Mapping Threats in Smart Grid System Using the MITRE ATT&CK ICS Framework

Abstract

The smart grid system is an integration between power distribution systems with communication networks. A smart grid offers various benefits, but at the same time inherits various vulnerabilities from the implemented information and communication technology (ICT). Many devices in smart grid systems implement the TCP/IP stack to exchange data, which can lead to significant new cyber attack vectors, such as malware, Denial-of-service (DoS), man-in-the-middle (MITM), and replay attacks, as well as various other cybersecurity threats. One approach to deal with these security issues proactively is through threat modeling. We can utilize some tools to gather the threat data targeting the smart grid, such as using honeypots, then analyze the collected threat data to obtain the threat model in order to study the attackers' behavior. In this paper, we collected threat data targeting the smart grid system by deploying GridPot honeypot and analyzed the collected threat data by mapping them to the MITRE ATT&CK for Industrial Control System (ICS) framework. This experiment shows that the threats targeting the smart grid systems are real, and could harm any smart grid system in the world.