As evidenced by the recent cyberattacks against Ukrainian power grids, attack strategies have advanced and new malware agents will continue to emerge. The current measures to audit the critical cyber assets of the electric power infrastructure do not provide a quantitative guidance that can be used to address security protection improvement. Investing in cybersecurity protection is often limited to compliance enforcement based on reliability standards.
