A Smart Grid Ontology: Vulnerabilities, Attacks, and Security Policies

Modern energy grids employ network-enabled sensors, meters, and actuators, controlled via a bidirectional flow of information facilitated by communication and networking infrastructure. The increase in information and communication technologies has, however, rendered smart grids vulnerable to cyberattacks. This position paper presents an ontological model of smart grid systems that elucidates the entities involved and their interrelationships, enabling systematic identification of attack surfaces and vectors. We augment this model by providing an automated method to integrate the vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database – an expanding catalog of over 200,000 cybersecurity vulnerabilities maintained by the MITRE Corporation – to the specified smart grid components in the ontology. By populating the ontology with relevant CVE database entries, we provide an enriched understanding that guides vulnerability assessment and security policy design in smart grid systems. Furthermore, we introduce an automation framework to generate security policies, leveraging the machine-readability of our ontology. This research is expected to promote collaboration among various stakeholders, ranging from developers and operators to regulators, fostering enhanced smart grid security.