Fighting Insider Threats, with Zero-Trust in Microservice-based, Smart Grid OT Systems

The Operational technology (OT) systems, utilized in critical infrastructure systems, can largely benefit from microservice-based control center architectures, by lowering upfront investment and maintenance costs. Many system operators are cautious and do not choose such modern system architectures, citing cybersecurity as a major concern. We intend to tackle that challenge and, in this paper, we investigate the threats to such mission critical systems and propose mitigation strategies aimed at lowering the likelihood of cyber-attacks. We developed a threat model focused on both external and insider threats and we group them. We utilize Microsoft's STRIDE methodology to analyze the threats on a per-service level, in a specific use case, in the smart grid sector. We propose mitigations for each threat, by putting the zero-trust principle, at the core of our proposal. We calculate the resulting risks, for each threat, based on impact and likelihood, and show that it is significantly reduced when all proposed measures are applied.