Cyber Deception for Integrated Energy Systems: Cyber-Attacks Simulations and Defense Mechanisms
Ugwuanyi, Stephen and Ghanem, Kinan (2024) Cyber Deception for Integrated Energy Systems: Cyber-Attacks Simulations and Defense Mechanisms. In: All-Energy & Dcarbonise Exhibition and Conference, 2024-05-15 - 2024-05-16, SEC.
Preview |
Text.
Filename: PNDC_Cyber_Deception_for_Integrated_Energy_Systems_A1_Poster_DIGITAL_AW.pdf
Accepted Author Manuscript License: All rights reserved Download (515kB)| Preview |
Abstract
As the Operational Technology (OT) domain is constantly evolving, innovative approaches are needed to enhance existing cybersecurity systems. By strategically hosting intelligent cybersecurity tools (decoys - ‘Snare and Prowl’) both within and outside the utility network operator’s environment to mimic faux services and targets, internet-based, in-network adversaries, and Advanced Persistent Threats (APTs) are identified and engaged. Moreover, decoy Techniques, Tactics, and Procedures (TTPs) are tracked for attack characterisation based on their Threat Intelligence Profiles (TIPs) and narratives employed to effectively discern the attacker's capability to laterally progress across the network. This poster shares the lessons learned from a proof of concept study to investigate the capabilities of a cyber deception framework within an operational technology energy network to detect, analyse and alert of internal and external facing threats. In this study, different cyber attack scenarios were emulated in an OT environment with and without cyber deception frameworks. The case study trial is based on servers and database attack simulations critical for a more flexible, reliable, resilient, secure and sustainable integrated energy system. In attack scenario 1, breadcrumbs are used to prevent an attempt to attack narrative deployment for Apache and SSH Servers. In the second attack scenario, decoys detect attacks with indicators of intelligence based on privileged access through active port scans. In attack scenario 3, lessons on the impact of network environment changes on the overall system’s security are monitored. In each of the test scenarios, the Common Vulnerabilities and Exposures (CVEs) specific to Distribution Network Operators (DNO), TTPs leveraged by adversaries, and strategic locations within the DNO network for deception deployment were identified to improve system security.
ORCID iDs
Ugwuanyi, Stephen ORCID: https://orcid.org/0000-0001-7683-5213 and Ghanem, Kinan;-
-
Item type: Conference or Workshop Item(Poster) ID code: 89537 Dates: DateEvent14 May 2024Published4 April 2024AcceptedSubjects: Science > Mathematics > Electronic computers. Computer science Department: ?? 11038 ?? Depositing user: Pure Administrator Date deposited: 11 Jun 2024 10:22 Last modified: 30 Nov 2024 01:37 Related URLs: URI: https://strathprints.strath.ac.uk/id/eprint/89537