Cyber Attack Sequences Generation for Electric Power Grid

• Published in: 2022 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES) pp. 1 - 6
• Main Authors: Dutta, Ashutosh, Purohit, Sumit, Bhattacharya, Arnab, Bel, Oceane
• Format: Conference Proceeding
• Language: English
• Published: IEEE 03.05.2022
• Subjects: Forensics; Nonhomogeneous media; Organizations; Performance evaluation; Power systems; Quality of service; Topology
• DOI: 10.1109/MSCPES55116.2022.9770105

Security assessment of cyber-physical energy systems (CPESs), such as the electric power grid, is a critical operation to maintain availability, reliability, and quality of service in the presence of persistent threats from malicious cyber actors. Existing security assessment approaches, such as penetration testing and red teaming, rely on subject matter experts' experience and forensic analysis of historical events to perform realistic, threat-informed assessments of CPES defense. CPESs have a large attack surface because of the heterogeneity and complexity of underlying topology, devices, measurements, and vulnerabilities. The aforementioned approaches lead to partial coverage of the attack surface with a large set of unknown but possible exploits. There is a need to automate an CPES's attack surface discovery and contextualize it for relevant, highly probable, real-world attack scenarios. We propose a methodology and framework to facilitate the discovery of the CPES attack surface. We generate multilayer attack graphs with ranked attack sequences to describe CPES failure scenarios. We present a work-in-progress framework, CAGen, that lists key components to automate the attack modeling and sequence generation. We demonstrate the published National Electric Sector Cybersecurity Organization Resource (NESCOR) CPES failure scenario to highlight the trustworthiness of generated attack sequences.