Cyber Deception for Integrated Energy Systems: Cyber-Attacks Simulations and Defense Mechanisms

Ugwuanyi, Stephen and Ghanem, Kinan (2024) Cyber Deception for Integrated Energy Systems: Cyber-Attacks Simulations and Defense Mechanisms. In: All-Energy & Dcarbonise Exhibition and Conference, 2024-05-15 - 2024-05-16, SEC.

Preview

Text. Filename: PNDC_Cyber_Deception_for_Integrated_Energy_Systems_A1_Poster_DIGITAL_AW.pdf Accepted Author Manuscript License: All rights reserved Download (515kB)| Preview

Abstract

As the Operational Technology (OT) domain is constantly evolving, innovative approaches are needed to enhance existing cybersecurity systems. By strategically hosting intelligent cybersecurity tools (decoys - ‘Snare and Prowl’) both within and outside the utility network operator’s environment to mimic faux services and targets, internet-based, in-network adversaries, and Advanced Persistent Threats (APTs) are identified and engaged. Moreover, decoy Techniques, Tactics, and Procedures (TTPs) are tracked for attack characterisation based on their Threat Intelligence Profiles (TIPs) and narratives employed to effectively discern the attacker's capability to laterally progress across the network. This poster shares the lessons learned from a proof of concept study to investigate the capabilities of a cyber deception framework within an operational technology energy network to detect, analyse and alert of internal and external facing threats. In this study, different cyber attack scenarios were emulated in an OT environment with and without cyber deception frameworks. The case study trial is based on servers and database attack simulations critical for a more flexible, reliable, resilient, secure and sustainable integrated energy system. In attack scenario 1, breadcrumbs are used to prevent an attempt to attack narrative deployment for Apache and SSH Servers. In the second attack scenario, decoys detect attacks with indicators of intelligence based on privileged access through active port scans. In attack scenario 3, lessons on the impact of network environment changes on the overall system’s security are monitored. In each of the test scenarios, the Common Vulnerabilities and Exposures (CVEs) specific to Distribution Network Operators (DNO), TTPs leveraged by adversaries, and strategic locations within the DNO network for deception deployment were identified to improve system security.

ORCID iDs

Ugwuanyi, Stephen ORCID: https://orcid.org/0000-0001-7683-5213

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Conference or Workshop Item(Poster)
  ID code:	89537
  Dates:	Date Event 14 May 2024 Published 4 April 2024 Accepted
  Subjects:	Science > Mathematics > Electronic computers. Computer science
  Department:
  Depositing user:	Pure Administrator
  Date deposited:	11 Jun 2024 10:22
  Last modified:	11 Nov 2024 17:11
  Related URLs:	Event
  URI:	https://strathprints.strath.ac.uk/id/eprint/89537