Asiri, Mohammed, Saxena, Neetesh ORCID: https://orcid.org/0000-0002-6437-0807 and Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X 2023. Advancing resilience of cyber-physical smart grid: An integrated co-simulation approach incorporating indicators of compromise. Presented at: International Workshop on Re-design Industrial Control Systems with Security (RICSS) in conjunction with IEEE EuroS&P, Delft, Netherlands, 3-7 July 2023. 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, pp. 370-378. 10.1109/eurospw59978.2023.00047 |
Preview |
PDF
- Accepted Post-Print Version
Download (7MB) | Preview |
Abstract
Modelling and simulation techniques offer cost-effective solutions for developing frameworks and modules that address the intertwined cyber-physical security challenges in the Smart Grid (SG) domain. While some existing co-simulation approaches consider both communication networks and power systems, they often overlook the importance of incorporating Indicators of Compromise (IOCs) in their analysis, which are crucial for detecting and mitigating cyber threats.In response to this gap, we introduce ARCSG, a co-simulation approach to study and enhance the resilience of complex cyber-physical power systems against cyber threats, with a particular focus on incorporating IOCs. Our design employs the Common Open Research Emulator (CORE) to emulate the cyber network and uses PowerWorld to model the power system processes. We incorporate control system components such as OpenPLC and ScadaBR. The co-simulation supports various protocols for monitoring and controlling the grid, such as Modbus, DNP3, ICCP, and PCCC. We demonstrate the effectiveness of our design by validating it through a false command attack on a PowerWorld case. Our approach aims to bolster the detection and mitigation of cyber threats by facilitating an advanced post-incident analysis. Such analysis empowers operators to rapidly identify the severity of a security violation, understand the strategies the adversary employed to initially breach security defences, and evaluate the comprehensive impact of the incident.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Status: | Published |
Schools: | Computer Science & Informatics |
Publisher: | IEEE |
ISBN: | 979-8-3503-2720-5 |
Date of First Compliant Deposit: | 12 August 2024 |
Date of Acceptance: | 20 May 2023 |
Last Modified: | 14 Sep 2024 20:49 |
URI: | https://orca.cardiff.ac.uk/id/eprint/159786 |
Actions (repository staff only)
Edit Item |