Visible to the public Compliance Checking Based Detection of Insider Threat in Industrial Control System of Power Utilities

TitleCompliance Checking Based Detection of Insider Threat in Industrial Control System of Power Utilities
Publication TypeConference Paper
Year of Publication2022
AuthorsChen, Qingqing, Zhou, Mi, Cai, Ziwen, Su, Sheng
Conference Name2022 7th Asia Conference on Power and Electrical Engineering (ACPEE)
Keywordsbusiness process component, compliance check, control systems, electrical engineering, Human Behavior, human factors, industrial control system, Industries, insider threat, insider threats, integrated circuits, Metrics, Policy Based Governance, policy-based governance, power system reliability, process control, pubcrawl, remote charge control, resilience, Resiliency, security
AbstractCompare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today's information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers' power outage due to insider threats.
DOI10.1109/ACPEE53904.2022.9784085
Citation Keychen_compliance_2022