A Comprehensive Threat Modelling Analysis for Distributed Energy Resources

IF 4.7 Q2 MATERIALS SCIENCE, BIOMATERIALS ACS Applied Bio Materials Pub Date : 2024-07-17 DOI:10.1145/3678260

Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, Sanjay K. Jha

{"title":"A Comprehensive Threat Modelling Analysis for Distributed Energy Resources","authors":"Neel Bhaskar, Jawad Ahmed, Rahat Masood, Nadeem Ahmed, Stephen Kerr, Sanjay K. Jha","doi":"10.1145/3678260","DOIUrl":null,"url":null,"abstract":"The exponential rise in popularity of Distributed Energy Resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This paper addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for Industrial Control Systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the Cyber Kill Chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the Distribution System Operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO’s Energy Management System, with proposed mitigations.","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":" 26","pages":""},"PeriodicalIF":4.7000,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3678260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}

引用次数: 0

Abstract

The exponential rise in popularity of Distributed Energy Resources (DERs) is attributed to their numerous benefits within the power sector. However, the risks that new DERs pose to the power grid have not yet been closely assessed, exposing a gap in the literature. This paper addresses this gap by presenting a comprehensive threat model of the DER architecture, combining the MITRE ATT&CK catalogue for Industrial Control Systems (ICS), and the IDDIL/ATC threat model, to create a hybrid approach. Our first contribution is to propose criteria derived from seven metrics to evaluate and compare the efficacy and usability of threat modelling frameworks for DER systems, allowing more informed framework selection. Our second contribution is to develop a comprehensive hybrid threat modelling approach based on IDDIL/ATC and MITRE ATT&CK and organise attack paths chronologically using the Cyber Kill Chain methodology to categorise attacker techniques. Our third contribution is to perform a comprehensive DER architecture system decomposition, elaborating assets, trust levels, entry points, data, protocols, and entity relations to identify the threat landscape. Our final contribution is to apply the proposed approach to the Distribution System Operator (DSO), mapping potential attacker techniques and illustrating a ransomware attack chain on the DSO’s Energy Management System, with proposed mitigations.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

分布式能源的综合威胁建模分析

分布式能源资源（DER）的指数式增长归功于其在电力行业中的众多优势。然而，新的 DER 对电网构成的风险尚未得到仔细评估，这暴露了文献中的空白。本文结合 MITRE ATT&CK 工业控制系统 (ICS) 目录和 IDDIL/ATC 威胁模型，提出了 DER 架构的综合威胁模型，创建了一种混合方法，从而填补了这一空白。我们的第一个贡献是提出了从七个指标中衍生出来的标准，用于评估和比较 DER 系统威胁建模框架的有效性和可用性，从而可以更明智地选择框架。我们的第二个贡献是基于 IDDIL/ATC 和 MITRE ATT&CK 开发了一种全面的混合威胁建模方法，并使用网络杀伤链方法按时间顺序组织攻击路径，对攻击者的技术进行分类。我们的第三个贡献是进行全面的 DER 架构系统分解，详细说明资产、信任级别、入口点、数据、协议和实体关系，以确定威胁状况。我们的最后一个贡献是将建议的方法应用于配电系统运营商 (DSO)，映射潜在的攻击者技术，并说明 DSO 能源管理系统的勒索软件攻击链，以及建议的缓解措施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ACS Applied Bio Materials Chemistry-Chemistry (all)

CiteScore

9.40

自引率

2.10%

发文量

464

期刊介绍： ACS Applied Bio Materials is an interdisciplinary journal publishing original research covering all aspects of biomaterials and biointerfaces including and beyond the traditional biosensing, biomedical and therapeutic applications. The journal is devoted to reports of new and original experimental and theoretical research of an applied nature that integrates knowledge in the areas of materials, engineering, physics, bioscience, and chemistry into important bio applications. The journal is specifically interested in work that addresses the relationship between structure and function and assesses the stability and degradation of materials under relevant environmental and biological conditions.

期刊最新文献

Issue Publication Information Issue Editorial Masthead The Role of Pectin in Optimizing Cationic Liposomes for Oral Delivery. Mesoporous Silica Nanoparticles: A Promising Nanoplatform for Treating Osteoarthritis and Rheumatoid Arthritis. NIR-Activated Bactericidal-Antioxidative Microneedles Based on Organic J-Aggregates to Accelerate Infected Wound Healing.