New components, digital solutions, and increased complexity and an increased interdependencies, can impact the risk to security of electricity supply in the future active distribution grid. It is therefore important to seek to understand the associated threats and vulnerabilities related to this development with the aim to improve control of these risks. The work in this subtopic relates to this challenge.

A customized four-step approach to identification and modelling of cybersecurity risks in the context of smart power grids was proposed in [1]. This approach was further tested in [2], and it indicated that the approach can be applied in a real setting to identify and model cybersecurity risks, despite that some areas for improvements were found and further evaluation required.

The integration between the power system and information and communication technology makes the future power system a cyber-physical system. One way of approaching the resulting interdependencies is through complex network theory where the importance of system components are measured through different graph theoretical metrics, which was done in [3].

A comparison of two methods for combined ICT and power system reliability assessment, co-simulation and discrete event simulation, was performed in [4]. A qualitative approach to combined ICT and power system risk analysis has also been developed, where the competencies of various experts is combined using a Vulnerability Analysis Framework (VAF) and bow-tie diagram as a support [5].

Scenarios that show how the future power grid can be misused by threat actors through cyber-attacks is explored in [6]. There are also cooperative results from the in-kind project CyberSec4Europe, through the form of systematic mapping of use of AI supported security risk assessments [7], and cyber security indicator data [8], as well as a cyber risk monitoring approach from the WISER project [9].

The work in this subtopic has contributed with methods and tools to assess and understand vulnerabilities and risks which are inherent to the future active distribution grid.


References:
[1]          A. Omerovic, H. Vefsnmo, G. Erdogan, O. Gjerde, E. Gramme, and S. Simonsen, “A Feasibility Study of a Method for Identification and Modelling of Cybersecurity Risks in the Context of Smart Power Grids:,” in Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk, Heraklion, Crete, Greece, 2019, pp. 39–51. doi: 10.5220/0007697800390051.
[2]          A. Omerovic, H. Vefsnmo, O. Gjerde, S. T. Ravndal, and A. Kvinnesland, “An Industrial Trial of an Approach to Identification and Modelling of Cybersecurity Risks in the Context of Digital Secondary Substations,” in Risks and Security of Internet and Systems, vol. 12026, S. Kallel, F. Cuppens, N. Cuppens-Boulahia, and A. Hadj Kacem, Eds. Cham: Springer International Publishing, 2020, pp. 17–33. doi: 10.1007/978-3-030-41568-6_2.
[3]          S. F. Myhre, O. Bjarte Fosso, P. E. Heegaard, O. Gjerde, and G. H. Kjølle, “Modeling Interdependencies with Complex Network Theory in a Combined Electrical Power and ICT System,” in 2020 International Conference on Probabilistic Methods Applied to Power Systems (PMAPS), Aug. 2020, pp. 1–6. doi: 10.1109/PMAPS47429.2020.9183667.
[4]          M. Garau, R. Muka, P. E. Heegaard, and B. E. Helvik, “Co-simulation and Discrete Event Simulation for Reliability Assessment of Power System and ICT: A Comparison,” in 2021 5th International Conference on System Reliability and Safety (ICSRS), Palermo, Italy, Nov. 2021, pp. 66–73. doi: 10.1109/ICSRS53853.2021.9660630.
[5]          I. A. Tøndel, H. Vefsnmo, O. Gjerde, F. Johannessen, and C. Frøystad, “Hunting Dependencies: Using Bow-Tie for Combined Analysis of Power and Cyber Security,” in 2020 2nd International Conference on Societal Automation (SA), Funchal, Portugal, May 2021, pp. 1–8. doi: 10.1109/SA51175.2021.9507185.
[6]          C. Frøysand, I. A. Tøndel, M. G. Jaatun, R. Borgaonkar, and M. Moe, “Misuse cases - an overview,” SINTEF Energy Research, Jan. 2020.
[7]          G. Erdogan, E. Garcia-Ceja, A. Hugo, P. H. Nguyen, and S. Sen, “A Systematic Mapping Study on Approaches for Al-Supported Security Risk Assessment,” in 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), Madrid, Spain, Jul. 2021, pp. 755–760. doi: 10.1109/COMPSAC51774.2021.00107.
[8]          P. Meland, S. Tokas, G. Erdogan, K. Bernsmed, and A. Omerovic, “A Systematic Mapping Study on Cyber Security Indicator Data,” Electronics, vol. 10, no. 9, p. 1092, May 2021, doi: 10.3390/electronics10091092.
[9]          A. ńĆernivec, G. Erdogan, A. Gonzalez, A. Refsdal, and A. A. Romero, “Employing Graphical Risk Models to Facilitate Cyber-Risk Monitoring - the WISER Approach,” in Graphical Models for Security, vol. 10744, P. Liu, S. Mauw, and K. Stolen, Eds. Cham: Springer International Publishing, 2018, pp. 127–146. doi: 10.1007/978-3-319-74860-3_10.