When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.
Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.
Substations, which are utilized to bring voltage levels from high-voltage to low-voltage while ensuring monitoring, protection, and control, are critical components of power systems. Digital substations, in which the operation is managed between intelligent electronic devices (IED), are utilized in the smart grid. IEC 61850 is a communication standard in digital substations that enables devices from different manufacturers to communicate. Compromising IEC 61850 substations can lead to major consequences, such as transmission line failures or blackouts. Since cyber-attacks against substations can lead to serious physical consequences, securing substations requires quantitative security metrics that consider the cyber and physical aspects of attacks. This Ph.D. thesis aims to develop security metrics for substations, provide a framework for improving their security posture, which is measured with the developed security metrics, and provide an online security monitoring framework. More concretely, the first chapter provides a literature review on threat models and security metrics in the smart grid. Consequently, two security metrics are defined to measure how well redundancy is designed from a security perspective. The effectiveness of those metrics is assessed via simulations conducted using realistic attack graph models. After that, three security metrics are provided to measure the security postures of substations concerning supply chain attacks, and their effectiveness is assessed via simulations. Substations may contain devices from different vendors which may be more or less trustworthy. Based on that, measuring the security postures of substations against supply chain attacks is important. Then, a hardening framework is developed to improve the security postures of substations with respect to supply chain attacks. This framework considers supply chain-related and non-supply chain-related hardening options for finding optimal ways to improve the security postures of substations. The effectiveness of the designed framework is experimented with using realistic scenarios. Lastly, an online security monitoring framework which first generates threat models and then enhances them according to ongoing instances of attacks is provided. This framework first generates threat models based on the static configuration. After that, the generated models are updated based on information about ongoing instances of attacks obtained from system logs. Experiment results highlight that the designed framework scales well and has a reasonable execution time.