TY - JOUR
T1 - Modelling smart grid IT-OT dependencies for DDoS impact propagation
AU - Acarali, Dilara
AU - Rajesh Rao, K.
AU - Rajarajan, Muttukrishnan
AU - Chema, Doron
AU - Ginzburg, Mark
N1 - Funding Information:
This work is funded by and a part of Energy Shield, a project under the European Union ’s H2020 Research and Innovation Programme (Grant No. 832907).
Funding Information:
This research is a part of Energy Shield ( Energy Shield, 2021 ), a project funded by the European Union ’s H2020 initiative with the aim of developing toolkits and processes for the improved cyber-defence of smart grids. The project is a collaborative effort between the energy sector, the cyber-security industry, and academia. Our contribution to Energy Shield is in the focus area of DDoS mitigation. The work presented in this paper is a continuation of the research in Acarali et al. (2020) . The F-C model is an enhanced iteration of the earlier S-A-C, a deterministic model based on epidemiological techniques and assuming homogenous mixing and the continuous targeting of the entire IT network population ( Acarali et al., 2020 ). This was one half of a pair of tools designed to estimate the scale of attack-driven compromise. The F-C model seeks to improve on this by considering specific targeting and mixing based on contact probability.
Funding Information:
This research is a part of Energy Shield (Energy Shield, 2021), a project funded by the European Union's H2020 initiative with the aim of developing toolkits and processes for the improved cyber-defence of smart grids. The project is a collaborative effort between the energy sector, the cyber-security industry, and academia. Our contribution to Energy Shield is in the focus area of DDoS mitigation. The work presented in this paper is a continuation of the research in Acarali et al. (2020). The F-C model is an enhanced iteration of the earlier S-A-C, a deterministic model based on epidemiological techniques and assuming homogenous mixing and the continuous targeting of the entire IT network population (Acarali et al., 2020). This was one half of a pair of tools designed to estimate the scale of attack-driven compromise. The F-C model seeks to improve on this by considering specific targeting and mixing based on contact probability.This work is funded by and a part of Energy Shield, a project under the European Union's H2020 Research and Innovation Programme (Grant No. 832907).
Publisher Copyright:
© 2021 Elsevier Ltd
PY - 2022/1
Y1 - 2022/1
N2 - The traditional power network has now evolved into the smart grid, where cyber technology enables automated control, greater efficiency, and improved stability. However, this integration of information technology exposes critical infrastructure to potential cyber-attacks. Furthermore, the interdependent nature of the grid's composite information and operational technology networks means that vulnerability extends across interconnected devices and systems. Therefore, a DDoS (Distributed Denial-of-Service) attack, which is relatively easy to deploy but potentially highly disruptive, can be used strategically against the smart grid with particularly egregious results. In this paper, we take inspiration from epidemiological modelling to propose a compromise propagation model, alongside a behavioural DDoS model, to explore how dependencies between the grid's networks might influence the scale and impact of DDoS attacks. We found that the internal connectedness of a network amplifies the received impact of failures in an external network on which it is dependent. Furthermore, testing showed that alongside attack force, attack duration influences recovery times, due to both the quantity of resources consumed and the time needed to accumulate recoveries. The models were validated against simulations conducted with cyber-security providers L7 Defense, showing our approach to be a viable companion or alternative to traditional graph-based dependency models.
AB - The traditional power network has now evolved into the smart grid, where cyber technology enables automated control, greater efficiency, and improved stability. However, this integration of information technology exposes critical infrastructure to potential cyber-attacks. Furthermore, the interdependent nature of the grid's composite information and operational technology networks means that vulnerability extends across interconnected devices and systems. Therefore, a DDoS (Distributed Denial-of-Service) attack, which is relatively easy to deploy but potentially highly disruptive, can be used strategically against the smart grid with particularly egregious results. In this paper, we take inspiration from epidemiological modelling to propose a compromise propagation model, alongside a behavioural DDoS model, to explore how dependencies between the grid's networks might influence the scale and impact of DDoS attacks. We found that the internal connectedness of a network amplifies the received impact of failures in an external network on which it is dependent. Furthermore, testing showed that alongside attack force, attack duration influences recovery times, due to both the quantity of resources consumed and the time needed to accumulate recoveries. The models were validated against simulations conducted with cyber-security providers L7 Defense, showing our approach to be a viable companion or alternative to traditional graph-based dependency models.
UR - http://www.scopus.com/inward/record.url?scp=85119052965&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85119052965&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2021.102528
DO - 10.1016/j.cose.2021.102528
M3 - Article
AN - SCOPUS:85119052965
SN - 0167-4048
VL - 112
JO - Computers and Security
JF - Computers and Security
M1 - 102528
ER -