Visible to the public CPIndex: Cyber-Physical Vulnerability Assessment for Power-Grid Infrastructures

TitleCPIndex: Cyber-Physical Vulnerability Assessment for Power-Grid Infrastructures
Publication TypeJournal Article
Year of Publication2015
AuthorsVellaithurai, C., Srivastava, A., Zonouz, S., Berthier, R.
JournalSmart Grid, IEEE Transactions on
Date PublishedMarch
KeywordsBayes methods, CPIndex, cyber-physical critical infrastructures, cyber-physical security indices, Cyber-physical security metrics, Cyber-physical systems, cyber-physical vulnerability assessment, cyber-side instrumentation probes, Generators, graph theory, graph-theoretic power system indexing algorithm, Indexes, interprocess communications, Intrusion Detection Systems, numerical indices, operating system assets, power engineering computing, power grids, Power measurement, power network configuration, power operators, power system control, power system security, power-grid control networks, power-grid Infrastructures, risk management, security, security assessment techniques, security-oriented stochastic risk management technique, situational awareness, Smart grids, stochastic Bayesian network models, Stochastic processes

To protect complex power-grid control networks, power operators need efficient security assessment techniques that take into account both cyber side and the power side of the cyber-physical critical infrastructures. In this paper, we present CPINDEX, a security-oriented stochastic risk management technique that calculates cyber-physical security indices to measure the security level of the underlying cyber-physical setting. CPINDEX installs appropriate cyber-side instrumentation probes on individual host systems to dynamically capture and profile low-level system activities such as interprocess communications among operating system assets. CPINDEX uses the generated logs along with the topological information about the power network configuration to build stochastic Bayesian network models of the whole cyber-physical infrastructure and update them dynamically based on the current state of the underlying power system. Finally, CPINDEX implements belief propagation algorithms on the created stochastic models combined with a novel graph-theoretic power system indexing algorithm to calculate the cyber-physical index, i.e., to measure the security-level of the system's current cyber-physical state. The results of our experiments with actual attacks against a real-world power control network shows that CPINDEX, within few seconds, can efficiently compute the numerical indices during the attack that indicate the progressing malicious attack correctly.

Citation Key6979242