Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Design and Analysis of a Novel Split and Aggregated Transmission Control Protocol for Smart Metering Infrastructure

Utility companies (electricity, gas, and water suppliers), governments, and researchers recognize an urgent need to deploy communication-based systems to automate data collection from smart meters and sensors, known as Smart Metering Infrastructure (SMI) or Automatic Meter Reading (AMR). A smart metering system is envisaged to bring tremendous benefits to customers, utilities, and governments. The advantages include reducing peak demand for energy, supporting the time-of-use concept for billing, enabling customers to make informed decisions, and performing effective load management, to name a few. A key element in an SMI is communications between meters and utility servers. However, the mass deployment of metering devices in the grid calls for studying the scalability of communication protocols. SMI is characterized by the deployment of a large number of small Internet Protocol (IP) devices sending small packets at a low rate to a central server. Although the individual devices generate data at a low rate, the collective traffic produced is significant and is disruptive to network communication functionality. This research work focuses on the scalability of the transport layer functionalities. The TCP congestion control mechanism, in particular, would be ineffective for the traffic of smart meters because a large volume of data comes from a large number of individual sources. This situation makes the TCP congestion control mechanism unable to lower the transmission rate even when congestion occurs. The consequences are a high loss rate for metered data and degraded throughput for competing traffic in the smart metering network. To enhance the performance of TCP in a smart metering infrastructure (SMI), we introduce a novel TCP-based scheme, called Split- and Aggregated-TCP (SA-TCP). This scheme is based on the idea of upgrading intermediate devices in SMI (known in the industry as regional collectors) to offer the service of aggregating the TCP connections. An SA-TCP aggregator collects data packets from the smart meters of its region over separate TCP connections; then it reliably forwards the data over another TCP connection to the utility server. The proposed split and aggregated scheme provides a better response to traffic conditions and, most importantly, makes the TCP congestion control and flow control mechanisms effective. Supported by extensive ns-2 simulations, we show the effectiveness of the SA-TCP approach to mitigating the problems in terms of the throughput and packet loss rate performance metrics. A full mathematical model of SA-TCP is provided. The model is highly accurate and flexible in predicting the behaviour of the two stages, separately and combined, of the SA-TCP scheme in terms of throughput, packet loss rate and end-to-end delay. Considering the two stages of the scheme, the modelling approach uses Markovian models to represent smart meters in the first stage and SA-TCP aggregators in the second. Then, the approach studies the interaction of smart meters and SA-TCP aggregators with the network by means of standard queuing models. The ns-2 simulations validate the math model results. A comprehensive performance analysis of the SA-TCP scheme is performed. It studies the impact of varying various parameters on the scheme, including the impact of network link capacity, buffering capacity of those RCs that act as SA-TCP aggregators, propagation delay between the meters and the utility server, and finally, the number of SA-TCP aggregators. The performance results show that adjusting those parameters makes it possible to further enhance congestion control in SMI. Therefore, this thesis also formulates an optimization model to achieve better TCP performance and ensures satisfactory performance results, such as a minimal loss rate and acceptable end-to-end delay. The optimization model also considers minimizing the SA-TCP scheme deployment cost by balancing the number of SA-TCP aggregators and the link bandwidth, while still satisfying performance requirements

Design and Analysis of a Novel Split and Aggregated Transmission Control Protocol for Smart Metering Infrastructure

Utility companies (electricity, gas, and water suppliers), governments, and researchers recognize an urgent need to deploy communication-based systems to automate data collection from smart meters and sensors, known as Smart Metering Infrastructure (SMI) or Automatic Meter Reading (AMR). A smart metering system is envisaged to bring tremendous benefits to customers, utilities, and governments. The advantages include reducing peak demand for energy, supporting the time-of-use concept for billing, enabling customers to make informed decisions, and performing effective load management, to name a few. A key element in an SMI is communications between meters and utility servers. However, the mass deployment of metering devices in the grid calls for studying the scalability of communication protocols. SMI is characterized by the deployment of a large number of small Internet Protocol (IP) devices sending small packets at a low rate to a central server. Although the individual devices generate data at a low rate, the collective traffic produced is significant and is disruptive to network communication functionality. This research work focuses on the scalability of the transport layer functionalities. The TCP congestion control mechanism, in particular, would be ineffective for the traffic of smart meters because a large volume of data comes from a large number of individual sources. This situation makes the TCP congestion control mechanism unable to lower the transmission rate even when congestion occurs. The consequences are a high loss rate for metered data and degraded throughput for competing traffic in the smart metering network. To enhance the performance of TCP in a smart metering infrastructure (SMI), we introduce a novel TCP-based scheme, called Split- and Aggregated-TCP (SA-TCP). This scheme is based on the idea of upgrading intermediate devices in SMI (known in the industry as regional collectors) to offer the service of aggregating the TCP connections. An SA-TCP aggregator collects data packets from the smart meters of its region over separate TCP connections; then it reliably forwards the data over another TCP connection to the utility server. The proposed split and aggregated scheme provides a better response to traffic conditions and, most importantly, makes the TCP congestion control and flow control mechanisms effective. Supported by extensive ns-2 simulations, we show the effectiveness of the SA-TCP approach to mitigating the problems in terms of the throughput and packet loss rate performance metrics. A full mathematical model of SA-TCP is provided. The model is highly accurate and flexible in predicting the behaviour of the two stages, separately and combined, of the SA-TCP scheme in terms of throughput, packet loss rate and end-to-end delay. Considering the two stages of the scheme, the modelling approach uses Markovian models to represent smart meters in the first stage and SA-TCP aggregators in the second. Then, the approach studies the interaction of smart meters and SA-TCP aggregators with the network by means of standard queuing models. The ns-2 simulations validate the math model results. A comprehensive performance analysis of the SA-TCP scheme is performed. It studies the impact of varying various parameters on the scheme, including the impact of network link capacity, buffering capacity of those RCs that act as SA-TCP aggregators, propagation delay between the meters and the utility server, and finally, the number of SA-TCP aggregators. The performance results show that adjusting those parameters makes it possible to further enhance congestion control in SMI. Therefore, this thesis also formulates an optimization model to achieve better TCP performance and ensures satisfactory performance results, such as a minimal loss rate and acceptable end-to-end delay. The optimization model also considers minimizing the SA-TCP scheme deployment cost by balancing the number of SA-TCP aggregators and the link bandwidth, while still satisfying performance requirements

Modelling and Co-simulation of Multi-Energy Systems: Distributed Software Methods and Platforms

L'abstract è presente nell'allegato / the abstract is in the attachmen

Performance evaluation of information and communications technology infrastructure for smart distribution network applications

This thesis was submitted for the degree of Master of Philosophy and awarded by Brunel University.Current electrical networks require secure, scalable and cost-effective Information and Communications Technology (ICT) solutions to facilitate the novel functionalities required by Smart Grids. Countries around the globe are investigating alternative energy sources to mitigate the current energy crisis and environmental issues experienced by many countries due to global warming, rapid growth of population, inefficient energy management, dwindling fossil fuel resources, etc. Therefore, alternative or renewable energy sources, such as wind, solar, hydro, combined heat and power, etc., are required to mitigate such a crisis and such sources will also need to be integrated in to the power grid in a distributed manner. Such distributed energy sources are mainly connected to the distribution networks and introduce huge challenges to the distribution network operator (DNO). Many of these challenges cannot be dealt with effectively using existing network operation mechanisms therefore the research and development of novel ICT solutions to support smart distribution network operation is required. This research investigated suitable ICT solutions to enable the Smart Grid to tackle these challenges and proposes ICT infrastructure models that can be used for simulation studies in order to investigate cost-effective, scalable and secure solutions for the DNOs. Initially, a Quality of Service (QoS) monitoring test-bed was proposed to evaluate the performance of bandwidth intensive applications, such as smart meter data transmission. Simulation studies for different communication technologies, cellular and Power Line Communication (PLC), were also carried out and the simulation models were verified using experimental test results. Finally, the modelling and analysis of smart metering infrastructure was carried out using simulation and extensive studies were performed to evaluate the data transmission rate performance for different configurations of smart meters and concentrators

Data-Driven Distributed Modeling, Operation, and Control of Electric Power Distribution Systems

The power distribution system is disorderly in design and implementation, chaotic in operation, large in scale, and complex in every way possible. Therefore, modeling, operating, and controlling the distribution system is incredibly challenging. It is required to find solutions to the multitude of challenges facing the distribution grid to transition towards a just and sustainable energy future for our society. The key to addressing distribution system challenges lies in unlocking the full potential of the distribution grid. The work in this dissertation is focused on finding methods to operate the distribution system in a reliable, cost-effective, and just manner. In this PhD dissertation, a new data-driven distributed ($D^3M$) framework using cellular computational networks has been developed to model power distribution systems. Its performance is validated on an IEEE test case. The results indicate a significant enhancement in accuracy and performance compared to the state-of-the-art centralized modeling approach. This dissertation also presents a new distributed and data-driven optimization method for volt-var control in power distribution systems. The framework is validated for voltage control on an IEEE test feeder. The results indicate that the system has improved performance compared to the state-of-the-art approach. The PhD dissertation also presents a design for a real-time power distribution system testbed. A new data-in-the-loop (DIL) simulation method has been developed and integrated into the testbed. The DIL method has been used to enhance the quality of the real-time simulations. The assets combined with the testbed include data, control, and hardware-in-the-loop infrastructure. The testbed is used to validate the performance of a distribution system with significant penetration of distributed energy resources

Modélisation formelle des systèmes de détection d'intrusions

L’écosystème de la cybersécurité évolue en permanence en termes du nombre, de la diversité, et de la complexité des attaques. De ce fait, les outils de détection deviennent inefficaces face à certaines attaques. On distingue généralement trois types de systèmes de détection d’intrusions : détection par anomalies, détection par signatures et détection hybride. La détection par anomalies est fondée sur la caractérisation du comportement habituel du système, typiquement de manière statistique. Elle permet de détecter des attaques connues ou inconnues, mais génère aussi un très grand nombre de faux positifs. La détection par signatures permet de détecter des attaques connues en définissant des règles qui décrivent le comportement connu d’un attaquant. Cela demande une bonne connaissance du comportement de l’attaquant. La détection hybride repose sur plusieurs méthodes de détection incluant celles sus-citées. Elle présente l’avantage d’être plus précise pendant la détection. Des outils tels que Snort et Zeek offrent des langages de bas niveau pour l’expression de règles de reconnaissance d’attaques. Le nombre d’attaques potentielles étant très grand, ces bases de règles deviennent rapidement difficiles à gérer et à maintenir. De plus, l’expression de règles avec état dit stateful est particulièrement ardue pour reconnaître une séquence d’événements. Dans cette thèse, nous proposons une approche stateful basée sur les diagrammes d’état-transition algébriques (ASTDs) afin d’identifier des attaques complexes. Les ASTDs permettent de représenter de façon graphique et modulaire une spécification, ce qui facilite la maintenance et la compréhension des règles. Nous étendons la notation ASTD avec de nouvelles fonctionnalités pour représenter des attaques complexes. Ensuite, nous spécifions plusieurs attaques avec la notation étendue et exécutons les spécifications obtenues sur des flots d’événements à l’aide d’un interpréteur pour identifier des attaques. Nous évaluons aussi les performances de l’interpréteur avec des outils industriels tels que Snort et Zeek. Puis, nous réalisons un compilateur afin de générer du code exécutable à partir d’une spécification ASTD, capable d’identifier de façon efficiente les séquences d’événements.Abstract : The cybersecurity ecosystem continuously evolves with the number, the diversity, and the complexity of cyber attacks. Generally, we have three types of Intrusion Detection System (IDS) : anomaly-based detection, signature-based detection, and hybrid detection. Anomaly detection is based on the usual behavior description of the system, typically in a static manner. It enables detecting known or unknown attacks but also generating a large number of false positives. Signature based detection enables detecting known attacks by defining rules that describe known attacker’s behavior. It needs a good knowledge of attacker behavior. Hybrid detection relies on several detection methods including the previous ones. It has the advantage of being more precise during detection. Tools like Snort and Zeek offer low level languages to represent rules for detecting attacks. The number of potential attacks being large, these rule bases become quickly hard to manage and maintain. Moreover, the representation of stateful rules to recognize a sequence of events is particularly arduous. In this thesis, we propose a stateful approach based on algebraic state-transition diagrams (ASTDs) to identify complex attacks. ASTDs allow a graphical and modular representation of a specification, that facilitates maintenance and understanding of rules. We extend the ASTD notation with new features to represent complex attacks. Next, we specify several attacks with the extended notation and run the resulting specifications on event streams using an interpreter to identify attacks. We also evaluate the performance of the interpreter with industrial tools such as Snort and Zeek. Then, we build a compiler in order to generate executable code from an ASTD specification, able to efficiently identify sequences of events