kth.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-9546-9463
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-3922-9606
2022 (English)In: Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP, Scitepress , 2022, Vol. Vol. 1 - 978-989-758-553-1, p. 96-107Conference paper, Published paper (Refereed)
Abstract [en]

The metric Time-To-Compromise (TTC) can be used for estimating the time taken for an attacker to compromise a component or a system. The TTC helps to identify the most critical attacks, which is useful when allocating resources for strengthening the cyber security of a system. In this paper we describe our updated version of the original definition of TTC. The updated version is specifically developed for the Industrial Control Systems domain. The Industrial Control Systems are essential for our society since they are a big part of producing, for example, electricity and clean water. Therefore, it is crucial that we keep these systems secure from cyberattacks. We align the method of estimating the TTC to Industrial Control Systems by updating the original definition’s parameters and use a vulnerability dataset specific for the domain. The new definition is evaluated by comparing estimated Time-To-Compromise values for Industrial Control System attack scenarios to previous research results. 
Place, publisher, year, edition, pages
Scitepress , 2022. Vol. Vol. 1 - 978-989-758-553-1, p. 96-107
Keywords [en]
Industrial Control System, Time-To-Compromise, Cyber Security, Vulnerabilities
National Category
Computer and Information Sciences
Research subject
Information and Communication Technology
Identifiers
URN: urn:nbn:se:kth:diva-310220DOI: 10.5220/0010817400003120ISI: 000818770500008Scopus ID: 2-s2.0-85152776521OAI: oai:DiVA.org:kth-310220DiVA, id: diva2:1647095
Conference
8th International Conference on Information Systems Security and Privacy - ICISSP, Online/Virtual, 9-11 February 2022
Funder
SweGRIDS - Swedish Centre for Smart Grids and Energy Storage
Note

Part of proceedings: ISBN 978-989-758-553-1

QC 20220401

Available from: 2022-03-24 Created: 2022-03-24 Last updated: 2025-05-02Bibliographically approved
In thesis
1. Cyber Security Threat Modeling of Power Grid Substation Automation Systems
Open this publication in new window or tab >>Cyber Security Threat Modeling of Power Grid Substation Automation Systems
2025 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The substation is a vital part of the power grid and serves to aid in the distribution of electricity by, for example, transforming from high to low voltage. It is essential to protect the substation as a loss of electricity would cause severe consequences for our society. The Substation Automation System (SAS) allows for remote management and automation of substations but also creates possibilities for cybersecurity threats. In this thesis efforts towards using threat modeling to assess the cybersecurity of SAS are presented. Threat modeling entails creating a model of the system that shows the possible cybersecurity threats against it. To reach this goal, previously used information sources for threat modeling in the power systems domain are found. The thesis also includes the creation of a Time-To-Compromise (TTC) estimate for cyber attacks against Industrial Control Systems. By estimating the TTC, it is possible to prioritize which attacks to defend against. One method of creating threat models is by using threat modeling languages in which the assets, associations, attacks, and defenses have been defined. In this thesis, a threat modeling language for creating threat models of SAS is presented. The threat models in this thesis are used to create attack graphs to show the possible paths an attacker could take throughout the system. The work of this thesis also consists of evaluation of threat modeling languages that have been created or used. As a result, accurate assessment of cybersecurity for SAS can be made that helps in the efforts to keep them secure against cyber attacks.
Abstract [sv]

Transformatorstationen är en viktig del av elkraftnätet och dess roll är att hjälpa till med distributionen av el genom att som dess namn beskriver transformera om spänningen. Det är nödvändigt att skydda transformatorstationen eftersom ett elavbrott skulle skapa stora konsekvenser för vårt samhälle. Ett automatiserat transformatorstationssystem gör det möjligt att hantera den externt men det öppnar även upp möjligheterna för cybersäkerhetshot. I den här avhandlingen presenteras forskning kring användning av hotmodellering för att utvärdera cybersäkerheter för SAS. Hotmodellering innebär att man skapar en modell av systemet som visar möjliga cybersäkerhetshot mot det. För att nå det målet har informationskällor för hotmodeller inom kraftnätsdomänen sammanställts genom en systematisk litteraturstudie. I avhandlingen tas det också fram ett sätt att räkna ut tiden det tar för att framgångsrikt genomföra en cyberattack mot industriella kontrollsystem. Hotmodeller kan skapas genom att använda hotmodelleringsspråk inom vilket komponenterna, relationerna, attacker och försvar är definierade. I den här avhandlingen skapas ett hotmodelleringsspråk för att skapa hotmodeller av SAS. Hotmodellerna i detta arbete kan användas för att skapa attackgrafer som visar möjliga vägarna som en attackerare skulle kunna ta genom systemet. Arbetet utvärderar även hotmodelleringsspråken som har använts eller skapats. Som ett resultat av denna avhandling kan korrekta utvärderingar av cybersäkerhet för SAS göras vilket hjälper i arbetet av att hålla dom säkra mot cyberattacker.
Place, publisher, year, edition, pages
Stockholm, Sweden: KTH Royal Institute of Technology, 2025. p. xii, 45
Series
TRITA-EECS-AVL ; 2025:53
Keywords
Threat Modeling, Cybersecurity, Power systems, Substation Automation Systems, Attack graphs, Industrial Control Systems
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Electrical Engineering
Identifiers
urn:nbn:se:kth:diva-362974 (URN)978-91-8106-286-1 (ISBN)
Public defence
2025-06-05, https://kth-se.zoom.us/j/61562773806, U1, Brinellvägen 26, Stockholm, 09:30 (English)
Opponent
Supervisors
Note

QC 20250502

Available from: 2025-05-02 Created: 2025-05-02 Last updated: 2025-05-12Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopusConference website

Authority records

Rencelj Ling, EnglaEkstedt, Mathias

Search in DiVA

By author/editor
Rencelj Ling, EnglaEkstedt, Mathias
By organisation
Network and Systems Engineering
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 356 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub