RESEARCH PAPERS
Threat analysis and adversarial model for Smart Grids
The smart power grid, a critical infrastructure enhanced by computing and network devices, faces both classic physical threats and new cyber threats. Despite efforts to improve security, cyberattacks have exposed vulnerabilities in the industry. A lack of consensus between practitioners and academics on threat feasibility and consequences, partly due to inadequate simulation models, has been identified. This paper addresses this gap by analyzing the main attack surfaces of the smart grid and conducting a threat analysis from the adversarial model perspective, considering various attacker profiles. Real-world examples of potential capabilities are provided through the study of vulnerabilities in critical components and analysis of existing cyberattacks on the smart grid.
TALKS
2023 OT Cybersecurity Lessons Learned From the Frontlines
This presentation focuses on the top 5 critical security controls for industrial control systems (ICS) based on Drago's 2023 assessments. These controls are:
Incident Response Plan
Defensible Architecture
Network Visibility and Monitoring
Secure Remote Access Solutions
Risk-Based Vulnerability Management
The presentation also discusses the emphasis is on the importance of these controls, active testing, and continuous improvement in cybersecurity practices.
TRENDS
Zero Trust Architecture (ZTA)
ZTA is a security framework that operates on the principle of "never trust, always verify." It assumes that threats could exist both inside and outside the network, and therefore, no user or device should be trusted by default. Here’s a deeper dive into ZTA and its implementation:
Key Principles of Zero Trust Architecture
Verify Explicitly:
Always authenticate and authorize based on all available data points, including user identity, location, device health, and more.
Use Least Privileged Access:
Limit user and device access to only what is necessary. This reduces the risk of lateral movement within the network if a breach occurs.
Assume Breach:
Design your security posture with the assumption that a breach will occur. This means constantly monitoring and improving your defenses.
TOOLS, TECHNIQUES, PRACTISES
Security Orchestration, Automation, and Response (SOAR)
SOAR platforms automate the collection and analysis of security data and the execution of security operations tasks. They help in reducing response times and improving incident management. Popular SOAR solutions include Splunk Phantom and IBM Resilient.