Cyber attack models for smart grid environments

In this paper we investigate communication and spreading of malware in smart grids, proposing a comprehensive, generic model for cyber attack life-cycles, and addressing the specific characteristics of smart grid environments. The generic model includes the building blocks for all major known malware types as well as different propagation methods, access vectors, scanning techniques, control structures, attack methods, triggers, and cleanup mechanisms. Supported by an extensive review of earlier work, we examine the techniques of many different existing malware types with respect to their potential impacts on smart grids, and then discuss countermeasures. Toward this end, we analyze and evaluate a variety of types of malware -well-known but persistent malware, malware featuring outstanding or innovative concepts, as well as very recent malware -with respect to metrics that are fundamental to the generic model. We then introduce three novel superclasses of malware that are particularly suited for smart grid attacks, and evaluate their methods and impacts. Our model provides a basis for the detection of malware communication and extrapolates from existing technologies in order to predict future malware types. The smart grid specific malware types thus extrapolated provide insight into new threats and help utility companies to prepare defenses for future attacks.