A Feasibility Study of a Method for Identification and Modelling of Cybersecurity Risks in the Context of Smart Power Grids Aida Omerovic 1 , Hanne Vefsnmo 2 , Gencer Erdogan 1 , Oddbjørn Gjerde 2 , Eivind Gramme 3 and Stig Simonsen 3 1 SINTEF Digital, Norway 2 SINTEF Energy, Norway 3 Skagerak Nett, Norway Keywords: Cybersecurity, Cyber Risk, Smart Power Grids, Risk Identification, Risk Analysis, Vulnerabilities. Abstract: Power grids are undergoing a digital transformation are therefore becoming increasingly complex. As a result of this they are also becoming vulnerable in new ways. With this development come also numerous risks. Cybersecurity is therefore becoming crucial for ensuring resilience of this infrastructure which is critical to safety of humans and societies. Risk analysis of cybersecurity in the context of smart power grids is, however, particularly demanding due to its interdisciplinary nature, including domains such as digital security, the energy domain, power networks, the numerous control systems involved, and the human in the loop. This poses special requirements to cybersecurity risk identification within smart power grids, which challenge the existing state-of-the-art. This paper proposes a customized four-step approach to identification and modelling of cybersecurity risks in the context of smart power grids. The aim is that the risk model can be presented to decision makers in a suitable interface, thereby serving as a useful support for planning, design and operation of smart power grids. The approach applied in this study is based on parts of the "CORAS" method for model- based risk analysis. The paper also reports on results and experiences from applying the approach in a realistic industrial case with a distribution system operator (DSO) responsible for hosting a pilot installation of the self-healing functionality within a power distribution grid. The evaluation indicates that the approach can be applied in a realistic setting to identify cybersecurity risks. The experiences from the case study moreover show that the presented approach is, to a large degree, well suited for its intended purpose, but it also points to areas in need for improvement and further evaluation. 1 INTRODUCTION Advanced and innovative capabilities are steadily emerging and being deployed on the top of the traditional power grids. Such modern power grids are often called smart grids. New kinds of software and hardware technologies are enablers while increased needs for power grid efficiency are the driving forces for this development, which is characterized as power grid digitalization. With this development come also numerous cybersecurity risks that are more or less specific to complex cyber-physical systems which include many dependencies. The smart grid vision implies extensive use of "ICT", i.e. information and communication technology, in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will increasingly depend on ICT components and systems (Tøndel et al., 2017). While adding functionality, ICT systems also contribute to failures. To analyse the risks of this complex and tightly integrated cyber-physical power system, there is a need to identify the new vulnerabilities that are introduced due to the increasing usage of ICT technologies and their interdependencies with the physical power grid. The digitalization of the power system will include new concepts based on intelligent sensors in the grid and efficient communication between these sensors and the Supervisory Control and Data Acquisition (SCADA) system or distribution management system (DMS) (Belmans, 2012). New components and technologies, such as self-healing grids, will enable automation of the power grid, which will lead to reduced time for fault- and Omerovic, A., Vefsnmo, H., Erdogan, G., Gjerde, O., Gramme, E. and Simonsen, S. A Feasibility Study of a Method for Identification and Modelling of Cybersecurity Risks in the Context of Smart Power Grids. DOI: 10.5220/0007697800390051 In Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019), pages 39-51 ISBN: 978-989-758-366-7 Copyright c  2019 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved 39