The proof of concept focuses on application of the NIST Cyber Security Framework (CSF) (NIST, 2018) to the smart grid system for electric power systems, provided by NIST. Central to all critical infrastructure is smart grid technology. Increasingly ubiquitous in power systems, it represents a highly complex cyber -physical system.
A combination of (a) portability, (b) robustness, and (c) customization is an essential contribution to the mission of the Science of Security. Our intent is to highlight for enterprise use the relevance of both theory and applications.
Constructing the Policy Ecosystem
Mounting concerns about safety and security resulted in an intricate ecosystem system of guidelines, compliance measures, directives and policy reports for cybersecurity of all critical infrastructure. Through preliminary research, we determined that the proof-of-inquiry involves the use of, and linkages among nine autonomous and distinct policy documents shown below in the Table below:
OF CYBERSECURITY FRAMEWORK TO SMART GRID ELECTRICAL POWER SYSTEMS.
Notes: The number that precedes each autonomous directive above serves as an identifier of document and its data content. Some documents are (i) sector independent (ii) others pertain only to the test case, smart grid system specific, and (iii) still others are applicable to specific enterprises.
NIST Cyber Security Framework (CSF) points to what has to be done and why. CSF also indicates how and where in the distributed policy ecosystem, the critical information is located. It is up to the user to work through the process outlined by CSF. However, NIST providers pointers to steer users to other (different) documents are provided in order for users to take next steps.
Products & Results—Select Examples
All information pertaining to smart grid systems and operations is derived from NIST model based on expert panel conclusions. The guidelines for application of CSF to smart grid systems consists of information distributed across several different and autonomous policy documents.
Here we note some specific products associated with individual research phases (see Figure above):
(1): Analyze system description texts to generate metrics for analysis of system properties.
Result 1: Transformation of text-based system into Design Structure Matrix (DSM) and its system metrics.
Source: Choucri, N. and Agrawal G. (2017, April). Analytics for Smart Grid Cybersecurity.
(2): Generate test-case network system model.
Result 2: Creation of network views for system based on DSM metrics – in the Figure below:
Notes: Each node represents an individual Actor, identified by Domain. Spatial distance between two actors is based on node importance and distance to others.
(3): Create operational links among relevant distributed policy directives in the cybersecurity policy ecosystem system.
Result 3: Construction of integrated database of policy directives stipulated by NIST and other government agencies for implementing CSF for proof of concept. The policy directives in ‘Policy ecosystem’ table shown above are the basis for the integrated database.
(4): Connect the smart grid system properties to NIST estimated vulnerabilities and impacts.
Result 4: identification of differentiated (i) impact levels of vulnerabilities (High, Moderate, Low) in the test-case system (ii) by security objective (Confidentiality, Integrity, Availability). These are shown in the Figure below
Source: Choucri, N. (2020, January 15–16). Application of policy-based methods for risk analysis [Conference session]. Winter 2020 Quarterly Science of Security and Privacy Lablet Meeting, Raleigh, North Carolina.
Notes: Each node represents an individual Actor, identified by Domain. Spatial distance between two actors is based on node importance and distance to others.
Result-5: Computation of the centrality score as a salience metric for each node in the proof of concept, shown in the Figure below. It provides a more operational view of vulnerabilities for the NIST smart grid electric power system.
EIGENVECTOR CENTRALITY OF NODES. INSET IDENTIFIES MOST SALIENT NODES. Source: Choucri, N. (2020, January 15–16). Application of policy-based methods for risk analysis [Conference session]. Winter 2020 Quarterly Science of Security and Privacy Lablet Meeting, Raleigh, North Carolina.
Note: Each node represents an individual Actor (NIST terminology), identified by Domain. Node size represents eigenvalue centrality score. Spatial distance between two actors is based on node importance and distance to others.
The forging illustrates the mode of inquiry and select results of developing analytics to policy documents in order to better comprehend the content, structure, and potential implications.
References:
- Choucri, N. (2020, January 15–16). Application of policy-based methods for risk analysis [Conference session]. Winter 2020 Quarterly Science of Security and Privacy Lablet Meeting, Raleigh, North Carolina. https://cps-vo.org/node/65536
- Choucri, N., & Agarwal, G. (2018, October 18). Policy analytics for cybersecurity of cyber-physical systems. Science of Security & Privacy. https://cps-vo.org/VU_AnalyticsforCPS-Cybersecurity
- Forum of Incident Response and Security Teams, Inc. (FIRST) (2022).
- National Institute of Standards, and Technology. (2018). Framework for improving critical infrastructure cybersecurity. U.S. Department of Commerce. https://www.nist.gov/cyberframework
- Choucri, N., & Agarwal, G. (2017). Analytics for smart grid cybersecurity. Proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security (HST), 1–3. http://hdl.handle.net/1721.1/141738