Abstract
A major challenge during grid planning is the identification of cybersecurity threats potentially introduced by active digital measures. This challenge arises because grid planning occurs at an early, conceptual stage, typically years ahead of realization, and often lacks concrete information about the active digital measures at this early phase. This highlights the need for simple, user-friendly cyber risk assessment methods that grid planners can use, even without detailed information about the final solutions. To address this need, we propose a lightweight, tool-supported, six-step method. This method employs the Customer Journey Modeling Language (CJML), which is comprehensible to various professional backgrounds, and which we have adapted to include the necessary cybersecurity concepts to help grid planners identify cybersecurity threats. The method is supported by our freely available, open-source risk modeling tool. Using a case based on a real-world electricity distribution grid, we demonstrate how our method supports grid planners in performing cyber-risk assessments with limited information about the final solutions and their vulnerabilities to cyber threats. Preliminary results indicate that our method is effective in enabling grid planners to assess potential cybersecurity risks during the planning phase, thereby enhancing the reliability and security of future electricity distribution systems.
