Cyber Security Architecture Methodology for the Electric Sector, Version 1.0
Cyber Security Architecture Methodology for the Electric Sector, Version 1.0 (co-author)
For grid modernization, increased interconnection in electric sector devices is required, and this will result in a larger attack surface that may be exploited by potential adversaries such as nation-states, terrorist organizations, malicious contractors, and disgruntled employees. A security architecture methodology is an important tool in a utility’s cyber security risk management strategy and a reference cyber security architecture may be used to support utility situational awareness.
Typically, an enterprise architecture does not address cyber security – specifically, the overall attack surface, attack vectors, potential vulnerabilities, and applicable response strategies. The challenge is to develop a security architecture methodology that augments, rather than replaces, current enterprise architecture methodologies and is at a level that is useful to utilities. This report includes the first version of a cyber security architecture methodology that may be used by utilities for existing and planned system architectures. The objective is to provide a common methodology that may be used by utilities of all sizes, from large investor owned utilities to smaller cooperatives and municipalities.
Attack Trees for Selected Electric Sector High Risk Failure Scenarios – Version 2.0
Attack Trees for Selected Electric Sector High Risk Failure Scenarios – Version 2.0 (technical lead and co-author)
The briefing contains:
- Key results from the National Electric Sector Cybersecurity Organization Resource (NESCOR) document: “Analysis of Selected Electric Sector High Risk Failure Scenarios”
- Failure scenarios selected from the prior NESCOR document “Electric Sector Failure Scenarios and Impact Analyses”
- The PowerPoint format supports:
- Tailoring of information by utilities
- Use of information in a meeting setting
Electric Sector Failure Scenarios Common Vulnerabilities and Mitigations Mapping – Version 2.0
Electric Sector Failure Scenarios Common Vulnerabilities and Mitigations Mapping – Version 2.0 (technical lead and co-author)
This document serves as a further reference for the National Electric Sector Cybersecurity Organization Resource (NESCOR) Electric Sector Failure Scenarios and Impact Analyses version 3.0 document, which was produced by the Electric Power Research Institute (EPRI) for the U.S. Department of Energy (DOE).
Version 0.9 of the Failure Scenarios document listed the initial lists of vulnerabilities, impacts, and mitigations. The vulnerabilities and mitigations were written as unstructured English sentences. Technical Working Group 1 (TWG1) recognized that consistency of terminology and structure within these lists would have several benefits, including improving document readability and enabling analyses of the Failure Scenarios. In particular, the team wanted to identify the common vulnerabilities and common mitigations. TWG1 devised a structured form for the vulnerabilities and mitigations that would support this goal, and it used the same form for both lists: common vulnerability/mitigation followed by the vulnerability/mitigation context.
The document is structured as follows:
- Appendix A provides the grouping of common vulnerabilities into NISTIR 7628 Vulnerability Classes,
- Appendix B provides the mapping of the original vulnerabilities in Failure Scenarios version 1.0 to common vulnerabilities in version 2.0,
- Appendix C provides the grouping of common mitigations into mitigation classes called mitigation action groups, defined by TWG1, and,
- Appendix D provides the mapping of the original mitigations in Failure Scenarios version 0.9 to common mitigations in version 1.0.
Analysis of Selected Electric Sector High Risk Failure Scenarios – Version 2.0
Analysis of Selected Electric Sector High Risk Failure Scenarios – Version 2.0 (technical lead and co-author)
This document builds upon the previously published NESCOR document, “Electric Sector Failure Scenarios and Impact Analyses document and provides detailed analyses for a subset of the failure scenarios. All analyses presented include an attack tree, which details in a formal notation, the logical dependencies of conditions that allow the failure scenario to occur. Several of the analyses also provide a detailed text write up for the scenario, in addition to the attack tree. Failure scenarios in the short failure scenario document were prioritized for inclusion in the present document, based upon level of risk for the failure scenario, the priorities of NESCOR utility members, and the priorities of the generation working team.
Electric Sector Failure Scenarios and Impact Analyses – Version 3.0
Electric Sector Failure Scenarios and Impact Analyses – Version 3.0 (technical lead and co-author)
The National Electric Sector Cybersecurity Organization Resource (NESCOR) Technical Working Group 1 (TWG1) developed previous versions of this document on the topic of cyber security failure scenarios and impact analyses for the electric sector. This version includes the addition of generation failure scenarios and updates to the common mitigations and vulnerabilities analyses. The information about potential cyber security failure scenarios is intended to be useful to utilities for risk assessment, planning, procurement, training, tabletop exercises and security testing. A cyber security failure scenario is a realistic event in which the failure to maintain confidentiality, integrity, and/or availability of sector cyber assets creates a negative impact on the generation, transmission, and/or delivery of power. Some of the scenario descriptions include activities that typically are not allowed by policies, procedures, or technical controls. These scenarios may be used to ensure that the applicable mitigation strategies are specified and implemented.
Research conducted by EPRI for: NESCOR – a DOE funded public-private partnership | © 2015 Electric Power Research Institute, Inc. All rights reserved.