This paper investigates the use of Petri nets for modeling insider attacks on the Supervisory Control and Data Acquisition (SCADA) system. Insider attacks are one of the most dangerous threats for Critical Infrastructures (CIs). An insider attacker, by sending legitimate control commands, can bring catastrophic damages to CIs at the national level. Therefore, it is important to develop new model to study the sequence of the operator actions in the CIs. Many CIs are monitored and controlled by SCADA systems. This paper proposes a new modelling approach of operator behavior, for resolving alarms and insider attacks, in electric power SCADA. In order to study operator behavior, several attack scenarios have been studied to evaluate offered model. The proposed model is based on Colored Petri Nets (CPNs).
