Abdul Rahim, Fiza and Ahmad, Nur Azfahani and Magalingam, Pritheega and Jamil, Norziana and Che Cob, Zaihisma and Salahudin, Lizawati (2023) Cybersecurity vulnerabilities in smart grids with solar photovoltaic: a threat modelling and risk assessment approach. International Journal of Sustainable Construction Engineering and Technology, 14 (3). pp. 210-220. ISSN 2180-3242
PDF
516kB |
Official URL: http://dx.doi.org/10.30880/IJSCET.2023.14.03.018
Abstract
Cybersecurity is a growing concern for smart grids, especially with the integration of solar photovoltaics (PVs). With the installation of more solar and the advancement of inverters, utilities are provided with real-time solar power generation and other information through various tools. However, these tools must be properly secured to prevent the grid from becoming more vulnerable to cyber-attacks. This study proposes a threat modeling and risk assessment approach tailored to smart grids incorporating solar PV systems. The approach involves identifying, assessing, and mitigating risks through threat modeling and risk assessment. A threat model is designed by adapting and applying general threat modeling steps to the context of smart grids with solar PV. The process involves the identification of device assets and access points within the smart grid infrastructure. Subsequently, the threats to these devices were classified utilizing the STRIDE model. To further prioritize the identified threat, the DREAD threat-risk ranking model is employed. The threat modeling stage reveals several high-risk threats to the smart grid infrastructure, including Information Disclosure, Elevation of Privilege, and Tampering. Targeted recommendations in the form of mitigation controls are formulated to secure the smart grid’s posture against these identified threats. The risk ratings provided in this study offer valuable insights into the cybersecurity risks associated with smart grids incorporating solar PV systems, while also providing practical guidance for risk mitigation. Tailored mitigation strategies are proposed to address these vulnerabilities. By taking proactive measures, energy sector stakeholders may strengthen the security of their smart grid infrastructure and protect critical operations from potential cyber threats.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Cybersecurity; DREAD; Microsoft Threat Modeling Tool; resilience; solar PV; STRIDE; sustainable energy. |
Subjects: | T Technology > T Technology (General) T Technology > T Technology (General) > T58.6-58.62 Management information systems |
Divisions: | Computer Science and Information System |
ID Code: | 105846 |
Deposited By: | Muhamad Idham Sulong |
Deposited On: | 20 May 2024 07:09 |
Last Modified: | 20 May 2024 07:09 |
Repository Staff Only: item control page