Towards an Approach to Contextual Detection of Multi-Stage Cyber Attacks in Smart Grids

TL;DR

This paper proposes a systematic approach to detect multi-stage cyber-attacks in smart grids by correlating cross-domain threat information, aiming to improve situational awareness and response capabilities.

Contribution

It introduces a novel correlation-based method for identifying complex cyber-attack sequences in energy systems, addressing challenges in domain-specific detection.

Findings

The approach effectively detects multi-stage attacks in simulated environments.

Correlation improves detection accuracy over isolated domain analysis.

Challenges in domain-specific detection mechanisms are discussed.

Abstract

Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provide an adequate basis to contextually assess and understand the situation of smart grids in case of coordinated cyber-attacks, we need a systematic and coherent approach to identify cyber incidents. In this paper, we present an approach that collects and correlates cross-domain cyber threat information to detect multi-stage cyber-attacks in energy information systems. We investigate the applicability and performance of the presented correlation approach and discuss the results to highlight challenges in domain-specific detection mechanisms.