The reviewed record of science sign in
Pith

arxiv: 2306.15072 · v1 · pith:HNJA633C · submitted 2023-06-26 · eess.SY · cs.SY

A Firewall Optimization for Threat-Resilient Micro-Segmentation in Power System Networks

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:HNJA633Crecord.jsonopen to challenge →

classification eess.SY cs.SY
keywords powersystemfirewallsystemscriticalelectronicoptimalcyber-physical
0
0 comments X
read the original abstract

Electric power delivery relies on a communications backbone that must be secure. SCADA systems are essential to critical grid functions and include industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power systems, as cyber-physical critical infrastructure, must be protected against. For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5 specifies that an electronic system perimeter is needed, accomplished with firewalls. This paper presents how these electronic system perimeters can be optimally found and generated using a proposed meta-heuristic approach for optimal security zone formation for large-scale power systems. Then, to implement the optimal firewall rules in a large scale power system model, this work presents a prototype software tool that takes the optimization results and auto-configures the firewall nodes for different utilities in a cyber-physical testbed. Using this tool, firewall policies are configured for all the utilities and their substations within a synthetic 2000-bus model, assuming two different network topologies. Results generate the optimal electronic security perimeters to protect a power system's data flows and compare the number of firewalls, monetary cost, and risk alerts from path analysis.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.