TMQ

Threat model quantification in Smart Grid critical infrastructures

Luis Garcia, Saman Zonouz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

For proper security risk management and effective deployment of security solutions in smart grid critical infrastructures, accurate identification and in-depth understanding of threats are crucial. Traditional descriptive threat models are often considered insufficient for accurate and mathematical numerical risk analyses of such critical infrastructures. In this paper, we propose TMQ, a novel and scalable threat model quantification method to create numerical models of various threat categories automatically. In particular, TMQ makes use of several sources of information to quantify the individual threat vectors. First, TMQ utilizes the smart grid network topology and global security access control policies to create a state-based security model for the smart grid using the Markov decision processes formalism. Then, TMQ utilizes traditional descriptive threat models, historical attack reports, intrusion detection logs as well as reports/interviews by/with hackers to quantify adversarial viewpoints of attackers from various threat categories against the smart grid. The result is an automatically generated model with specialized reward functions for each category of attackers. Our experimental results on a smart grid testbed network with several vulnerabilities show that TMQ can accurately quantify traditional descriptive threat models efficiently.

Original languageEnglish
Title of host publication2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages584-589
Number of pages6
ISBN (Print)9781479949342
DOIs
StatePublished - Jan 12 2015
Event2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014 - Venice, Italy
Duration: Nov 3 2014Nov 6 2014

Other

Other2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
CountryItaly
CityVenice
Period11/3/1411/6/14

Fingerprint

Critical infrastructures
quantification
threat
infrastructure
Intrusion detection
Risk management
Testbeds
hacker
Access control
Numerical models
Topology
risk management
source of information
reward
vulnerability
interview

ASJC Scopus subject areas

  • Communication
  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Garcia, L., & Zonouz, S. (2015). TMQ: Threat model quantification in Smart Grid critical infrastructures. In 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014 (pp. 584-589). [7007710] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SmartGridComm.2014.7007710

TMQ : Threat model quantification in Smart Grid critical infrastructures. / Garcia, Luis; Zonouz, Saman.

2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 584-589 7007710.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Garcia, L & Zonouz, S 2015, TMQ: Threat model quantification in Smart Grid critical infrastructures. in 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014., 7007710, Institute of Electrical and Electronics Engineers Inc., pp. 584-589, 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014, Venice, Italy, 11/3/14. https://doi.org/10.1109/SmartGridComm.2014.7007710
Garcia L, Zonouz S. TMQ: Threat model quantification in Smart Grid critical infrastructures. In 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 584-589. 7007710 https://doi.org/10.1109/SmartGridComm.2014.7007710
Garcia, Luis ; Zonouz, Saman. / TMQ : Threat model quantification in Smart Grid critical infrastructures. 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 584-589
@inproceedings{0dce95a43705443b90d50d7c1e1c17de,
title = "TMQ: Threat model quantification in Smart Grid critical infrastructures",
abstract = "For proper security risk management and effective deployment of security solutions in smart grid critical infrastructures, accurate identification and in-depth understanding of threats are crucial. Traditional descriptive threat models are often considered insufficient for accurate and mathematical numerical risk analyses of such critical infrastructures. In this paper, we propose TMQ, a novel and scalable threat model quantification method to create numerical models of various threat categories automatically. In particular, TMQ makes use of several sources of information to quantify the individual threat vectors. First, TMQ utilizes the smart grid network topology and global security access control policies to create a state-based security model for the smart grid using the Markov decision processes formalism. Then, TMQ utilizes traditional descriptive threat models, historical attack reports, intrusion detection logs as well as reports/interviews by/with hackers to quantify adversarial viewpoints of attackers from various threat categories against the smart grid. The result is an automatically generated model with specialized reward functions for each category of attackers. Our experimental results on a smart grid testbed network with several vulnerabilities show that TMQ can accurately quantify traditional descriptive threat models efficiently.",
author = "Luis Garcia and Saman Zonouz",
year = "2015",
month = "1",
day = "12",
doi = "10.1109/SmartGridComm.2014.7007710",
language = "English",
isbn = "9781479949342",
pages = "584--589",
booktitle = "2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - TMQ

T2 - Threat model quantification in Smart Grid critical infrastructures

AU - Garcia, Luis

AU - Zonouz, Saman

PY - 2015/1/12

Y1 - 2015/1/12

N2 - For proper security risk management and effective deployment of security solutions in smart grid critical infrastructures, accurate identification and in-depth understanding of threats are crucial. Traditional descriptive threat models are often considered insufficient for accurate and mathematical numerical risk analyses of such critical infrastructures. In this paper, we propose TMQ, a novel and scalable threat model quantification method to create numerical models of various threat categories automatically. In particular, TMQ makes use of several sources of information to quantify the individual threat vectors. First, TMQ utilizes the smart grid network topology and global security access control policies to create a state-based security model for the smart grid using the Markov decision processes formalism. Then, TMQ utilizes traditional descriptive threat models, historical attack reports, intrusion detection logs as well as reports/interviews by/with hackers to quantify adversarial viewpoints of attackers from various threat categories against the smart grid. The result is an automatically generated model with specialized reward functions for each category of attackers. Our experimental results on a smart grid testbed network with several vulnerabilities show that TMQ can accurately quantify traditional descriptive threat models efficiently.

AB - For proper security risk management and effective deployment of security solutions in smart grid critical infrastructures, accurate identification and in-depth understanding of threats are crucial. Traditional descriptive threat models are often considered insufficient for accurate and mathematical numerical risk analyses of such critical infrastructures. In this paper, we propose TMQ, a novel and scalable threat model quantification method to create numerical models of various threat categories automatically. In particular, TMQ makes use of several sources of information to quantify the individual threat vectors. First, TMQ utilizes the smart grid network topology and global security access control policies to create a state-based security model for the smart grid using the Markov decision processes formalism. Then, TMQ utilizes traditional descriptive threat models, historical attack reports, intrusion detection logs as well as reports/interviews by/with hackers to quantify adversarial viewpoints of attackers from various threat categories against the smart grid. The result is an automatically generated model with specialized reward functions for each category of attackers. Our experimental results on a smart grid testbed network with several vulnerabilities show that TMQ can accurately quantify traditional descriptive threat models efficiently.

UR - http://www.scopus.com/inward/record.url?scp=84922431667&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84922431667&partnerID=8YFLogxK

U2 - 10.1109/SmartGridComm.2014.7007710

DO - 10.1109/SmartGridComm.2014.7007710

M3 - Conference contribution

SN - 9781479949342

SP - 584

EP - 589

BT - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -