PNNL

Abstract

Security assessment of cyber-physical energy systems (CPESs) such as the electric power grid is a critical operation to maintain availability, reliability, and quality of service in the presence of persistent threats from malicious cyber actors. Existing security assessment approaches such as penetration testing and red teaming rely on subject matter expert experience and forensic cyber analysis of historical events to perform realistic, threat-informed assessments of CPES defense. CPESs have a large attack surface because of the heterogeneity and complexity of underlying topology, devices, measurements, and vulnerabilities. The aforementioned approaches lead to partial coverage of the attack surface with a large set of unknown but possible exploits. There is a need to automate the CPES attack surface discovery and contextualize it for relevant, highly probable, real-world attack scenarios. We propose a methodology and framework to facilitate the discovery of the CPES attack surface. We present a multilayer attack graph with ranked attack sequences to describe CPES failure scenarios. We present a work-in-progress framework that lists key components to automate the attack modeling and sequence generation. We demonstrate the published National Electric Sector Cybersecurity Organization Resource CPES failure scenario to highlight the trustworthiness of generated attack sequences.