Abstract
The widespread utilization of communication technology in modern energy production facilities and increasing connectivity of the associated devices with links to the internet can result in broad cyber attack surfaces. As a consequence, cyber security incidents in energy need to be studied closely in order to devise appropriate mitigation techniques. In this paper we discuss models for the analysis of threats focusing on energy infrastructure. While classic IT threat modeling approaches can be applied within this scope, there are certain limitations to these models. We demonstrate the shortcomings of existing methodologies by applying both the STRIDE model as well as the AVD model, which is more suited to energy security threats. By studying 40 security incidents in energy infrastructure, we demonstrate limitations of the aforementioned models and suggest extensions in order to more accurately describe cyber attacks on energy infrastructure. Future modeling approaches should consider the threat actors’ motivations and allow analysis of complex multi-stage or multi-phase attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Mohannadi, H., Mirza, Q., Namanya, A., Awan, I., Cullen, A., Disso, J.: Cyber-attack modeling analysis techniques: an overview. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 69–76. IEEE (2016)
Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutor. 21(2), 1851–1877 (2019)
Aufner, P.: The IoT security gap: a look down into the valley between threat models and their implementation. Int. J. Inf. Secur. 19(1), 3–14 (2020)
Brown, A.S.: Scada vs. the hackers. Mech. Eng. 124(12), 37–40 (2002)
Bundesamt für Sicherheit in der Informationstechnik: Bericht zur Lage der IT-Sicherheit in Deutschland 2020 (2020)
Desarnaud, G.: Cyber attacks and energy infrastructures: anticipating risks (2017)
Drias, Z., Serhrouchni, A., Vogel, O.: Taxonomy of attacks on industrial control protocols. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), pp. 1–6. IEEE (2015)
Case, D.U.: Analysis of the cyber attack on the Ukrainian power grid. Electr. Inf. Shar. Anal. Center (E-ISAC) 388, 1–29 (2016)
Fleury, T., Khurana, H., Welch, V.: Towards a taxonomy of attacks against energy control systems. In: Papa, M., Shenoi, S. (eds.) ICCIP 2008. TIFIP, vol. 290, pp. 71–85. Springer, Boston, MA (2008). https://doi.org/10.1007/978-0-387-88523-0_6
He, H., Yan, J.: Cyber-physical attacks and defences in the smart grid: a survey. IET Cyber-Phys. Syst.: Theory Appl. 1(1), 13–27 (2016)
Nussbaum, D., Dupuy, A.: The cyber-energy nexus: the military operational perspective. In: European Conference on Cyber Warfare and Security, pp. 713–718. Academic Conferences International Limited (2017)
Samonas, S., Coss, D.: The cia strikes back: redefining confidentiality, integrity and availability in security. J. Inf. Syst. Secur. 10(3) (2014)
Shostack, A.: Experiences threat modeling at microsoft. In: MODSEC@ MoDELS 2008 (2008)
Zeitung für kommunale Wirtschaft: Cyberangriff legt Stadtwerke Langenfeld lahm (2019)
Acknowledgement
We thank B.Sc. Moritz Schwab for compiling and analyzing the list of cyber incidents.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Attenberger, A. (2022). Modeling Approaches for Cyber Attacks on Energy Infrastructure. In: Moreno-Díaz, R., Pichler, F., Quesada-Arencibia, A. (eds) Computer Aided Systems Theory – EUROCAST 2022. EUROCAST 2022. Lecture Notes in Computer Science, vol 13789. Springer, Cham. https://doi.org/10.1007/978-3-031-25312-6_23
Download citation
DOI: https://doi.org/10.1007/978-3-031-25312-6_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25311-9
Online ISBN: 978-3-031-25312-6
eBook Packages: Computer ScienceComputer Science (R0)