Prevailing and emerging cyber threats and security practices in IoT-Enabled smart grids: A survey

摘要

This paper presents a comprehensive survey of existing as well as evolving security threats and vulnerabilities and the state-of-the-art countermeasures in Internet of Things (IoT)-enabled smart grids. The cybersecurity risks in smart grid networks and associated devices prevail in the form of malicious use leading to data espionage, physical damage to devices, intentional denial of service and exploitation for financial gain. We begin with an introduction to IoT and data transfer techniques between different devices, and their role and significance in the growth of smart grids. We then discuss privacy concerns, and various attack motives with which intruders try to break into smart grids. This is followed by a classification of threat actors in modern networks based on the sophistication of attacks they can launch. We also provide a classification of threat vectors in smart grids including attacks against integrity, attacks against availability, attacks against privacy and attacks against authentication. In addition, we investigate the nature and extent of risk posed by advanced persistent threats and the significance of deploying next generation intrusion detection systems in smart grids. The seven-step attack procedure known as cyber kill-chain is discussed and current detection, prevention, and access control measures in practice are also summarized in form of tables. These tables would help the reader correlate prevalent and futuristic attack techniques, countermeasures, and the applicability, scalability and feasibility of current security mechanisms to smart grids for achieving effective cyber hygiene. The paper then introduces novel attack surfaces that inevitably get established due to various cutting-edge communication techniques used in smart grids. One such mechanism discussed in the paper is time sensitive networking that injects the possibility of harnessing time as an attack surface. Based on the current survey, several recommendations for further research are discussed at the end of this paper.