Abstract
Power systems are undergoing rapid digitalization. This introduces new vulnerabilities and cyber threats in future Cyber-Physical Power Systems (CPPS). Some of the most notable incidents include the cyber attacks on the power grid in Ukraine in 2015, 2016, and 2022, which employed Advanced Persistent Threat (APT) strategies that took several months to reach their objectives and caused power outages. This highlights the urgent need for an in-depth analysis of APTs on CPPS. However, existing frameworks for analyzing cyber attacks, i.e., MITRE ATT&CK ICS and Cyber Kill Chain, have limitations in comprehensively analyzing APTs in CPPS environments. To address this gap, we propose a novel Advanced Cyber-Physical Power System (ACPPS) kill chain framework. The ACPPS kill chain identifies the APT characteristics that are unique to power systems. It defines and examines the cyber-physical APT stages spanning from the initial phases of infiltration to cascading failures and a power system blackout. The proposed ACPPS kill chain is validated with real-world APT attacks on the power grid in Ukraine in 2015 and 2016, and cyber-physical simulations.
Original language | English |
---|---|
Pages (from-to) | 177746 - 177771 |
Number of pages | 26 |
Journal | IEEE Access |
Volume | 12 |
DOIs | |
Publication status | Published - 2024 |
Keywords
- Advanced persistent threat
- anomaly detection
- blackout
- cascading failures
- cyber attack
- cyber kill chain
- cyber security
- cyber-physical power system
- cyber-physical system
- power grids
- power system
Fingerprint
Dive into the research topics of 'Advanced Persistent Threat Kill Chain for Cyber-Physical Power Systems'. Together they form a unique fingerprint.Datasets
-
Data underlying the PhD dissertation: Advanced Persistent Threat Detection and Correlation for Cyber-Physical Power Systems
Presekal, A. (Creator), TU Delft - 4TU.ResearchData, 10 Jan 2025
DOI: 10.4121/6B865A28-683D-4ACE-A537-DBAA8CF9EE63
Dataset/Software: Dataset