Compliance Checking Based Detection of Insider Threat in Industrial Control System of Power Utilities

Qingqing Chen, Mi Zhou, Ziwen Cai, Sheng Su
{"title":"Compliance Checking Based Detection of Insider Threat in Industrial Control System of Power Utilities","authors":"Qingqing Chen, Mi Zhou, Ziwen Cai, Sheng Su","doi":"10.1109/ACPEE53904.2022.9784085","DOIUrl":null,"url":null,"abstract":"Compare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today’s information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers’ power outage due to insider threats.","PeriodicalId":118112,"journal":{"name":"2022 7th Asia Conference on Power and Electrical Engineering (ACPEE)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 7th Asia Conference on Power and Electrical Engineering (ACPEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACPEE53904.2022.9784085","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

Abstract

Compare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today’s information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers’ power outage due to insider threats.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于符合性检查的电力工业控制系统内部威胁检测
与外部威胁相比,源自目标系统的内部威胁更具破坏性和不可见性。更重要的是,检测和缓解这些内部威胁变得更加困难,这对与当今信息技术基础设施紧密结合的工业控制系统(ICS)构成了重大的网络安全挑战。目前,电力公司主要依靠认证机制来防止内部威胁。如果内部入侵者打破了保护屏障,则很难及时识别和干预以防止有害损害。本文在现有深度安全防御体系的基础上,提出了一种针对电力企业集成电路系统的内部威胁防护方案。该保护方案可以利用其业务流程遵从性的特点和上下游业务流程的嵌套进行遵从性检查。以电力公司先进计量基础设施(ami)为例,通过对远程收费控制操作的分析,识别出当前管理机制下存在的违规和误操作的潜在内部威胁。根据业务流程,提出了一种远程收费控制命令符合性检查方案。最后,通过一个具体实例的分析结果表明,所提出的方案可以有效地防止用户因内部威胁而停电。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Agent-Based Modeling for generation bidding strategy Using Policy Gradient Algorithm Operation Risk Probability Assessment of Power System Considering the Stochasticity of Renewable Energy The Selection Study on the Main Transformer Fiber Optic Winding Temperature Testing Research on Fault Detection Scheme for Hybrid LCC-MMC System New Energy Double-layer Consumption Method Based on Orderly Charging of Electric Vehicles and Electricity Price Interaction
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1