SCLEX-Lang : A Threat Modeling Language for Substation Automation Systems

Abstract: Power systems in the industry today are adopting automated substations because of a growing trend of digitization. Substation automation has greatly reduced intervention from human as well as operation and maintenance costs. Although it has brought benefits, new challenges arise regarding security vulnerabilities, which can be opportunities for attackers to damage whole systems and eavesdrop communication. To keep the automated substations secure and free from attackers, threat modeling is one of the alternative methods that can be used to do attack simulation and assess the security of systems. KTH has developed Meta Attack Language, a framework for constructing domain specific languages in which threat models can be produced, based on which attack graphs will be created and attacks can be simulated. It is a framework for developers that eases them to generate attack graphs with new languages. Meta Attack Language has been applied to various of domains by now, such as In-vehicle Network and Amazon Web Services. This thesis is carried out in ABB, extending the previous work of SCLLang and ABB’s existing security assessment tool, and doing threat modeling specifically for substation automation. The final threat model is used to assess the security of products in ABB, which will also serve as a basis for further extension for the company.