Department of Engineering Management and Systems Engineering, The George Washington University, Washington, DC, USA.
Risk Anal. 2020 Sep;40(9):1744-1761. doi: 10.1111/risa.13511. Epub 2020 Jun 15.
The purpose of this article is to introduce a risk analysis framework to enhance the cyber security of and to protect the critical infrastructure of the electric power grid of the United States. Building on the fundamental questions of risk assessment and management, this framework aims to advance the current risk analysis discussions pertaining to the electric power grid. Most of the previous risk-related studies on the electric power grid focus mainly on the recovery of the network from hurricanes and other natural disasters. In contrast, a disproportionately small number of studies explicitly investigate the vulnerability of the electric power grid to cyber-attack scenarios, and how they could be prevented or mitigated. Such a limited approach leaves the United States vulnerable to foreign and domestic threats (both state-sponsored and "lone wolf") to infiltrate a network that lacks a comprehensive security environment or coordinated government response. By conducting a review of the literature and presenting a risk-based framework, this article underscores the need for a coordinated U.S. cyber security effort toward formulating strategies and responses conducive to protecting the nation against attacks on the electric power grid.
本文旨在引入一种风险分析框架,以增强美国电网的网络安全并保护其关键基础设施。该框架以风险评估和管理的基本问题为基础,旨在推进当前有关电网风险分析的讨论。之前大多数与电网相关的风险研究主要集中在网络从飓风和其他自然灾害中恢复的问题上。相比之下,数量少得不成比例的研究明确调查了电网对网络攻击场景的脆弱性,以及如何预防或减轻这些脆弱性。这种有限的方法使美国容易受到外国和国内威胁(包括国家赞助的和“孤狼”)的攻击,这些威胁可能会渗透到一个缺乏全面安全环境或协调的政府应对措施的网络中。本文通过对文献的回顾和提出基于风险的框架,强调了美国需要进行协调一致的网络安全工作,制定有利于保护国家免受电网攻击的战略和应对措施。
