Artificial Intelligence Technique and Wireless Sensor Networks in Energy Management System for Secure Power Optimization

The modern basic building blocks of a control system consist of data acquisition, dispensation of data by the system operators and the remote control of system devices. However, the physical controls, technical examinations and deductions were originally implemented to aid the process and control of power system design. The complexity of the power system keeps increasing due the technical improvements, diversity and dynamic requirements. Artificial intelligence is the science of automating intelligent activities presently attainable by individuals. Intelligent system techniques may be of excessive benefit in the application of area power system controls. Whereas smart grid can be measured as a modern electric power grid structure for better productivity and dependability via automatic control, excessive power converters, modern communications setup, sensing and metering equipment, and modern energy management techniques established on the optimization of demand, energy and network accessibility,and so on. The enormous depiction of the entire transmission grid, in the perspective of smart grids, is quite unclear; and in Nigeria no studies have been put on ground in order for the existing network to be turn into a smart grid. In this research work emphasis is placed on generation and transmission stations; power optimization using artificial intelligent techniques and wireless sensor networks for power control management system

A model of distributed key generation for industrial control systems

11th International Workshop on Discrete Event Systems, WODES 2012; Guadalajara, Jalisco; Mexico; 3 October 2012 through 5 October 2012The cyber-security of industrial control systems (ICS) is gaining high relevance due to the impact of industrial system failures on the citizen life. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to cyber-threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of an effective key management infrastructure supporting a cryptographic layer. In this paper, we describe a "model of distributed key generation for industrial control systems" we have recently implemented. The model is based on a known Distributed Key Generator protocol we have adapted to an industrial control system environment and to the related communication protocol (Modbus). To validate in a formal way selected security properties of the model, we introduced a Petri Nets representation. This representation allows for modeling attacks against the protocol and understanding some potential weaknesses of its implementation in the industrial control system environment

Leveraging the SRTP Protocol for Over-the-Network Memory Acquisition of a GE Fanuc Series 90-30

Programmable Logic Controllers (PLCs) are common components implemented across many industries such as manufacturing, water management, travel, aerospace and hospitals to name a few. Given their broad deployment in critical systems, they became and still are a common target for cyber attacks; the most prominent one being Stuxnet. Often PLCs (especially older ones) are only protected by an outer line of defense (e.g., a firewall) but once an attacker gains access to the system or the network, there might not be any other defense layers. In this scenario, a forensic investigator should not rely on the existing software as it might have been compromised. Therefore, we reverse engineered the GE-SRTP network protocol using a GE Fanuc Series 90-30 PLC and provide two major contributions: We first describe the Service Request Transport protocol (GE-SRTP) which was invented by General Electric (GE) and is used by many of their Ethernet connected controllers. Note, to the best of our knowledge, prior to this work, no publicly available documentation on the protocol was available affording users\u27 security by obscurity. Second, based on our understanding of the protocol, we implemented a software application that allows direct network-based communication with the PLC (no intermediate server is needed). While the tool\u27s forensic mode is harmless and only allows for reading registers, we discovered that one can manipulate/write to the registers in its default configuration, e.g., turn off the PLC, or manipulate the items/processes it controls

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks. Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services. This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented

Cyberspace and Organizational Structure: An Analysis of the Critical Infrastructure Environment

Now more than ever, organizations are being created to protect the cyberspace environment. The capability of cyber organizations tasked to defend critical infrastructure has been called into question by numerous cybersecurity experts. Organizational theory states that organizations should be constructed to fit their operating environment properly. Little research in this area links existing organizational theory to cyber organizational structure. Because of the cyberspace connection to critical infrastructure assets, the factors that influence the structure of cyber organizations designed to protect these assets warrant analysis to identify opportunities for improvement. This thesis analyzes the cyber‐connected critical infrastructure environment using the dominant organizational structure theories. By using multiple case study and content analysis, 2,856 sampling units are analyzed to ascertain the level of perceived uncertainty in the environment (complexity, dynamism, and munificence). The results indicate that the general external environment of cyber organizations tasked to protect critical infrastructure is highly uncertain thereby meriting implementation of organic structuring principles

A Cyber-Security Strategy for Internationally-dispersed Industrial Networks

Globalization implies geographically dispersed supply chains composed of facilities strategically located in several countries and regions of the world. These structures commonly involve several Operational Technology (OT) and Information Technology (IT) infrastructures and integration to enable accurate and useful information processing. Such integration (also called Cyber-Physical Systems) transforms the industry and facilitates massive data volumes' systematic transformation into valuable information. Security risks posed by such integration may be substantial and, depending on the size of the company, and the number of integration points, dealing with them could easily cost millions of dollars. With the main objective of studying available strategies to manage security risks in companies with dispersed supply chains, this paper reviews international cyber-security standards and regulations and proposes a more comprehensive strategy. The strategy includes IT services, optimized perimeter segregation, and data flow policies among OT and IT networks to balance a high level of protection and cost-effectiveness

Intrusion Detection Systems in SDN-based Self-Healing PMU Networks

Nowadays, Power grids are critical infrastructures on which everything else relies, and their correct behavior is of the highest priority. New smart devices are being deployed to be able to manage and control power grids more efficiently and avoid instability. However, the deployment of such smart devices like Phasor Measurement Units (PMU) and Phasor Data Concentrators (PDC), open new opportunities for cyber attackers to exploit network vulnerabilities. If a PDC is compromised, all data coming from PMUs to that PDC is lost, reducing network observability. Our approach to solve this problem is to develop an Intrusion detection System (IDS) in a Software-defined network (SDN). allowing the IDS system to detect compromised devices and use that information as an input for a self-healing SDN controller, which redirects the data of the PMUs to a new, uncompromised PDC, maintaining the maximum possible network observability at every moment. During this research, we have successfully implemented Self-healing in an example network with an SDN controller based on Ryu controller. We have also assessed intrinsic vulnerabilities of Wide Area Management Systems (WAMS) and SCADA networks, and developed some rules for the Intrusion Detection system which specifically protect vulnerabilities of these networks. The integration of the IDS and the SDN controller was also successful. \\To achieve this goal, the first steps will be to implement an existing Self-healing SDN controller and assess intrinsic vulnerabilities of Wide Area Measurement Systems (WAMS) and SCADA networks. After that, we will integrate the Ryu controller with Snort, and create the Snort rules that are specific for SCADA or WAMS systems and protocols

Evaluation of Cyber Sensors for Enhancing Situational Awareness in the ICS Environment

Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., Shodan search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already occurred. Further, the distributed nature and volume of devices requires a cost effective solution to increase situational awareness. This research evaluates two low cost sensor platforms for enhancing situational awareness in the ICS environment. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). The results indicate that the low cost cyber sensors perform sufficiently within the ICS environment. Furthermore, findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative