This week (28th of September’21), Ismail Butun, Ph.D. from KTH Royal University of Technology, the Department of Computer Science at the School of Electrical Engineering and Computer Science presented our #H2020 project #EnergyShield at the SCADA-Säkerhet 2021 Cyber-Security Conference. Our project aims at developing & testing an integrated cyber security toolkit for the energy sector. Including vulnerability assessment, anomaly detection, behavior analysis, forensics, DDoS mitigation, and SIEM. #cybersecurity #energy #ddosprotection #smartgrids #h2020energy #scada
NTUA and KTH joined forces to write an article together that conceptually maps the SBA and the VA tool to each other. Therefore, they facilitated the MITRE ATT&CK matrix to link the meta model of SBA to the icsLang, which is used as meta model for VA. The paper will be presented at the EPESec workshop at the ARES conference.
The abstract reads as follows:
The increase of cyber-attacks raised security concerns for critical assets worldwide in the last decade. Leading to more efforts spent towards increasing the cyber security among companies and countries. For the sake of enhancing cyber security, representation and testing of attacks have prime importance in understanding system vulnerabilities. One of the available tools for simulating attacks on systems is the Meta Attack Language (MAL), which allows representing the effects of certain cyber-attacks. However, only understanding the component vulnerabilities is not enough in securing enterprise systems. Another important factor is the `human`, which constitutes the biggest `insider threat`. For this, Security Behavior Analysis (SBA) helps understanding which system components that might be directly affected by the `human`. As such, in this work, the authors present an approach for integrating user actions, so called “security behavior”, by mapping SBA to a MAL-based language through MITRE ATT&CK techniques.
EnergShield Consortium has just released the report of the European workshop Trends, opportunities and choices in designing a cyber resilient EPES infrastructure organized on the 15th of April 2021, 10.00 CET. EnergyShield_Workshop Report_v0.6
A total of 135 persons attended the online EnergyShield workshop and the majority were interested in the opening session topics.
The event was initiated and organized by three EnergyShield partners: Software Imagination & Vision (Coordinator), KTH Royal Institute of Technology in Stockholm (Dissemination& Communication Leader) and National Technical University of Athens (Collaboration Leader).
The event gathered Critical infrastructure stakeholders, business, academia, and industry professionals from 8 European countries around cross-domain topics.
Different aspects of cyber security in EPES sector including standardization efforts and policy updates were addressed during the opening sessions leaded by representatives from European Commission, ENISA and energy standardization and regulatory bodies. Also, a brief introduction of Energy Shield project and a demonstration of the toolkit developed completed this session.
The second part of the workshop focused on two topics that will be addressed in two consecutive panels equipped with high profiled experts from the field. The first one elaborated on the effect of work from home on energy and IT infrastructures, while the second one addressed latest incidents targeting critical infrastructure and their impact on designing new technologies, business models and policies.
The EnergyShield project has joined the European Cluster for Securing Critical Infrastructures (ECSCI). The main objective of this cluster is to create synergies and foster emerging disruptive solutions to security issues via cross-projects collaboration and innovation. Research activities will focus on how to protect critical infrastructures and services, highlighting the different approaches between the clustered projects and establishing tight and productive connections with closely related and complementary H2020 projects. To promote the activities of the cluster, ECSCI will organize international conferences, and national or international workshops, involving both policy makers, industry and academic, practitioners, and representatives from the European Commission.
Further information on the cluster can be found on the website of the organizing FINSEC project.
Our academic partners again were very productiv resulting in two articles accepted for publications in two journals. The first article “A Method for Assigning Probability Distributions in Attack Simulation Languages” is written by KTH and proposes a method to determine probability distributions used in the attack simulations of the vulnerability assessment. The abstract is as following:
Cyber attacks on IT and OT systems can have severe consequences for individuals and organizations, from water or energy distribution systems to online banking services. To respond to these threats, attack simulations can be used to assess the cyber security of systems to foster a higher degree of resilience against cyber attacks; the steps taken by an attacker to compromise sensitive system assets can be traced, and a time estimate can be computed from the initial step to the compromise of assets of interest.
Previously, the Meta Attack Language (MAL) was introduced as a framework to develop security-oriented domain-specific languages. It allows attack simulations on modeled systems and analyzes weaknesses related to known attacks. To produce more realistic simulation results, probability distributions can be assigned to attack steps and defenses to describe the efforts required for attackers to exploit certain attack steps. However, research on assessing such probability distributions is scarce, and we often rely on security experts to model attackers’ efforts. To address this gap, we propose a method to assign probability distributions to the attack steps and defenses of MAL-based languages. We demonstrate the proposed method by assigning probability distributions to a MAL-based language. Finally, the resulting language is evaluated by modeling and simulating a known cyber attack.
The second article “Detecting Insider Threat via a Cyber-Security Culture Framework” is written by NTUA and elaborates on the method used in the SBA tool and links it to insider threats. The abstract is as following:
Insider threat has been recognized by both scientific community and security professionals as one of the gravest security hazards for private companies, institutions, and governmental organizations. Extended research on the types, associated internal and external factors, detection approaches and mitigation strategies has been conducted over the last decades. Various frameworks have been introduced in an attempt to understand and reflect the danger posed by this threat, whereas multiple identified cases have been classified in private or public databases. This paper aims to present how a cyber-security culture framework with a clear focus on the human factor can assist in detecting possible threats of both malicious and unintentional insiders. We link current insider threat categories with specific security domains of the framework and introduce an assessment methodology of the core contributing parameters. Specific approach takes into consideration technical, behavioral, cultural, and personal indicators and assists in identifying possible security perils deriving from privileged individuals.
Our partners from KTH got another paper accepted at the EMMSAD’21 conference. The article proposes different coverage metrics to assess the extend MAL-based languages are tested to secure their functionality. Moreover, they have developed an extension to the MAL compiler that performs this measurement automatically. The abstract is as follows:
Designing secure and reliable systems is a difficult task. Threat modeling is a process that supports the secure design of systems by easing the understanding of the system’s complexity, as well as identifying and modeling potential threats. These threat models can serve as input for attack simulations, which are used to analyze the behavior of attackers within the system. To ensure the correct functionality of these attack simulations, automated tests are designed that check if an attacker can reach a certain point in the threat model. Currently, there is no way for developers to estimate the degree to which their tests cover the attack simulations and, thus, they cannot the determine the quality of their tests. To resolve this shortcoming, we analyze structural testing methods from the software engineering domain and transfer them to the threat modeling domain by following an Action Design Research approach. Further, we develop a first prototype, which is able to assess the test coverage in an automated way. This will enable threat modeler to determine the quality of their tests and, simultaneously, increase the quality of the threat models.
Our partners from KTH, got their paper entitled “Towards an Ecosystem of Domain Specific Languages for Threat Modeling” accepted at the 33rd International Conference on Advanced Information Systems Engineering (CAiSE’21). The abstract is as follows:
Today, many of our activities depend on the normal operation of the IT infrastructures that supports them. However, cyber-attacks on these infrastructures can lead to disastrous consequences. Therefore, efforts towards assessing the cyber-security are being done, such as attack graph simulations based on system architecture models.
The Meta Attack Language (MAL) was previously proposed as a framework for developing Domain Specific Languages (DSLs) that can be used for the aforementioned purpose. Since many common components exist among different domains, a way to prevent repeating work had to be defined. To facilitate this goal, we adapt taxonomy building by Nickerson and propose an ecosystem of MAL-based DSLs that describes a systematic approach for not only developing, but also maintaining them over time. This can foster the usage of MAL for modeling new domains.
Energy Shield Consortium is inviting you to attend online workshop “Trends, opportunities and choices in designing cyber resilient EPES infrastructure” on the 15th of April starting at 10.00 CET.
Targeted audience: If you are an EPES value chain stakeholder, critical infrastructure and/or cyber security expert, researcher, scientist or domain enthusiast, please register here
Event structure & objectives:
EnergyShield online workshop aims at engaging different stakeholders in cross-domain topics via:
- Opening sessions approaching standardization efforts and policy updates impacting critical infrastructures and cyber security.
- Demonstration of Energy Shield toolkit.
- Two panel discussions about the impact of the home working on energy and IT infrastructures and on how the lasted incidents targeting critical infrastructures are reshaping technologies, businesses and policies landscape.
- During the event, you will be able to address questions via chat and discuss with the other participants.
- Prior the event, you can fill two panel related surveys to provides insights, propose questions or launch topics of discussion (Panel 1 and Panel 2).
- After the event, a report will be issued and all the topics an question will be addressed.
Help us spread the word!
- Use #EnergyShield_Event2021 to promote the event via Twitter.
- Check out the latest news on project website energy-shield.eu
- Join EnergyShield group and event on LinkedIn
- Check out the full program to find out more about the speakers and about who’s endorsing the event EnergyShield_workshop-Program-V3-small
While deciding… please watch a video presentation of the Energy Shield project https://youtu.be/AtSUmkrp1Dw
Looking forward to seeing you at the event!
EnergyShield Consortium is inviting you to join us in an online workshop engaging different stakeholders in cross-domain topics on the 15th of April 2021 starting from 10:00 CET.
Register here to the online workshop on Trends, opportunities and choices in designing a cyber resilient EPES infrastructure organized by EnergyShield Consortium.
Five interesting presentations and two panels elaborating on actual opportunities for security in the energy domain are scheduled during the event. .
After a short introduction, the EnergyShield project officer will talk about recent policy developments in cybersecurity for critical infrastructure protection. Presentations on different aspects ranging from ENISA’s activities in the energy sector, over cyber security in the EPES sector, to standardization efforts to assess cyber security in UK will follow.
The workshop will be concluded by two exciting panel discussions, equipped with high profiled experts from the field. The first will elaborate on the effect of work from home on energy and IT infrastructures, while the second addresses latest incidents targeting critical infrastructure.
Do not miss the chance to participate in the workshop and register for this event!
Follow us to meet the speakers and to find out how you can contribute to this event.
The EnergyShield Consortium is preparing an online workshop to promote the EnergyShield project and engage different stakeholders in cross-domain topics.
“Trends, opportunities and choices in designing a cyber-resilient EPES infrastructure” workshop is scheduled for the 15th of April 2021 (10.00 to 12.30 CET). Relevant energy and cybersecurity stakeholders, representatives from the European Commission, European Union Agency for Cybersecurity, standardization and policy bodies will join the discussions related to designing new solutions or adopting new technologies, business models and policies. Latest incidents targeting critical infrastructures and the work-from-home impact in energy and IT domains will be approached.
All interested stakeholders are invited to attend the online event.