ABSTRACT
Targeted cyber attacks are on the rise, and the power industry is an attractive target. Espionage and causing physical damage are likely goals of these targeted attacks. In the case of the power industry, the worst possible consequences are severe: large areas, including critical societal infrastructures, can suffer from power outages. In this paper, we try to measure the preparedness of the power industry against targeted attacks. To this end, we have studied well-known targeted attacks and created a taxonomy for them. Furthermore, we conduct a study, in which we interview six power distribution system operators (DSOs), to assess the level of cyber situation awareness among DSOs and to evaluate the efficiency and effectiveness of their currently deployed systems and practices for detecting and responding to targeted attacks. Our findings indicate that the power industry is very well prepared for traditional threats, such as physical attacks. However, cyber attacks, and especially sophisticated targeted attacks, where social engineering is one of the strategies used, have not been addressed appropriately so far. Finally, by understanding previous attacks and learning from them, we try to provide the industry with guidelines for improving their situation awareness and defense (both detection and response) capabilities.
- Operation Aurora. http://en.wikipedia.org/wiki/Operation_Aurora, 2010.Google Scholar
- Global Energy Cyberattacks: "Night Dragon". Technical report, McAfee, 2011.Google Scholar
- ICS-CERT Monitor, Oct/Nov/Dec 2013. https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Oct-Dec2013.pdf.Google Scholar
- Unveiling "Careto" - The Masked APT. Kaspersky Lab, February 2014.Google Scholar
- D. Albright, P. Brannan, and C. Walrond. Did Stuxnet take out 1000 centrifuges at the Natanz enrichment plant? Technical report, Institute for Science and International Security (ISIS), 2010.Google Scholar
- D. Albright, P. Brannan, and C. Walrond. Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report. Technical report, Institute for Science and International Security (ISIS), 2011.Google Scholar
- R. Anderson, C. Barton, R. Böhme, R. Clayton, M. Eeten, M. Levi, T. Moore, and S. Savage. Measuring the Cost of Cybercrime. In 11th Workshop on the Economics of Information Security (WEIS'12), 2012.Google Scholar
- P. Barford, M. Dacier, T. Dietterich, M. Fredrikson, J. Giffin, S. Jajodia, S. Jha, J. Li, P. Liu, P. Ning, X. Ou, D. Song, L. Strater, V. Swarup, G. Tadda, C. Wang, and J. Yen. Cyber SA: Situational Awareness for Cyber Defense. In S. Jajodia, P. Liu, V. Swarup, and C. Wang, editors, Cyber Situational Awareness, volume 46 of Advances in Information Security, pages 3--13. Springer US, 2010.Google ScholarCross Ref
- D. Batchelder, J. Blackbird, D. Felstead, P. Henry, J. Jones, and A. Kulkarni. Microsoft Security Intelligence Report. Microsoft, 2014.Google Scholar
- P. Ben-Nun. Respondent Fatigue, pages 743--744. Sage Publications, Inc., 1st edition, 2008.Google Scholar
- J. Dai, X. Sun, P. Liu, and N. Giacobe. Gaining Big Picture Awareness through an Interconnected Cross-Layer Situation Knowledge Reference Model. In International Conference on Cyber Security (CyberSecurity) 2012, pages 83--92, Dec 2012. Google ScholarDigital Library
- T. Diefenbach. Are case studies more than sophisticated storytelling?: Methodological problems of qualitative empirical research mainly based on semi-structured interviews. Quality & Quantity, 43(6):875--894, 2009.Google ScholarCross Ref
- A. Doupé, M. Egele, B. Caillat, G. Stringhini, G. Yakin, A. Zand, L. Cavedon, and G. Vigna. Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2011. Google ScholarDigital Library
- N. Falliere, L. Murchu, and E. Chien. W32. stuxnet dossier. White paper, Symantec Corp., Security Response, 2011.Google Scholar
- J. R. Goodall, A. D'Amico, and J. K. Kopylec. Camus: Automatically mapping Cyber Assets to Missions and Users. MILCOM 2009 - 2009 IEEE Military Communications Conference, pages 1--7, Oct. 2009. Google ScholarDigital Library
- M. Grimaila, R. Mills, and L. Fortson. Improving the Cyber Incident Mission Impact Assessment Processes. In 4th Annual Workshop on Cyber Security and Information Intelligence Research, 2008. Google ScholarDigital Library
- R. Langner. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, 2011. Google ScholarDigital Library
- M. B. Line. Why securing smart grids is not just a straightforward consultancy exercise. Security and Communication Networks, 7(1):160--174, 2014.Google ScholarDigital Library
- M. B. Line, I. A. Tøndel, and M. G. Jaatun. Information security incident management: Planning for failure. In 8th International Conference on IT Security Incident Management and IT Forensics (IMF), pages 47--61, May 2014. Google ScholarDigital Library
- C. Paul and K. Whitley. A Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness. In L. Marinos and I. Askoxylakis, editors, Human Aspects of Information Security, Privacy, and Trust, volume 8030 of Lecture Notes in Computer Science, pages 145--154. Springer Berlin Heidelberg, 2013.Google ScholarCross Ref
- N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose. All Your Iframes Point to Us. In USENIX Security Symposium, 2008. Google ScholarDigital Library
- C. Robson. Real world research. John Wiley & Sons Ltd., 3rd edition, 2011.Google Scholar
- G. P. Tadda. Measuring performance of Cyber situation awareness systems. In 11th International Conference on Information Fusion, pages 1--8, June 2008.Google Scholar
- C. Tankard. Advanced persistent threats and how to monitor and deter them. Network security, 2011.Google Scholar
- O. Thonnard, L. Bilge, G. O'Gorman, S. Kiernan, and M. Lee. Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In D. Balzarotti, S. Stolfo, and M. Cova, editors, Research in Attacks, Intrusions, and Defenses, volume 7462 of Lecture Notes in Computer Science, pages 64--85. Springer Berlin Heidelberg, 2012. Google ScholarDigital Library
- C. Witchall and J. Chambers. Cyber incident response: Are business leaders ready? The Economist Intelligence Unit (EIU), 2014.Google Scholar
Index Terms
- Targeted Attacks against Industrial Control Systems: Is the Power Industry Prepared?
Recommendations
Mitigation of Targeted and Non-targeted Covert Attacks as a Timing Game
GameSec 2013: 4th International Conference on Decision and Game Theory for Security - Volume 8252We consider a strategic game in which a defender wants to maintain control over a resource that is subject to both targeted and non-targeted covert attacks. Because the attacks are covert, the defender must choose to secure the resource in real time ...
Poisoning attacks on cyber attack detectors for industrial control systems
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied ComputingRecently, neural network (NN)-based methods, including autoencoders, have been proposed for the detection of cyber attacks targeting industrial control systems (ICSs). Such detectors are often retrained, using data collected during system operation, to ...
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers
We compare alternative information security policies-facilitating enduser precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass ...
Comments