An authorization framework to mitigate insider threat in CIM-based smart grid

A smart grid (SG) is based on integrated data from distributed information systems, and the common information model (CIM) provides standard data infrastructure. In the SG, a malicious insider operator can lead to widespread failures in the power system by disrupting the system processes. The severity of the attack increases when he/she can access integrated data with legal permissions and steal, delete or modify them. This paper proposes an authorization framework to mitigate data access permissions of an insider operator who does not perform its duties properly in a CIM-based SG. In the proposed method, the accessibility of a CIM class is determined based on the operator trust and the criticality level of the issued SQL command. The value of the operator trust is calculated using its performance periodically or when an anomaly is detected. The proposed method is also able to detect anomalies in operator performance.