Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, Sanjay K. Jha
{"title":"A Comprehensive Threat Modelling Analysis for Distributed Energy Resources","authors":"Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, Sanjay K. Jha","doi":"10.1145/3678260","DOIUrl":null,"url":null,"abstract":"The exponential rise in popularity of Distributed Energy Resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This paper addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for Industrial Control Systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the Cyber Kill Chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the Distribution System Operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO’s Energy Management System, with proposed mitigations.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3678260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0
Abstract
The exponential rise in popularity of Distributed Energy Resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This paper addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for Industrial Control Systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the Cyber Kill Chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the Distribution System Operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO’s Energy Management System, with proposed mitigations.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
