Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provide an adequate basis to contextually assess and understand the situation of smart grids in case of coordinated cyber-attacks, we need a systematic and coherent approach to identify cyber incidents. In this paper, we present an approach that collects and correlates cross-domain cyber threat information to detect multi-stage cyber-attacks in energy information systems. We investigate the applicability and performance of the presented correlation approach and discuss the results to highlight challenges in domain-specific detection mechanisms.
翻译:电力电网有可能受到影响大的网络安全威胁的破坏,例如协调、有时间性的袭击。 控制这一新的威胁格局需要深入了解能源信息系统的潜在风险和复杂的攻击过程,而这反过来又需要无法管理的人工努力来及时处理大量的跨领域信息。为了为在协调的网络攻击情况下根据具体情况评估和了解智能电网的状况提供充足的基础,我们需要有系统和一致的方法来查明网络事件。在本文件中,我们提出一种收集和联系跨领域网络威胁信息的方法,以探测能源信息系统中的多阶段网络攻击。我们调查所提出的相关方法的适用性和表现,并讨论结果,以突出特定领域探测机制的挑战。