attack graph based metrics for identifying critical cyber
play

Attack Graph Based Metrics for Identifying Critical Cyber Assets in - PowerPoint PPT Presentation

Jul 29, 2023 •167 likes •378 views

Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure Chen Huo Panini Sai Patapanchala Dr. Rakesh B. Bobba Dr. Eduardo Cotilla-Sanchez 1 Our Goal Short-term : Developing a method that takes

  1. Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure Chen Huo Panini Sai Patapanchala Dr. Rakesh B. Bobba Dr. Eduardo Cotilla-Sanchez 1

  2. Our Goal • Short-term : Developing a method that takes cyber-physical dependency into account and assesses the risk of cyber-attack induced cascading failures. • Long-term : Providing real-time situational awareness of threat to the system by characterizing “how far or close” a given grid system is to a cyber-induced cascading failure, and how to mitigate it. 2

  3. Research Overview 3

  4. Data Needed • Physical Model – Bus-Branch -> Node-Breaker – Protection Schemes • Cyber Model – Network Topology – Access/Firewall Rules 4

  5. Previous Work • Cosmic-based Cyber Physical Models for IEEE 9-bus and 39-bus cases. • Risk Metrics for: – Target Nodes (Ex: Relays) – Intermediate Nodes (Ex: HMIs) – Source Nodes (Ex: Attack Origins/Jump Hosts) – Total Security Exposure 5

  6. Current Focus • Risk Metrics for Cascading Outages – Compare configurations with respect to cyber risk for cascading outages 6

  7. Single-bus-single-breaker Configuration Bus-branch model Node-breaker model 7

  8. Ring-bus Configuration Bus-branch model Node-breaker model 8

  9. Breaker-and-a-half Configuration Bus-branch model Node-breaker model 9

  10. Double-bus-double-breaker Configuration Bus-branch model Node-breaker model 10

  11. Example: IEEE Case 9 11

  12. Example: IEEE Case 9 12

  13. Types of Protection • Overcurrent & directional overcurrent • Under-voltage load shedding • Under-frequency load shedding • Distance • Differential • Phase balance 13

  14. Protection Scheme Templates • • Directional Directional • • Phase balance Distance • Differential • (Under-voltage load shedding) • (Under-frequency load shedding) 14

  15. Cyber Topology • Synthetic but realistic network topology and access rules • Synthetic but realistic vulnerability distributions 15

  16. RTS-96 N-x Simulation Procedure • N-1 simulations: – Secure for 93 out of 120 branch failures (with baseline RTS-96 data). • N-1-1 simulations: – There are 7,140 combinations for 120 choose 2, and therefore, 14,280 permutations. – From 14,280 cases choose both first and second failure belong to those 93 secure branches. – 798 out of 14,280 N-1-1 simulations with two N-1 secure branches failures cause a certain physical impact. 16

  17. N-1-1 Results 100 56 11 11 100 56 17

  18. N-1-1 Results First Failure Second Failure Branch ID/From-To Count for Times Branch ID/From-To Count for Times 100/312-323 58 100/312-323 60 22/112-123 38 11/107-108 51 56/209-212 36 101/313-323 32 11/107-108 30 22/112-123 28 101/313-323 30 18/110-112 26 18

  19. Currently, we are working on … • Fixing Cyber topology data format for RTS-96 • Top k actions to improve network’s security posture for cascading outages • Cyber topology for Poland model (2000+ buses) 19

  20. Thank You! & Questions? 20

Recommend

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security Centre (NCSC) This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation.

197 views • 8 slides
Identifying interventions to improve NMHS capacities based on GFCS pillars and associated metrics

Identifying interventions to improve NMHS capacities based on GFCS pillars and associated metrics

Identifying interventions to improve NMHS capacities based on GFCS pillars and associated metrics Mark Tadross, Anna Steynor, Christopher Lennard, Kate Kloppers, Luleka Dlamini (CSAG) Methodological steps assessing capacity Metrics associated

331 views • 11 slides
Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques (NIT-K) S. K. Pal Defence Research & Development Organization (DRDO) SAG, Metcalfe House, Delhi 27-Jul-2020 1 What is Cyberspace? Refers to

766 views • 17 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

557 views • 18 slides
CYBER ATTACK ON YOUR UMBILICALS SUT YES CYBER SECURITY EVENT Andrea Kesterson | Change Manager

CYBER ATTACK ON YOUR UMBILICALS SUT YES CYBER SECURITY EVENT Andrea Kesterson | Change Manager

CYBER ATTACK ON YOUR UMBILICALS SUT YES CYBER SECURITY EVENT Andrea Kesterson | Change Manager Loai Khalayli | Operational Technology Engineer 25 May 2017 Disclaimer and important notice Outline Current, real and ever increasing threat

152 views • 11 slides
The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice

The cyber attack surface of the aerospace industry Andy Davis, Transport Assurance Practice Director Global experts in cyber security & risk mitigation Agenda Space attack surface overview Attacks against terrestrial assets

310 views • 30 slides
Right way to establish critical pro-active defences against emerging cyber threats Andrew J

Right way to establish critical pro-active defences against emerging cyber threats Andrew J

Right way to establish critical pro-active defences against emerging cyber threats Andrew J Clarke Director, One Identity A fast changing world Digital Transformation Internet of Things (IoT) 2 Andrew J Clarke - One Identity The new attack

498 views • 24 slides
Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models, Fundamental Limitations, and Monitor Design Fabio Pasqualetti Florian D orfler Francesco Bullo Center for Control, Dynamical systems and Computation

994 views • 11 slides
From weak online reputation metrics to standardized attack-resistant trust metrics Dr. Jean-Marc

From weak online reputation metrics to standardized attack-resistant trust metrics Dr. Jean-Marc

ITU Workshop on Future Trust and Knowledge Infrastructure, Phase 2 Geneva, Switzerland 1 July 2016 From weak online reputation metrics to standardized attack-resistant trust metrics Dr. Jean-Marc Seigneur President at Rputaction SAS,

599 views • 26 slides
Wargames in the 5th Domain The next Pearl Harbor could very well be a cyber attack. - Leon

Wargames in the 5th Domain The next Pearl Harbor could very well be a cyber attack. - Leon

Wargames in the 5th Domain The next Pearl Harbor could very well be a cyber attack. - Leon Panetta, US Secretary of Defense The United States is fighting a cyber-war today, and we are losing. - Mike McConnell, former Director of

298 views • 28 slides
Cyber: Protect yourselves against the growing reality of a cyber- attack Dibble Clark M: +44

Cyber: Protect yourselves against the growing reality of a cyber- attack Dibble Clark M: +44

Cyber: Protect yourselves against the growing reality of a cyber- attack Dibble Clark M: +44 17917 623 068 T: +44 1684 878178 F: +44 1684 878171 dibble.clark@3sdl.com What is Cyber? Commercial in Confidence Policy in Action Commercial in

275 views • 25 slides
Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems Nothing is in isolation Attack surface An attack surface is the total number of possible attack vectors Think of a house, with the

309 views • 15 slides
Performance Metrics for Graph Mining Tasks 1 Outline Introduction to Performance Metrics

Performance Metrics for Graph Mining Tasks 1 Outline Introduction to Performance Metrics

Performance Metrics for Graph Mining Tasks 1 Outline Introduction to Performance Metrics Supervised Learning Performance Metrics Unsupervised Learning Performance Metrics Optimizing Metrics Statistical Significance

1.19k views • 40 slides
Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

A A Conceptual Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin Bahi , Olaf Manuel Maennel Centre For Digital Forensics and Cyber Security Tallinn University of Technology Evolvement of Cyber

470 views • 13 slides
Shape-Based Quality Metrics for Large Graph Visualization* Peter Eades 1 Seok-Hee Hong 1 Karsten

Shape-Based Quality Metrics for Large Graph Visualization* Peter Eades 1 Seok-Hee Hong 1 Karsten

Shape-Based Quality Metrics for Large Graph Visualization* Peter Eades 1 Seok-Hee Hong 1 Karsten Klein 2 An Nguyen 1 1. University of Sydney 2. Monash University *Supported by the Australian Research Council, Tom Sawyer Software, and

803 views • 61 slides
Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific

Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific

Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific Northwest National Laboratory Flocon 2015, Portland, OR, USA January 15, 2015 1 Motivation Analyzing a machines past behavior in the face of an

625 views • 23 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE

Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE

LIVE WEBINAR Metrics that Matter Identifying KPIs & tracking progress toward extraordinary AP THE BUXE Company You cant MANAGE what you dont MEASURE THE BUXE Company Why do we need metrics? Monitor progress Identify areas for

846 views • 32 slides
Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know. Current biological diagnostics are very effective at identifying agents, but theyre slow. We already have an infrastruc- ture in place to

233 views • 8 slides
Cyber(space) Incidents 1 IS TV4 attack TV5Monde went black (2015)

Cyber(space) Incidents 1 IS TV4 attack TV5Monde went black (2015)

Cyber(space) Incidents 1 IS TV4 attack TV5Monde went black (2015) Heartbleed: Wikileaks Revelations worst vulnerability ever secret hacking tools: IoT (2014; in open SSL) (democratic control?, 2017)

715 views • 42 slides
AFIIA 2017 Cyber Attack Demonstration Overview of Information Security Information Security

AFIIA 2017 Cyber Attack Demonstration Overview of Information Security Information Security

5/30/2017 Presentation Outline Cyber Security - Safeguarding your IT Environment Cyber Attack Demonstration Overview of Information Security Situational Analysis of Current Attacks Wednesday, May 17, 2017 @ AFIIA Conference, 2017

498 views • 5 slides
Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1

Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1

Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1 Heejo Lee 1 Korea University, 2 Microsoft Research Asia USENIX WebApps 2011 2011-06-21 Outline Introduction Existing solutions

470 views • 25 slides
Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC

Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC

Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC Laboratories America, Princeton, NJ, U.S.A. Joint work with Sean Hallgren and Martin R otteler. Quant-ph 0511148: Lower bound for graph

955 views • 56 slides
Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I? @vysecurity Vincent Yiu vincent.yiu@syonsecurity.com Founder of SYON Security Offensive Operations including Adversary Simulaton and Penetration

344 views • 33 slides

More recommend