Using Delphi and System Dynamics to Study the Cybersecurity of the IoT-Based Smart Grids
Abstract
IoT-based Smart Grids (SGs) are important to modern society. SGs can improve the profitability and reliability of the electric power system by incorporating renewable energies and highly developed communication technologies. The communication network plays an essential role in electrical networks, and trends favor implementing SGs with IoT devices. However, these IoT-based SGs are vulnerable to cyberattacks. This article presents our studies of malware that can attack IoT-based SGs. First, the article explains as a first step the conclusions of a literature survey on SGs complemented with a Delphi process with security experts to understand trends and malware with an emphasis on the IoT area. Next, the article discusses the behavior of the chosen malware using System Dynamics and calibration with stochastic optimization. Finally, conclusions are given, which identify research work to be carried out using more in-depth modeling with agent-based simulation and multiple resolution modeling (MRM). MRM can provide a platform to integrate with time, scale, and space specialized models of each system of the SGs to support the development of effective risk management schemes.
Downloads
References
International Energy Agency, “World energy outlook report 2019.” https://www.iea.org/reports/world-energy-outlook-2019, 2019.
M. E. El-Hawary, “The smart grid—state-of-the-art and future trends,” Electric Power Components and Systems, vol. 42, no. 3–4, pp. 239–250, 2014.
L. Rabelo, A. Ballestas, B. Ibrahim, and J. Valdez, “Preliminary studies of the security of the cyber-physical smart grids,” in International conference on applied informatics, 2021, pp. 449–461.
S. Gibbs, “Triton: Hackers take out safety systems in’watershed’attack on energy plant,” The Guardian, 2017.
C. Bing and S. Kelly, “Cyber attack shuts down top u.s. Fuel pipeline network,” Reuters, 2019.
N. Perlroth, “Colonial pipeline paid 75 bitcoin, or roughly $5 million, to hackers,” New York Times, 2021.
K. Nash and J. Rundle, “Puerto rico’s power distributor suffered a cyberattack hours before a devastating fire,” The Wall Street Journal, 2021.
R. Shanbhag and R. Shankarmani, “Architecture for internet of things to minimize human intervention,” in 2015 international conference on advances in computing, communications and informatics (ICACCI), 2015, pp. 2348–2353.
R. Leszczyna, “A review of standards with cybersecurity requirements for smart grid,” Computers & security, vol. 77, pp. 262–276, 2018.
C. Bekara, “Security issues and challenges for the IoT-based smart grid,” Procedia Computer Science, vol. 34, pp. 532–537, 2014.
Palo Alto Networks, “2020 unit 42 IoT threat report.” https://start.paloaltonetworks.com/unit-42-iot-threat-report, 2019.
T. Lange et al., “Comparison of different rating scales for the use in delphi studies: Different scales lead to different consensus and show different test-retest reliability,” BMC medical research methodology, vol. 20, no. 1, pp. 1–11, 2020.
KrebsonSecurity, “Source code for IoT botnet ’mirai’ released.” https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/, 2019.
V. Clincy and H. Shahriar, “IoT malware analysis,” in 2019 IEEE 43rd annual computer software and applications conference (COMPSAC), 2019, vol. 1, pp. 920–921.
M. De Donno, N. Dragoni, A. Giaretta, and A. Spognardi, “DDoS-capable IoT malwares: Comparative analysis and mirai investigation,” Security and Communication Networks, vol. 2018, 2018.
S. Bayer, “Business dynamics: Systems thinking and modeling for a complex world.” JSTOR, 2004.
L. Rabelo, M. Helal, A. Jones, and H.-S. Min, “Enterprise simulation: A hybrid system approach,” International Journal of Computer Integrated Manufacturing, vol. 18, no. 6, pp. 498–508, 2005.
L. Rabelo, H. Eskandari, T. Shaalan, and M. Helal, “Value chain analysis using hybrid simulation and AHP,” International Journal of Production Economics, vol. 105, no. 2, pp. 536–547, 2007.
M. T. Gardner, C. Beard, and D. Medhi, “Using SEIRS epidemic models for IoT botnets attacks,” in DRCN 2017-design of reliable communication networks; 13th international conference, 2017, pp. 1–8.
W. Ashford, “Next-gen mirai botnet targets cryptocurrency mining operations,” Computer Weekly, 2018.
R. Millman, “Satori creator linked with new mirai variant masuta,” The Threatpost, 2018.
Radware, “Satori IoT botnet variant,” Radware, 2018.
S. Chen, J. Dick, and A. B. Owen, “Consistency of markov chain quasi-monte carlo on continuous state spaces,” The Annals of Statistics, vol. 39, no. 2, pp. 673–701, 2011.
Z. Zhan, M. Xu, and S. Xu, “Characterizing honeypot-captured cyber attacks: Statistical framework and case study,” IEEE Transactions on Information Forensics and Security, vol. 8, no. 11, pp. 1775–1789, 2013.
K. Shanthi, “Honeypot technology - an exordium,” International Journal for Scientific Research and Developmen, vol. 8, no. 2, pp. 1249–1253, 2020.
H. Karimipour and V. Dinavahi, “Robust massively parallel dynamic state estimation of power systems against cyber-attack,” IEEE Access, vol. 6, pp. 2984–2995, 2017.
H. Khurana, M. Hadley, N. Lu, and D. A. Frincke, “Smart-grid security issues,” IEEE Security & Privacy, vol. 8, no. 1, pp. 81–85, 2010.
M. Ozay, I. Esnaola, F. T. Y. Vural, S. R. Kulkarni, and H. V. Poor, “Machine learning methods for attack detection in the smart grid,” IEEE transactions on neural networks and learning systems, vol. 27, no. 8, pp. 1773–1786, 2015.
J. Sakhnini, H. Karimipour, and A. Dehghantanha, “Smart grid cyber attacks detection using supervised learning and heuristic feature selection,” in 2019 IEEE 7th international conference on smart energy grid engineering (SEGE), 2019, pp. 108–112.
M. Esmalifalak, L. Liu, N. Nguyen, R. Zheng, and Z. Han, “Detecting stealthy false data injection using machine learning in smart grid,” IEEE Systems Journal, vol. 11, no. 3, pp. 1644–1652, 2014.
L. Rabelo, S. Bhide, and E. Gutierrez, Artificial intelligence: Advances in research and applications. Nova Science Publishers, Inc., 2018.
L. Rabelo, E. Gutierrez-Franco, A. Sarmiento, and C. Mejı́a-Argueta, Engineering analytics: Advances in research and applications. CRC Press, 2021.
E. Cortes, L. Rabelo, A. T. Sarmiento, and E. Gutierrez, “Design of distributed discrete-event simulation systems using deep belief networks,” Information, vol. 11, no. 10, p. 467, 2020.
M. Aslam, D. Ye, M. Hanif, and M. Asad, “Machine learning based SDN-enabled distributed denial-of-services attacks detection and mitigation system for internet of things,” in International conference on machine learning for cyber security, 2020, pp. 180–194.
K. Lee, G. Lee, and L. Rabelo, “A systematic review of the multi-resolution modeling (MRM) for integration of live, virtual, and constructive systems,” Information, vol. 11, no. 10, p. 480, 2020.
G. Lee, J. Kim, M. Marin, K. Lee, E. Gutierrez, and L. Rabelo, “Building multiple resolution modeling systems using the high-level architecture,” SAE International Journal of Advances and Current Practices in Mobility, vol. 2, no. 2019–1–1917, pp. 838–842, 2019.
M. Basingab, L. Rabelo, A. Rahal, K. Nagadi, H. Bukhari, and M. Andejany, “Economic analysis of a massively populated internet of things system: An agent-based simulation approach,” Engineering Management Journal, pp. 1–15, 2021.
Copyright (c) 2022 ParadigmPlus
This work is licensed under a Creative Commons Attribution 4.0 International License.
