Modelling smart grid IT-OT dependencies for DDoS impact propagation

Dilara Acarali, K. Rajesh Rao, Muttukrishnan Rajarajan, Doron Chema, Mark Ginzburg

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)


The traditional power network has now evolved into the smart grid, where cyber technology enables automated control, greater efficiency, and improved stability. However, this integration of information technology exposes critical infrastructure to potential cyber-attacks. Furthermore, the interdependent nature of the grid's composite information and operational technology networks means that vulnerability extends across interconnected devices and systems. Therefore, a DDoS (Distributed Denial-of-Service) attack, which is relatively easy to deploy but potentially highly disruptive, can be used strategically against the smart grid with particularly egregious results. In this paper, we take inspiration from epidemiological modelling to propose a compromise propagation model, alongside a behavioural DDoS model, to explore how dependencies between the grid's networks might influence the scale and impact of DDoS attacks. We found that the internal connectedness of a network amplifies the received impact of failures in an external network on which it is dependent. Furthermore, testing showed that alongside attack force, attack duration influences recovery times, due to both the quantity of resources consumed and the time needed to accumulate recoveries. The models were validated against simulations conducted with cyber-security providers L7 Defense, showing our approach to be a viable companion or alternative to traditional graph-based dependency models.

Original languageEnglish
Article number102528
JournalComputers and Security
Publication statusPublished - 01-2022

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law


Dive into the research topics of 'Modelling smart grid IT-OT dependencies for DDoS impact propagation'. Together they form a unique fingerprint.

Cite this