Power grids are becoming increasingly intelligent. In this regard, they benefit considerably from the information technology (IT) networks coupled with their underlying operational technology (OT) networks. While IT networks provide sufficient controllability and observability of power grid assets such as voltage and reactive power controllers, distributed energy resources, among others, they make those critical assets vulnerable to cyber threats and risks. In such systems, however, several technical and economic factors can significantly affect the patching and upgrading decisions of their components including, but not limited to, limited time and budget as well as legal constraints. Thus, resolving all vulnerabilities at once could seem like an insuperable hurdle. To figure out where to start, an involved decision maker (e.g. a security team) has to prudently prioritize the possible vulnerability remediation actions. The key objective of prioritization is to efficiently reduce the inherent security risk to which the system in question is exposed. Due to the critical role of power systems, their decision makers tend to enhance the system resilience against extreme events. Thus, they seek to avoid decision options associated with likely severe risks. Practically, this risk attitude guides the decision-making process in such critical organizations and hence the sought-after prioritization as well.Therefore, the contribution of this work is to provide an integrated risk-based decision-support methodology for prioritizing possible remediation activities. It leverages the Time-To-Compromise security metric to quantitatively assess the risk of compromise. The developed risk estimator considers several factors including: i) the inherent assessment uncertainty, ii) interdependencies between the network components, iii) different adversary skill levels, and iv) public vulnerability and exploit information. Additionally, our methodology employs game theory principles to support the strategic decision-making process by constructing a chain of security games. Technically, the remediation actions are prioritized through successively playing a set of dependent zero-sum games. The underlying game-theoretical model considers carefully the stochastic nature of risk assessments and the specific risk attitude of the decision makers involved in the patch management process across electric power organizations.

中文翻译：

---

缓解电力系统中的风险：从哪里开始？

电网变得越来越智能。在这方面，他们从信息技术（IT）网络及其基础运营技术（OT）网络中受益匪浅。尽管IT网络为诸如电压和无功功率控制器，分布式能源之类的电网资产提供了足够的可控性和可观察性，但它们使这些关键资产容易受到网络威胁和风险的影响。但是，在这样的系统中，一些技术和经济因素会严重影响其组件的补丁和升级决策，包括但不限于有限的时间和预算以及法律约束。因此，立即解决所有漏洞似乎是一个无法克服的障碍。为了弄清楚从哪里开始，需要一个决策者（例如 安全团队）必须审慎地确定可能的漏洞修复措施的优先级。优先级划分的主要目标是有效地降低相关系统所面临的固有安全风险。由于电力系统的关键作用，他们的决策者往往会增强系统对极端事件的适应能力。因此，他们试图避免与可能的严重风险相关的决策选择。实际上，这种风险态度指导着此类关键组织的决策过程，因此也寻求了优先考虑的优先事项。因此，这项工作的目的是提供一种基于风险的综合决策支持方法，对可能的补救活动进行优先排序。它利用“破坏时间”安全性指标来定量评估遭受破坏的风险。发达的风险估算者考虑了以下几个因素：i）固有的评估不确定性； ii）网络组件之间的相互依赖性； iii）不同的对手技能水平；以及iv）公共脆弱性和利用信息。此外，我们的方法论采用博弈论原理，通过构建安全博弈链来支持战略决策过程。从技术上讲，补救措施是通过连续玩一组相关的零和游戏来确定优先级的。基本的博弈模型仔细考虑了风险评估的随机性以及参与电力组织补丁管理过程的决策者的特定风险态度。ii）网络组件之间的相互依赖性，iii）不同的对手技能水平，以及iv）公共漏洞和利用信息。此外，我们的方法论采用博弈论原理，通过构建安全博弈链来支持战略决策过程。从技术上讲，补救措施是通过连续玩一组相关的零和游戏来确定优先级的。基本的博弈模型仔细考虑了风险评估的随机性以及参与电力组织补丁管理过程的决策者的特定风险态度。ii）网络组件之间的相互依赖性，iii）不同的对手技能水平，以及iv）公共漏洞和利用信息。此外，我们的方法论采用博弈论原理，通过构建安全博弈链来支持战略决策过程。从技术上讲，补救措施是通过连续玩一组相关的零和游戏来确定优先级的。基本的博弈模型仔细考虑了风险评估的随机性以及参与电力组织补丁管理过程的决策者的特定风险态度。我们的方法论采用博弈论原理，通过构建安全博弈链来支持战略决策过程。从技术上讲，补救措施是通过连续玩一组相关的零和游戏来确定优先级的。基本的博弈模型仔细考虑了风险评估的随机性以及参与电力组织补丁管理过程的决策者的特定风险态度。我们的方法论采用博弈论原理，通过构建安全博弈链来支持战略决策过程。从技术上讲，补救措施是通过连续玩一组相关的零和游戏来确定优先级的。基本的博弈模型仔细考虑了风险评估的随机性以及参与电力组织补丁管理过程的决策者的特定风险态度。