Advanced Persistent Threat Kill Chain for Cyber-Physical Power Systems

Research output: Contribution to journalArticleScientificpeer-review

4 Downloads (Pure)

Abstract

Power systems are undergoing rapid digitalization. This introduces new vulnerabilities and cyber threats in future Cyber-Physical Power Systems (CPPS). Some of the most notable incidents include the cyber attacks on the power grid in Ukraine in 2015, 2016, and 2022, which employed Advanced Persistent Threat (APT) strategies that took several months to reach their objectives and caused power outages. This highlights the urgent need for an in-depth analysis of APTs on CPPS. However, existing frameworks for analyzing cyber attacks, i.e., MITRE ATT&CK ICS and Cyber Kill Chain, have limitations in comprehensively analyzing APTs in CPPS environments. To address this gap, we propose a novel Advanced Cyber-Physical Power System (ACPPS) kill chain framework. The ACPPS kill chain identifies the APT characteristics that are unique to power systems. It defines and examines the cyber-physical APT stages spanning from the initial phases of infiltration to cascading failures and a power system blackout. The proposed ACPPS kill chain is validated with real-world APT attacks on the power grid in Ukraine in 2015 and 2016, and cyber-physical simulations.

Original languageEnglish
Pages (from-to)177746 - 177771
Number of pages26
JournalIEEE Access
Volume12
DOIs
Publication statusPublished - 2024

Keywords

  • Advanced persistent threat
  • anomaly detection
  • blackout
  • cascading failures
  • cyber attack
  • cyber kill chain
  • cyber security
  • cyber-physical power system
  • cyber-physical system
  • power grids
  • power system

Fingerprint

Dive into the research topics of 'Advanced Persistent Threat Kill Chain for Cyber-Physical Power Systems'. Together they form a unique fingerprint.

Cite this