Cybersecurity threats to P&C systems

Abstract

Vulnerabilities introduced into the hardware and software by P&C system manufacturers are typically difficult for the EPU’s P&C engineers to discover and patch. The most common cybersecurity flaw is a vulnerability that provides the means to inject malicious code into the P&C system software. The primary reason to consider this type of attack is that it can allow an individual to bypass the access control restrictions set by the developer or EPU’s P&C engineer. P&C system engineers should review all wireless remote access to the P&C system. Depreciate wireless access using WEP encryption and their interface to the P&C system network declared “untrusted”. Lastly, P&C managers should not view these vulnerabilities of P&C assets independently as a successful cyber-attack typically involves exploitation of a chain of vulnerabilities present on various assets. Consequently, there is a need to model and analyze the entire sys-tem-of-systems to estimate the relative security of a threat scenario.