From: On specification-based cyber-attack detection in smart grids
Domain | Field attribution |
---|---|
Communication | Address matching of packets (L2–L4, L7) |
Connection and established communication channel (client/server, protocol, port) | |
Packet flow according to protocol (L4, L7) | |
Asset | Data point matching |
Integrity at data point level | |
Role-based verified operations | |
Operation | Technical assets boundaries |
Technical command execution capability |