An Approach for Analyzing Cyber Security Threats and Attacks: A Case Study of Digital Substations in Norway

Abstract

In this paper, we provide an approach for analyzing cyber security threats and attacks in digital substations, which is based on several steps we performed within our work on two Research Council of Norway (RCN) projects. In the literature, there are various separate or theoretical concepts to understand and follow a security analysis of smart grids in general, but none is focused specifically on digital substations. Moreover, none is showing real applicability on an existing use case, making the implementation difficult. The approach we propose here is a result of our attempts to create a comprehensive overview of the individual steps we have been taking to do the analysis. For that reason, firstly, we start with defining and explaining a digital substation and its concepts, and the security challenges related to digital substations. Afterwards, we present the main steps of the security analysis for digital substation. The first step is the security pyramid. The following steps are threat analysis, threat modeling, risk assessment and the simulation impact analysis, which are another contribution from our group presented in this paper. Considering that the main goal of a security analysis is to create awareness for the stakeholders of digital substations, such an impact simulation provides a flexible way for stakeholders to see and to understand the consequences of security threats and attacks. We summarize the paper with an illustration of the steps we are taking in the form of the approach for digital substation.