Toward Proactive Cyber-Physical-Human Risk Assessment in Power Systems

Energy delivery systems are the ultimate critical infrastructure. The urgency to develop and deploy automated techniques to identify and reduce risks is present. However, as adversarial actions in cyber-physical systems (CPS) continue to rise, it is increasingly important to understand and model the role of human behavior in affecting interactions within and between CPS. Hence, this paper proposes an asset-based risk assessment approach that integrates the common vulnerability scoring system to evaluate the impacts of adversary-exploitable paths. The approach models humans as nodes in a graph layer, which interfaces with both cyber and physical layers. Then, a risk analysis is performed to understand how human roles can leverage or mitigate vulnerabilities to actualize threats. A case study is presented on an 8-substation power system model. The results demonstrate the potential to develop new techniques for mitigating risk by including the human layer in the analysis of cyber-physical power systems.