Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform

Abstract

Advanced information technologies have transformed into high-level services for more efficient use of energy resources through the fusion with the energy infrastructure. As a part of these technologies, the energy cloud is a technology that maximizes the efficiency of energy resources through the organic connection between the entities that produce and consume the energy. However, the disruption or destruction of energy cloud systems through cyberattacks can lead to incidents such as massive blackouts, which can lead to national disasters. Furthermore, since the technique and severity of modern cyberattacks continue to improve, the energy cloud environment must be designed to resist cyberattacks. However, since the energy cloud environment has different characteristics from general infrastructures such as the smart grid and the Advanced Metering Infrastructure (AMI), it requires security technology specialized to its environment. This paper proposes a cyber threat intelligence framework to improve the energy cloud environment’s security. Cyber Threat Intelligence (CTI) is a technology to actively respond to advanced cyber threats by collecting and analyzing various threat indicators and generating contextual knowledge about the cyber threats. The framework proposed in this paper analyzes threat indicators that can be collected in the advanced metering infrastructure and proposes a cyber threat intelligence generation technique targeting the energy cloud. This paper also proposes a method that can quickly apply a security model to a large-scale energy cloud infrastructure through a mechanism for sharing and spreading cyber threat intelligence between the AMI layer and the cloud layer. Our framework provides a way to effectively apply the proposed technologies through the CTI architecture, including the local AMI layer, the station layer, and the cloud layer. Furthermore, we show that the proposed framework can effectively respond to cyber threats by showing a 0.822 macro-F1 score and a 0.843 micro-F1 score for cyberattack detection in an environment that simulates a model of an attacker and an energy cloud environment.