In CyPhyR, we analyze the impact of vulnerabilities on the planning and operation phases of a microgrid. Typically, vulnerabilities are defined in the national vulnerability database as a CVE, Common Vulnerabilities and Exposures. Each CVE is assigned a CVSS score, which is a Common Vulnerability Scoring System. CVSS uses expert opinions to grade the CVE on a qualitative scale with factors considered such as exploitability, scope, and impact metrics. It considers the impact on the confidentiality, integrity, and availability (CIA) requirements on the application. While CVSS provides a method to understand the importance of the CVE in general, they do not provide a quantitative score. A quantitative score is useful for the system operators to understand the potential impacts of various devices to be installed in the microgrid, and provides a way to quickly understand the impact of the vulnerability in the operation phase. To this end, CyPhyR uses CVE information, physical and communication system models, system topology information, and real time measurements from the system to compute a resiliency metric that can be used by the operator to understand the system better.
CyPhyR will have a web based interface, which will allow the user to select the various devices used in the system. Based on the power system model, a custom resiliency based reconfiguration algorithm is performed offline, and various feasible topologies are obtained for the system. CyPhyR then provides the result of the planning phase in which the impact in terms of availability and integrity attacks are provided. In operation phase, CyPhyR accepts inputs from the various switches in the system and monitors for a change in the system topology. It also accepts performance metrics from the cyber system, and IDS alerts if available. Based on the status of the system, an operation phase metric CIS is computed and is displayed in real time to the user. CyPhyR is thus suited to be used by the planning engineer to manage vulnerabilities better, and by the system operator to quickly understand the real-time resilience of the system.
For more information about this technology or opportunities for industrial collaboration, contact Anurag Srivastava. More information is also available on the Related Research Activity page.