Managing OT cyber security risks using BowTies and Risk & Opportunity Based Asset Management at Dutch DSO Enexis

Abstract

The increasing digitalization of the electricity grid together with the new threats, increases the cyber-security risks related to the distribution of electricity. Major investments need to be made to mitigate these risks. These investments need to be compared with other investments necessary to make the grid ready for the increased use of renewables and electric vehicles and the management of other grid related risks like outages due to cables being broken during construction work. Cyber-security risks need to be properly assessed to determine the right level of investment.The Dutch DSO Enexis has developed a method to assess cyber-security risks that integrates with their Risk and Opportunity Based Asset Management process. The method uses BowTies, a general method that Enexis also uses for all non-security risks to assets. The risk levels are estimated using the asset management risk matrix. In this way, they are made comparable to all other asset risks, so that rational investment decisions can be taken.