Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Testbed-based Evaluation of SIEM Tool for Cyber Kill Chain Model in Power Grid SCADA System

Conference · · 2019 North American Power Symposium (NAPS)
 [1];  [2];
  1. Iowa State Univ., Ames, IA (United States); Iowa State University
  2. Iowa State Univ., Ames, IA (United States)
+ Show Author Affiliations

Development of a smarter electric grid necessitates addressing the associated cyber security challenges. Since the interdependence between the legacy grid infrastructure and advanced information technology is growing rapidly, there are numerous ways advanced, motivated, and persistent attackers can affect the SCADA based critical infrastructure. Hence, developing a security information and event management (SIEM) is crucial for securing the SCADA power system. This paper presents the application of Security Onion (SecOn) to develop the network security monitoring (NSM) and intrusion detection system (IDS) in the context of SCADA cyber physical security. Initially, we have applied a cyber kill-chain model to demonstrate the different stages of attacks and associated mechanisms. Later, the rule- based IDS (RIDS) is developed using Snort IDS, and tested in the cyber-physical SCADA environment. Furthermore, we have evaluated its performance in terms of accuracy and detection latency. Our experimental results reveal that the SecOn tool is efficient in monitoring and detecting attacks within an acceptable time frame with a high accuracy rate.

Research Organization:
Iowa State University
Sponsoring Organization:
USDOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Contributing Organization:
Iowa State University
DOE Contract Number:
OE0000830
OSTI ID:
1985678
Report Number(s):
DOE-ISU-0000830-12
Journal Information:
2019 North American Power Symposium (NAPS), Journal Name: 2019 North American Power Symposium (NAPS)
Country of Publication:
United States
Language:
English

References (3)

A survey SCADA of and critical infrastructure incidents conference January 2012
A novel kill-chain framework for remote security log analysis with SIEM software journal June 2017
Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment conference September 2018

Similar Records

Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment
Conference · Sat Sep 01 00:00:00 EDT 2018 · 2018 North American Power Symposium (NAPS) · OSTI ID:1985687
Towards a Cyber Defense Framework for SCADA Systems Based on Power Consumption Monitoring
Conference · Sat Dec 31 23:00:00 EST 2016 · OSTI ID:1356903
Evaluation of Anomaly Detection for Wide-Area Protection Using Cyber Federation Testbed
Conference · Thu Aug 01 00:00:00 EDT 2019 · 2019 IEEE Power & Energy Society General Meeting (PESGM) · OSTI ID:1985673

Related Subjects

24 POWER TRANSMISSION AND DISTRIBUTION
Cybersecurity
Smart Grid
Security Information and Event Monitoring (SIEM)
Testbed