Towards a taxonomy of attacks against energy control systems

IFIP International Federation for Information Processing

Volumn 290, Issue , 2008, Pages 71-85

  Fleury, Terry ^a   Khurana, Himanshu ^a   Welch, Von ^a  

^a UNIVERSITY OF ILLINOIS AT CHICAGO   (United States)

Author keywords

Attack taxonomy; Control systems; Energy sector

Indexed keywords

CRIME; TAXONOMIES;

CENTRALIZED CONTROL; COMMERCIAL OFF-THE-SHELF TECHNOLOGY; COMPREHENSIVE MODEL; ENERGY SECTOR; MONITORING AND CONTROL; NATIONAL LABORATORY; SUPERVISORY CONTROL AND DATAACQUISITION SYSTEMS (SCADA); TECHNICAL LITERATURE;

CONTROL SYSTEMS;

EID: 55549097482     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-88523-0_6     Document Type: Article

References (30)

1. K. Birman, J. Chen, E. Hopkinson, R. Thomas, J. Thorp, R. van Rennesse and W. Vogels, Overcoming communications challenges in software for monitoring and controlling power systems, Proceedings of the IEEE, vol. 93(5), pp. 1028-1041, 2005.
2. A. Brown, SCADA vs. the hackers, Mechanical Engineering, vol. 124(12), pp. 37-40, 2002.
3. E. Byres, M. Franz and D. Miller, The use of attack trees in assessing vulnerabilities in SCADA systems, Proceedings of the International Infrastructure Survivability Workshop, 2004.
4. E. Byres and J. Lowe, The myths and facts behind cyber security risks for industrial control systems, Proceedings of the VDE Congress, pp. 213-218, 2004.
5. R. Carlson, Sandia SCADA Program: High-Security SCADA LDRD Final Report, Technical Report SAND2002-0729, Sandia National Laboratories, Albuquerque, New Mexico, 2002.
6. J. Eisenhauer, P. Donnelly, M. Ellis and M. O'Brien, Roadmap to Secure Control Systems in the Energy Sector, Technical Report, Energetics Inc., Columbia, Maryland, 2006.
7. J. Falco, J. Gilsinn and K. Stouffer, IT security for industrial control systems: Requirements specification and performance testing, presented at the National Defense Industrial Association Homeland Security Conference and Exposition, 2004.
8. R. Fink, D. Spencer and R. Wells, Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems, Technical Report INL/ CON-06-11665, Idaho National Laboratory, Idaho Falls, Idaho, 2006.
9. J. Howard and T. Longstaff, A Common Language for Computer Security Incidents, Technical Report SAND98-8667, Sandia National Laboratories, Livermore, California, 1998.
10. R. Lemos, "Data storm" blamed for nuclear plant shutdown, SecurityFocus, May 18, 2007.
11. U. Lindqvist and E. Jonsson, How to systematically classify computer security intrusions, Proceedings of the IEEE Symposium on Security and Privacy, pp. 154-163, 1997.
12. R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz and R. Cunningham, Validating and restoring defense in depth using attack graphs, Proceedings of the Military Communications Conference pp. 1-10, 2006.
13. R. McMillan, Admin faces prison for trying to axe California power grid, PC World, December 15, 2007.
14. M. McQueen, W. Boyer, M. Flynn and G. Beitel, Quantitative cyber risk reduction estimation methodology for a small SCADA control system, Proceedings of the Thirty-Ninth Annual Hawaii International Conference on System Sciences, p. 226, 2006.
15. J. Mirkovic and P. Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, vol. 34(2), pp. 39-53, 2004.
16. P. Oman, A. Risley, J. Roberts and E. Schweitzer, Attack and defend tools for remotely accessible control and protection equipment in electric power systems, presented at the Fifty-Fifth Annual Conference for Protective Relay Engineers, 2002.
17. P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack, Part I: Recognizing our vulnerabilities, Utility Automation & Engineering T&D, vol. 6(7), pp. 16-22, 2001.
18. P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack, Part II: Safeguarding IEDs, substations and SCADA systems, Utility Automation & Engineering T&D, vol. 7(1), pp. 25-32, 2002.
19. K. Poulsen, Sparks over power grid cybersecurity, SecurityFocus, April 10, 2003.
20. K. Poulsen, Slammer worm crashed Ohio nuke plant network, SecurityFocus, August 19, 2003.
21. K. Poulsen, Software bug contributed to blackout, SecurityFocus, February 11, 2004.
22. R. Schainker, J. Douglas and T. Kropp, Electric utility responses to grid security issues, IEEE Power and Energy, vol. 4(2), pp. 30-37, 2006.
23. B. Schneier, Attack trees, Dr. Dobb's Journal, vol. 24(12), pp. 21-29, 1999.
24. F. Sheldon, T. Potok, A. Loebl, A. Krings and P. Oman, Managing secure survivable critical infrastructures to avoid vulnerabilities, Proceedings of the Eighth IEEE International Symposium on High Assurance Systems Engineering, pp. 293-296, 2004.
25. O. Sheyner, J. Haines, S. Jha, R. Lippmann and J. Wing, Automated generation and analysis of attack graphs, Proceedings of the IEEE Symposium on Security and Privacy, pp. 273-284, 2002.
26. J. Stamp, J. Dillinger, W. Young and J. DePoy, Common Vulnerabilities in Critical Infrastructure Control Systems, Technical Report SAND2003-1772C, Sandia National Laboratories, Albuquerque, New Mexico, 2003.
27. K. Stouker, J. Falco and K. Scarfone, Guide to Industrial Control Systems Security, Second Public Draft, NIST Special Publication 800-82, National Institute of Standards and Technology, Gaithersburg, Maryland, 2007.
28. C. Taylor, P. Oman and A. Krings, Assessing power substation network security and survivability: A work in progress report, Proceedings of the International Conference on Security and Management, pp. 281-287, 2003.
29. D. Watts, Security and vulnerability in electric power systems, Proceedings of the Thirty-Fifth North American Power Symposium, pp. 559-566, 2003.
30. N. Ye, C. Newman and T. Farley, A system-fault-risk framework for cyber attack classilcation, Information-Knowledge-Systems Management, vol. 5(2), pp. 135-151, 2005.