poster

Risk-based Decision-Support for Vulnerability Remediation in Electric Power Networks

Authors:

Ali Alshawish,

Hermann de MeerAuthors Info & Claims

e-Energy '19: Proceedings of the Tenth ACM International Conference on Future Energy Systems

Pages 378 - 380

https://doi.org/10.1145/3307772.3330157

Published: 15 June 2019 Publication History

Get Access

Abstract

Power grids are becoming increasingly intelligent. However, the boundaries between their operational technology (OT) environments and the (vulnerable) IT networks tend to dissolve. In such systems, several technical and economic factors can significantly affect the upgrading decisions. These factors include, just to name a few, limited time and budget as well as legal constraints. To cope with these challenges, an involved decision maker has to prudently prioritize the possible vulnerability remediation actions. The key objective of prioritization decisions is to efficiently reduce the inherent security risk to which the system in question is exposed. Due to the critical role of power systems, their decision makers tend to enhance the system resilience against extreme events. That is, they seek to avoid decision options associated with extreme (adverse) consequences. Therefore, we propose an integrated risk-based decision-support methodology for prioritizing risk remediation activities. It leverages (i) the Time-To-Compromise (TTC) metric to quantitatively assess the security risk, and (ii) a game-theoretical model to support the decision-making process. The game model considers carefully the specific risk attitude of the decision makers involved in the patch management process across electric power organizations.

References

[1]

Ali Alshawish, Mohamed Amine Abid, and Hermann de Meer. 2018. Game-Theoretic Optimization for Physical Surveillance of Critical Infrastructures: A Case Study. In Game Theory for Security and Risk Management. Springer, 353--389.

Google Scholar

[2]

Ali Alshawish, Mohamed Amine Abid, Hermann de Meer, Stefan Schauer, Sandra König, Antonios Gouglidis, and David Hutchison. 2018. G-DPS: A game-theoretical decision-making framework for physical surveillance games. In Game Theory for Security and Risk Management. Springer, 129--156.

Google Scholar

[3]

Ali Alshawish, Korbinian Spielvogel, and Hermann De Meer. 2019. A Model-based Time-to-Compromise Estimator to Assess the Security Posture of Vulnerable Networks. In 2019 International Conference on Networked Systems (NetSys). IEEE.

Crossref

Google Scholar

[4]

BSI: Bundesamt für Sicherheit in der Informationstechnik. 2018. IT-Grundschutz-Kompendium (1st ed.). Bundesanzeiger Verlag.

Google Scholar

[5]

Christian Fruhwirth and Tomi Mannisto. 2009. Improving CVSS-based vulnerability prioritization and response with context information. In Proceedings of the 2009 3rd international Symposium on Empirical Software Engineering and Measurement. IEEE Computer Society, 535--544.

Digital Library

Google Scholar

[6]

Gabriele Gianini, Marco Cremonini, Andrea Rainini, Guido Lena Cota, and Leopold Ghemmogne Fossi. 2015. A game theoretic approach to vulnerability patching. In Information and Communication Technology Research (ICTRC), 2015 International Conference on. IEEE, 88--91.

Crossref

Google Scholar

[7]

Jin B Hong, Dong Seong Kim, and Abdelkrim Haqiq. 2014. What vulnerability do we need to patch first?. In 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE, 684--689.

Digital Library

Google Scholar

[8]

David John Leversage and Eric James Byres. 2008. Estimating a System's Mean Time-to-Compromise. IEEE Security & Privacy 6 (01 2008), 52--60.

Digital Library

Google Scholar

[9]

Louai Maghrabi, Eckhard Pfluegel, Luluwah Al-Fagih, Roman Graf, Giuseppe Settanni, and Florian Skopik. 2017. Improved software vulnerability patching techniques using CVSS and game theory. In Cyber Security And Protection Of Digital Services (Cyber Security), 2017 International Conference on. IEEE, 1--6.

Crossref

Google Scholar

[10]

Peter Mell, Tiffany Bergeron, and David Henning. 2005. NIST Special Publication 800-40 - Creating a Patch and Vulnerability Management Program (2nd ed.). National Institute of Standards and Technology.

Digital Library

Google Scholar

[11]

Stefan Rass, Sandra Koenig, and Stefan Schauer. 2016. Decisions with Uncertain Consequences A Total Ordering on Loss-Distributions. PloS one 11, 12 (2016), e0168583.

Crossref

Google Scholar

[12]

Murugiah Souppaya and Karen Scarfone. 2013. NIST Special Publication 800-40 - Guide to Enterprise Patch Management Technologies (3rd ed.). National Institute of Standards and Technology.

Google Scholar

[13]

Yichi Zhang, Lingfeng Wang, Yingmeng Xiang, and Chee-Wooi Ten. 2015. Power System Reliability Evaluation With SCADA Cybersecurity Considerations. IEEE Transactions on Smart Grid 6, 4 (July 2015), 1707--1721.

Crossref

Google Scholar

Cited By

View all

Owolabi OSunter D(2022)Bayesian Optimization and Hierarchical Forecasting of Non-Weather-Related Electric Power OutagesEnergies10.3390/en1506195815:6(1958)Online publication date: 8-Mar-2022
https://doi.org/10.3390/en15061958
Zhang FLi Q(2020)Dynamic Risk-Aware Patch Scheduling2020 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS48642.2020.9162225(1-9)Online publication date: Jun-2020
https://doi.org/10.1109/CNS48642.2020.9162225
Alshawish Ade Meer H(2019)Risk mitigation in electric power systems: Where to start?Energy Informatics10.1186/s42162-019-0099-62:1Online publication date: 13-Nov-2019
https://doi.org/10.1186/s42162-019-0099-6

Index Terms

Risk-based Decision-Support for Vulnerability Remediation in Electric Power Networks
1. Computing methodologies
  1. Artificial intelligence
    1. Planning and scheduling
      1. Planning under uncertainty
2. Security and privacy
  1. Network security

Recommendations

The Respective Roles of Risk and Decision Analyses in Decision Support

Decision support models help structure and inform complex choices under uncertainty. Two classic models are risk analysis and decision analysis. Risk analysis is understood here as risk characterization, and in some cases, the identification and benefit ...
Risk assessment and mitigation for electric power sectors: A developing country's perspective
Highlights
- A novel MCDM based risk identification and mitigation framework has been proposed.
Abstract
The electric power sector is the driving force behind a country's economy and disruptions in its services have dire consequences. The purpose of this study is to identify the risk mitigation measures that should be incorporated by the ...
Graphical abstract

Display Omitted
Consensus-based decision support for multicriteria group decision making

Consensus decision making is complex and challenging in multicriteria group decision making due to the involvement of several decision makers, the presence of multiple, and often conflicting criteria, and the existence of subjectiveness and imprecision ...

Comments

Information & Contributors

Information

Published In

e-Energy '19: Proceedings of the Tenth ACM International Conference on Future Energy Systems

June 2019

589 pages

ISBN:9781450366717

DOI:10.1145/3307772

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 June 2019

Check for updates

Author Tags

Qualifiers

Poster
Research
Refereed limited

Funding Sources

BayStMWi - Bavarian Ministry of Economic Affairs, Regional Development and Energy

Conference

e-Energy '19

Sponsor:

SIGEnergy

e-Energy '19: The Tenth ACM International Conference on Future Energy Systems

June 25 - 28, 2019

AZ, Phoenix, USA

Acceptance Rates

Overall Acceptance Rate 160 of 446 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
114
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)2

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Owolabi OSunter D(2022)Bayesian Optimization and Hierarchical Forecasting of Non-Weather-Related Electric Power OutagesEnergies10.3390/en1506195815:6(1958)Online publication date: 8-Mar-2022
https://doi.org/10.3390/en15061958
Zhang FLi Q(2020)Dynamic Risk-Aware Patch Scheduling2020 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS48642.2020.9162225(1-9)Online publication date: Jun-2020
https://doi.org/10.1109/CNS48642.2020.9162225
Alshawish Ade Meer H(2019)Risk mitigation in electric power systems: Where to start?Energy Informatics10.1186/s42162-019-0099-62:1Online publication date: 13-Nov-2019
https://doi.org/10.1186/s42162-019-0099-6

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

The Respective Roles of Risk and Decision Analyses in Decision Support

Risk assessment and mitigation for electric power sectors: A developing country's perspective

Consensus-based decision support for multicriteria group decision making

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations