Deriving value judgements about threat rankings for large and entangled systems, such as those of urban smart grids, is a challenging task. Suitable approaches should account for multiple threat events posed by different classes of attackers who target system components. Given the complexity of the task, a suitable level of guidance for ranking more relevant and filtering out the less relevant threats is desirable. This requires a method able to distill the list of all possible threat events in a traceable and repeatable manner, given a set of assumptions about the attackers. The Threat Navigator proposed in this paper tackles this issue. Attacker profiles are described in terms of Focus (linked to Actor-to-Asset relations) and Capabilities (Threat-to-Threat dependencies). The method is demonstrated on a sample urban Smart Grid. The ranked list of threat events obtained is useful for a risk analysis that ultimately aims at finding cost-effective mitigation strategies.
展开▼