Managing OT cyber security risks using BowTies and Risk & Opportunity Based Asset Management at Dutch DSO Enexis
Paper number
141Conference name
CIRED 2019Conference date
3-6 June 2019Conference location
Madrid, SpainPeer-reviewed
YesMetadata
Show full item recordAuthors
Hoeve, Maarten, European Network for Cyber-Security, NetherlandsMontes Portela, Carlos, Enexis Netbeheer B.V., Netherlands
Brouns, Gido, Enexis Netbeheer B.V., Netherlands
Abstract
The increasing digitalization of the electricity grid together with the new threats, increases the cyber-security risks related to the distribution of electricity. Major investments need to be made to mitigate these risks. These investments need to be compared with other investments necessary to make the grid ready for the increased use of renewables and electric vehicles and the management of other grid related risks like outages due to cables being broken during construction work. Cyber-security risks need to be properly assessed to determine the right level of investment.The Dutch DSO Enexis has developed a method to assess cyber-security risks that integrates with their Risk and Opportunity Based Asset Management process. The method uses BowTies, a general method that Enexis also uses for all non-security risks to assets. The risk levels are estimated using the asset management risk matrix. In this way, they are made comparable to all other asset risks, so that rational investment decisions can be taken.Publisher
AIMDate
2019-06-03Published in
Permanent link to this record
https://cired-repository.org/handle/20.500.12455/548http://dx.doi.org/10.34890/774