Risk analysis of power system cyber security considering identity of malicious adversaries

Authors

Ruiqing Shan, State Grid Henan Electric Power Company, Zhengzhou 450052 , China
Yang Sheng, State Grid Henan Electric Power Company, Zhengzhou 450052 , China
Sheng Su, School of Electrical & Information Engineering, Changsha University of Science & Technology, Changsha 410114 , China
Guanghui Chang, State Grid Henan Electric Power Company, Zhengzhou 450052 , China
Xiangshuo Li, State Grid Henan Electric Power Company, Zhengzhou 450052 , China
Gaichao Xue, State Grid Henan Electric Power Company, Zhengzhou 450052 , China
Chong Ruan, Electric Power Research Institute, State Grid Henan Electric Power Company, Zhengzhou 450052 , China
Po Wu, Electric Power Research Institute, State Grid Henan Electric Power Company, Zhengzhou 450052 , China
Jiangnan Zhang, Electric Power Research Institute, State Grid Henan Electric Power Company, Zhengzhou 450052 , China

Keywords

power system, network security, risk analysis, non-communication cooperation attack, state-sponsored cyberattacks

Abstract

The ever-increasing coupling relationship between cyber and physical systems makes cyber-attacks become an important factor affecting the reliability of power system operations. First, this article conducts the analysis of the network security risk from the attacker’s perspective, infers the available resources of the attacker based on the identity of the attacker, analyzes the purpose of the attack to be achieved, and infers the possible penetration and intrusion path and damage modes. The guidance can be provided to develop the specific protection methods based on the above analysis. Then this paper analyzes the deficiencies of the trusted computing, hierarchical protection, security situation awareness and other defense mechanisms being implemented in the power industry, and this paper points out the potential supply chain security threats in the security detection of software and hardware systems. Considering the difference of the risk levels and the harmful consequences caused by attacks on different power monitoring systems, the power system risk matrix is constructed from the aspect of the possibility of successful attack and the harmful consequences, and it is pointed out that the multi-target coordinated attack will increase the risk compared to the single-point attack. Finally, from the available resources of the state-supported cyber-attacks and the purpose of the attack, two high-risk potential cyber-attack damage modes are proposed, and the attack realization process and damage mechanism are summarized.

DOI

10.19781/j.issn.1673-9140.2022.05.001

First Page

3

Last Page

16

Recommended Citation

Shan, Ruiqing; Sheng, Yang; Su, Sheng; Chang, Guanghui; Li, Xiangshuo; Xue, Gaichao; Ruan, Chong; Wu, Po; and Zhang, Jiangnan (2022) "Risk analysis of power system cyber security considering identity of malicious adversaries," Journal of Electric Power Science and Technology: Vol. 37: Iss. 5, Article 1.
DOI: 10.19781/j.issn.1673-9140.2022.05.001
Available at: https://jepst.researchcommons.org/journal/vol37/iss5/1