ExSol: Collaboratively assessing cybersecurity risks for protecting energy delivery systems

Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao, Gail Joon Ahn

Research output: Contribution to journalArticlepeer-review


No longer just prophesied about, cyber-attacks to Energy Delivery Systems (EDS) (e.g., the power grid, gas and oil industries) are now very real dangers that result in non-trivial economical losses and inconveniences to modern societies. In such a context, risk analysis has been proposed as a valuable way to identify, analyze, and mitigate potential vulnerabilities, threats, and attack vectors. However, performing risk analysis for EDS is difficult due to their innate structural diversity and interdependencies, along with an always-increasing threatscape. Therefore, there is a need for a methodology to evaluate the current system state, identify vulnerabilities, and qualify risk at multiple granularities in a collaborative manner among different actors in the context of EDS. With this in mind, this article presents ExSol, a collaborative, real-time, risk assessment ecosystem that features an approach for modeling real-life EDS infrastructures, an ontology traversal technique that retrieves well-defined security requirements from well-reputed documents on cyber-protection for EDS infrastructures, as well as a methodology for calculating risk for a single asset and for an entire system. Moreover, we also provide experimental evidence involving a series of attack scenarios in both simulated and real-world EDS environments, which ultimately encourage the adoption of ExSol in practice.

Original languageEnglish (US)
Article number3428156
JournalDigital Threats: Research and Practice
Issue number3
StatePublished - Jun 8 2021


  • Risk assessment
  • energy delivery systems

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications
  • Computer Science Applications
  • Safety Research


Dive into the research topics of 'ExSol: Collaboratively assessing cybersecurity risks for protecting energy delivery systems'. Together they form a unique fingerprint.

Cite this