The abundance of cyber-physical components in modern day power grid with their diverse hardware and software vulnerabilities has made it difficult to protect them from advanced persistent threats (APTs). An attack graph depicting the propagation of potential cyber-attack sequences from the initial access point to the end objective is vital to identify critical weaknesses of any cyber-physical system. A cyber security personnel can accordingly plan preventive mitigation measures for the identified weaknesses addressing the cyber-attack sequences. However, limitations on available cybersecurity budget restrict the choice of mitigation measures. We address this aspect through our framework, which solves the following problem: given potential cyber-attack sequences for a cyber-physical component in the power grid, find the optimal manner to allocate an available budget to implement necessary preventive mitigation measures. We formulate the problem as a mixed integer linear program (MILP) to identify the optimal budget partition and set of mitigation measures which minimize the vulnerability of cyber-physical components to potential attack sequences. We assume that the allocation of budget affects the efficacy of the mitigation measures. We show how altering the budget allocation for tasks such as asset management, cybersecurity infrastructure improvement, incident response planning and employee training affects the choice of the optimal set of preventive mitigation measures and modifies the associated cybersecurity risk. The proposed framework can be used by cyber policymakers and system owners to allocate optimal budgets for various tasks required to improve the overall security of a cyber-physical system.

翻译：现代电网中网络物理组件的丰富性及其多样化的硬件和软件漏洞，使其难以抵御高级持续性威胁（APT）。攻击图描绘了潜在网络攻击序列从初始访问点到最终目标的传播过程，对于识别任何网络物理系统的关键薄弱环节至关重要。网络安全人员可据此针对已识别的薄弱环节规划预防性缓解措施以应对网络攻击序列。然而，网络安全预算的限制制约了缓解措施的选择。我们通过框架解决以下问题：针对电网中网络物理组件潜在的网络攻击序列，如何在有限预算下最优分配资源以实施必要的预防性缓解措施。我们将该问题建模为混合整数线性规划（MILP），以确定最优预算分配方案和缓解措施集合，从而最小化网络物理组件遭受潜在攻击序列的脆弱性。我们假设预算分配会影响缓解措施的有效性，并展示资产维护、网络安全基础设施改进、事件响应规划和员工培训等任务中预算分配的变化如何改变最优预防性缓解措施的选择及相关网络安全风险。该框架可供网络政策制定者和系统所有者用于优化分配各类任务的预算，以提升网络物理系统的整体安全性。