Use cases also exist for attackers—how to foster the concept of misuse cases

New article by our colleague Mana Azamat from OFFIS,

Due to the new digital control structures of cyber-physical energy systems (CPES), where the control interventions no longer take place physically on site but are triggered, released, executed and acknowledged remotely by automated control systems, there is not only the risk of incorrect actions by plants or operators, but also of possible attacks or misuses. In this contribution, we propose an integrated security-by-design approach (on a conceptual level) for testing the interoperability of various heterogeneous systems (e.g., TSO-DSO communications) by combining multiple, but yet separated, state-of-the-art approaches. With the objective of eliminating or minimizing the impact of cyber incidents, best practices from various sectors have been adapted and integrated with well-established methods and standards from the energy sector, such as the IEC 62559‑2 use case template.


Full article link:



Issue Dat