Abstract
This paper describes one possible migration scenario of Smart Grid Industrial Control System (ICS) elements to the computing cloud while maintaining the existing level of information system security. We performed a software centric threat analysis of the Smart Grid ICS, i.e. the most important elements of the system were analyzed following the STRIDE methodology. Security risks were analyzed based on the combined effects of the likelihood of a successful attack and the impact on the identified critical components of the Smart Grid ICS. Risk matrices were used to determine the measure of the security risk. Based on our threat analysis we propose a migration scenario to a hybrid (community & private) cloud. In our scenario, the ICS elements with higher risk tolerance were deployed in a community cloud, while the elements with lower risk tolerance were kept on premise in a private cloud.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Microsoft MSDN documentation, the STRIDE Threat Model. https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx
Cao, Z., Lin, J., Wan, C., Song, Y., Zhang, Y., Wang, X.: Optimal cloud computing resource allocation for demand side management. IEEE Trans. Smart Grid 8(4), 1943–1955 (2017)
Knapp, E.D.: Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. Elsevier (2011)
Knapp, E.D., Samani, R.: Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure. Elsevier, Amsterdam (2013)
Luo, F., Zhao, J., Dong, Z.Y., Chen, Y., Xu, Y., Zhang, X., Wong, K.P.: Cloud based information infrastructure for next-generation power grid: conception, architecture, and applications. IEEE Trans. Smart Grid 7(4), 1896–1912 (2015)
Li, X., Liang, X., Lu, R., Shen, X., Lin, X., Zhu, H.: Securing Smart Grid: cyber attacks, countermeasures, and challenges. IEEE Commun. Mag. 50(8), 38–45 (2012)
Aloul, F., Al-Ali, A.R., Al-Daku, R., Al-Mardini, M., El-Hajj, W.: Smart Grid security: threats, vulnerabilities and solutions. Int. J. Smart Grid Clean Energy 1(1), 1–6 (2012)
Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions, 31 March 2017
Smart Grid and Cyber Security for Energy Assurance. National Association of State Energy Officials (NASEO), November 2011
NIST Special Publication 800-30 Revision 1: Guide for Conducting Risk Assessments
NIST SP 800-39: Managing Information Security Risk
Whitman, M.E., Mattord, H.J.: Principles of Information Security. Course Technology, Boston (2011)
Souza, R.D.: 3 Approaches to Threat Modeling, 15 April 2016
Mockel, C., Abdallah, A.E.: Threat modeling approaches and tools for securing architectural designs of an e-banking application. In: 2010 Sixth International Conference on Information Assurance and Security (IAS), pp. 149–154. IEEE (2010)
Burns, S.F.: GIAC Security Essentials Certification (GSEC) Practical Assignment, Version 1.4c, Threat Modeling: A Process To Ensure Application Security, 5 January 2005
The NIST Definition of Cloud Computing. National Institute of Standards and Technology (NIST), Information Technology Laboratory, Version 15 (2009)
NIST SP 500-293: US Government Cloud Computing Technology Roadmap Volume I, High-Priority Requirements to Further USG Agency Cloud Computing Adoption. National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899, October 2014
Hybrid Ris Management for Utility Poviders (HyRiM), EU Project Number 608090
SEcure Cloud computing project for CRITICAL IT infrastructure (SECCRIT), 01 January 2013–31 December 2015
NISTIR 7628: Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements. National Institute of Standards and Technology (NIST) (2010)
IEC 61970-301:2013: Energy management system application program interface (EMS-API) - Part 301: Common Information Model (CIM) Base. IEC, Edition 5.0, December 2013
IEC 61968-11:2013: Application Integration at Electric Utilities - System Interfaces for Distribution Management - Part 11: Common Information Model (CIM) Extensions for Distribution. IEC, Edition 2.0, March 2013
NIST SP 800-30: Risk Management Guide for Information Technology Systems
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Jelacic, B., Rosic, D., Lendak, I., Stanojevic, M., Stoja, S. (2018). STRIDE to a Secure Smart Grid in a Hybrid Cloud. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-72817-9_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72816-2
Online ISBN: 978-3-319-72817-9
eBook Packages: Computer ScienceComputer Science (R0)