Fortify Your Defenses: Strategic Budget Allocation to Enhance Power Grid Cybersecurity††thanks: The research described in this paper is part of the Resilience Through Data Driven, Intelligently Designed Control (RD2C) Initiative at Pacific Northwest National Laboratory (PNNL). It was conducted under the Laboratory Directed Research and Development Program at PNNL, a multiprogram national laboratory operated by Battelle for the U.S. Department of Energy.
Abstract
The abundance of cyber-physical components in modern day power grid with their diverse hardware and software vulnerabilities has made it difficult to protect them from advanced persistent threats (APTs). An attack graph depicting the propagation of potential cyber-attack sequences from the initial access point to the end objective is vital to identify critical weaknesses of any cyber-physical system. A cyber security personnel can accordingly plan preventive mitigation measures for the identified weaknesses addressing the cyber-attack sequences. However, limitations on available cybersecurity budget restrict the choice of mitigation measures. We address this aspect through our framework, which solves the following problem: given potential cyber-attack sequences for a cyber-physical component in the power grid, find the optimal manner to allocate an available budget to implement necessary preventive mitigation measures. We formulate the problem as a mixed integer linear program (MILP) to identify the optimal budget partition and set of mitigation measures which minimize the vulnerability of cyber-physical components to potential attack sequences. We assume that the allocation of budget affects the efficacy of the mitigation measures. We show how altering the budget allocation for tasks such as asset management, cybersecurity infrastructure improvement, incident response planning and employee training affects the choice of the optimal set of preventive mitigation measures and modifies the associated cybersecurity risk. The proposed framework can be used by cyber policymakers and system owners to allocate optimal budgets for various tasks required to improve the overall security of a cyber-physical system.
Introduction
An increased reliance on Information Technology (IT) in various aspects of modern life has created a vast ecosystem of interconnected systems, networks and devices (Bansal and Kumar 2020). This provides a large attack surface for cyber adversaries to target, allowing them to gain unauthorized access, steal data, and disrupt operations. The availability of off-the-shelf hacking tools and malware in the underground market makes their task even easier to an extent, which allows them to initiate complex attacks without the requirement of sophisticated programming expertise (Liggett et al. 2019). Sophisticated malware, APTs and multi-stage cyber attacks involving multiple attack vectors are principal factors, which increase the complexity of these attacks and make them harder to detect and mitigate (Li and Liu 2021). This requires system owners and cybersecurity personnel to be well aware about the latest vulnerabilities and plan to mitigate them effectively.
The modern day energy infrastructure is equipped with smart devices, which aid in its monitoring and control. These devices are an integral part of the cyber-physical energy system (CPES). They form the link between the physical power grid and the communication network, allowing system operators to take online decisions and alter system conditions remotely. However, this comes at a cost of increased vulnerability to cyber attacks where adversaries can gain access to these devices and adversely impact the power grid infrastructure, leading to severe events such as widespread blackout. A typical CPES consists of multiple smart devices interlinked through a communication network. These smart devices (such as a smart inverter or a protective relay) can be accessed directly by a cyber adversary or via the communication network after a successful intrusion into a centrally situated device (such as a substation automation controller). Therefore, the goal of cybersecurity personnel is to protect these smart devices (or components) from adversarial cyber intrusions. From hereon, we use the terms ‘component’ and ‘smart device’ interchangeably. In this work, we aim to identify an optimal set of preventive cybersecurity measures for each component in the CPES in order to reduce the risk of adversarial cyber attacks.
A bottom-up approach involves evaluating the risk associated with the failure of a component by assessing the loss of power grid resilience or stability, and thereafter, allocating budget towards securing the ‘critical’ components (Zografopoulos et al. 2021). On the contrary, a top-down approach focuses on cyber vulnerabilities for a component, possible adversarial techniques used to exploit them, and preventive strategies to avoid them (Das et al. 2022; Dutta et al. 2022; Subasi et al. 2022). This involves develo** and implementing patches for individual vulnerabilities in a timely manner, which has been reported to be almost impossible (Culafi 2021). One of the major roadblocks responsible for this is the lack of resources required to cover the sheer surface area of diverse hardware and software vulnerabilities. To this end, an organizational effort is required which addresses the prioritizing the vulnerabilities and allocating available budget based on their priorities.
The MITRE Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) framework, developed by the MITRE Corporation, serves as a comprehensive and structured database to understand and organize information about cyber threats (MITRE Corporation 2023). The framework consists of tactics, or high-level objectives of an adversary during an attack, and techniques, or specific methods and procedures to accomplish their objectives within each tactic. It also provides detailed information about associated mitigation measures, which refer to strategies that organizations can employ to defend against or reduce the impact of specific techniques. However, information regarding both the cost of implementing the preventive mitigation measures and their efficacy against adversarial techniques are not included in the framework. This makes the task of evaluating the investment required to implement a proposed mitigation plan difficult to compute. At the same time, it is difficult to quantify how the presence or absence of mitigation measures affects the success rate of an adversarial technique.
In this paper, we approach the evaluation of optimal policies to improve a component’s cybersecurity in the CPES with an aim to alleviate its risk to adversarial threats. An important aspect of policy formulation is to prioritize the problems to address and partitioning available budget to implement appropriate solutions. We treat the cybersecurity budget to be representative of the labor/staff hours and associated resources required to implement the different mitigation measures. Hence, we identify multiple organizational sectors to segregate the mitigation measures based on the skill or number of staff hours required for implementation (Georgiadou, Mouzakitis, and Askounis 2021). Thereafter, our proposed approach evaluates the high priority mitigation measures required to be implemented and the optimal manner of partitioning the cybersecurity budget to achieve this task. The underlying assumption of our approach is that allocating budget in a particular sector implies prioritizing mitigation measures within that sector. This improves the overall efficacy of the mitigation against all adversarial techniques. The formal problem statement can be stated as follows: Given potential cyber-attack sequences for a cyber-physical component in the power grid, find the optimal manner to allocate an available labor budget to implement necessary preventive mitigation measures, which reduces the risk to adversary threats.
Contributions. The major contributions of this paper are listed below: (i) we use a top-down approach to define the vulnerability of a CPES component based on the adversarial threats and attack sequences to which it is susceptible, (ii) we use the MITRE ATT&CK framework to define the efficacy of mitigation measures against adversarial techniques and thereby, propose analytic expressions to evaluate the success rate of both individual techniques and entire attack sequences, (iii) we formulate a MILP by using these analytic expressions to identify the optimal partitions of a given limited budget to improve mitigation measure efficacy and evaluate the optimal mitigation set required to minimize successful adversarial attack sequences on the cyber component. The proposed holistic framework can be generalized for any cyber-physical system or any component/system with recorded cyber vulnerabilities.
Related Works
Risk assessment of CPES has been studied extensively using various methodologies, where the impact of cyber attacks on specific nodes in the power network is analyzed to identify the resulting damage. This has been done either through low fidelity simulation frameworks (Keliris et al. 2016; Chen et al. 2014; Georg et al. 2013; Dorsch et al. 2014; Queiroz, Mahmood, and Tari 2011) or through high fidelity real time simulation test beds (Vasisht et al. 2022; Sridhar et al. 2017; Haack et al. 2013; Stanovich et al. 2013). These frameworks are useful, since they provide means to identify critical components in terms of their impact on the power grid and enable system planners to focus their cybersecurity countermeasures. However, recent intrusion reports show complex cyber attack sequences, which utilize the interconnected nature of communication systems in order to gain system-wide access (MITRE Corporation 2023). This necessitates a top-down approach, which identifies possible cyber attack sequences and recommend countermeasures to prevent them.
Authors in (Nandi, Medal, and Vadlamani 2016) propose an interdiction plan by deploying countermeasures at optimal set of edges in an attack graph to minimize losses due to security breaches. However, this work assumes a deterministic graph, with a or breach success rate along the edges and also considers fixed budget for countermeasures along each edge in the graph The MITRE ATT&CK framework has been used in (Das et al. 2022; Dutta et al. 2022) to identify vulnerabilities in several CPES components and generate attack sequences. It provides list of mitigation measures to prevent adversarial techniques. However, a holistic framework to identify the optimal set of countermeasures to prevent a set of attack sequences is not available in the present literature.
The authors in (Li et al. 2019) have performed extensive survey to show how investing in various organizational sectors has affected the overall improvement of cybersecurity awareness in several organizations. The association of various mitigation measures specified in the MITRE ATT&CK framework to the cybersecurity culture of various organizations has been presented in (Georgiadou, Mouzakitis, and Askounis 2021). This allows a holistic approach to address cybersecurity gaps in infrastructure and policies for an organization. The allocation of resources to improve cybersecurity in an organization is a pertinent problem due to contrasting interest of different individuals (Srinidhi, Yan, and Tayi 2015). In this regard, the present literature lacks a framework capable of addressing the aspect of allocating budget to different organizational sectors serving a common goal of reducing vulnerability of adversarial cyber attacks. This paper aims to address this particular research gap.
Preliminaries
MITRE ATT&CK framework. The MITRE ATT&CK framework (MITRE Corporation 2023) serves as a database of cyber attack scenarios and methods undertaken by adversaries for cyber intrusion. It contains an extensive list of tactics and techniques common to adversarial cyber attacks. The ‘tactics’ denote adversarial motivation and ‘techniques’ represent the instrumental means of achieving those tactical objectives. Moreover, each technique is associated with a list of mitigation measures such that a particular cyber defense system with a given set of mitigation measures will be able to prevent only their corresponding techniques. We denote sets of techniques and mitigation measures by and respectively and define a map** to identify the set of mitigation measures , which can prevent an adversary from performing technique . The pre-image of a mitigation measure under provides the induced map** as the set of techniques which can be prevented when is available in the cyber defense system.
Hybrid Attack Graph (HAG). The cybersecurity risk assessment of a component in the CPES involves identifying possible adversarial techniques that can be performed on it. To this end, we use a map** framework, which maps common cyber vulnerabilities in the component to common attack patterns that can be executed on these vulnerabilities. The framework is depicted in Fig. 1, where we provide the name of a component as input and the framework evaluates the vulnerabilities from the Common Vulnerability Enumeration (CVE) database, identifies respective weaknesses from the Common Weakness Enumeration (CWE) database, gets attack patterns from the Common Attack Pattern Enumeration and Classification (CAPEC) database and finally maps to the MITRE ATT&CK framework to obtain the list of adversarial techniques. Refer (Dutta et al. 2022) for details about each of these database.
However, cybersecurity risk assessment also requires us to identify the sequence of techniques which can be performed on the component. A HAG serves as an excellent tool for this purpose. These are synthetically generated graphs which are created based on past instances of cyber attacks reported in openly available cyber intrusion reports (Donald, Meyur, and Purohit 2023). An attack graph describes attack sequences through a set of possible techniques from the MITRE ATT&CK framework. The nodes in the graph represent adversarial techniques and the edges depict consecutive techniques used in an attack sequence.
A single attack sequence is represented as a path in the HAG, describing the progression of techniques. We denote an attack sequence of length as . The adversarial techniques which comprise the sequence are nodes in the HAG. It is important to mention that we assume the following while creating a HAG: (i) the transition of techniques follow a predefined order of the associated tactics, and (ii) techniques are not repeated. An example HAG is shown in Fig. 2.
Vulnerability of a component. The goal of this work is to harness the MITRE ATT&CK framework to plan mitigation measures for a component. To this end, we need to define a component’s vulnerability in the context of the MITRE ATT&CK framework and the HAG generated for the component. The generated HAG provides us with possible sequences of techniques that adversaries could utilize to perform a successful cyber attack. A planner might seek to choose an optimal set of mitigation measures to minimize the probability of compromising the component through any of the attack sequences identified through the HAG. This goal objective requires us to minimize the success probability of each and every attack sequence in the HAG. However, for all practical purposes, reducing these success probabilities to a sufficiently small value is acceptable. We term this objective as minimizing the number of “highly likely” attack sequences. First, we define what we mean by a “highly likely” attack sequence. Here, we assume that the probability of successful execution of the techniques are independent.
Definition 1.
A sequence is said to be “highly likely” if the probability of its successful execution (or success rate ) exceeds a chosen threshold , i.e.,
(1) |
where is the success rate of technique .
Definition 2.
The vulnerability of the component with a set of mitigation measures is given by the fraction of “highly likely” attack sequences
(2) |
where denotes the threshold success rate for a technique to be “highly likely” and denotes the number of “highly likely” attack sequences.
Symbol | Description |
---|---|
Set of all cyber adversary techniques | |
Set of all mitigation measures | |
Set of cybersecurity budget sectors | |
Set of selected mitigation measures | |
Set of attack sequences for device | |
Number of adversary techniques | |
Number of mitigation measures | |
Number of attack sequences in | |
Number of cybersecurity budget sectors | |
An adversarial technique in set | |
An adversarial technique in set | |
An attack sequence |
Proposed Approach
The goal of cybersecurity planning is to identify which mitigation measures to implement to reduce the vulnerability of the cyber-physical component under consideration. We define the optimal defender problem as follows.
Problem 1 (Optimal Defender Problem).
Given limited budget to enhance cybersecurity of a component , find the optimal set of mitigation measures to minimize its vulnerability for a given set of attack sequences .
The main challenge arises when evaluating the cost of implementing each mitigation measure—either in terms of monetary investment or required time commitment. Furthermore, the efficacy of each mitigation measure against the adversarial techniques is usually unknown. However, we note that allocating additional budget generally improves the efficacy of mitigation measures. Therefore, we formulate the problem in a way to to address how to allocate a limited cybersecurity budget to reduce component vulnerability. We state the strategic cybersecurity budget allocation problem as follows:
Problem 2 (Cybersecurity Budget Allocation Problem).
Given a limited budget to enhance the cybersecurity of a component , find the optimal way to partition the budget in order to improve efficacy of a set of mitigation measures and thereby minimize the vulnerability of the component with a given set of attack sequences .
Budget allocation. Following (Georgiadou, Mouzakitis, and Askounis 2021), we categorize the mitigation measures into the following overlap** sectors (or categories): asset management, business continuity, access and trust, operations, defense, security governance and employee training. We partition the entire available budget into the above sectors. Let denote the portion of budget assigned to the category and . Further, we define matrix such that if the mitigation is included in the category, otherwise .
The underlying assumption is that allocating budget improves mitigation measure efficacy, i.e., the probability that a mitigation measure successfully prevents a technique. In our case, we also assume that for a given mitigation, this probability is uniform for all associated techniques. A mitigation measure belongs to one or more of the sectors. We assume that in order to improve the efficacy of a mitigation, the budget must be allocated to all of the associated sectors to which it belongs. Therefore, we compute the fractional budget allocated for improving efficacy of mitigation measure as the weighted sum of the category budgets,
(3) |
Let be the -length vector obtained by stacking the entries for all mitigation measures. The matrix version of (3) is written as , where is a vector of s.
Let denote the initial efficacy of the mitigation. This depends on the efficacy of the mitigation measures already in place – for example, the strength of firewall. We define an exponential improvement in the efficacy with increase in the cybersecurity labor budget, such that it is asymptotic to value of based on the following expression:
(4) |
where is the improved efficacy and is a suitable scaling factor to relate the improvement in efficacy to the overall budget allocation. Fig. 3 shows the exponential improvement in mitigation efficacy for . An exponential relation mimics the most natural behavior of diminishing returns on investments and has been used in similar models (Kubanek 2017).
In practice, the parameter denotes the organization’s efficiency in utilizing the allocated budget to improve the overall cybersecurity. A high means a higher rate of improvement in efficacy for a given increase in budget allocation factor. Further, note that for a given , the maximum improvement in efficacy of mitigation occurs when budget is allocated to all the associated sectors.
Success rate of techniques. Let be the probability that technique is avoided by a mitigation measure . Note that for all techniques which cannot be mitigated by , i.e., . Based on the assumption mentioned in the previous section, we have
(5) |
Let denote the mitigation-technique relation matrix. The entry along the row and column of is if the technique is mitigated by mitigation measure ; otherwise the entry is . This is constructed from the MITRE ATT&CK framework. Fig. 4 shows the matrix through a heat-map where the rows denote the mitigation measures and columns represent techniques. The techniques for each tactic are grouped together. The opacity of every element in the matrix shows the efficacy of the mitigation measure against the adversarial technique. We call this matrix as the mitigation profile.
We want to identify the set of mitigation measures which would reduce the vulnerability of the component with possible attack sequences listed in . Let denote the absence/presence of mitigation measure in the set . Note that the mitigation measures which are not present in the cyber system cannot affect the success rate of an adversarial technique. Using (5) we can write
(6) |
Observe that indicates the probability that technique is not avoided by mitigation measure . We consider each event of technique being avoided by mitigation to be independent. Therefore, the success rate of a technique in the cyber system with a set of mitigation measures is computed as
(7) |
The logarithm of (7) is computed as
(8) |
It is interesting to note that
(9) |
which helps us simplify the log success rate of a technique as
(10) |
(11) |
Let be the -length vector constructed by stacking the for all mitigation measures. We define matrix with element along the row and column. Note that for all since it is the logarithm of fractional values. The logarithm of the success rate of technique can therefore be computed as
(12) |
where denotes the element of vector .
Next, we evaluate the success rate of an attack sequence. Recall that an attack sequence is a list of techniques. We define the attack sequence and technique relation matrix where the entry along the row and column is if the technique is present in the attack sequence and otherwise. The logarithm of success rate of an attack sequence can be computed as
(13) |
We can stack for all the attack sequences to an -length vector , which can be expressed as
(14) |
We can formulate Problem 2 as follows
(15a) | ||||
s.to | (15b) | |||
(15c) | ||||
(15d) |
Symbol | Description |
---|---|
Mitigation & budget category relation matrix | |
Mitigation & technique relation matrix | |
Attack sequence & technique relation matrix | |
Vector of mitigation measure indicator | |
Vector of attack sequence indicator | |
Vector of mitigation specific budget partitions | |
Vector of cybersecurity budget partitions | |
Vector of log of attack sequence success rate | |
Efficacy of mitigation | |
Success rate of technique | |
Success rate of attack sequence | |
Skill level of defender |
Proposed Optimization Framework
First, we define variable to get rid of the bi-linear product term in the expression of (15b). The corresponding -length vector obtained by stacking them is denoted by . Since and , we can write the following inequalities
(16a) | |||
(16b) | |||
(16c) | |||
(16d) |
Note that when , we obtain the equality from the first two inequalities, and when , we obtain from the last two inequalities.
We use the definition of vulnerability described through (2), which leads us to a MILP as discussed below. We define the binary variable to denote whether sequence is “highly likely” or not. Mathematically,
(17) |
Define . We can rewrite (17) for all sequences with a large positive constant using the following inequalities
(18a) | |||
(18b) |
Our aim is to minimize the number of “highly likely” attack sequences. We can therefore write the optimization problem as
(19a) | ||||
s.to | (19b) | |||
(19c) | ||||
(19d) |
Results and Discussion
We use the database map** and the HAG generation frameworks (discussed in Section Preliminaries) to obtain the attack sequences for a component used in the CPES. In this section, we discuss the results obtained for the components - (i) substation automation controller, and (ii) smart inverter. For each component, we identify the set of MITRE ATT&CK adversary techniques which can be executed on it. Thereafter, we use the HAG generation framework to generate sample HAG s. These steps are accomplished using the frameworks described in Section Preliminaries. From these HAG s, we identify possible attack sequences which can be executed on the components. In our case, we identify sequences for substation automation controller and sequences for smart inverter. We select only those attack sequences which contains adversarial techniques included under the “Impact” tactic of the MITRE ATT&CK framework. Therefore, we shortlist the attack sequences which are meaningful in the context of creating an impact in the CPES.
We assume a base case with the HAG presented in Fig. 2, where no mitigation measures are implemented. Therefore, all adversary techniques in the HAG have a success rate of . Fig. 5 shows the optimal mitigation profile (top plot) and success rates of the techniques after implementing the optimal mitigation measures through a heat map on the HAG (bottom plot). It is evident from the mitigation profile that only particular set of mitigation measures are selected. The heat map shows impact of implementing the optimal mitigation strategy in reducing the success rate of adversary techniques in the HAG. We note that the optimal strategy identifies the mitigation measures which reduces the success rate of techniques such that maximum number of attack sequences are affected. This observation can be validated from the fact that the techniques with the highest out-degree are the most influential nodes in the HAG. These are the techniques with the lowest success rates after the mitigation measures are implemented.
Next, we use the proposed optimization framework to partition allocated budget into various organizational sectors. We choose sectors and identify set of mitigation measures in each of the sectors as described in (Georgiadou, Mouzakitis, and Askounis 2021) – (i) assets includes hardware and software asset management, network infrastructure management, improving data security and privacy, (ii) continuity sector consists of preventive strategies to continue business operations in the event of a data breach, (iii) access & trust deals with policies and practices for account and access management, (iv) operations sector involves performing system risk assessment through Threat Intelligence programs, (v) defense sector includes mitigation measures associated with firewall implementation, (vi) governance sector covers tasks related to audit log management and (vii) individual category involves practices making employees aware about cybersecurity risks through training programs and performing frequent security skill evaluation.
Fig. 6 shows the results of optimal budget allocation for two components - (i) substation automation controller and (ii) smart inverter. We perform multiple experiments for different skill level of the defender - thereby solving an optimization problem for each skill level. Recall that parameter denotes the skill level. Each bar shows the partitions of the budget for a particular defender skill level. Note that the partitions sum up to . Further, we denote the vulnerability of the component to the HAG sequences under the optimal mitigation policy with the red dot on each bar. This is computed using (2) after computing the optimal value of the objective function as follows.
(20) |
where denotes the optimal value of in (Proposed Optimization Framework).
We note that with increases in defender skill level, the vulnerability of the component to HAG sequences reduces. However, we notice that the budget allocation for each sector do not follow any particular trend. This is because sectors overlap in their coverage of mitigation measures. In the case of “substation automation controller”, we observe that for an unskilled defender, the proposed optimization framework recommends the budget be allocated mostly towards the “access” sector which comprises of mitigation measures related to access management, account management and password robustness. With a skilled defender, we observe that budget allocation gets divided to other sectors such as “assets” and “defense”. We note similar observation for “smart inverter”—however, the budget gets divided to the “assets” and “access” sectors for more skilled defenders.
Conclusion
We propose a generalized framework which performs an optimal partitioning of a limited cybersecurity budget into various organizational sectors in order to improve the cybersecurity of a smart device or component in the CPES. The framework identifies the adversarial threats and possible attack sequences which can be performed to exploit cyber vulnerabilities of the component. Thereafter, we formulate an MILP optimization problem which aims to evaluate the optimal budget partitions in order to minimize the number of highly likely attack sequences. Though we provide results for using the framework in CPES, the proposed methodology can be extended for any cyber-physical system. Such a framework equips managers in an organization to formulate cybersecurity policies, allocate staff budgets in order to improve the overall security and reduce risk of APTs.
In practice, a significant portion of cybersecurity budget allocation is aimed at improving software and hardware tools to prevent APTs along with hiring skilled cybersecurity personnel. In our paper, we combine aspects of cybersecurity tools and personnel skill through the parameters of efficacy and defender skill in our simplified analytic expressions. We plan to identify dedicated parameters which quantify these aspects in order to infuse realism in our model as part of our future work.
References
- Bansal and Kumar (2020) Bansal, S.; and Kumar, D. 2020. IoT Ecosystem: A Survey on Devices, Gateways, Operating Systems, Middleware and Communication. International Journal of Wireless Information Networks, 27(3): 340–364.
- Chen et al. (2014) Chen, B.; Butler-Purry, K. L.; Goulart, A.; and Kundur, D. 2014. Implementing a real-time cyber-physical system test bed in RTDS and OPNET. In 2014 North American Power Symposium (NAPS), 1–6.
- Culafi (2021) Culafi, A. 2021. Why patching vulnerabilities is still a problem, and how to fix it. https://www.techtarget.com/searchsecurity/news/252503950/Why-patching-vulnerabilities-is-still-a-problem-and-how-to-fix-it.
- Das et al. (2022) Das, S. S.; Dutta, A.; Purohit, S.; Serra, E.; Halappanavar, M.; and Pothen, A. 2022. Towards Automatic Map** of Vulnerabilities to Attack Patterns using Large Language Models. In 2022 IEEE International Symposium on Technologies for Homeland Security (HST), 1–7.
- Donald, Meyur, and Purohit (2023) Donald, S.; Meyur, R.; and Purohit, S. 2023. Hybrid Attack Graph Generation with Graph Convolutional Deep-Q Learning. In The 3rd Workshop on Artificial Intelligence-Enabled Cybersecurity Analytics, KDD 2023. Long Beach, CA, USA.
- Dorsch et al. (2014) Dorsch, N.; Kurtz, F.; Georg, H.; Hägerling, C.; and Wietfeld, C. 2014. Software-defined networking for Smart Grid communications: Applications, challenges and advantages. In 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm), 422–427.
- Dutta et al. (2022) Dutta, A.; Purohit, S.; Bhattacharya, A.; and Bel, O. 2022. Cyber Attack Sequences Generation for Electric Power Grid. In The 10th Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES), 1–6. IEEE.
- Georg et al. (2013) Georg, H.; Müller, S. C.; Dorsch, N.; Rehtanz, C.; and Wietfeld, C. 2013. INSPIRE: Integrated co-simulation of power and ICT systems for real-time evaluation. In 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm), 576–581.
- Georgiadou, Mouzakitis, and Askounis (2021) Georgiadou, A.; Mouzakitis, S.; and Askounis, D. 2021. Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework. Sensors, 21(9): 3267.
- Haack et al. (2013) Haack, J.; Akyol, B.; Tenney, N.; Carpenter, B.; Pratt, R.; and Carroll, T. 2013. VOLTTRON: An agent platform for integrating electric vehicles and Smart Grid. In 2013 International Conference on Connected Vehicles and Expo (ICCVE), 81–86.
- Keliris et al. (2016) Keliris, A.; Konstantinou, C.; Tsoutsos, N. G.; Baiad, R.; and Maniatakos, M. 2016. Enabling multi-layer cyber-security assessment of Industrial Control Systems through Hardware-In-The-Loop testbeds. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), 511–518.
- Kubanek (2017) Kubanek, J. 2017. Optimal decision making and matching are tied through diminishing returns. Proceedings of the National Academy of Sciences, 114(32): 8499–8504.
- Li et al. (2019) Li, L.; He, W.; Xu, L.; Ash, I.; Anwar, M.; and Yuan, X. 2019. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45: 13–24.
- Li and Liu (2021) Li, Y.; and Liu, Q. 2021. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7: 8176–8186.
- Liggett et al. (2019) Liggett, R.; Lee, J. R.; Roddy, A. L.; and Wallin, M. A. 2019. The Dark Web as a Platform for Crime: An Exploration of Illicit Drug, Firearm, CSAM, and Cybercrime Markets, 1–27. Cham: Springer International Publishing.
- MITRE Corporation (2023) MITRE Corporation. 2023. MITRE ATT&CK Framework. Last accessed February 2023.
- Nandi, Medal, and Vadlamani (2016) Nandi, A. K.; Medal, H. R.; and Vadlamani, S. 2016. Interdicting attack graphs to protect organizations from cyber attacks: A bi-level defender–attacker model. Computers & Operations Research, 75: 118–131.
- Queiroz, Mahmood, and Tari (2011) Queiroz, C.; Mahmood, A.; and Tari, Z. 2011. SCADASim—A Framework for Building SCADA Simulations. IEEE Transactions on Smart Grid, 2(4): 589–597.
- Sridhar et al. (2017) Sridhar, S.; Ashok, A.; Mylrea, M.; Pal, S.; Rice, M.; and Gourisetti, S. N. G. 2017. A testbed environment for buildings-to-grid cyber resilience research and development. In 2017 Resilience Week (RWS), 12–17.
- Srinidhi, Yan, and Tayi (2015) Srinidhi, B.; Yan, J.; and Tayi, G. K. 2015. Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors. Decision Support Systems, 75: 49–62.
- Stanovich et al. (2013) Stanovich, M. J.; Leonard, I.; Sanjeev, K.; Steurer, M.; Roth, T. P.; Jackson, S.; and Bruce, M. 2013. Development of a smart-grid cyber-physical systems testbed. In 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT), 1–6.
- Subasi et al. (2022) Subasi, O.; Purohit, S.; Bhattacharya, A.; and Chatterjee, S. 2022. Impact-Driven Sampling Strategies for Hybrid Attack Graphs. In 2022 IEEE International Symposium on Technologies for Homeland Security (HST), 1–7.
- Vasisht et al. (2022) Vasisht, S.; Rahman, A.; Ramachandran, T.; Bhattacharya, A.; and Adetola, V. 2022. Multi-fidelity Bayesian Optimization for Co-design of Resilient Cyber-Physical Systems. In 2022 ACM/IEEE 13th International Conference on Cyber-Physical Systems (ICCPS), 298–299.
- Zografopoulos et al. (2021) Zografopoulos, I.; Ospina, J.; Liu, X.; and Konstantinou, C. 2021. Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies. IEEE Access, 9: 29775–29818.