Data-Centric Analysis of Compound Threats to Critical Infrastructure Control Systems

Abstract

Compound threats involving cyberattacks that are targeted in the aftermath of a natural disaster pose an important emerging threat for critical infrastructure. We introduce a novel compound threat model and data-centric framework for evaluating the resilience of power grid SCADA systems to such threats. We present a case study of a compound threat involving a hurricane and follow-on cyberattack on Oahu Hawaii and analyze the ability of existing SCADA architectures to withstand this threat model. We show that no existing architecture fully addresses this threat model, and demonstrate the importance of considering compound threats in planning system deployments.