The smart grid (SG) paradigm is the next technological leap of the conventional electrical grid, contributing to the protection of the physical environment and providing multiple advantages such as increased reliability, better service quality, and the efficient utilization of the existing infrastructure and the renewable energy resources. However, despite the fact that it brings beneficial environmental, economic, and social changes, the existence of such a system possesses important security and privacy challenges, since it includes a combination of heterogeneous, co-existing smart, and legacy technologies. Based on the rapid evolution of the cyber-physical systems (CPS), both academia and industry have developed appropriate measures for enhancing the security surface of the SG paradigm using, for example, integrating efficient, lightweight encryption and authorization mechanisms. Nevertheless, these mechanisms may not prevent various security threats, such as denial of service (DoS) attacks that target on the availability of the underlying systems. An efficient countermeasure against several cyberattacks is the intrusion detection and prevention system (IDPS). In this paper, we examine the contribution of the IDPSs in the SG paradigm, providing an analysis of 37 cases. More detailed, these systems can be considered as a secondary defense mechanism, which enhances the cryptographic processes, by timely detecting or/and preventing potential security violations. For instance, if a cyberattack bypasses the essential encryption and authorization mechanisms, then the IDPS systems can act as a secondary protection service, informing the system operator for the presence of the specific attack or enabling appropriate preventive countermeasures. The cases we study focused on the advanced metering infrastructure (AMI), supervisory control and data acquisition (SCADA) systems, substations, and synchrophasors. Based on our comparative analysis, the limitations and the shortcomings of the current IDPS systems are identified, whereas appropriate recommendations are provided for future research efforts.

/pdf/securing-the-smart-grid-a-comprehensive-compilation-of-462if2wjy3.pdf

Book review: Metasploit the Penetration Tester's Guide

Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems

Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, ...

background

Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence

Due to current development trends in the automotive industry towards stronger connected and autonomous driving, the attack surface of vehicles is growing which increases the risk of security attacks. This has been confirmed by several research projects in which vehicles were attacked in order to trigger various functions. In some cases these functions were critical to operational safety. To make automotive systems more secure, concepts must be developed that take existing attacks into account. Several taxonomies were proposed to analyze and classify security attacks. However, in this paper we show that the existing taxonomies were not designed for application in the automotive development process and therefore do not provide enough degree of detail for supporting development phases such as threat analysis or security testing. In order to be able to use the information that security attacks can provide for the development of security concepts and for testing automotive systems, we propose a comprehensive taxonomy with degrees of detail which addresses these tasks. In particular, our proposed taxonomy is designed in such a wa, that each step in the vehicle development process can leverage it.

methods

Survey and Classification of Automotive Security Attacks

Cyber threat hunting is the process of proactively and iteratively formulating and validating threat hypotheses based on security-relevant observations and domain knowledge To facilitate threat hunting tasks, this paper introduces threat intelligence computing as a new methodology that models threat discovery as a graph computation problem It enables efficient programming for solving threat discovery problems, equipping threat hunters with a suite of potent new tools for agile codifications of threat hypotheses, automated evidence mining, and interactive data inspection capabilities A concrete realization of a threat intelligence computing platform is presented through the design and implementation of a domain-specific graph language with interactive visualization support and a distributed graph database The platform was evaluated in a two-week DARPA competition for threat detection on a test bed comprising a wide variety of systems monitored in real time During this period, sub-billion records were produced, streamed, and analyzed, dozens of threat hunting tasks were dynamically planned and programmed, and attack campaigns with diverse malicious intent were discovered The platform exhibited strong detection and analytics capabilities coupled with high efficiency, resulting in a leadership position in the competition Additional evaluations on comprehensive policy reasoning are outlined to demonstrate the versatility of the platform and the expressiveness of the language

https://dl.acm.org/doi/pdf/10.1145/3243734.3243829

Threat Intelligence Computing

At present, penetration testing is done mostly manually, and relies heavily on the experience of the ethical hackers that are performing it, called "pentesters". This paper presents an automated penetration testing framework that employs deep reinforcement learning to automate the penetration testing process. We plan to use this framework mainly as a component of cybersecurity training activities, to provide guided learning for attack training by making use of the framework to suggest possible strategies. When adding support for actual penetration testing tools, the framework could also be used in defense training, by automatically recreating attacks in the training environment.In this paper we present our approach for automated penetration testing, which has two stages. First we use the Shodan search engine to collect relevant server data in order to build a realistic network topology, and employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack tree for that topology; traditional search algorithms are used to find all the possible attack paths in that tree and to build a matrix representation as needed by deep reinforcement learning algorithms. As a second stage, we employ the Deep Q-Learning Network (DQN) method to discover the most easy to exploit attack path from the possible candidates. This approach was evaluated by generating thousands of input scenarios, and DQN was able to find the optimal path with an accuracy of 0.86, while also providing valid solutions in the other cases.

Book review: Metasploit the Penetration Tester's Guide

Citations

Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems

Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence

Survey and Classification of Automotive Security Attacks

Threat Intelligence Computing

Automated Penetration Testing Using Deep Reinforcement Learning