Smartgrid; Security Threat Evaluation; CVSS; MTTC; AMI;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D.J. Leversage, and E. James, "Estimating a System's Mean Time-to-Compromise," Security & Privacy, IEEE, vol. 6, no. 1, pp. 52-60, Jan. 2008.
2 N. Falliere, L.O. Murchu and E. Chien, "W32.Stuxnet Dossier," Symantec sercurity Response, Feb. 2011.
3 Symantec, "W32.Duqu: The Precursor to the Next Stuxnet Version 1.4," Symantec Security Response, Nov. 2011.
4 sKyWIper Analysis Team, "sKyWIper (a.k.a Flame a.k.a. Flamer) : A complex malware for targeted attacks," CrySyS Lab, May. 2012.
5 IEC, "Power systems management and associated information exchange - Data and communications security - Part 10: Security architecture guidelines," IEC 62351-10, Oct. 2012.
6 NIST, "Guidelines for Smart Grid Cyber Security," NISTIR 7628, Aug. 2010.
7 NIST, "NIST Framework and Roadmap for Smart Grid Interoperability Standards Release 2.0," NISTSP 1108, Feb. 2012.
8 IEC, "Communication networks and systems in substations Part 7-1: Basic communication structure for substation and feeder equipment. Principles and Models," IEC 61850-7-1, Jul. 2011.
9 Chinese National Standard, "Information security technology-basic requirements of grade protection of information system security," GB/T22239-2008, 2008.
10 P. Mell, K. Scarfone and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0," Forum of Incident Response and Security Teams, Jun. 2007.
11 박중길, "정보 시스템 취약도 계산 방법 개발," 정보 보호학회논문지, 17(5), pp. 131-179, 2007년 10월.
12 P. Mell, and T. Grance, "Use of the common vulnerabilities and exposures (cve) vulnerability naming scheme," NISTSP 800-51, 2002.
13 NVD, "US National Vulnerability Database," http://nvd.nist.gov/, Feb. 2011.
14 M. Hentea, "Improving Security for SCADA Control Systems," Interdisciplinary Journal of Information, Knowledge, and Management, vol. 3, pp. 73-86, 2008.   DOI
15 A. Hahn, "Smart Grid architecture risk optimization through vulnerability scoring," Innovative Technologies for an Efficient and Reliable Electricity Supply (CITRES), 2010 IEEE Conference on, pp.36-41, Sep. 2010.
16 J.L. Bayuk, and A. Mostashari, "Measuring cyber security in intelligent urban infrastructure systems," Emerging Technologies for a Smarter World (CEWIT), 2011 8th International Conference & Expo on, pp.1-6, Nov. 2011.
17 Y. Jiaxi, M. Anjia, and G. Zhizhong, "Vulnerability Assessment of Cyber Security in Power Industry," Power Systems Conference and Exposition, 2006. PSCE '06. 2006 IEEE PES, pp.2200-2205, Oct. 2006.