Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Fortify Your Defenses: Strategic Budget Allocation to Enhance Power Grid Cybersecurity (2312.13476v1)

Published 20 Dec 2023 in cs.CR, cs.AI, cs.SY, and eess.SY

Abstract: The abundance of cyber-physical components in modern day power grid with their diverse hardware and software vulnerabilities has made it difficult to protect them from advanced persistent threats (APTs). An attack graph depicting the propagation of potential cyber-attack sequences from the initial access point to the end objective is vital to identify critical weaknesses of any cyber-physical system. A cyber security personnel can accordingly plan preventive mitigation measures for the identified weaknesses addressing the cyber-attack sequences. However, limitations on available cybersecurity budget restrict the choice of mitigation measures. We address this aspect through our framework, which solves the following problem: given potential cyber-attack sequences for a cyber-physical component in the power grid, find the optimal manner to allocate an available budget to implement necessary preventive mitigation measures. We formulate the problem as a mixed integer linear program (MILP) to identify the optimal budget partition and set of mitigation measures which minimize the vulnerability of cyber-physical components to potential attack sequences. We assume that the allocation of budget affects the efficacy of the mitigation measures. We show how altering the budget allocation for tasks such as asset management, cybersecurity infrastructure improvement, incident response planning and employee training affects the choice of the optimal set of preventive mitigation measures and modifies the associated cybersecurity risk. The proposed framework can be used by cyber policymakers and system owners to allocate optimal budgets for various tasks required to improve the overall security of a cyber-physical system.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. IoT Ecosystem: A Survey on Devices, Gateways, Operating Systems, Middleware and Communication. International Journal of Wireless Information Networks, 27(3): 340–364.
  2. Implementing a real-time cyber-physical system test bed in RTDS and OPNET. In 2014 North American Power Symposium (NAPS), 1–6.
  3. Culafi, A. 2021. Why patching vulnerabilities is still a problem, and how to fix it. https://www.techtarget.com/searchsecurity/news/252503950/Why-patching-vulnerabilities-is-still-a-problem-and-how-to-fix-it.
  4. Towards Automatic Mapping of Vulnerabilities to Attack Patterns using Large Language Models. In 2022 IEEE International Symposium on Technologies for Homeland Security (HST), 1–7.
  5. Hybrid Attack Graph Generation with Graph Convolutional Deep-Q Learning. In The 3rd Workshop on Artificial Intelligence-Enabled Cybersecurity Analytics, KDD 2023. Long Beach, CA, USA.
  6. Software-defined networking for Smart Grid communications: Applications, challenges and advantages. In 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm), 422–427.
  7. Cyber Attack Sequences Generation for Electric Power Grid. In The 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES), 1–6. IEEE.
  8. INSPIRE: Integrated co-simulation of power and ICT systems for real-time evaluation. In 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm), 576–581.
  9. Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework. Sensors, 21(9): 3267.
  10. VOLTTRON: An agent platform for integrating electric vehicles and Smart Grid. In 2013 International Conference on Connected Vehicles and Expo (ICCVE), 81–86.
  11. Enabling multi-layer cyber-security assessment of Industrial Control Systems through Hardware-In-The-Loop testbeds. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), 511–518.
  12. Kubanek, J. 2017. Optimal decision making and matching are tied through diminishing returns. Proceedings of the National Academy of Sciences, 114(32): 8499–8504.
  13. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45: 13–24.
  14. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7: 8176–8186.
  15. The Dark Web as a Platform for Crime: An Exploration of Illicit Drug, Firearm, CSAM, and Cybercrime Markets, 1–27. Cham: Springer International Publishing.
  16. MITRE Corporation. 2023. MITRE ATT&CK Framework. Last accessed February 2023.
  17. Interdicting attack graphs to protect organizations from cyber attacks: A bi-level defender–attacker model. Computers & Operations Research, 75: 118–131.
  18. SCADASim—A Framework for Building SCADA Simulations. IEEE Transactions on Smart Grid, 2(4): 589–597.
  19. A testbed environment for buildings-to-grid cyber resilience research and development. In 2017 Resilience Week (RWS), 12–17.
  20. Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors. Decision Support Systems, 75: 49–62.
  21. Development of a smart-grid cyber-physical systems testbed. In 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT), 1–6.
  22. Impact-Driven Sampling Strategies for Hybrid Attack Graphs. In 2022 IEEE International Symposium on Technologies for Homeland Security (HST), 1–7.
  23. Multi-fidelity Bayesian Optimization for Co-design of Resilient Cyber-Physical Systems. In 2022 ACM/IEEE 13th International Conference on Cyber-Physical Systems (ICCPS), 298–299.
  24. Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies. IEEE Access, 9: 29775–29818.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now