As much the digitization of modern grids with help of information and communications technology brings numerous benefits in execution of important functionalities of the energy supply operations, it also brings with it various vulnerabilities to the grid in terms of massive cyber-attacks.
The high-impact cyber-attack on power grids is generally orchestrated in multiple-stages, where the attacker takes several steps exploiting multiple vulnerabilities of different assets to achieve the final goal. To monitor such multi-stage attacks, robust detection correlation approaches are needed to improve situational awareness of the system.
The project CyberSEAS focuses on securing the modern day power grid against high-impact attacks. The attack-defense co-simulator, as part of the CyberSEAS toolset, provides the necessary cybersecurity monitoring mechanism to protect against adverse multi-stage attacks.
The co-simulator utilizes a No-SQL graph database to create a knowledge base that will include a model of the infrastructure to be protected in conjunction with cyber intelligence information and threat models, thereby creating a graph-based cyber intelligence database. Further, the Attack-defense co-simulator is interfaced with several detection mechanisms in order to receive intrusion detection signals. By defining a suitable ontology, the co-simulator allows creation of new relationships and correlation of observed attack indicators. The co-simulator then monitors the attack with the aid of a graph-based cyber intelligence database and alert correlation approach.
With help of co-simulator the attack graphs and the detected attack paths can be generated. It also yields the likely next attack steps within attack graph and historical attack evaluation through Bayesian network correlation. Additionally, it enables rapid deployment of the component in other infrastructures due to the reduced specific configuration requirements. The key objective of the simulator is to provide an innovative cyber-human threat detection with the ability to function effectively under uncertainty by going beyond IDS systems to co-simulate EPES situation environment, security and privacy threats.