ExSol: A Risk Assessment Ecosystem for EDS
ExSol is a risk-assessment ecosystem that uses collaborative feedback and fine-grained metrics from diverse parts of an Energy Delivery System (EDS) for the purposes of cyber-security risk quantification and assessment. ExSol, as the name implies, works by comparing Exploitation scores (potential threats and attack vectors) and Solution scores (security features and requirements), in order to understand how well protected an asset or system may be, (or alternatively, how much risk the asset or system may contain). Exploitation scores are determined for a set of sub-metrics concerning the impendence, the severity as well as the relevance of potential cyber threats and attacks for specific EDS assets, e.g., a PLC or an MTU. Conversely, Solution scores are determined for sub-metrics that model the effectiveness, the relevance and the implementation level of security requirements and techniques tailored to counteract the aforementioned threats or attacks. The Exploitation and Solution sub-metrics related to specific assets are extracted from a well-defined representation that leverages ontologies to model reputable EDS documents describing security requirements and best practices. Later, in order to quantify the cyber-security risk associated to a specific asset, the individual scores corresponding to each of the aforementioned metrics are combined together to form Exploitation and Solution scores, which are then matched up against one another to form an asset-level risk score. This way, the risks associated with threats and attacks are compared to how well security requirements are implemented in the context of the asset, thus obtaining an overall picture of the amount of risk as a result. From there, risk scores for individual assets are intelligently combined in order to gain an understanding of the overall system risk, obtaining a consolidated EDS-level risk score. The current prototype of ExSol utilizes a combination of user-inputted metrics, as well as automated monitoring and determination of sub-metrics in order to perform risk score calculations.
This technology can be used collaboratively by EDS stakeholders in order to determine the levels of risk that are contained within their EDS instances, as well as to monitor and respond to new attack types and vulnerabilities that may appear in the future. As an example, the initial scores for each of the specific sub-metrics, as well as the ones serving as a reference for acceptable asset and EDS-level scores, may be collaboratively determined by EDS stakeholders from industry, government and academia. This way, ExSol provides a strong framework for cyber-securing EDS as it allows stakeholders to continuously monitor their systems and identify points of problem, or places that may be vulnerable or need more security implemented.
For more information about this technology or opportunities for industrial collaboration, contact Carlos Rubio-Medrano or Josephine Lamp. More information is also available on the Related Research Activity page (see link below images).
Figure 1: A depiction of ExSol’s composition: ExSol works by comparing numerical Exploitation Score (related to threats and attack vectors) vs the Solution score (related to security features and requirements) for the purposes of risk quantification and assessment in a cyber-security context.
Figure 2: Different sub-metrics for defining both an Exploitation as well as a Solution score for a given EDS asset. Numerical scores for each sub-metric are defined by Global Experts, which are members of the EDS community either in industry, government of academia, as well as Local Experts, which belong to specific EDS organizations and companies and may be in charge of directly handling EDS instances at the infrastructure level. This way, ExSol depicts an ecosystem in which collaboratively-created information is actively shared for protecting EDS instances in real-time.
Figure 3: A graphical depiction of a set of Exploitation and Solution scores for a pair of EDS assets with respect to a specific attack (Denial of Service). Using the information on sub-metrics shown in Figure 1 as a reference, Global and Local Experts may deem the impendence (Ei) of a potential DoS attack as high for both assets. However, the values for severity (Es) and relevance (Er) may vary for each asset. Conversely, experts may highly deem the effectiveness (Se) of the security requirement restricting the internet access for control devices for counteracting DOS in the context of both assets, and may also vary on their perception of the relevance (Sr) as well as the quality of the implementation (Si) of such a requirement with respect to a given EDS instance.
Figure 4: Sample numerical Exploitation and Solution scores for the EDS assets shown in Figure 3, with respect to a specific attack (Denial of Service). Both threats (T), attacks (A), as well as the security requirements (R) and techniques (S) counteracting them are obtained from reputable documents describing security best practices within the EDS community. Later, these Exploitation and Solution scores may be then summarized and compared to each other for the purposes of risk assessment.