research-article

Targeted Attacks against Industrial Control Systems: Is the Power Industry Prepared?

Authors:

Gianluca Stringhini,

Richard KemmererAuthors Info & Claims

SEGS '14: Proceedings of the 2nd Workshop on Smart Energy Grid Security

Pages 13 - 22

https://doi.org/10.1145/2667190.2667192

Published: 07 November 2014 Publication History

Abstract

Targeted cyber attacks are on the rise, and the power industry is an attractive target. Espionage and causing physical damage are likely goals of these targeted attacks. In the case of the power industry, the worst possible consequences are severe: large areas, including critical societal infrastructures, can suffer from power outages. In this paper, we try to measure the preparedness of the power industry against targeted attacks. To this end, we have studied well-known targeted attacks and created a taxonomy for them. Furthermore, we conduct a study, in which we interview six power distribution system operators (DSOs), to assess the level of cyber situation awareness among DSOs and to evaluate the efficiency and effectiveness of their currently deployed systems and practices for detecting and responding to targeted attacks. Our findings indicate that the power industry is very well prepared for traditional threats, such as physical attacks. However, cyber attacks, and especially sophisticated targeted attacks, where social engineering is one of the strategies used, have not been addressed appropriately so far. Finally, by understanding previous attacks and learning from them, we try to provide the industry with guidelines for improving their situation awareness and defense (both detection and response) capabilities.

References

[1]

Operation Aurora. http://en.wikipedia.org/wiki/Operation_Aurora, 2010.

[2]

Global Energy Cyberattacks: "Night Dragon". Technical report, McAfee, 2011.

[3]

ICS-CERT Monitor, Oct/Nov/Dec 2013. https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Oct-Dec2013.pdf.

[4]

Unveiling "Careto" - The Masked APT. Kaspersky Lab, February 2014.

[5]

D. Albright, P. Brannan, and C. Walrond. Did Stuxnet take out 1000 centrifuges at the Natanz enrichment plant? Technical report, Institute for Science and International Security (ISIS), 2010.

[6]

D. Albright, P. Brannan, and C. Walrond. Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report. Technical report, Institute for Science and International Security (ISIS), 2011.

[7]

R. Anderson, C. Barton, R. Böhme, R. Clayton, M. Eeten, M. Levi, T. Moore, and S. Savage. Measuring the Cost of Cybercrime. In 11th Workshop on the Economics of Information Security (WEIS'12), 2012.

[8]

P. Barford, M. Dacier, T. Dietterich, M. Fredrikson, J. Giffin, S. Jajodia, S. Jha, J. Li, P. Liu, P. Ning, X. Ou, D. Song, L. Strater, V. Swarup, G. Tadda, C. Wang, and J. Yen. Cyber SA: Situational Awareness for Cyber Defense. In S. Jajodia, P. Liu, V. Swarup, and C. Wang, editors, Cyber Situational Awareness, volume 46 of Advances in Information Security, pages 3--13. Springer US, 2010.

[9]

D. Batchelder, J. Blackbird, D. Felstead, P. Henry, J. Jones, and A. Kulkarni. Microsoft Security Intelligence Report. Microsoft, 2014.

[10]

P. Ben-Nun. Respondent Fatigue, pages 743--744. Sage Publications, Inc., 1st edition, 2008.

[11]

J. Dai, X. Sun, P. Liu, and N. Giacobe. Gaining Big Picture Awareness through an Interconnected Cross-Layer Situation Knowledge Reference Model. In International Conference on Cyber Security (CyberSecurity) 2012, pages 83--92, Dec 2012.

Digital Library

[12]

T. Diefenbach. Are case studies more than sophisticated storytelling?: Methodological problems of qualitative empirical research mainly based on semi-structured interviews. Quality & Quantity, 43(6):875--894, 2009.

[13]

A. Doupé, M. Egele, B. Caillat, G. Stringhini, G. Yakin, A. Zand, L. Cavedon, and G. Vigna. Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2011.

Digital Library

[14]

N. Falliere, L. Murchu, and E. Chien. W32. stuxnet dossier. White paper, Symantec Corp., Security Response, 2011.

[15]

J. R. Goodall, A. D'Amico, and J. K. Kopylec. Camus: Automatically mapping Cyber Assets to Missions and Users. MILCOM 2009 - 2009 IEEE Military Communications Conference, pages 1--7, Oct. 2009.

Digital Library

[16]

M. Grimaila, R. Mills, and L. Fortson. Improving the Cyber Incident Mission Impact Assessment Processes. In 4th Annual Workshop on Cyber Security and Information Intelligence Research, 2008.

Digital Library

[17]

R. Langner. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, 2011.

Digital Library

[18]

M. B. Line. Why securing smart grids is not just a straightforward consultancy exercise. Security and Communication Networks, 7(1):160--174, 2014.

Digital Library

[19]

M. B. Line, I. A. Tøndel, and M. G. Jaatun. Information security incident management: Planning for failure. In 8th International Conference on IT Security Incident Management and IT Forensics (IMF), pages 47--61, May 2014.

Digital Library

[20]

C. Paul and K. Whitley. A Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness. In L. Marinos and I. Askoxylakis, editors, Human Aspects of Information Security, Privacy, and Trust, volume 8030 of Lecture Notes in Computer Science, pages 145--154. Springer Berlin Heidelberg, 2013.

[21]

N. Provos, P. Mavrommatis, M. Rajab, and F. Monrose. All Your Iframes Point to Us. In USENIX Security Symposium, 2008.

Digital Library

[22]

C. Robson. Real world research. John Wiley & Sons Ltd., 3rd edition, 2011.

[23]

G. P. Tadda. Measuring performance of Cyber situation awareness systems. In 11th International Conference on Information Fusion, pages 1--8, June 2008.

[24]

C. Tankard. Advanced persistent threats and how to monitor and deter them. Network security, 2011.

[25]

O. Thonnard, L. Bilge, G. O'Gorman, S. Kiernan, and M. Lee. Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In D. Balzarotti, S. Stolfo, and M. Cova, editors, Research in Attacks, Intrusions, and Defenses, volume 7462 of Lecture Notes in Computer Science, pages 64--85. Springer Berlin Heidelberg, 2012.

Digital Library

[26]

C. Witchall and J. Chambers. Cyber incident response: Are business leaders ready? The Economist Intelligence Unit (EIU), 2014.

Cited By

Gallardo AErbes RLe Blanc KBauer LCranor L(2024)Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical InfrastructureProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642493(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642493
Adhikari NRamkumar M(2023)IoT and Blockchain Integration: Applications, Opportunities, and ChallengesNetwork10.3390/network30100063:1(115-141)Online publication date: 24-Jan-2023
https://doi.org/10.3390/network3010006
Banerjee SGalbraith SKhan TCastellanos JRussello G(2023)Preventing Reverse Engineering of Control Programs in Industrial Control SystemsProceedings of the 9th ACM Cyber-Physical System Security Workshop10.1145/3592538.3594275(48-59)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3592538.3594275
Show More Cited By

Index Terms

Targeted Attacks against Industrial Control Systems: Is the Power Industry Prepared?

Index terms have been assigned to the content through auto-classification.

Recommendations

Mitigation of Targeted and Non-targeted Covert Attacks as a Timing Game
GameSec 2013: 4th International Conference on Decision and Game Theory for Security - Volume 8252

We consider a strategic game in which a defender wants to maintain control over a resource that is subject to both targeted and non-targeted covert attacks. Because the attacks are covert, the defender must choose to secure the resource in real time ...
Physics-aware targeted attacks against maritime industrial control systems
Abstract
The advancement of the maritime industry towards technologically integrated and automated systems has significantly increased the complexity of onboard Industrial Control Systems (ICS), raising concerns about cybersecurity risks. In this paper, ...
Poisoning attacks on cyber attack detectors for industrial control systems
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

Recently, neural network (NN)-based methods, including autoencoders, have been proposed for the detection of cyber attacks targeting industrial control systems (ICSs). Such detectors are often retrained, using data collected during system operation, to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SEGS '14: Proceedings of the 2nd Workshop on Smart Energy Grid Security

November 2014

60 pages

ISBN:9781450331548

DOI:10.1145/2667190

General Chairs:
Klaus Kursawe
ENCS, The Netherlands
,
Benessa Defend
ENCS, The Netherlands
,
Program Chair:
Klaus Kursawe
ENCS, The Netherlands

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

SEGS '14 Paper Acceptance Rate 7 of 11 submissions, 64%;

Overall Acceptance Rate 19 of 38 submissions, 50%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
705
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)8

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gallardo AErbes RLe Blanc KBauer LCranor L(2024)Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical InfrastructureProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642493(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642493
Adhikari NRamkumar M(2023)IoT and Blockchain Integration: Applications, Opportunities, and ChallengesNetwork10.3390/network30100063:1(115-141)Online publication date: 24-Jan-2023
https://doi.org/10.3390/network3010006
Banerjee SGalbraith SKhan TCastellanos JRussello G(2023)Preventing Reverse Engineering of Control Programs in Industrial Control SystemsProceedings of the 9th ACM Cyber-Physical System Security Workshop10.1145/3592538.3594275(48-59)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3592538.3594275
Rudrakar SRughani P(2023)IoT based Agriculture (Ag-IoT): A detailed study on Architecture, Security and ForensicsInformation Processing in Agriculture10.1016/j.inpa.2023.09.002Online publication date: Sep-2023
https://doi.org/10.1016/j.inpa.2023.09.002
Staves AAnderson TBalderstone HGreen BGouglidis AHutchison D(2022)A Cyber Incident Response and Recovery Framework to Support Operators of Industrial Control SystemsInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2021.10050537(100505)Online publication date: Jul-2022
https://doi.org/10.1016/j.ijcip.2021.100505
Rajput PSarkar ETychalas DManiatakos M(2021)Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware2021 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP51992.2021.00033(369-384)Online publication date: Sep-2021
https://doi.org/10.1109/EuroSP51992.2021.00033
Husnoo MAnwar AChakrabortty RDoss RRyan M(2021)Differential Privacy for IoT-Enabled Critical Infrastructure: A Comprehensive SurveyIEEE Access10.1109/ACCESS.2021.31243099(153276-153304)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3124309
Mahmud IRamayah TNayeem MIslam SGan P(2020)Modelling Cyber-Crime Protection Behaviour among Computer Users in the Context of BangladeshCyber Warfare and Terrorism10.4018/978-1-7998-2466-4.ch021(321-341)Online publication date: 2020
https://doi.org/10.4018/978-1-7998-2466-4.ch021
Snow SHappa JHorrocks NGlencross M(2020)Using Design Thinking to Understand Cyber Attack Surfaces of Future Smart GridsFrontiers in Energy Research10.3389/fenrg.2020.5919998Online publication date: 30-Oct-2020
https://doi.org/10.3389/fenrg.2020.591999
Tondel IBorgaonkar RJaatun MFroystad C(2020)What Could Possibly Go Wrong? Smart Grid Misuse Case Scenarios2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecurity49315.2020.9138892(1-8)Online publication date: Jun-2020
https://doi.org/10.1109/CyberSecurity49315.2020.9138892
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten