An equipment-oriented vulnerability threat assessment method for electric power supervision and control systems

With increasing application of information technology in supervision and control of power systems, the risk of cyber-attacks in power grids continues to rise. Organized and premeditated cyber attacks have become prominent security threat to power systems. Vulnerability index is used to describe security degree of a computer controling system, so can be used in power systems, which can be regarded as distributed computer controling systems. This paper proposes a method to assess vulnerability threat of key equipments in electric power supervision and control systems. Considering system configuration and hackers' attack skills, an evaluation model of cyber attack behaviors based on analytic hierarchy process is built firstly. Then a probability model is established to evaluate the probability of each attack path consisting of multi behaviors. Finally, an equipment-oriented vulnerability threat assessment method is proposed, using cyber attack behavior evaluation results and probability of related attack path as iput. The method considers both system configuration conditions and hackers' attack skill evaluation, and realizes quantitative evaluation of vulnerability threat of key equipments. An IEC 61850 based substation system is analyzed as test case, to verify the effectiveness of this method.