Visible to the public Biblio

Found 4243 results

Filters: Keyword is composability  [Clear All Filters]
2021-10-12
Dawit, Nahom Aron, Mathew, Sujith Samuel, Hayawi, Kadhim.  2020.  Suitability of Blockchain for Collaborative Intrusion Detection Systems. 2020 12th Annual Undergraduate Research Conference on Applied Computing (URC). :1–6.
Cyber-security is indispensable as malicious incidents are ubiquitous on the Internet. Intrusion Detection Systems have an important role in detecting and thwarting cyber-attacks. However, it is more effective in a centralized system but not in peer-to-peer networks which makes it subject to central point failure, especially in collaborated intrusion detection systems. The novel blockchain technology assures a fully distributed security system through its powerful features of transparency, immutability, decentralization, and provenance. Therefore, in this paper, we investigate and demonstrate several methods of collaborative intrusion detection with blockchain to analyze the suitability and security of blockchain for collaborative intrusion detection systems. We also studied the difference between the existing means of the integration of intrusion detection systems with blockchain and categorized the major vulnerabilities of blockchain with their potential losses and current enhancements for mitigation.
Sun, Yuxin, Zhang, Yingzhou, Zhu, Linlin.  2020.  An Anti-Collusion Fingerprinting based on CFF Code and RS Code. 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :56–63.
Data security is becoming more and more important in data exchange. Once the data is leaked, it will pose a great threat to the privacy and property security of users. Copyright authentication and data provenance have become an important requirement of the information security defense mechanism. In order to solve the collusion leakage of the data distributed by organization and the low efficiency of tracking the leak provenance after the data is destroyed, this paper proposes a concatenated-group digital fingerprint coding based on CFF code and Reed-solomon (RS) that can resist collusion attacks and corresponding detection algorithm. The experiments based on an asymmetric anti-collusion fingerprint protocol show that the proposed method has better performance to resist collusion attacks than similar non-grouped fingerprint coding and effectively reduces the percentage of misjudgment, which verifies the availability of the algorithm and enriches the means of organization data security audit.
Henry, Wayne C., Peterson, Gilbert L..  2020.  Exploring Provenance Needs in Software Reverse Engineering. 2020 13th International Conference on Systematic Approaches to Digital Forensic Engineering (SADFE). :57–65.
Reverse engineers are in high demand in digital forensics for their ability to investigate malicious cyberspace threats. This group faces unique challenges due to the security-intensive environment, such as working in isolated networks, a limited ability to share files with others, immense time pressure, and a lack of cognitive support tools supporting the iterative exploration of binary executables. This paper presents an exploratory study that interviewed experienced reverse engineers' work processes, tools, challenges, and visualization needs. The findings demonstrate that engineers have difficulties managing hypotheses, organizing results, and reporting findings during their analysis. By considering the provenance support techniques of existing research in other domains, this study contributes new insights about the needs and opportunities for reverse engineering provenance tools.
Hassan, Wajih Ul, Bates, Adam, Marino, Daniel.  2020.  Tactical Provenance Analysis for Endpoint Detection and Response Systems. 2020 IEEE Symposium on Security and Privacy (SP). :1172–1189.
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions by matching system events against known adversarial behaviors. However, current solutions suffer from three challenges: 1) EDR tools generate a high volume of false alarms, creating backlogs of investigation tasks for analysts; 2) determining the veracity of these threat alerts requires tedious manual labor due to the overwhelming amount of low-level system logs, creating a "needle-in-a-haystack" problem; and 3) due to the tremendous resource burden of log retention, in practice the system logs describing long-lived attack campaigns are often deleted before an investigation is ever initiated.This paper describes an effort to bring the benefits of data provenance to commercial EDR tools. We introduce the notion of Tactical Provenance Graphs (TPGs) that, rather than encoding low-level system event dependencies, reason about causal dependencies between EDR-generated threat alerts. TPGs provide compact visualization of multi-stage attacks to analysts, accelerating investigation. To address EDR's false alarm problem, we introduce a threat scoring methodology that assesses risk based on the temporal ordering between individual threat alerts present in the TPG. In contrast to the retention of unwieldy system logs, we maintain a minimally-sufficient skeleton graph that can provide linkability between existing and future threat alerts. We evaluate our system, RapSheet, using the Symantec EDR tool in an enterprise environment. Results show that our approach can rank truly malicious TPGs higher than false alarm TPGs. Moreover, our skeleton graph reduces the long-term burden of log retention by up to 87%.
Sharma, Rohit, Pawar, Siddhesh, Gurav, Siddhita, Bhavathankar, Prasenjit.  2020.  A Unique Approach towards Image Publication and Provenance using Blockchain. 2020 Third International Conference on Smart Systems and Inventive Technology (ICSSIT). :311–314.
The recent spurt of incidents related to copyrights and security breaches has led to the monetary loss of several digital content creators and publishers. These incidents conclude that the existing system lacks the ability to uphold the integrity of their published content. Moreover, some of the digital content owners rely on third parties, results in lack of ability to provide provenance of digital media. The question that needs to be addressed today is whether modern technologies can be leveraged to suppress such incidents and regain the confidence of creators and the audience. Fortunately, this paper presents a unique framework that empowers digital content creators to have complete control over the place of its origin, accessibility and impose restrictions on unauthorized alteration of their content. This framework harnesses the power of the Ethereum platform, a part of Blockchain technology, and uses S mart Contracts as a key component empowering the creators with enhanced control of their content and the corresponding audience.
Kashliev, Andrii.  2020.  Storage and Querying of Large Provenance Graphs Using NoSQL DSE. 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :260–262.
Provenance metadata captures history of derivation of an entity, such as a dataset obtained through numerous data transformations. It is of great importance for science, among other fields, as it enables reproducibility and greater intelligibility of research results. With the avalanche of provenance produced by today's society, there is a pressing need for storing and low-latency querying of large provenance graphs. To address this need, in this paper we present a scalable approach to storing and querying provenance graphs using a popular NoSQL column family database system called DataStax Enterprise (DSE). Specifically, we i) propose a storage scheme, including two novel indices that enable efficient traversal of provenance graphs along causality lines, ii) present an algorithm for building our proposed indices for a given provenance graph, iii) implement our algorithm and conduct a performance study in which we store and query a provenance graph with over five million vertices using a DSE cluster running in AWS cloud. Our performance study results further validate scalability and performance efficiency of our approach.
Zhou, Yimin, Zhang, Kai.  2020.  DoS Vulnerability Verification of IPSec VPN. 2020 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA). :698–702.
This paper analyzes the vulnerability in the process of key negotiation between the main mode and aggressive mode of IKEv1 protocol in IPSec VPN, and proposes a DOS attack method based on OSPF protocol adjacent route spoofing. The experiment verifies the insecurity of IPSec VPN using IKEv1 protocol. This attack method has the advantages of lower cost and easier operation compared with using botnet.
Vinarskii, Evgenii, Demakov, Alexey, Kamkin, Alexander, Yevtushenko, Nina.  2020.  Verifying cryptographic protocols by Tamarin Prover. 2020 Ivannikov Memorial Workshop (IVMEM). :69–75.
Cryptographic protocols are utilized for establishing a secure session between “honest” agents which communicate strictly according to the protocol rules as well as for ensuring the authenticated and confidential transmission of messages. The specification of a cryptographic protocol is usually presented as a set of requirements for the sequences of transmitted messages including the format of such messages. Note that protocol can describe several execution scenarios. All these requirements lead to a huge formal specification for a real cryptographic protocol and therefore, it is difficult to verify the security of the whole cryptographic protocol at once. In this paper, to overcome this problem, we suggest verifying the protocol security for its fragments. Namely, we verify the security properties for a special set of so-called traces of the cryptographic protocol. Intuitively, a trace of the cryptographic protocol is a sequence of computations, value checks, and transmissions on the sides of “honest” agents permitted by the protocol. In order to choose such set of traces, we introduce an Adversary model and the notion of a similarity relation for traces. We then verify the security properties of selected traces with Tamarin Prover. Experimental results for the EAP and Noise protocols clearly show that this approach can be promising for automatic verification of large protocols.
Hassan, Mehmood, Sultan, Aiman, Awan, Ali Afzal, Tahir, Shahzaib, Ihsan, Imran.  2020.  An Enhanced and Secure Multiserver-based User Authentication Protocol. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1–6.
The extensive use of the internet and web-based applications spot the multiserver authentication as a significant component. The users can get their services after authenticating with the service provider by using similar registration records. Various protocol schemes are developed for multiserver authentication, but the existing schemes are not secure and often lead towards various vulnerabilities and different security issues. Recently, Zhao et al. put forward a proposal for smart card and user's password-based authentication protocol for the multiserver environment and showed that their proposed protocol is efficient and secure against various security attacks. This paper points out that Zhao et al.'s authentication scheme is susceptive to traceability as well as anonymity attacks. Thus, it is not feasible for the multiserver environment. Furthermore, in their scheme, it is observed that a user while authenticating does not send any information with any mention of specific server identity. Therefore, this paper proposes an enhanced, efficient and secure user authentication scheme for use in any multiserver environment. The formal security analysis and verification of the protocol is performed using state-of-the-art tool “ProVerif” yielding that the proposed scheme provides higher levels of security.
Kai, Wang, Wei, Li, Tao, Chen, Longmei, Nan.  2020.  Research on Secure JTAG Debugging Model Based on Schnorr Identity Authentication Protocol. 2020 IEEE 15th International Conference on Solid-State Integrated Circuit Technology (ICSICT). :1–3.
As a general interface for chip system testing and on-chip debugging, JTAG is facing serious security threats. By analyzing the typical JTAG attack model and security protection measures, this paper designs a secure JTAG debugging model based on Schnorr identity authentication protocol, and takes RISCV as an example to build a set of SoC prototype system to complete functional verification. Experiments show that this secure JTAG debugging model has high security, flexible implementation, and good portability. It can meet the JTAG security protection requirements in various application scenarios. The maximum clock frequency can reach 833MHZ, while the hardware overhead is only 47.93KGate.
Li, Yongjian, Cao, Taifeng, Jansen, David N., Pang, Jun, Wei, Xiaotao.  2020.  Accelerated Verification of Parametric Protocols with Decision Trees. 2020 IEEE 38th International Conference on Computer Design (ICCD). :397–404.
Within a framework for verifying parametric network protocols through induction, one needs to find invariants based on a protocol instance of a small number of nodes. In this paper, we propose a new approach to accelerate parameterized verification by adopting decision trees to represent the state space of a protocol instance. Such trees can be considered as a knowledge base that summarizes all behaviors of the protocol instance. With this knowledge base, we are able to efficiently construct an oracle to effectively assess candidates of invariants of the protocol, which are suggested by an invariant finder. With the discovered invariants, a formal proof for the correctness of the protocol can be derived in the framework after proper generalization. The effectiveness of our method is demonstrated by experiments with typical benchmarks.
He, Leifeng, Liu, Guanjun.  2020.  Petri Nets Based Verification of Epistemic Logic and Its Application on Protocols of Privacy and Security. 2020 IEEE World Congress on Services (SERVICES). :25–28.
Epistemic logic can specify many design requirements of privacy and security of multi-agent systems (MAS). The existing model checkers of epistemic logic use some programming languages to describe MAS, induce Kripke models as the behavioral representation of MAS, apply Ordered Binary Decision Diagrams (OBDD) to encode Kripke models to solve their state explosion problem and verify epistemic logic based on the encoded Kripke models. However, these programming languages are usually non-intuitive. More seriously, their OBDD-based model checking processes are often time-consuming due to their dynamic variable ordering for OBDD. Therefore, we define Knowledge-oriented Petri Nets (KPN) to intuitively describe MAS, induce similar reachability graphs as the behavioral representation of KPN, apply OBDD to encode all reachable states, and finally verify epistemic logic. Although we also use OBDD, we adopt a heuristic method for the computation of a static variable order instead of dynamic variable ordering. More importantly, while verifying an epistemic formula, we dynamically generate its needed similar relations, which makes our model checking process much more efficient. In this paper, we introduce our work.
Remlein, Piotr, Rogacki, Mikołaj, Stachowiak, Urszula.  2020.  Tamarin software – the tool for protocols verification security. 2020 Baltic URSI Symposium (URSI). :118–123.
In order to develop safety-reliable standards for IoT (Internet of Things) networks, appropriate tools for their verification are needed. Among them there is a group of tools based on automated symbolic analysis. Such a tool is Tamarin software. Its usage for creating formal proofs of security protocols correctness has been presented in this paper using the simple example of an exchange of messages with asynchronous encryption between two agents. This model can be used in sensor networks or IoT e.g. in TLS protocol to provide a mechanism for secure cryptographic key exchange.
Naveed, Sarah, Sultan, Aiman, Mansoor, Khwaja.  2020.  An Enhanced SIP Authentication Protocol for Preserving User Privacy. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1–6.
Owing to the advancements in communication media and devices all over the globe, there has arisen a dire need for to limit the alarming number of attacks targeting these and to enhance their security. Multiple techniques have been incorporated in different researches and various protocols and schemes have been put forward to cater security issues of session initiation protocol (SIP). In 2008, Qiu et al. presented a proposal for SIP authentication which while effective than many existing schemes, was still found vulnerable to many security attacks. To overcome those issues, Zhang et al. proposed an authentication protocol. This paper presents the analysis of Zhang et al. authentication scheme and concludes that their proposed scheme is susceptible to user traceablity. It also presents an improved SIP authentication scheme that eliminates the possibility of traceability of user's activities. The proposed scheme is also verified by contemporary verification tool, ProVerif and it is found to be more secure, efficient and practical than many similar SIP authetication scheme.
Niazazari, Iman, Livani, Hanif.  2020.  Attack on Grid Event Cause Analysis: An Adversarial Machine Learning Approach. 2020 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1–5.
With the ever-increasing reliance on data for data-driven applications in power grids, such as event cause analysis, the authenticity of data streams has become crucially important. The data can be prone to adversarial stealthy attacks aiming to manipulate the data such that residual-based bad data detectors cannot detect them, and the perception of system operators or event classifiers changes about the actual event. This paper investigates the impact of adversarial attacks on convolutional neural network-based event cause analysis frameworks. We have successfully verified the ability of adversaries to maliciously misclassify events through stealthy data manipulations. The vulnerability assessment is studied with respect to the number of compromised measurements. Furthermore, a defense mechanism to robustify the performance of the event cause analysis is proposed. The effectiveness of adversarial attacks on changing the output of the framework is studied using the data generated by real-time digital simulator (RTDS) under different scenarios such as type of attacks and level of access to data.
Luo, Bo, Beuran, Razvan, Tan, Yasuo.  2020.  Smart Grid Security: Attack Modeling from a CPS Perspective. 2020 IEEE Computing, Communications and IoT Applications (ComComAp). :1–6.
With the development of smart grid technologies and the fast adoption of household IoT devices in recent years, new threats, attacks, and security challenges arise. While a large number of vulnerabilities, threats, attacks and controls have been discussed in the literature, there lacks an abstract and generalizable framework that can be used to model the cyber-physical interactions of attacks and guide the design of defense mechanisms. In this paper, we propose a new modeling approach for security attacks in smart grids and IoT devices using a Cyber-Physical Systems (CPS) perspective. The model considers both the cyber and physical aspects of the core components of the smart grid system and the household IoT devices, as well as the interactions between the components. In particular, our model recognizes the two parallel attack channels via the cyber world and the physical world, and identifies the potential crossing routes between these two attack channels. We further discuss all possible attack surfaces, attack objectives, and attack paths in this newly proposed model. As case studies, we examine from the perspective of this new model three representative attacks proposed in the literature. The analysis demonstrates the applicability of the model, for instance, to assist the design of detection and defense mechanisms against smart grid cyber-attacks.
Rajkumar, Vetrivel Subramaniam, Tealane, Marko, \c Stefanov, Alexandru, Palensky, Peter.  2020.  Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis. 2020 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems. :1–6.
Power systems automation and communication standards are crucial for the transition of the conventional power system towards a smart grid. The IEC 61850 standard is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation devices. IEC 61850 serves as the foundation for open communication and data exchange for digital substations of the smart grid. However, IEC 61850 has cyber security vulnerabilities that can be exploited with a man-in-the-middle attack. Such coordinated cyber attacks against the protection system in digital substations can disconnect generation and transmission lines, causing cascading failures. In this paper, we demonstrate a cyber attack involving the Generic Object-Oriented Substation Event (GOOSE) protocol of IEC 61850. This is achieved by exploiting the cyber security vulnerabilities in the protocol and injecting spoofed GOOSE data frames into the substation communication network at the bay level. The cyber attack leads to tripping of multiple protective relays in the power grid, eventually resulting in a blackout. The attack model and impact on system dynamics are verified experimentally through hardware-in-the-loop simulations using commercial relays and Real-Time Digital Simulator (RTDS).
Lalouani, Wassila, Younis, Mohamed.  2020.  Machine Learning Enabled Secure Collection of Phasor Data in Smart Power Grid Networks. 2020 16th International Conference on Mobility, Sensing and Networking (MSN). :546–553.
In a smart power grid, phasor measurement devices provide critical status updates in order to enable stabilization of the grid against fluctuations in power demands and component failures. Particularly the trend is to employ a large number of phasor measurement units (PMUs) that are inter-networked through wireless links. We tackle the vulnerability of such a wireless PMU network to message replay and false data injection (FDI) attacks. We propose a novel approach for avoiding explicit data transmission through PMU measurements prediction. Our methodology is based on applying advanced machine learning techniques to forecast what values will be reported and associate a level of confidence in such prediction. Instead of sending the actual measurements, the PMU sends the difference between actual and predicted values along with the confidence level. By applying the same technique at the grid control or data aggregation unit, our approach implicitly makes such a unit aware of the actual measurements and enables authentication of the source of the transmission. Our approach is data-driven and varies over time; thus it increases the PMU network resilience against message replay and FDI attempts since the adversary's messages will violate the data prediction protocol. The effectiveness of approach is validated using datasets for the IEEE 14 and IEEE 39 bus systems and through security analysis.
Sun, Yizhen, Lin, Dandan, Song, Hong, Yan, Minjia, Cao, Linjing.  2020.  A Method to Construct Vulnerability Knowledge Graph Based on Heterogeneous Data. 2020 16th International Conference on Mobility, Sensing and Networking (MSN). :740–745.
In recent years, there are more and more attacks and exploitation aiming at network security vulnerabilities. It is effective for us to prevent criminals from exploiting vulnerabilities for attacks and help security analysts maintain equipment security that knows vulnerabilities and threats on time. With the knowledge graph, we can organize, manage, and utilize the massive information effectively in cyberspace. In this paper we construct the vulnerability ontology after analyzing multi-source heterogeneous databases. And the vulnerability knowledge graph is established. Experimental results show that the accuracy of entity recognition for extracting vendor names reaches 89.76%. The more rules used in entity recognition, the higher the accuracy and the lower the error rate.
Rajkumar, Vetrivel Subramaniam, Tealane, Marko, \c Stefanov, Alexandru, Presekal, Alfan, Palensky, Peter.  2020.  Cyber Attacks on Power System Automation and Protection and Impact Analysis. 2020 IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe). :247–254.
Power system automation and communication standards are spearheading the power system transition towards a smart grid. IEC 61850 is one such standard, which is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation and protection devices within digital substations. However, IEC 61850 is not cyber secure. In this paper, we demonstrate the dangerous implications of not securing IEC 61850 standard. Cyber attacks may exploit the vulnerabilities of the Sampled Values (SV) and Generic Object-Oriented Substation Event (GOOSE) protocols of IEC 61850. The cyber attacks may be realised by injecting spoofed SV and GOOSE data frames into the substation communication network at the bay level. We demonstrate that such cyber attacks may lead to obstruction or tripping of multiple protective relays. Coordinated cyber attacks against the protection system in digital substations may cause generation and line disconnections, triggering cascading failures in the power grid. This may eventually result in a partial or complete blackout. The attack model, impact on system dynamics and cascading failures are veri ed experimentally through a proposed cyber-physical experimental framework that closely resembles real-world conditions within a digital substation, including Intelligent Electronic Devices (IEDs) and protection schemes. It is implemented through Hardware-in-the-Loop (HIL) simulations of commercial relays with a Real-Time Digital Simulator (RTDS).
Paul, Shuva, Ni, Zhen, Ding, Fei.  2020.  An Analysis of Post Attack Impacts and Effects of Learning Parameters on Vulnerability Assessment of Power Grid. 2020 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1–5.
Due to the increasing number of heterogeneous devices connected to electric power grid, the attack surface increases the threat actors. Game theory and machine learning are being used to study the power system failures caused by external manipulation. Most of existing works in the literature focus on one-shot process of attacks and fail to show the dynamic evolution of the defense strategy. In this paper, we focus on an adversarial multistage sequential game between the adversaries of the smart electric power transmission and distribution system. We study the impact of exploration rate and convergence of the attack strategies (sequences of action that creates large scale blackout based on the system capacity) based on the reinforcement learning approach. We also illustrate how the learned attack actions disrupt the normal operation of the grid by creating transmission line outages, bus voltage violations, and generation loss. This simulation studies are conducted on IEEE 9 and 39 bus systems. The results show the improvement of the defense strategy through the learning process. The results also prove the feasibility of the learned attack actions by replicating the disturbances created in simulated power system.
Nguyen, Tu N., Liu, Bing-Hong, Nguyen, Nam P., Chou, Jung-Te.  2020.  Cyber Security of Smart Grid: Attacks and Defenses. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1–6.
Most of today's infrastructure systems can be efficiently operated thanks to the intelligent power supply of the smart grids. However, smart grids are highly vulnerable to malicious attacks, that is, because of the interplay between the components in the smart grids, the failure of some critical components may result in the cascading failure and breakdown of the whole system. Therefore, the question of how to identify the most critical components to protect the smart grid system is the first challenge to operators. To enable the system's robustness, there has been a lot of effort aimed at the system analysis, designing new architectures, and proposing new algorithms. However, these works mainly introduce different ranking methods for link (transmission line) or node (station) identification and directly select most the highest degree nodes or common links as the critical ones. These methods fail to address the problem of interdependencies between components nor consider the role of users that is one of critical factors impacting on the smart grid vulnerability assessment. This motivates us to study a more general and practical problem in terms of smart grid vulnerability assessment, namely the Maximum-Impact through Critical-Line with Limited Budget (MICLLB) problem. The objective of this research is to provide an efficient method to identify critical components in the system by considering a realistic attack scenario.
Musleh, Ahmed S., Chen, Guo, Dong, Zhao Yang, Wang, Chen, Chen, Shiping.  2020.  Statistical Techniques-Based Characterization of FDIA in Smart Grids Considering Grid Contingencies. 2020 International Conference on Smart Grids and Energy Systems (SGES). :83–88.
False data injection attack (FDIA) is a real threat to smart grids due to its wide range of vulnerabilities and impacts. Designing a proper detection scheme for FDIA is the 1stcritical step in defending the attack in smart grids. In this paper, we investigate two main statistical techniques-based approaches in this regard. The first is based on the principal component analysis (PCA), and the second is based on the canonical correlation analysis (CCA). The test cases illustrate a better characterization performance of FDIA using CCA compared to the PCA. Further, CCA provides a better differentiation of FDIA from normal grid contingencies. On the other hand, PCA provides a significantly reduced false alarm rate.
Ackley, Darryl, Yang, Hengzhao.  2020.  Exploration of Smart Grid Device Cybersecurity Vulnerability Using Shodan. 2020 IEEE Power Energy Society General Meeting (PESGM). :1–5.
The generation, transmission, distribution, and storage of electric power is becoming increasingly decentralized. Advances in Distributed Energy Resources (DERs) are rapidly changing the nature of the power grid. Moreover, the accommodation of these new technologies by the legacy grid requires that an increasing number of devices be Internet connected so as to allow for sensor and actuator information to be collected, transmitted, and processed. With the wide adoption of the Internet of Things (IoT), the cybersecurity vulnerabilities of smart grid devices that can potentially affect the stability, reliability, and resilience of the power grid need to be carefully examined and addressed. This is especially true in situations in which smart grid devices are deployed with default configurations or without reasonable protections against malicious activities. While much work has been done to characterize the vulnerabilities associated with Supervisory Control and Data Acquisition (SCADA) and Industrial Control System (ICS) devices, this paper demonstrates that similar vulnerabilities associated with the newer class of IoT smart grid devices are becoming a concern. Specifically, this paper first performs an evaluation of such devices using the Shodan platform and text processing techniques to analyze a potential vulnerability involving the lack of password protection. This work further explores several Shodan search terms that can be used to identify additional smart grid components that can be evaluated in terms of cybersecurity vulnerabilities. Finally, this paper presents recommendations for the more secure deployment of such smart grid devices.
Zhang, Fengli, Huff, Philip, McClanahan, Kylie, Li, Qinghua.  2020.  A Machine Learning-Based Approach for Automated Vulnerability Remediation Analysis. 2020 IEEE Conference on Communications and Network Security (CNS). :1–9.
Security vulnerabilities in firmware/software pose an important threat ton power grid security, and thus electric utility companies should quickly decide how to remediate vulnerabilities after they are discovered. Making remediation decisions is a challenging task in the electric industry due to the many factors to consider, the balance to maintain between patching and service reliability, and the large amount of vulnerabilities to deal with. Unfortunately, remediation decisions are current manually made which take a long time. This increases security risks and incurs high cost of vulnerability management. In this paper, we propose a machine learning-based automation framework to automate remediation decision analysis for electric utilities. We apply it to an electric utility and conduct extensive experiments over two real operation datasets obtained from the utility. Results show the high effectiveness of the solution.