Building resilient cyber-physical power systems

An approach using vulnerability assessment and resilience management

Authors

DOI:

https://doi.org/10.14512/tatup.29.1.23

Keywords:

cyber-physical power systems, resilience management, vulnerability assessment

Abstract

Power systems are undergoing a profound transformation towards cyber- physical systems. Disruptive changes due to energy system transition and the complexity of the interconnected systems expose the power system to new, unknown, and unpredictable risks. To identify the critical points, a vulnerability assessment was conducted, involving experts from the power as well as the information and communication technologies (ICT) sectors. Weaknesses were identified, e. g., the lack of policy enforcement, which are worsened by the unreadiness of the actors involved. Due to the complex dynamics of ICT, it is infeasible to keep a complete inventory of potential stressors to define appropriate preparation and prevention mechanisms. Therefore, we suggest applying a resilience management approach to increase the resilience of the system. It aims at better riding through failures rather than building higher walls. We conclude that building resilience in cyber-physical power systems is feasible and helps in preparing for the unexpected.

References

Acatech; Deutsche Akademie der Naturforscher Leopoldina e. V.; Akademienunion; Union der deutschen Akademien der Wissenschaften e. V. (2017): Das Energiesystem resilient gestalten. Maßnahmen für eine gesicherte Versorgung. Berlin: Acatech, Leopoldina, Akademienunion.

Arghandeh, Reza; Meier, Alexandra von; Mehrmanesh, Laura; Mili, Lamine (2016): On the definition of cyber-physical resilience in power systems. In: Renewable and Sustainable Energy Reviews 58, pp. 1060–1069.

BNetzA – Bundesnetzagentur (2019): Aktualisierung Sicherheitsanforderungen. Available online at https://www.bundesnetzagentur.de/DE/Sachgebiete/Telekommunikation/Unternehmen_Institutionen/Anbieterpflichten/OeffentlicheSicherheit/KatalogSicherheitsanforderungen/aktualisierung_sicherheitsanforderungen/aktualisierung_sicherheitsanforderungen-node.html, last accessed on 20. 12. 2019.

Bodungen, Clint; Singer, Bryan; Hilt, Stephen; Shbeeb, Aaron; Wilhoit, Kyle (2017): Hacking exposed industrial control systems. ICS and SCADA security secrets and solutions. New York: McGraw-Hill Education.

Brand, Urte et al. (2017): Resiliente Gestaltung des Energiesystems am Beispiel der Transformationsoptionen „EE-Methan-System“ und „Regionale Selbstversorgung“. Schlussbericht des vom BMBF geförderten Projektes RESYSTRA. Bremen: Universität Bremen.

Dragos Inc. (2017): Crashoverride. Analyzing the threat to electric grid operations. Available online at https://dragos.com/blog/crashoverride/CrashOverride-01.pdf, last accessed on 21. 01. 2020.

ENISA – The European Network and Information Security Agency (2012): Smart grid security. Security related standards, guidelines and regulatory documents. Available online at https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-services/smart-grids/smart-grids-and-smart-metering/smart-grid-security-related-standards-guidelines-and-regulatory-documents/view, last accessed on 21. 01. 2020.

Fischer, Lars; Lehnhoff, Sebastian (2018): IT-Security for functional resilience in energy systems. In: Matthias Ruth and Stefan Goessling-Reisemann (eds.): Handbook on resilience of socio-technical systems. Croydon: Edward Elgar Publishing Limited, pp. 316–340.

Fischer, Lars; Uslar, Mathias; Morrill, Doug; Döring, Michael; Haesen, Edwin (2018): Study on the evaluation of risks of cyber-incidents and on costs of preventing cyber-incidents in the energy sector. Final Report. Available online at https://ec.europa.eu/energy/sites/ener/files/evaluation_of_risks_of_cyber-incidents_and_on_costs_of_preventing_cyber-incidents_in_the_energy_sector.pdf, last accessed on 21. 01. 2020.

Gleich, Arnim von; Gößling-Reisemann, Stefan; Stührmann, Sönke; Woizeschke, Peer; Lutz-Kunisch, Birgitt (2010): Resilienz als Leitkonzept. Vulnerabilität als analytische Kategorie. In: Klaus Fichter, Arnim von Gleich, Reinhard Pfriem and Bernd Siebenhüner (eds.): Theoretische Grundlagen für erfolgreiche Klimaanpassungsstrategien. Delmenhorst: Projektkonsortium ‚nordwest2050’, pp. 13–49.

Goessling-Reisemann, Stefan; Thier, Pablo (2019): On the difference between risk management and resilience management for critical infrastructures. In: Matthias Ruth and Stefan Goessling-Reisemann (eds.): Handbook on resilience of socio-technical systems. Croydon: Edward Elgar Publishing Limited, pp. 117–135.

Gößling-Reisemann, Stefan (2016): Resilience. Preparing energy systems for the unexpected. In: Igor Link and Valentine Florin (eds.): IRGC Resource Guide on Resilience. Lausanne: EPFL International Risk Governance Center.

Gößling-Reisemann, Stefan; Wachsmuth, Jakob; Stührmann, Sönke; Gleich, Arnim von (2013): Climate change and structural vulnerability of a metropolitan energy system. The case of Bremen-Oldenburg in Northwest Germany. In: Journal of Industrial Ecology 17 (6), pp. 846–858.

IEC – International Electrotechnical Commission (2016): Power systems management and associated information exchange. Data and communications security. Part 12: Resilience and security recommendations for power systems with distributed energy resources (DER) cyber-physical systems. 1.0. Geneva: IEC.

Iturbe, Mikel; Camacho, Jose; Garitano, Iñaki; Zurutuza, Urko; Uribeetxeberria, Roberto (2016): On the feasibility of distinguishing between process disturbances and intrusions in process control systems using multivariate statistical process control. In: Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop, pp. 155–160.

Jesse, Bernhard-Johannes; Heinrichs, Heidi; Kuckshinrichs, Wilhelm (2019): Adapting the theory of resilience to energy systems. A review and outlook. In: Energy, Sustainability and Society 9 (1), p. 27.

Lee, Changmin; Zappaterra, Luca; Choi, Kwanghee; Choi, Hyeong-Ah (2014): Securing smart home. Technologies, security challenges, and security requirements. Proceedings of the 2014 IEEE Conference on Communications and Network Security. San Francisco: IEEE, pp. 67–72.

Lehnhoff, Sebastian; Krause, Olav (2013): Agentenbasierte Verteilnetzautomatisierung. In: Peter Göhner (ed.): Agentensysteme in der Automatisierungstechnik. Berlin: Xpert.press Springer-Verlag, pp. 207–223.

Maynard, Peter; Mclaughlin, Kieran; Haberler, Berthold (2014): Towards understanding man-in-the-middle attacks on IEC 60870-5-104 SCADA Networks. Proceedings of the 2nd International Symposium for ICS & SCADA Cyber Security Research, pp. 30–42. Swindon, U. K.: BCS Learning & Development.

Mayring, Philipp (2014): Qualitative content analysis. Theoretical foundation, basic procedures and software solution. Available online at https://nbn-resolving.org/urn:nbn:de:0168-ssoar-395173, last accessed on 21. 01. 2020.

McCarthy, James et al. (2018): Securing manufacturing industrial control systems. Behavioral anomaly detection. NISTIR 8219. Gaithersburg: National Institute of Standards and Technology. Available online at https://www.nccoe.nist.gov/sites/default/files/library/mf-ics-nistir-8219.pdf, last accessed on 21. 01. 2020.

McLaughlin, Kieran; Friedberg, Ivo; Kang, BooJoong; Maynard, Peter; Sezer, Sakir; McWilliams, Gavin (2015): Secure communications in smart grid. Networking and protocols. In: Smart Grid Security Book 2015, pp. 113–148.

NIST – National Institute of Standards and Technology Interagency (2014): Guidelines for smart grid cybersecurity. Vol. 1: Smart Grid cybersecurity strategy, architecture, and high-level requirements. Report 7628 Rev. 1. Gaithersburg: National Institute of Standards and Technology.

Rossebo, Judith; Wolthuis, Reinder; Fransen, Frank; Bjorkman, Gunnar; Medeiros, Nuno (2017): An enhanced risk-assessment methodology for smart grids. In: Computer 50 (4), pp. 62–71.

Sobczak, Blake (2019): Experts assess damage after first cyberattack on U. S. grid. Security. In: E & E News. Available online at https://www.eenews.net/stories/1060281821, last accessed on 21. 01. 2020.

Styzcynski, Jake; Beach-Westmoreland, Nate (2019): When the lights went out. A comprehensive review of the 2015 attacks on Ukrainian critical infrastructure. n. p.: Booze Allen Hamilton Inc. Available online at https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf, last accessed on 21. 01. 2020.

Tapia, Mariela; Thier, Pablo; Gößling-Reisemann, Stefan (in press): artec Paper No. 222: Vulnerability and resilience of cyber-physical power system. Results from an empirical-based study.

VDE – Verband der Elektrotechnik Elektronik und Informationstechnik (2015): Der Zellulare Ansatz. Grundlage einer erfolgreichen, regionenübergreifenden Energiewende. Frankfurt a. M.: VDE ETG.

Downloads

Published

01.04.2020

How to Cite

1.
Tapia M, Thier P, Gößling-Reisemann S. Building resilient cyber-physical power systems: An approach using vulnerability assessment and resilience management. TATuP [Internet]. 2020 Apr. 1 [cited 2024 Mar. 28];29(1):23-9. Available from: https://www.tatup.de/index.php/tatup/article/view/6791