Towards A Taxonomy Of Attacks Against Energy Control Systems

  • Terry Fleury
  • Himanshu Khurana
  • Von Welch
Conference paper
Part of the The International Federation for Information Processing book series (IFIPAICT, volume 290)

Control systems in the energy sector (e.g., supervisory control and data acquisition (SCADA) systems) involve a hierarchy of sensing, monitoring and control devices connected to centralized control stations or centers. The incorporation of commercial off-the-shelf technologies in energy control systems makes them vulnerable to cyber attacks. A taxonomy of cyber attacks against control systems can assist the energy sector in managing the cyber threat. This paper takes the first step towards a taxonomy by presenting a comprehensive model of attacks, vulnerabilities and damage related to control systems. The model is populated based on a survey of the technical literature from industry, academia and national laboratories.


Energy sector control systems attack taxonomy 


  1. 1.
    K. Birman, J. Chen, E. Hopkinson, R. Thomas, J. Thorp, R. van Rennesse and W. Vogels, Overcoming communications challenges in software for monitoring and controlling power systems, Proceedings of the IEEE, vol. 93(5), pp. 1028–1041, 2005.CrossRefGoogle Scholar
  2. 2.
    A. Brown, SCADA vs. the hackers, Mechanical Engineering, vol. 124(12), pp. 37–40, 2002.Google Scholar
  3. 3.
    E. Byres, M. Franz and D. Miller, The use of attack trees in assessing vulnerabilities in SCADA systems, Proceedings of the International Infrastructure Survivability Workshop, 2004.Google Scholar
  4. 4.
    E. Byres and J. Lowe, The myths and facts behind cyber security risks for industrial control systems, Proceedings of the VDE Congress, pp. 213–218, 2004.Google Scholar
  5. 5.
    R. Carlson, Sandia SCADA Program: High-Security SCADA LDRD Final Report, Technical Report SAND2002-0729, Sandia National Laboratories, Albuquerque, New Mexico, 2002.CrossRefGoogle Scholar
  6. 6.
    J. Eisenhauer, P. Donnelly, M. Ellis and M. O'Brien, Roadmap to Secure Control Systems in the Energy Sector, Technical Report, Energetics Inc., Columbia, Maryland, 2006.Google Scholar
  7. 7.
    J. Falco, J. Gilsinn and K. Stouffer, IT security for industrial control systems: Requirements specification and performance testing, presented at the National Defense Industrial Association Homeland Security Conference and Exposition, 2004.Google Scholar
  8. 8.
    R. Fink, D. Spencer and R. Wells, Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems, Technical Report INL/CON-06-11665, Idaho National Laboratory, Idaho Falls, Idaho, 2006.Google Scholar
  9. 9.
    J. Howard and T. Longstaff, A Common Language for Computer Security Incidents, Technical Report SAND98-8667, Sandia National Laboratories, Livermore, California, 1998.CrossRefGoogle Scholar
  10. 10.
    R. Lemos, “ Data storm ” blamed for nuclear plant shutdown, SecurityFo-cus, May 18, 2007.Google Scholar
  11. 11.
    U. Lindqvist and E. Jonsson, How to systematically classify computer security intrusions, Proceedings of the IEEE Symposium on Security and Privacy, pp. 154 –163, 1997.Google Scholar
  12. 12.
    R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz and R. Cunningham, Validating and restoring defense in depth using attack graphs, Proceedings of the Military Communications Conference, pp. 1 –10, 2006.Google Scholar
  13. 13.
    R. McMillan, Admin faces prison for trying to axe California power grid, PC World, December 15, 2007.Google Scholar
  14. 14.
    M. McQueen, W. Boyer, M. Flynn and G. Beitel, Quantitative cyber risk reduction estimation methodology for a small SCADA control system, Proceedings of the Thirty-Ninth Annual Hawaii International Conference on System Sciences, p. 226, 2006.Google Scholar
  15. 15.
    J. Mirkovic and P. Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, vol. 34(2), pp. 39 –53, 2004.CrossRefGoogle Scholar
  16. 16.
    P. Oman, A. Risley, J. Roberts and E. Schweitzer, Attack and defend tools for remotely accessible control and protection equipment in electric power systems, presented at the Fifty-Fifth Annual Conference for Protective Relay Engineers, 2002.Google Scholar
  17. 17.
    P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack, Part I: Recognizing our vulnerabilities, Utility Automation & Engineering T &D, vol. 6(7), pp. 16 –22, 2001.Google Scholar
  18. 18.
    P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack, Part II: Safeguarding IEDs, substations and SCADA systems, Utility Automation & Engineering T &D, vol. 7(1), pp. 25 –32, 2002.Google Scholar
  19. 19.
    K. Poulsen, Sparks over power grid cybersecurity, SecurityFocus, April 10, 2003.Google Scholar
  20. 20.
    K. Poulsen, Slammer worm crashed Ohio nuke plant network, SecurityFo-cus, August 19, 2003.Google Scholar
  21. 21.
    K. Poulsen, Software bug contributed to blackout, SecurityFocus, February 11, 2004.Google Scholar
  22. 22.
    R. Schainker, J. Douglas and T. Kropp, Electric utility responses to grid security issues, IEEE Power and Energy, vol. 4(2), pp. 30 –37, 2006.CrossRefGoogle Scholar
  23. 23.
    B. Schneier, Attack trees, Dr. Dobb 's Journal, vol. 24(12), pp. 21 –29, 1999.Google Scholar
  24. 24.
    F. Sheldon, T. Potok, A. Loebl, A. Krings and P. Oman, Managing secure survivable critical infrastructures to avoid vulnerabilities, Proceedings of the Eighth IEEE International Symposium on High Assurance Systems Engineering, pp. 293 –296, 2004.Google Scholar
  25. 25.
    O. Sheyner, J. Haines, S. Jha, R. Lippmann and J. Wing, Automated generation and analysis of attack graphs, Proceedings of the IEEE Symposium on Security and Privacy, pp. 273 –284, 2002.Google Scholar
  26. 26.
    J. Stamp, J. Dillinger, W. Young and J. DePoy, Common Vulnerabilities in Critical Infrastructure Control Systems, Technical Report SAND2003-1772C, Sandia National Laboratories, Albuquerque, New Mexico, 2003.Google Scholar
  27. 27.
    K. Stouffer, J. Falco and K. Scarfone, Guide to Industrial Control Systems Security, Second Public Draft, NIST Special Publication 800–82, National Institute of Standards and Technology, Gaithersburg, Maryland, 2007.Google Scholar
  28. 28.
    C. Taylor, P. Oman and A. Krings, Assessing power substation network security and survivability: A work in progress report, Proceedings of the International Conference on Security and Management, pp. 281 –287, 2003.Google Scholar
  29. 29.
    D. Watts, Security and vulnerability in electric power systems, Proceedings of the Thirty-Fifth North American Power Symposium, pp. 559 –566, 2003.Google Scholar
  30. 30.
    N. Ye, C. Newman and T. Farley, A system-fault-risk framework for cyber attack classification, Information-Knowledge-Systems Management, vol. 5(2), pp. 135 –151, 2005.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Terry Fleury
    • 1
  • Himanshu Khurana
    • 1
  • Von Welch
    • 1
  1. 1.University of IllinoisChicagoUSA

Personalised recommendations