Enhancing Situational Awareness in Smart Grids through Event Correlation for ATT&CK Mapping
Canbolat Kaya, Sine
1; Elbez, Ghada
1; Hagenmeyer, Veit
1
1 Institut für Automation und angewandte Informatik (IAI), Karlsruher Institut für Technologie (KIT)
1; Elbez, Ghada
1; Hagenmeyer, Veit
11 Institut für Automation und angewandte Informatik (IAI), Karlsruher Institut für Technologie (KIT)
Abstract:
The increasing complexity and connectivity of Smart Grids (SGs) have made them vulnerable to cyber-physical threats, highlighting the need for improved situational awareness in the energy domain. To meet this need, we present ECAM (Event Correlation for ATT&CK Mapping), an approach that uses the Industrial Control Systems (ICS)-specific MITRE ATT&CK framework to support the correlation and interpretation of security events. We outline a workflow for implementing and testing ECAM, aimed at strengthening the security of future power grids. The approach successfully maps the conducted attacks to techniques T0814 (Denial of Service) and T0830 (Adversary-in-the-Middle), demonstrating its effectiveness in improving situational awareness. Therefore, we propose the ECAM approach along with a workflow to guide future research and advancements.
| Zugehörige Institution(en) am KIT | Institut für Automation und angewandte Informatik (IAI) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2025 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000181839 |
| HGF-Programm | 46.23.02 (POF IV, LK 01) Engineering Security for Energy Systems |
| Erschienen in | ACM International Conference on Future and Sustainable Energy Systems (ACM e-Energy 2025) |
| Veranstaltung | 16th ACM International Conference on Future and Sustainable Energy Systems (ACM e-Energy 2025), Rotterdam, Niederlande, 17.06.2025 – 20.06.2025 |
| Verlag | Association for Computing Machinery (ACM) |
| Schlagwörter | Contextual understanding, Smart Grid (SG), MITRE ATT&CK matrix, Industrial Control Systems (ICS) |
| Nachgewiesen in | Dimensions OpenAlex Scopus |