The proliferation of IoT devices in Electrical Grids, in line with the usage of new Information and Communication Technologies, has transformed the traditional Electrical Grids into Smart Grids. The major drawback that emerges with the use of Smart Grids are new cybersecurity risks. In order to address cyber-attacks in critical Smart Grid infrastructures, protect from human failures, accidents and targeted attacks from inside, boost trust, and increase society's resilience, cybersecurity risk assessment for Smart Grids is necessary. On the same note, with the objective to proactively protect the cyber hygiene of the environment, cyber hygiene methods and policies ought to be applied internally in Smart Grid infrastructures.
In accordance with the above, in the scope of the SPEAR project, the SPEAR Anonymous Repository of Incidents, a cyber incidents and cyber intelligence information sharing system, has been set up, SPEAR Smart Grid Cyber Hygiene Courses will be provided, and a SPEAR EU-wide Consensus has been established. The Smart Grid Security Guide brings together these resources.
The SPEAR EU-wide Consensus consists of a Library of EU and international Smart Grid cybersecurity resources, the SPEAR Risk assessment methodology for cybersecurity in Smart Grids and the Cyber Hygiene Maturity Model (CHMM) that have been defined and delivered as objectives of the SPEAR project.
Relying on the SPEAR EU-wide Consensus the Smart Grid Security Guide provides the Smart Grid Security Guide Tool for cybersecurity status assessment based on the SPEAR Risk assessment methodology and CHMM.
The SPEAR Risk assessment methodology for cybersecurity in smart grids is primarily based on the internationally recognized and widely used Framework for Improving Critical Infrastructure Cybersecurity of National Institute of Standards and Technology (NIST). In this context, the assessment is organized into four system layers and five functions, namely the system layers are Physical, Network, Application and Organizational, and the functions are Identify, Protect, Detect, Respond and Recover.
The Cyber Hygiene Maturity Model (CHMM) is a self-assessment Cyber Hygiene Framework (CHF) tailored to the needs and specificities of Smart Grids. The term cyber hygiene draws from the concept of personal hygiene and can be easily projected to an organizational level and level of infrastructure. The CHMM has been designed to perform an assessment of cyber hygiene of the Smart Grid, both in terms of technical components and in total, by measuring the cyber hygiene levels (CHLs) in three distinct dimensions: infrastructure, organization, and people awareness.
The proposed Smart Grid Guide Cybersecurity Tool aims firstly, to combine the insights extracted from the risk and maturity assessment and present them in a comprehensible format to the user, and secondly, to provide smart grid cybersecurity recommendations responding to the needs of the organization on whose behalf the assessment is performed.
The Smart Grid Guide Cybersecurity Tool assesses the cybersecurity status of an organization by integrating risk and maturity assessment, and provides prioritized cybersecurity recommendations according to the organization type. The tool targets three types of organizations/facilities: smart homes, substations, and power plants, and allows for the definition of custom options in case of a different type of organization/facility. It employs three questionnaires; the Risk Assessment Questionnaire (mandatory) based on the SPEAR Risk assessment methodology for cybersecurity in smart grids, the Maturity Level Assessment Questionnaire (mandatory) based on the Cyber Hygiene Maturity Model, and the Priority Ranking Questionnaire (optional - for the custom definition of priorities).
Apart from the evaluation of the preparedness levels and the maturity levels of the organization, elicited from the Risk Assessment Questionnaire and the Maturity Level Assessment Questionnaire respectively, the tool also prompts the user to define target levels for both the preparedness and the maturity. Subsequently, the security practices necessary to bridge the gap between current and target levels are identified (gap identification is performed on a set of 140 recommendations) and prioritized according to the type of the organization. The results of the cybersecurity status assessment are presented to the user in the form of radar charts that highlight the current and target levels, along with the prioritized security practices, in the form of ordered recommendations consisting of proposed practices to be applied as well as evidences (i.e., documents, records or logs) to be kept.