Failure Impact Analysis of Key Management in AMI Using Cybernomic Situational Assessment (CSA)
- ORNL
- New Jersey Insitute of Technology
In earlier work, we presented a computational framework for quantifying the security of a system in terms of the average loss a stakeholder stands to sustain as a result of threats to the system. We named this system, the Cyberspace Security Econometrics System (CSES). In this paper, we refine the framework and apply it to cryptographic key management within the Advanced Metering Infrastructure (AMI) as an example. The stakeholders, requirements, components, and threats are determined. We then populate the matrices with justified values by addressing the AMI at a higher level, rather than trying to consider every piece of hardware and software involved. We accomplish this task by leveraging the recently established NISTR 7628 guideline for smart grid security. This allowed us to choose the stakeholders, requirements, components, and threats realistically. We reviewed the literature and selected an industry technical working group to select three representative threats from a collection of 29 threats. From this subset, we populate the stakes, dependency, and impact matrices, and the threat vector with realistic numbers. Each Stakeholder s Mean Failure Cost is then computed.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- Work for Others (WFO)
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1073662
- Resource Relation:
- Conference: 8th Annual Cyber Security and Information Intelligence Research (CSIIRW '13) Workshop, Oak Ridge, TN, USA, 20130108, 20130110
- Country of Publication:
- United States
- Language:
- English
Similar Records
Cryptographic Key Management and Critical Risk Assessment
Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission