Targeted Attacks Against Industrial Control Systems: Is the Power Industry Prepared?


Maria B. Line, Ali Zand, Gianluca Stringhini, Richard Kemmerer


Proceedings of the 2nd Workshop on Smart Energy Grid Security (SEGS), November 2014


Targeted cyber attacks are on the rise, and the power industry is an attractive target. Espionage and causing physical damage are likely goals of these targeted attacks. In the case of the power industry, the worst possible consequences are severe: large areas, including critical societal infrastructures, can suffer from power outages. In this paper, we try to measure the preparedness of the power industry against targeted attacks. To this end, we have studied well-known targeted attacks and created a taxonomy for them. Furthermore, we conduct a study, in which we interview six power distribution system operators (DSOs), to assess the level of cyber situation awareness among DSOs and to evaluate the efficiency and effectiveness of their currently deployed systems and practices for detecting and responding to targeted attacks. Our findings indicate that the power industry is very well prepared for traditional threats, such as physical attacks. However, cyber attacks, and especially sophisticated targeted attacks, where social engineering is one of the strategies used, have not been addressed appropriately so far. Finally, by understanding previous attacks and learning from them, we try to provide the industry with guidelines for improving their situation awareness and defense (both detection and response) capabilities.


  title     = {{Targeted Attacks Against Industrial Control Systems: Is the Power Industry Prepared?}},
  author    = {Line, Maria B. and Zand, Ali and Stringhini, Gianluca and Kemmerer, Richard},
  booktitle = {Proceedings of the 2nd Workshop on Smart Energy Grid Security},
  series    = {SEGS},
  year      = {2014},
  address   = {New York, NY, USA},
  doi       = {10.1145/2667190.2667192},
  isbn      = {978-1-4503-3154-8},
  pages     = {13--22},
  publisher = {ACM},
  url       = {}