With the increasing complexity of industrial control systems (ICS) in smart grids, the risk of cyber-attacks is also rising. To enhance the security and resilience of these systems, new approaches are needed for detecting and mitigating cyber incidents. This thesis develops a decision support system (DSS) designed to assess and recommend effective countermeasures against cyber threats in smart grids. The DSS incorporates various decision-making methodologies to evaluate and prioritize response strategies. By leveraging a co-simulated environment, the system enables realistic scenario testing, ensuring a comprehensive assessment of different countermeasures. The impact of various decision-making techniques will be analyzed and compared to existing response playbooks, providing insights into optimizing cyber resilience in smart grids.
Thesis Type |
|
Student |
Martin Neumüller |
Status |
Running |
Presentation room |
Seminar room I5 6202 |
Supervisor(s) |
Stefan Decker |
Advisor(s) |
osen |
Contact |
oemer.sen@fit.fraunhofer.de |
The thesis is structured into four key phases:
- Data Collection
- Familiarization with the CoSim Project and its incident response workflow.
- Integration with the MITRE ATT&CK framework API to retrieve relevant threat and countermeasure data.
- Collection of countermeasure properties for evaluation.
- System Development
- Implementation of a data management system to structure and process cyber incident data.
- Development of a decision management system that applies multi-criteria decision-making methods to evaluate countermeasures.
- Creation of a user interface system that visualizes decision outputs in attack-defense trees.
- Evaluation
- Analysis of the impact of different decision-making methodologies on the effectiveness of the DSS.
- Benchmarking system performance against existing cybersecurity playbooks.
- Thesis Documentation
- Ongoing documentation of findings and methodology throughout the research process.
- Finalization of the thesis, including results interpretation, discussions, and conclusions.
To successfully complete this thesis, the following prerequisites are required:
- Technical Knowledge:
- Familiarity with cybersecurity principles, particularly in the context of industrial control systems and smart grids.
- Understanding of decision support systems and multi-criteria decision-making (MCDM) methods.
- Programming Skills:
- Experience with Python for data processing and system development.
- Knowledge of APIs and data integration, particularly with cybersecurity frameworks such as MITRE ATT&CK.
- Simulation & Evaluation:
- Ability to work with co-simulated environments for testing and validating system performance.
- Skills in statistical analysis to compare decision-making methodologies and their impact on incident response strategies.
- Project Management:
- Capability to structure and manage research tasks independently.
- Strong documentation and analytical writing skills for reporting findings effectively.