Show simple item record

dc.contributor.authorRios, Erkuden
dc.contributor.authorRego, Angel
dc.contributor.authorIturbe, Eider
dc.contributor.authorHiguero, Marivi
dc.contributor.authorLarrucea, Xabier
dc.date.accessioned2020-08-25T07:05:17Z
dc.date.available2020-08-25T07:05:17Z
dc.date.issued2020
dc.identifier.citationRios, Erkuden, Angel Rego, Eider Iturbe, Marivi Higuero, and Xabier Larrucea. “Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees.” Sensors 20, no. 16 (August 7, 2020): 4404. doi:10.3390/s20164404.en
dc.identifier.issn1424-3210en
dc.identifier.urihttp://hdl.handle.net/11556/959
dc.description.abstractAlthough the risk assessment discipline has been studied from long ago as a means to support security investment decision-making, no holistic approach exists to continuously and quantitatively analyze cyber risks in scenarios where attacks and defenses may target different parts of Internet of Things (IoT)-based smart grid systems. In this paper, we propose a comprehensive methodology that enables informed decisions on security protection for smart grid systems by the continuous assessment of cyber risks. The solution is based on the use of attack defense trees modelled on the system and computation of the proposed risk attributes that enables an assessment of the system risks by propagating the risk attributes in the tree nodes. The method allows system risk sensitivity analyses to be performed with respect to different attack and defense scenarios, and optimizes security strategies with respect to risk minimization. The methodology proposes the use of standard security and privacy defense taxonomies from internationally recognized security control families, such as the NIST SP 800-53, which facilitates security certifications. Finally, the paper describes the validation of the methodology carried out in a real smart building energy efficiency application that combines multiple components deployed in cloud and IoT resources. The scenario demonstrates the feasibility of the method to not only perform initial quantitative estimations of system risks but also to continuously keep the risk assessment up to date according to the system conditions during operation.en
dc.description.sponsorshipThis research leading to these results was funded by the EUROPEAN COMMISSION, grant number 787011 (SPEAR Horizon 2020 project) and 780351 (ENACT Horizon 2020 project).en
dc.language.isoengen
dc.publisherMultidisciplinary Digital Publishing Institute (MDPI)en
dc.rightsAttribution 4.0 International*
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/*
dc.titleContinuous Quantitative Risk Management in Smart Grids Using Attack Defense Treesen
dc.typearticleen
dc.identifier.doi10.3390/s20164404en
dc.relation.projectIDinfo:eu-repo/grantAgreement/EC/H2020/787011/EU/SPEAR: Secure and PrivatE smArt gRid/SPEARen
dc.relation.projectIDinfo:eu-repo/grantAgreement/EC/H2020/780351/EU/Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems/ENACTen
dc.rights.accessRightsopenAccessen
dc.subject.keywordsInformation securityen
dc.subject.keywordsRisk assessmenten
dc.subject.keywordsSecurity managementen
dc.identifier.essn1424-8220en
dc.issue.number16en
dc.journal.titleSensorsen
dc.page.initial4404en
dc.volume.number20en


Files in this item

Thumbnail

    Show simple item record

    Attribution 4.0 InternationalExcept where otherwise noted, this item's license is described as Attribution 4.0 International