A CYBERSECURITY THREAT ASSESSMENT FRAMEWORK FOR THE NIGERIAN POWER SECTOR

Abstract

The modernization and digitalization of the Nigerian power sector, while enhancing operational efficiency, have significantly expanded its cyber-attack surface. This study conducts a comprehensive cybersecurity threat assessment to evaluate the risk posture of the sector's critical infrastructure. Employing a mixed-methods approach underpinned by a pragmatic philosophy and Design Science Research strategy, the study developed a tailored Threat-Vulnerability-Asset (TVA) framework. The framework involved a four-stage process: identification and ranking of critical assets, mapping of associated cyber threats, and prioritization of these threats based on their potential impact (calculated using a modified DREAD model) and likelihood of occurrence. The analysis identified Supervisory Control and Data Acquisition (SCADA) systems, Energy Management Systems (EMS), and Wide Area Networks (WANs) as the most critical assets. The assessment revealed that Targeted Malware and Advanced Persistent Threats (APTs) on SCADA systems pose the gravest danger (Risk Rating: 0.89), followed by Routing Attacks on WANs (0.79) and Data Interception on Advanced Metering Infrastructure (0.79). The study concludes that the convergence of high-impact and high-likelihood threats, exacerbated by legacy systems and inadequate security controls, presents a severe risk to national energy security. It recommends a multi-layered mitigation strategy, including enhanced regulatory frameworks, network segmentation, real-time monitoring, and public-private collaboration to bolster the sector's cyber resilience.