ExSol: A Risk Assessment Ecosystem for EDS
ExSol is a risk-assessment ecosystem that uses collaborative feedback and fine-grained metrics from diverse parts of an Energy Delivery System (EDS) for the purposes of cyber-security risk quantification and assessment. ExSol, as the name implies, works by comparing Exploitation scores (potential threats and attack vectors) and Solution scores (security features and requirements), in order to understand how well protected an asset or system may be, (or alternatively, how much risk the asset or system may contain). Exploitation scores are determined for a set of sub-metrics concerning the impendence, the severity as well as the relevance of potential cyber threats and attacks for specific EDS assets, e.g., a PLC or an MTU. Conversely, Solution scores are determined for sub-metrics that model the effectiveness, the relevance and the implementation level of security requirements and techniques tailored to counteract the aforementioned threats or attacks. The Exploitation and Solution sub-metrics related to specific assets are extracted from a well-defined representation that leverages ontologies to model reputable EDS documents describing security requirements and best practices. Later, in order to quantify the cyber-security risk associated to a specific asset, the individual scores corresponding to each of the aforementioned metrics are combined together to form Exploitation and Solution scores, which are then matched up against one another to form an asset-level risk score. This way, the risks associated with threats and attacks are compared to how well security requirements are implemented in the context of the asset, thus obtaining an overall picture of the amount of risk as a result. From there, risk scores for individual assets are intelligently combined in order to gain an understanding of the overall system risk, obtaining a consolidated EDS-level risk score. The current prototype of ExSol utilizes a combination of user-inputted metrics, as well as automated monitoring and determination of sub-metrics in order to perform risk score calculations.
This technology can be used collaboratively by EDS stakeholders in order to determine the levels of risk that are contained within their EDS instances, as well as to monitor and respond to new attack types and vulnerabilities that may appear in the future. As an example, the initial scores for each of the specific sub-metrics, as well as the ones serving as a reference for acceptable asset and EDS-level scores, may be collaboratively determined by EDS stakeholders from industry, government and academia. This way, ExSol provides a strong framework for cyber-securing EDS as it allows stakeholders to continuously monitor their systems and identify points of problem, or places that may be vulnerable or need more security implemented.
For more information about this technology or opportunities for industrial collaboration, contact Carlos Rubio-Medrano or Josephine Lamp. More information is also available on the Related Research Activity page (see link below images).
Figure 1: A depiction of ExSol’s composition: ExSol works by comparing numerical Exploitation Score (related to threats and attack vectors) vs the Solution score (related to security features and requirements) for the purposes of risk quantification and assessment in a cyber-security context.