The most likely way for the world to be destroyed, most experts agree, is by accident. That’s where we come in; we’re computer professionals. We cause accidents.- Nathaniel Borenstein1 Q. So just put it in all perspective [sic]. What’s the worst-case power scenario, power we’re talking here – power lines, power grid? A. Absolute worst? I won’t even say absolute, but a very worst case could be loss of power for six months or more. Q. Over how big an area? A. Big as you want.- Frontline interview with power expert Joseph Weiss regarding the possible damage of a cyber attack on the power grid. 2

I was asked to write the chapter on “Societal Pains ” caused by outages and major power quality disruptions and their impact on our society. Indeed our national security and digital economy place increased demand for reliable and disturbance-free electricity. The massive power outages in the

The design of security for cyber-physical systems must take into account several characteristics common to such systems. Among these are feedback between the cyber and physical environment, distributed management and control, uncertainty, real-time requirements, and geographic distribution. This paper discusses these characteristics and suggests a design approach that better integrates security into the core design of the system. A research roadmap is presented that highlights some of the missing pieces needed to enable such an approach. 1. What is a Cyber-Physical-System? The term cyber-physical system has been applied to many problems, ranging from robotics, through SCADA, and distributed control systems. Not all cyber-physical systems involve critical infrastructure, but there are common elements that change the nature of the solutions that must be considered when securing cyber-physical systems. First, the extremely critical nature of activities performed by some cyber-physical systems means that we need security that works, and that by itself means we need something different. All kidding aside, there are fundamental system differences in cyber-physical systems that will force us to look at security in ways more closely tied to the physical application. It is my position that by focusing on these differences we can see where new (or rediscovered) approaches are needed, and that by building systems that support the inclusion of security as part of the application architecture, we can improve the security of both cyber-physical systems, where such an approach is most clearly warranted, as well as improve the security of cyber-only systems, where such an approach is more easily ignored. In this position paper I explain the characteristics of cyber-physical systems that must drive new research in security. I discuss the security problem areas that need attention because of these characteristics and I describe a design methodology for security that provides for better integration of security design with application design. Finally, I suggest some of the components of future systems that can help us include security as a focusing issue in the architectural design of critical applications.

Abstract—As an indispensable infrastructure for the future life, smart grid is being implemented to save energy, reduce costs, and increase reliability. In smart grid, control center networks have attracted a great deal of attention, because their security and dependability issues are critical to the entire smart grid. Several studies have been conducted in the field of smart grid security, but few work focuses on the dependability analysis of control center networks. In this paper, we adopt a concise mathematic tool, stochastic Petri nets (SPNs), to analyze the dependability of control center networks in smart grid. We present the general model of control center networks by considering different backup strategies of critical components. With the general SPNs model, we can measure the dependability from two metrics, i.e., the reliability and availability, through analyzing the transient and steady-state probabilities simultaneously. To avoid the statespace explosion problem in computing, the state-space explosion avoidance method is proposed as well. Finally, we study a specific case to demonstrate the feasibility and efficiency of the proposed model in the dependability analysis of control center networks in smart grid. Index Terms—Smart grid, dependability analysis, stochastic Petri nets. I.