Using Design Thinking to Understand Cyber Attack Surfaces of Future Smart Grids

Abstract

The success and proliferation of smart enabled electricity grids depends on our ability to reason predict and prevent adversarial behavior. This paper details a novel application of design thinking to smart grid cyber security, presenting a scalable framework for defining, ranking and externally validating future smart grid threats and then modeling adversarial behavior. Using an expert panel for external validation, this paper prioritises three salient threats to smart grid security in the near future: 1) malicious entry to a network operator’s control room allowing remote shutdown of grid infrastructure, 2) distract and decoy tactics as a means of diverting resources away from the site of an attack, and 3) manipulation of demand attacks using widespread commandeering of household IoT technology. Smart grids represent a salient test deployment for this framework, given the near complete lack of successful existing attacks from which empirical evidence can be leveraged. Our framework for reasoning about potential future threats is scalable from company-specific to sector-wide threats and enables risk owners to make well-informed decisions and better prepare against future threats.