10,135 research outputs found
Smart Grid Security: Threats, Challenges, and Solutions
The cyber-physical nature of the smart grid has rendered it vulnerable to a
multitude of attacks that can occur at its communication, networking, and
physical entry points. Such cyber-physical attacks can have detrimental effects
on the operation of the grid as exemplified by the recent attack which caused a
blackout of the Ukranian power grid. Thus, to properly secure the smart grid,
it is of utmost importance to: a) understand its underlying vulnerabilities and
associated threats, b) quantify their effects, and c) devise appropriate
security solutions. In this paper, the key threats targeting the smart grid are
first exposed while assessing their effects on the operation and stability of
the grid. Then, the challenges involved in understanding these attacks and
devising defense strategies against them are identified. Potential solution
approaches that can help mitigate these threats are then discussed. Last, a
number of mathematical tools that can help in analyzing and implementing
security solutions are introduced. As such, this paper will provide the first
comprehensive overview on smart grid security
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
Local Cyber-Physical Attack for Masking Line Outage and Topology Attack in Smart Grid
Malicious attacks in the power system can eventually result in a large-scale
cascade failure if not attended on time. These attacks, which are traditionally
classified into \emph{physical} and \emph{cyber attacks}, can be avoided by
using the latest and advanced detection mechanisms. However, a new threat
called \emph{cyber-physical attacks} which jointly target both the physical and
cyber layers of the system to interfere the operations of the power grid is
more malicious as compared with the traditional attacks. In this paper, we
propose a new cyber-physical attack strategy where the transmission line is
first physically disconnected, and then the line-outage event is masked, such
that the control center is misled into detecting as an obvious line outage at a
different position in the local area of the power system. Therefore, the
topology information in the control center is interfered by our attack. We also
propose a novel procedure for selecting vulnerable lines, and analyze the
observability of our proposed framework. Our proposed method can effectively
and continuously deceive the control center into detecting fake line-outage
positions, and thereby increase the chance of cascade failure because the
attention is given to the fake outage. The simulation results validate the
efficiency of our proposed attack strategy.Comment: accepted by IEEE Transactions on Smart Grid. arXiv admin note: text
overlap with arXiv:1708.0320
- …