Risk Assessment

In most IT systems, a good risk analysis is comparatively easy. There is some understanding on where the critical asserts are, what the financial loss in case of a compromise would be, and which kinds of attacks to expect on an average Tuesday. For critical infrastructures, especially large ones like the smart grid, a proper risk assessment is more complicated. The potential damage of an attack far exceeds the boundaries of the company itself and could be catastrophic for society. Critical assets are often undefined and may even be out of control of the operator (such as a failure of the GPS time synchronisation). Finally, there is little experience with what kind of attacks to expect, and what sophistication an average attacker would have. This all isa combined with the regulatory issue that a power distributor is regulated in price, and cannot simply decide to invest more to offer a more secure (and thus more expensive) product.

Process oriented Risk Modelling Most classical risk modelling frameworks focus on security of information. In a process control system, this view can be misleading – the worst case scenario here is loss of control of the process. If we look at Stuxnet as an example, from an information point of view, all that happened was loss of integrity on several levels. Looking at it from a process point of view, the attackers first caused a loss of control (giving false commands), then visibility (returning false measurement values), and then safety (putting the process out of its safe operation parameters). Taking those issues into account allows a much m,ore detailed risk analysis, and helps identifying the critical assets inside a process that need to be protected.