Towards an Approach to Contextual Detection of Multi-Stage Cyber Attacks in Smart Grids
This addresses cybersecurity risks for electric power grids, but it appears incremental as it builds on existing detection mechanisms with domain-specific challenges.
The paper tackles the problem of detecting coordinated, multi-stage cyber attacks in smart grids by proposing an approach that collects and correlates cross-domain threat information, though no concrete performance numbers are provided.
Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provide an adequate basis to contextually assess and understand the situation of smart grids in case of coordinated cyber-attacks, we need a systematic and coherent approach to identify cyber incidents. In this paper, we present an approach that collects and correlates cross-domain cyber threat information to detect multi-stage cyber-attacks in energy information systems. We investigate the applicability and performance of the presented correlation approach and discuss the results to highlight challenges in domain-specific detection mechanisms.