To main content

Needs and Challenges Concerning Cyber-Risk Assessment in the Cyber-Physical Smart Grid

Abstract

Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry is struggling to adopt and carry out cyber-risk assessments. The contribution of this paper is twofold. First, we interview six companies from the energy sector to better understand their needs and challenges. Based on the interviews, we identify seven success criteria cyber-risk assessment methods for the energy sector need to fulfill to provide adequate support. Second, we present the methods CORAS, VAF, TM-STRIDE, and DA-SAN and evaluate the extent to which they fulfill the identified success criteria. Based on the evaluation, we provide lessons learned in terms of gaps that need to be addressed in general to improve cyber-risk assessment in the context of smart grids. Our results indicate the need for the following improvements: 1) ease of use and comprehensible m ethods, 2) support to determine whether a method is a good match for a given context, 3) adequate preparation to conduct cyber-risk assessment, 4) manage complexity, 5) adequate support for risk estimation, 6) support for trustworthiness and uncertainty handling, and 7) support for maintaining risk assessments.
Read the publication

Category

Academic chapter

Language

English

Affiliation

  • SINTEF Digital / Sustainable Communication Technologies
  • SINTEF Digital / Software Engineering, Safety and Security
  • SINTEF Energy Research / Energisystemer

Year

2022

Publisher

SciTePress

Book

Proceedings of the 17th International Conference on Software Technologies (ICSOFT 2022)

ISBN

9789897585883

Page(s)

21 - 32

View this publication at Norwegian Research Information Repository