An approach to cost definition for the implementation of cybersecurityin electricity critical infrastructures

The present work contributes to the study of the costs of the implementation of security standards in the SCADA system networks of the critical infrastructures electric of power systems, presenting an analysis of costs. It starts from the analysis of two experimental case studies, one based on the study of the Polish TSO, the second of an Italian Generation Company. The study considers the intrinsic characters of the power grids and of their interconnections at European level, and analyse critical conditions, applying cases of hypothetical cyber-attacks to specific locations and timings. In this way it provides a reference for the identification of cyber-security related expenses and a reasoned measure of the costs needed to implement the standards. The adopted methodology quantifies the cash flows for the implementation and maintenance of the security standards. Once this exercise is done it infers the cost needed for the protection of the whole Country, considering the specific Country situation in terms of quantity of infrastructures. In this way it estimates the cost that a Country should afford with the overall adoption of security standards in electricity transmission and generation. The total involved costs were evaluated, as well as the ones to be borne by the operators starting from the current situation so as to comply with the standards requirements. At the end of the study useful suggestions for Transmission System Operators and Generation Operators are offered, besides a reasoned set of figures assessing the costs on the implementation of security systems. Moreover some discussion on how the conclusion impacts regulators behavior is provided. The work is relevant also in that a similar exercise has been seldom, if ever, tried previously.