Nyhet | 2016-06-13 | 09:21

Risks and consequences of cyber-attacks affecting DSO's and electrical suppliers’ business processes in the supplier centric model

Master's thesis by Rodrigo Gonzales Hernandez at The Royal Institute of Technology (KTH).

Supervisor at Vattenfall: Simon Zimmermann.


The Nordic and Swedish electricity market is under transition to the Supplier Centric Model (SCM), a new market model, which facilitates the billing and payment towards the end-users and the interactions between electrical suppliers and Distribution System Operators (DSO). This model uses a centralized data service hub for information exchange that is owned and operated by the Swedish Transmission System Operator (TSO).

While systems and operators are getting more and more integrated and digitalized, cyber attackers try to not only harm the office IT but focus more and more on the integrated operational technology to manipulate the operations directly. Malware is starting to target cyber-physical systems that connect technical equipment with the networked computational resources. Additionally more and more insider knowledge about the relevant process flows, as seen in ‘Stuxnet’ or the Ukrainian power outage in December 2015, is getting used to build targeted and undetected attacks on the weakest point in the process chain. Since SCM will involve futuristic procedures for the electrical billing process, there is a potential risk that manipulated data corruption could lead to both economical and physical consequences for the electricity market actors.

This thesis focuses on the risks and consequences caused by cyber-attacks in the SCM. An adversary may cause unwanted actions based on ‘business process hacking’ or knowledge-based hacking by analyzing the business processes maps within the SCM. The goal was to identify the vulnerabilities and triggering events of the DSO's and supplier’s business processes for potential undetected cyber-attacks. The outcome of the thesis should help to improve the business process resilience against cyber-attacks thus leading to a robust and trustworthy SCM. Different related cyber-attack scenarios were investigated to provide a generic solution for improvements to all relevant business service actors. The risks and consequences were identified, analyzed and used to develop certain process improvements exemplary for the Billing Business Process (BBP).