Creating an EDS Cybersafety Analysis Discipline
NOTE: this is no longer an active CREDC research activity.
If we are to manage cybersecurity risks more effectively in today’s complex and dynamic energy delivery systems (EDS) environment, then a new way of thinking is needed to complement traditional approaches: a Cybersafety Analysis Discipline (CAD). In most cases, EDS organizations strive diligently to protect the key components of their systems, but often serious hazards occur at interfaces between the systems and subsystems (physical, cyber, and human), and they require a more holistic approach.
Our proposed cybersafety analysis discipline (CAD) approach is based on an adaptation of the System-Theoretic Accident Model and Processes (STAMP) method, originally developed for accident or incident analysis, and used to analyze situations such the Challenger Space Shuttle disaster. With STAMP, the overall system is viewed as a hierarchy of control loop structures, where constraints at a higher level control behavior at lower levels. To address the serious cyber hazards in EDS that occur at interfaces between the systems and subsystems, a holistic analysis approach is needed, especially one that specifically incorporates the human element.
The goal is to eliminate hazard conditions that can lead to a loss, and implement effective countermeasures during design and/or operation to prevent losses.
Energy Delivery System (EDS) Gap Analysis
- 1st Step: Learn from Prior Events (2016 Industry Workshop)