Electric power grids are at risk of being compromised by high-impact
cyber-security threats such as coordinated, timed attacks. Navigating this new
threat landscape requires a deep understanding of the potential risks and
complex attack processes in energy information systems, which in turn demands
an unmanageable manual effort to timely process a large amount of cross-domain
information. To provide an adequate basis to contextually assess and understand
the situation of smart grids in case of coordinated cyber-attacks, we need a
systematic and coherent approach to identify cyber incidents. In this paper, we
present an approach that collects and correlates cross-domain cyber threat
information to detect multi-stage cyber-attacks in energy information systems.
We investigate the applicability and performance of the presented correlation
approach and discuss the results to highlight challenges in domain-specific
detection mechanisms.

By admin