Abstract
Targeted cyber attacks are on the rise, and the power industry is an
attractive target. Espionage and causing physical damage are likely
goals of these targeted attacks. In the case of the power industry,
the worst possible consequences are severe: large areas, including
critical societal infrastructures, can suffer from power outages. In
this paper, we try to measure the preparedness of the power industry
against targeted attacks. To this end, we have studied well-known
targeted attacks and created a taxonomy for them. Furthermore, we
conduct a study, in which we interview six power distribution system
operators (DSOs), to assess the level of cyber situation awareness
among DSOs and to evaluate the efficiency and effectiveness
of their currently deployed systems and practices for detecting and
responding to targeted attacks. Our findings indicate that the power
industry is very well prepared for traditional threats, such as physical
attacks. However, cyber attacks, and especially sophisticated
targeted attacks, where social engineering is one of the strategies
used, have not been addressed appropriately so far. Finally, by
understanding previous attacks and learning from them, we try to
provide the industry with guidelines for improving their situation
awareness and defense (both detection and response) capabilities.
attractive target. Espionage and causing physical damage are likely
goals of these targeted attacks. In the case of the power industry,
the worst possible consequences are severe: large areas, including
critical societal infrastructures, can suffer from power outages. In
this paper, we try to measure the preparedness of the power industry
against targeted attacks. To this end, we have studied well-known
targeted attacks and created a taxonomy for them. Furthermore, we
conduct a study, in which we interview six power distribution system
operators (DSOs), to assess the level of cyber situation awareness
among DSOs and to evaluate the efficiency and effectiveness
of their currently deployed systems and practices for detecting and
responding to targeted attacks. Our findings indicate that the power
industry is very well prepared for traditional threats, such as physical
attacks. However, cyber attacks, and especially sophisticated
targeted attacks, where social engineering is one of the strategies
used, have not been addressed appropriately so far. Finally, by
understanding previous attacks and learning from them, we try to
provide the industry with guidelines for improving their situation
awareness and defense (both detection and response) capabilities.