Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid

The Smart Grid is a large networked cyber-physical control system that is part of the critical infrastructure. This paper presents a cyber-physical attack against a substation where the attacker causes a transformer to overheat. The attack is modeled using a hybrid attack graph (HAG), which provides a means to model both the physical and cyber components of the attack. The HAG provides insight into potential attack vectors. Based on this information, key points in the system can be identified where security can be strengthened. Direction for future work to expand the capabilities of HAGs for modeling cyber-physical attacks is presented.

[1]  A. Kalam,et al.  The Application-View Model of the International Standard IEC 61850 , 2009, IEEE Transactions on Power Delivery.

[2]  C. Ramchandani,et al.  Analysis of asynchronous concurrent systems by timed petri nets , 1974 .

[3]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[4]  T. Tidwell,et al.  Modeling Internet Attacks , 2022 .

[5]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[6]  M. Ingram,et al.  Toward effective substation automation , 2007, IEEE Power and Energy Magazine.

[7]  Peter J. Hawrylak,et al.  Attack Graphs and Scenario Driven Wireless Computer Network Defense , 2012 .

[8]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[9]  Maybin K. Muyeba,et al.  Threat Modeling Revisited: Improving Expressiveness of Attack , 2008, 2008 Second UKSIM European Symposium on Computer Modeling and Simulation.

[10]  Ryan M. Layer,et al.  Evaluating the risk of cyber attacks on SCADA systems via Petri net analysis with application to hazardous liquid loading operations , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[11]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.

[12]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[13]  Peter J. Hawrylak,et al.  Toward hybrid attack dependency graphs , 2011, CSIIRW '11.

[14]  Valeriy Vyatkin,et al.  Distributed Power System Automation With IEC 61850, IEC 61499, and Intelligent Control , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[15]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[16]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[17]  Stephen D. Wolthusen,et al.  Modeling and execution of complex attack scenarios using interval timed colored Petri nets , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[18]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[19]  R.F. Mills,et al.  Analyzing Attack Trees using Generalized Stochastic Petri Nets , 2006, 2006 IEEE Information Assurance Workshop.

[20]  Ryan M. Layer,et al.  Coupled Petri nets for computer network risk analysis , 2010, Int. J. Crit. Infrastructure Prot..

[21]  Tetsuji Maeda,et al.  Applying IEC 61850 to Substation Automation Systems , 2007 .