STRIDE to a secure smart grid in a hybrid cloud

Abstract

© Springer International Publishing AG 2018. This paper describes one possible migration scenario of Smart Grid Industrial Control System (ICS) elements to the computing cloud while maintaining the existing level of information system security. We performed a software centric threat analysis of the Smart Grid ICS, i.e. the most important elements of the system were analyzed following the STRIDE methodology. Security risks were analyzed based on the combined effects of the likelihood of a successful attack and the impact on the identified critical components of the Smart Grid ICS. Risk matrices were used to determine the measure of the security risk. Based on our threat analysis we propose a migration scenario to a hybrid (community & private) cloud. In our scenario, the ICS elements with higher risk tolerance were deployed in a community cloud, while the elements with lower risk tolerance were kept on premise in a private cloud.