Development and Application of Smart Grid Information Security Risk Assessment Techniques

• Main Authors: Hsiao-Chieh Hsu, 徐孝杰
• Other Authors: 易俗
• Format: Others
• Language: zh-TW
• Published: 2015
• Online Access: http://ndltd.ncl.edu.tw/handle/6d2y4j

碩士 === 健行科技大學 === 資訊工程系碩士班 === 103 === Due to the fast progress of modern technology, computer has become an indispensable critical industry tools. The computer`s automatic execution capability has created an efficient mass manufacturing processes with high quality. Almost every aspects of modern society cannot perform normal functions without the help of computer. Computer Network provides communication among computers and people. As matter of fact, computer communication has become the most important communication channel above other communication methods. However, after the reveal of STUXNET virus attack event, countries around world all begin to worry about STUXNET-like attack to their computer networks. Currently Taiwan`s most infrastructure systems (power, water supply, transportation, broadcast,..etc.,) are controlled by computers. The planned Taiwan Smart Grid will heavily depending on computer control once it completed. There exists an obvious vulnerability - most of the computers that control the elements of smart grid are made by other countries. It is highly possible that a pre-installed backdoor virus could be planted in the computer before shipping to Taiwan, just like what happened in STUXNET attack scenario where 5 contractors of Iran`s supply chain were compromised. Since Taiwan`s most infrastructure systems are controlled by imported computers. How to prevent these computers from pre-installed STUXNET-like attack is an important issue and should not be overlooked. This research presents a model based risk analysis approach to investigate the vulnerabilities of Taiwan`s smart grid system. We apply a powerful information system risk analysis tool CORAS to model and analyze the potential vulnerabilities exist in current power grid. Possible approaches to eliminate these vulnerabilities are proposed to improve the security and safety of the smart grid system currently under development.