Cyber Threat Analysis Based on Characterizing Adversarial Behavior for Energy Delivery System

Abstract

Recently, Energy Delivery Systems (EDS) has been the target of several sophisticated attacks with potentials for catastrophic damages. These attacks are diverse in techniques, attack progression, and impacts. System administrators require comprehensive analytics to assess their defense against these diverse adversarial strategies. To address this challenge, this paper proposes a methodology to assess cyber threats proactively by characterizing adversary behavior. First, we describe the different level of threat indicators and their effectiveness to understand the adversary activity. Next, we integrate static network information with dynamic attack strategy by mapping attack graphs into attacker’s techniques and tactics. This contextual integration provides insights into attacker’s stealthy behavior. Following the enumeration of complexity and effort for attack progression, we devise a metric to quantify the likelihood of an adversary taking an attack path for compromising an asset in EDS. We empirically evaluated our approach within an ICS test-bed. The results show the significance of our approach for characterizing adversarial behavior and gaining valuable insights on cyber risk management.