Cybersecurity in the Smart Grid Practitioners Perspective

2025-05-08 0 0 971.32KB 10 页 10玖币
侵权投诉
Cybersecurity in the Smart Grid: Practitioners’ Perspective
Jacqueline Meyer
jacqueline.meyer@uni.li
Institute of Information Systems
University of Liechtenstein
Giovanni Apruzzese
giovanni.apruzzese@uni.li
Institute of Information Systems
University of Liechtenstein
ABSTRACT
The Smart Grid (SG) is a cornerstone of modern society, providing
the energy required to sustain billions of lives and thousands of in-
dustries. Unfortunately, as one of the most critical infrastructures of
our World, the SG is an attractive target for attackers. The problem
is aggravated by the increasing adoption of digitalisation, which
further increases the SG’s exposure to cyberthreats. Successful ex-
ploitation of such exposure leads to entire countries being paralysed,
which is an unacceptable—but ultimately inescapable—risk.
This paper aims to mitigate this risk by elucidating the per-
spective of real practitioners on the cybersecurity of the SG. We
interviewed 18 entities, operating in diverse countries in Europe
and covering all domains of the SG—from energy generation, to its
delivery. Our analysis highlights a stark contrast between (a) re-
search and practice, but also between (b) public and private entities.
For instance: some threats appear to be much less dangerous than
what is claimed in related papers; some technological paradigms
have dubious utility for practitioners, but are actively promoted by
literature; nally, practitioners may either under- or over-estimate
their own cybersecurity capabilities. We derive four takeaways that
enable future endeavours to improve the overall cybersecurity in
the SG. We conjecture that most of the problems are due to an
improper communication between researchers, practitioners and
regulatory bodies—which, despite sharing a common goal, tend to
neglect the viewpoint of the other ‘spheres’.
KEYWORDS
Cybersecurity, Smart Grid, Interviews, Cyber Physical System, Eu-
rope, Power Generation
ACM Reference Format:
Jacqueline Meyer and Giovanni Apruzzese. 2022. Cybersecurity in the Smart
Grid: Practitioners’ Perspective. In Proceedings of the 8th Annual Industrial
Control System Security Workshop (ICSS ’22), December 6, 2022, Austin, TX,
USA. ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/nnnnnnn.
nnnnnnn
1 INTRODUCTION
Among the infrastructures that sustain the modern world, one in
particular stands out: the Smart Grid (SG). Tasked to provide the
energy empowering our society, without the SG most services,
commodities, and advances, would be either signicantly impaired,
or simply impossible to deliver [18].
We provide a schematic representation of some exemplary ele-
ments
1
of the SG in Fig. 1(which is our adaptation from [
21
]). After
1
All such elements can be considered as Cyber-Physical Systems (CPS) [
29
] or part of
Industrial Control Systems (ICS) [10].
ICSS ’22, December 6, 2022, Austin, TX, USA
2022. ACM ISBN 978-x-xxxx-xxxx-x/YY/MM. . . $15.00
https://doi.org/10.1145/nnnnnnn.nnnnnnn
some energy is generated at a given source, the SG must transmit
such energy (in the form of electricity) to various devices which
ensure the proper energy distribution to the end-users. Given its
strategical importance, the SG is increasingly relying on Informa-
tion Technology (IT) to further enhance its functionalities [
44
]. For
example, IT improves the reliability [
9
] and eciency of the SG [
51
],
and facilitates the collection and distribution of energy in remote
areas [40], or in resource-constrained settings [26].
Power Generation Transmission
Substation
Substation
Distribution
AMI
Headend
Smart
Meter
Smart
Meter
Fig. 1: Overview of the Smart Grid.
Unfortunately, the SG is well-known to be a preferred target for
attackers [
46
], and reliance on IT inevitably exposes to the risk
2
of
cyberthreats [
4
]. Early cyberattacks date back to 2003, when the
David-Besse nuclear power plant in the USA was aected by the
well-known Slammer malware [
5
]. Other notable examples include
famous Advanced Persistent Threats (APT), such as Stuxnet in
2006 [
56
] or the attack to the Ukrainian SG in 2015 [
13
]. The latter,
in particular, caused outages to over 200K households as a result
of the compromise of three major country-wide energy suppliers.
To safeguard the correct operation of the SG, it is paramount to
constantly improve its cybersecurity—which is a topic covered by
abundant literature (e.g., [21,39,44]).
Our paper is inspired by two recent works by Kumar et al. [33]
and Grosse et al. [
25
]. Despite focusing on a dierent context, these
works highlight a stark “disconnection” between (a) the claims
made by researches and (b) the viewpoint of real practitioners. In-
deed, scientic papers tend to make assumptions that deviate from
real-world scenarios—typically, due to the lack of information on
how real IT systems work. Such a lack is even more common in
critical infrastructures [
8
], because any information leak can be
exploited by attackers for their oensive campaigns [
46
,
52
]. Simply
put, many papers focus on issues that, from the practitioners’ per-
spective, have unclear relevance to real systems. As we will show,
this gap is present also in the SG context—which is further compli-
cated by the regulations that govern the complex relationships of
the SG ecosystem. It is well-known that resources are limited in
cybersecurity [
7
], and hence priority should be given to the most
relevant and impactful issues—but only if such issues are brought
to light. We aim to rectify this problem.
2
A recent report [
1
] quanties such risk, stating that attacks against the Swiss SG can
cause losses of up to 12 billion CHF (2% of Swiss’ GDP).
1
arXiv:2210.13119v1 [cs.CR] 24 Oct 2022
ICSS ’22, December 6, 2022, Austin, TX, USA Jacqueline Meyer and Giovanni Apruzzese
Our Contribution.
This paper bridges the gap between re-
search and practice in the SG context, with the intention of improv-
ing the cybersecurity of real SG systems. To reach our objective, we
begin by summarizing the limitations of existing literature from a
‘practical’ viewpoint (§2). Then, we make three major contributions.
We conduct an extensive survey with real practitioners in-
volved in the SG’s cybersecurity 3). Our survey elucidates
the viewpoint of 18 entities, spanning across all seven do-
mains of the SG, and operating in diverse countries in Europe.
Our questions cover generic cybersecurity aspects, e.g.: risk
assessment, dangerous threats, utility of recent technologies.
After transparently presenting our major ndings (§4), we
perform an objective analysis highlighting the disconnections
that emerge from our survey 5). We show: the discrepancy
between research and practice (§5.1); and the dierences
between the public and private sector (§5.2).
We then provide an original interpretation of our results (§6).
We explain the role of regulations in operational cyberse-
curity (§6.1); and derive takeaways for the four ‘spheres’
contributing to the cybersecurity of the SG (§6.2): compa-
nies, legislative bodies, researchers, and authorities.
To the best of our knowledge, this is the rst paper that provides
such an holistic coverage of ‘practical’ cybersecurity in the Euro-
pean SG in the recent years.
2 MOTIVATION AND RELATED WORK
Many papers investigated various cybersecurity aspects of the SG.
We identify four categories of related works: novel attacks and
defenses,literature reviews,case studies, and interviews. Let us explain
the necessity of our study by comparing our paper with prior work.
Attacks and Defenses.
Proposing novel attack scenarios, as
well as corresponding countermeasures, is common in research.
Yet, all such evaluations are performed through simulations, and
therefore have poor practical value. For instance, Zuo et al. [
63
]
propose unbounded attacks on microgrids: despite being rooted on
sophisticated mathematical foundations, the assessment is carried
out in a hardware-in-a-loop testbed. Rrushi et al. [
47
] propose a
physics-driven approach to counter CPS malware: although the
reference data is collected from real substations, the experiments
are carried out in a synthetic environment. A similar issue also
aects other attacks, such as False Data Injection (FDI) [
17
,
36
,
60
], Denial of Service (DoS) [
29
,
38
], spoong [
15
], or Man-in-the-
Middle (MitM) [
59
]. Put simply: no system is foolproof, and it is
positive that research papers also investigate similar scenarios.
However, practitioners have limited resources: according to the
cyber-resilience best practices [
16
,
42
], such resources should be
spent on threats that are more likely to endanger the real SG (which
cannot be gauged through ‘attack/defense’ papers).
Reviews.
Most reviews are exclusively based on scientic papers.
For instance, Awad et al. [
8
] focus on techniques for digital forensics
in SCADA systems, and although they cover frameworks, method-
ologies, and implementations, all such considerations are based on
past scientic literature. Furthermore, Peng et al. [
44
] provide an
in-depth analysis and identify some cybersecurity challenges in the
SG, but their main focus is on specic threats (e.g., DoS and FDI),
preventing a holistic coverage. Such limited scope is addressed, e.g.,
by El et al. [
21
], which also provide actionable recommendations.
However, all ndings of [
21
,
44
] are purely theoretical or derived
from prior research, overlooking the insight of practitioners.
Case Studies.
Many papers provide exhaustive analyses on real
APT targeting the SG. For instance, the authors of [
3
] considers
the evolutions of the original Stuxnet, while Case et al. [
13
] focus
on the Ukrainian SG. A more recent overview of reported APT is
provided by Kaura et al. [
27
]. These papers are useful to provide
some practical takeaways; however, they focus on attacks launched
many years prior, and do not allow to assess the current state-of-
the-art of cybersecurity in the SG.
Interviews.
Few works directly interviewed practitioners, and es-
pecially those related to the SG. For instance, Fischer et al. [
22
]
focus on general cybersecurity challenges in critical infrastructures.
Despite providing insights derived from 63 stakeholders, such ex-
perts pertain to dierent contexts (e.g., Smart Cities) than the SG.
Some papers report ‘outdated’ ndings—e.g., Line et al. [
37
] carry
out 19 interviews, but in in 2012. Nonetheless, Siemens et al. [
50
]
conduct a “workshop” in 2021 entailing participants (23 in total)
from industry and academia, there is no information about the
composition of these two groups, preventing to distill meaningful
knowledge of the practitioners’ viewpoints. Perhaps the closest
eort to our paper is [
45
], which focuses on the perspective of 10
organizations in the power industry. However, their ndings only
span across a single country (the US), and only focus on information
sharing—preventing a broad coverage of the topic.
Research Gap.
Existing works do not provide a holistic
vision of the current cybersecurity in the SG from the
perspective of practitioners. Our paper aims to x this gap
by elucidating the recent opinion of SG experts (operating
in diverse countries in Europe) to the research domain.
3 RESEARCH METHODOLOGY
The main contribution of this paper are the ndings of our survey
with 18 entities related to the SG. Our ndings, and corresponding
survey, revolve around a broad research objective: investigating the
state-of-the-practice of cybersecurity in the European SG.
In what follows, we describe our research methodology—for
which we provide an overview in Fig. 2. At the end of this section,
we make some considerations on our study and elucidate some of
the challenges we encountered (§3.3).
Preliminary Investigation
1) Identification of SG entities
in European countries
2) First contact with
Private Companies
3) First contact with
Public Authorities
Survey Design
1) Identification of relevant
topics for our objective
2) Designing the questionnaire
for Private Companies
3) Designing the questionnaire
for Public Authorities
Findings
1) Data collection, translation,
aggregation and visualization
2) Objective and transparent
analysis of responses
3) Original interpretation
of results and takeaways
Interview
Agreements
(NDA)
Live
Interviews
(remote)
Fig. 2: Overview of our adopted research methodology.
3.1 Preliminary Investigation
We began our study by identifying a suitable set of entities that
(i) allowed to address our main objective and that (ii) were willing to
contribute to our research. Let us briey summarize the complexity
of the modern SG, so as to enable understanding why reaching our
objective is dicult for research endeavours.
2
摘要:

CybersecurityintheSmartGrid:Practitioners’PerspectiveJacquelineMeyerjacqueline.meyer@uni.liInstituteofInformationSystemsUniversityofLiechtensteinGiovanniApruzzesegiovanni.apruzzese@uni.liInstituteofInformationSystemsUniversityofLiechtensteinABSTRACTTheSmartGrid(SG)isacornerstoneofmodernsociety,provi...

展开>> 收起<<
Cybersecurity in the Smart Grid Practitioners Perspective.pdf

共10页,预览2页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:10 页 大小:971.32KB 格式:PDF 时间:2025-05-08

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 配电装置 动力学连接体 力的合成 高考理综 全宋诗作者索引 公务员考试
/ 10
评分 收藏
分享
立即下载
客服
关注