Grid-STIX: A STIX 2.1-Compliant Cyber-Physical Security Ontology for Power Grid

TL;DR

Grid-STIX is a comprehensive, open-source cybersecurity ontology tailored for power grids, extending STIX 2.1 to include physical assets, cyber-physical relationships, and nuclear safeguards, enabling advanced threat modeling and risk assessment.

Contribution

It introduces a modular, domain-specific extension of STIX 2.1 for electrical power grid cybersecurity, covering physical, cyber, and cyber-physical assets and relationships.

Findings

Validated through use cases in threat sharing and risk assessment.

Supports nuclear safeguards and non-proliferation verification.

Provides tools for visualization and Python code generation.

Abstract

Modern electrical power grids represent complex cyber-physical systems requiring specialized cybersecurity frameworks beyond traditional IT security models. Existing threat intelligence standards such as STIX 2.1 and MITRE ATT\&CK lack coverage for grid-specific assets, operational technology relationships, and cyber-physical interdependencies essential for power system security. We present Grid-STIX, a domain-specific extension of STIX 2.1 for electrical grid cybersecurity applications. Grid-STIX employs a modular architecture encompassing physical assets, operational technology components, cyber-physical relationships, and security policies that capture modern power systems including distributed energy resources, advanced metering infrastructure, and nuclear energy facilities. The framework provides threat modeling capabilities through systematic representation of attack patterns, supply chain risks, and cross-domain impact analysis while maintaining STIX 2.1 compliance. Grid-STIX includes modules for nuclear safeguards and non-proliferation verification, enabling cybersecurity modeling across conventional and nuclear energy sectors. The ontology supports Zero Trust enforcement through policy decision points and operational context integration. Our implementation includes validation pipelines, Python code generation, and visualizations. Use cases demonstrate applications including cross-utility threat intelligence sharing, supply chain risk assessment, and nuclear facility cybersecurity. Grid-STIX is available as an open-source framework to advance collaborative cybersecurity research across the electrical power sector.