Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Design and Implementation of a True Decentralized Autonomous Control Architecture for Microgrids

Microgrids can serve as an integral part of the future power distribution systems. Most microgrids are currently managed by centralized controllers. There are two major concerns associated with the centralized controllers. One is that the single controller can become performance and reliability bottleneck for the entire system and its failure can bring the entire system down. The second concern is the communication delays that can degrade the system performance. As a solution, a true decentralized control architecture for microgrids is developed and presented. Distributing the control functions to local agents decreases the possibility of network congestion, and leads to the mitigation of long distance transmission of critical commands. Decentralization will also enhance the reliability of the system since the single point of failure is eliminated. In the proposed architecture, primary and secondary microgrid controls layers are combined into one physical layer. Tertiary control is performed by the controller located at the grid point of connection. Each decentralized controller is responsible of multicasting its status and local measurements, creating a general awareness of the microgrid status among all decentralized controllers. The proof-of concept implementation provides a practical evidence of the successful mitigation of the drawback of control command transmission over the network. A Failure Management Unit comprises failure detection mechanisms and a recovery algorithm is proposed and applied to a microgrid case study. Coordination between controllers during the recovery period requires low-bandwidth communications, which has no significant overhead on the communication infrastructure. The proof-of-concept of the true decentralization of microgrid control architecture is implemented using Hardware-in-the-Loop platform. The test results show a robust detection and recovery outcome during a system failure. System test results show the robustness of the proposed architecture for microgrid energy management and control scenarios

Implementing Man-in-the-Middle Attack to Investigate Network Vulnerabilities in Smart Grid Test-bed

The smart-grid introduces several new data-gathering, communication, and information-sharing capabilities into the electrical system, as well as additional privacy threats, vulnerabilities, and cyber-attacks. In this study, Modbus is regarded as one of the most prevalent interfaces for control systems in power plants. Modern control interfaces are vulnerable to cyber-attacks, posing a risk to the entire energy infrastructure. In order to strengthen resistance to cyber-attacks, this study introduces a test bed for cyber-physical systems that operate in real-time. To investigate the network vulnerabilities of smart power grids, Modbus protocol has been examined combining a real-time power system simulator with a communication system simulator and the effects of the system presented and analyzed. The goal is to detect the vulnerability in Modbus protocol and perform the Man-in-the-middle attack with its impact on the system. This proposed testbed can be evaluated as a research model for vulnerability assessment as well as a tool for evaluating cyber-attacks and enquire into any detection mechanism for safeguarding and defending smart grid systems from a variety of cyberattacks. We present here the preliminary findings on using the testbed to identify a particular MiTM attack and the effects on system performance. Finally, we suggest a cyber security strategy as a solution to address such network vulnerabilities and deploy appropriate countermeasures.Comment: 7 pages, 10 figures, Conference paper, Accepted in publication for 2023 IEEE World AI IoT Congress (AIIoT

Smart Metering Communication Protocols and Performance Under Cyber Security Vulnerabilities

The communication process is the key that characterizes the modern concept of smart grid, a new technology that introduced a “two-way communication” in energy measurement systems and can be best represented through the smart meters. Hence, the goal of smart metering communication is to ensure a secure and reliable transmission of information that can only be accessed by end users and energy supplying companies. With the goal of improving the information security in smart energy grids, the research presented in this work focused on studying different advanced metering infrastructure communication protocols and, it showcases a series of experiments performed on smart meters to evaluate their defenses against a set of cybersecurity attacks. A small-scale simulation of a smart metering system was performed in the cybersecurity laboratory in the department of Electrical and Computer Engineering at the University of Texas - Rio Grande Valley; and specialized software applications were developed to retrieve data in real time. Our experimental results demonstrated that security attacks have a considerable impact on the communication aspect of smart meters. This could help making smart meter manufacturing companies aware of the dangers caused by cyber-attacks and develop robust defenses against security attacks and enhance overall efficiency and reliability of the smart grid power delivery

On the assessment of cyber risks and attack surfaces in a real-time co-simulation cybersecurity testbed for inverter-based microgrids

The integration of variable distributed generations (DGs) and loads in microgrids (MGs) has made the reliance on communication systems inevitable for information exchange in both control and protection architectures to enhance the overall system reliability, resiliency and sustainability. This communication backbone in turn also exposes MGs to potential malicious cyber attacks. To study these vulnerabilities and impacts of various cyber attacks, testbeds play a crucial role in managing their complexity. This research work presents a detailed study of the development of a real-time co-simulation testbed for inverter-based MGs. It consists of a OP5700 real-time simulator, which is used to emulate both the physical and cyber layer of an AC MG in real time through HYPERSIM software; and SEL-3530 Real-Time Automation Controller (RTAC) hardware configured with ACSELERATOR RTAC SEL-5033 software. A human–machine interface (HMI) is used for local/remote monitoring and control. The creation and management of HMI is carried out in ACSELERATOR Diagram Builder SEL-5035 software. Furthermore, communication protocols such as Modbus, sampled measured values (SMVs), generic object-oriented substation event (GOOSE) and distributed network protocol 3 (DNP3) on an Ethernet-based interface were established, which map the interaction among the corresponding nodes of cyber-physical layers and also synchronizes data transmission between the systems. The testbed not only provides a real-time co-simulation environment for the validation of the control and protection algorithms but also extends to the verification of various detection and mitigation algorithms. Moreover, an attack scenario is also presented to demonstrate the ability of the testbed. Finally, challenges and future research directions are recognized and discussed

Demonstrating a smart controller in a hospital integrated energy system

Integrated energy systems have recently gained primary importance in clean energy transition. The combination of the electricity, heating and gas sectors can improve the overall system efficiency and integration of renewables by exploiting the synergies among the energy vectors. In particular, real-time optimization tools based on Model Predictive Control (MPC) can considerably improve the performance of systems with several conversion units and distribution networks by automatically coordinating all interacting technologies. Despite the relevance of several simulation studies on the topic, however, it is significantly harder to have an experimental demonstration of this improvement. This work presents a methodology for the real-world implementation of a novel smart control strategy for integrated energy systems, based on two coordinated MPC levels, which optimize the operation of all conversion units and all energy vectors in the short- and long-term, respectively, to account also for economic incentives on critical units. The strategy that was previously developed and evaluated in a simulation environment has now been implemented, as a supervisory controller, in the integrated energy system of a hospital in Italy. The optimal control logic is easily actuated by dynamically communicating the optimal set-points to the existing Building Management System, without having to alter the system configuration. Field data collected over a two-year period, firstly when it was business as usual and when the new operation was introduced, show that the MPC increased the economic margin and revenues from yearly incentives and lowered the amount of electricity purchased, reducing dependency on the power grid

Machine Learning Based Detection of False Data Injection Attacks in Wide Area Monitoring Systems

The Smart Grid (SG) is an upgraded, intelligent, and a more reliable version of the traditional Power Grid due to the integration of information and communication technologies. The operation of the SG requires a dense communication network to link all its components. But such a network renders it prone to cyber attacks jeopardizing the integrity and security of the communicated data between the physical electric grid and the control centers. One of the most prominent components of the SG are Wide Area Monitoring Systems (WAMS). WAMS are a modern platform for grid-wide information, communication, and coordination that play a major role in maintaining the stability of the grid against major disturbances. In this thesis, an anomaly detection framework is proposed to identify False Data Injection (FDI) attacks in WAMS using different Machine Learning (ML) and Deep Learning (DL) techniques, i.e., Deep Autoencoders (DAE), Long-Short Term Memory (LSTM), and One-Class Support Vector Machine (OC-SVM). These algorithms leverage diverse, complex, and high-volume power measurements coming from communications between different components of the grid to detect intelligent FDI attacks. The injected false data is assumed to target several major WAMS monitoring applications, such as Voltage Stability Monitoring (VSM), and Phase Angle Monitoring (PAM). The attack vector is considered to be smartly crafted based on the power system data, so that it can pass the conventional bad data detection schemes and remain stealthy. Due to the lack of realistic attack data, machine learning-based anomaly detection techniques are used to detect FDI attacks. To demonstrate the impact of attacks on the realistic WAMS traffic and to show the effectiveness of the proposed detection framework, a Hardware-In-the-Loop (HIL) co-simulation testbed is developed. The performance of the implemented techniques is compared on the testbed data using different metrics: Accuracy, F1 score, and False Positive Rate (FPR) and False Negative Rate (FNR). The IEEE 9-bus and IEEE 39-bus systems are used as benchmarks to investigate the framework scalability. The experimental results prove the effectiveness of the proposed models in detecting FDI attacks in WAMS

Application of NTRU Cryptographic Algorithm for securing SCADA communication

Supervisory Control and Data Acquisition (SCADA) system is a control system which is widely used in Critical Infrastructure System to monitor and control industrial processes autonomously. Most of the SCADA communication protocols are vulnerable to various types of cyber-related attacks. The currently used security standards for SCADA communication specify the use of asymmetric cryptographic algorithms like RSA or ECC for securing SCADA communications. There are certain performance issues with cryptographic solutions of these specifications when applied to SCADA system with real-time constraints and hardware limitations. To overcome this issue, in this thesis we propose the use of a faster and light-weighted NTRU cryptographic algorithm for authentication and data integrity in securing SCADA communication. Experimental research conducted on ARMv6 based Raspberry Pi and Intel Core machine shows that cryptographic operations of NTRU is two to thirty five times faster than the corresponding RSA or ECC. Usage of NTRU algorithm reduces computation and memory overhead significantly making it suitable for SCADA systems with real-time constraints and hardware limitations

Intrusion Detection System of industrial control networks using network telemetry

Industrial Control Systems (ICSs) are designed, implemented, and deployed in most major spheres of production, business, and entertainment. ICSs are commonly split into two subsystems - Programmable Logic Controllers (PLCs) and Supervisory Control And Data Acquisition (SCADA) systems - to achieve high safety, allow engineers to observe states of an ICS, and perform various configuration updates. Before wide adoption of the Internet, ICSs used air-gap security measures, where the ICS network was isolated from other networks, including the Internet, by a physical disconnect [1]. This level of security allowed ICS protocol designers to concentrate on the availability and safety of operation of physical systems while decreasing the need for many cyber security implementations. As the price of networking devices fell, and the Internet received global adoption, many businesses became interested in the benefits of attaching ICSs to wide and global area networks. However, since ICS network protocols were originally designed for an air-gapped environment, it did not include any of the security measures needed for a proper operation of a critical protocol that exposes its packets to the Internet. This dissertation designs, implements, and evaluates a telemetry based Intrusion Detection System (IDS). The designed IDS utilizes aggregation and analysis of the traffic telemetry features to classify the incoming packets as malicious or benign. An IDS that uses network telemetry was created, and it achieved a high classification accuracy, protecting nodes from malicious traffic. Such an IDS is not vulnerable to address or encryption spoofings, as it does not utilize the content of the packets to differentiate between malicious and benign traffic. The IDS uses features of timing and network sessions to determine whether the machine that sent a particular packet and its software is, in fact, a combination that is benign, as well as whether or not it resides on a network that is benign. The results of the experiments conducted for this dissertation establish that such system is possible to create and use in an environment of ICS networks. Several features are recognized and selected as means for fingerprinting the hardware and software characteristics of the SCADA system that can be used in pair with machine learning algorithms to allow for a high accuracy detection of intrusions into the ICS network. The results showed a classification accuracy of at least 95% is possible, and as the differences between machines increase, the accuracy increases too