Identifying key attacks on an IEEE 9-Bus System by leveraging the MITRE ATT&CK ICS Matrix

Paper published at the 16th EEnergy conference ACM DOI

With the ongoing digitization of power grids, an increasing number of digital components are introduced into modern power grids. In this paper, we examine the IEEE 9-Bus system as a point of reference to highlight the process of moving from an electrical grid model to a cybersecurity model in order to identify relevant standards and protocols. We then leverage publicly accessible CVE data and a literature review to map discussed attack techniques for key protocols to the MITRE ATT&CK ICS Matrix and compare this information to identify similarities and differences between research findings and published vulnerabilities.

The contributions of this study are twofold. First, we outline the way from an electro-technical grid model and derive potential standards and protocols for monitoring and control of such power networks. Second, we review and map related literature and CVEs to the MITRE ATT&CK ICS matrix to prototype this approach as a way of literature review to outline areas of high research activity and potential research gaps.

Our analysis reveals that Denial of Service, Unauthorized Command Messages, and Adversary in the Middle techniques are among the most frequently discussed attack techniques in both published vulnerabilities and academic research concerning these protocols. Furthermore, we highlight a notable disparity: while academic research often emphasizes Adversary in the Middle techniques, the CVE data indicates a greater prevalence of initial access and lateral movement tactics.